So, what’s in the final regulations, in two sentences? Individuals or businesses, who own, license, store or maintain, personal information about Massachusetts’ residents, have to develop and follow written and comprehensive risk-based information security programs. These programs create a process, carried out by identified people, to evaluate the sensitivity of information and mandate appropriate protections. If this approach sounds familiar, it should be. Ask any IT security professional what the Federal Information Security Management Act (FISMA) requires of federal agencies, and compare the duties imposed by section 17.03 of the regulations to the National Institute of Standards and Technology ("NIST") risk-management framework for designing and implementing information systems security, and you should get the same picture -- implement a process rather than specific technologies, and recognize parties, protections, and the sensitivity of data all vary widely. It is no surprise that OCABR shifted to a risk-based, rather than the one-size-shoe-fits-all approach reflected in earlier drafts of the Massachusetts regulation, following a series of comments from businesses and other interested parties.

What is new, and potentially problematic for some, is that the regulations additionally require specific protections for personal information stored or transmitted electronically. Although many of the section 17.04 protections are fairly standard (for example, secure access controls and user authentication procedures), some go further, such as the requirement to encrypt personal information transmitted across public or wireless networks, or stored on laptops and other portable devices. In this, Massachusetts goes beyond other states which have passed laws requiring encryption of social security numbers before transmission over the Internet, and more recently encryption of any personal information before transmission outside a business’s own secure system. Any laptop or portable device containing personal information about Massachusetts residents will have to be encrypted, not just protected by a password.

The good news? Encryption and other specific computer security measures are only required “to the extent technically feasible” by the regulations. The bad? The regulations don’t define what “technically feasible” means. OCABR suggests in a FAQ something is technically feasible “if there is a reasonable means through technology to accomplish a required result.” The next question -- if something is technically possible but economically prohibitive under the circumstances is it a “reasonable means through technology” -- is somewhat of an open question. Although OCABR staff that drafted the regulation willingly admit they borrowed liberally from FTC concepts of reasonable security which look at many surrounding circumstances including the size of a company, the sensitivity of information involved, and possibly the cost of a particular practice, OCABR’s FAQ intimates economic considerations don’t factor into whether a practice is technically feasible. While it is probable that businesses may seek additional clarification, at least on this point, any person who has not already come into compliance now has one more chance to meet the compliance deadline. Again.

- Ronald Lee

With more than 80 million members worldwide, Tagged bills itself as the third-largest internet-based social networking site in the U.S., after Facebook and MySpace. Previously, Tagged requested that members provide the company access to their email address books during the enrollment process (through a process termed “import your friends”). Those contacts were then sent auto-messages purporting to be from the new member. Under its agreements with New York and Texas, Tagged will need to seek specific consent before accessing its members’ address books and will need to disclose specifically how that data will be used (including by whom and for how long). The Texas judgment also requires Tagged to designate a “corporate level compliance representative” to oversee its compliance with the terms of the agreed-upon judgment and that state’s data and privacy protection laws, as well as to respond to consumer complaints or inquiries regarding Tagged’s privacy guidelines.

While social networking sites and other web-based member communities face intense competition to reach and enroll new members, these companies must be careful to ensure that their recruiting efforts do not run afoul of the data security and privacy laws of the jurisdictions in which their members live.

- Taja-Nia Henderson and Amy Mudge

Once the financial power of the blog was recognized, the rise of the “fakosphere” replete with fake blogs (“flogs”) was a foregone conclusion.

Brad Sullivan who writes on consumer fraud and internet scam issues for MSNBC, chronicles the rise of the fakeosphere and how it operates. He states that many flogs are carefully crafted to look exactly like a real blog complete with user comments and lively chat. The flogs will even include a few somewhat negative or skeptical comments regarding the product or service for sale to increase credibility.

Mr. Sullivan’s article provides another example of how the point of the much-maligned new FTC guidelines (see our previous discussion of the guidelines here) are not about destroying enthusiastic bloggers, but protecting consumers from insidious internet scamming. Mary Engle, Director of the FTC’s Division of Advertising Practices says that the agency is targeting floggers, telling MSNBC that “‘[a]dvertising always has to be clear that it’s advertising’” and “[a]n ad disguised as a blog, or a blog where companies get people to pose as satisfied customers and write reviews, both are deceptive.’”

If flogs disclose that they are flogs, they may avoid running afoul of the new guidelines. While flogs can be used as a legitimate advertising technique, the FTC appears to be looking upon them with an especially beady eye due to the inherently deceptive nature of the idea of flogs. Thus, advertisers who are using flogs to market to consumers should err on the side of making the advertising nature of the flog extremely clear as it is as not yet clear and conspicuous what type of disclosures the FTC would consider to be adequate for this form of advertising. For the FTC’s views on what is clear and conspicuous as far as disclosures on websites, click here.

- Candida Harty and Amy Mudge

The “Coors Light Silver Ticket Sweepstakes” promotes the opportunity for 256 grand prize winners to receive two tickets to a 2009 NFL regular season game and 125 first place winners to receive a $100 NFLShop.com gift certificate. According to the contest rules, a contestant must obtain an official entry code — either from purchasing a Coors Light product or by receiving a code by mail free of charge from Coors — and enter the code via text message or on the Internet to see if he or she is a winner.

According to the Complaint, plaintiff purchased a Coors Light product “for the sole purpose of entering into the sweepstakes.” When plaintiff attempted to enter his official code, however, he was informed that the code was invalid. The Complaint alleges this was not an isolated problem but instead claims that defendants received several hundred complaints of invalid codes but continued operating the contest without disclosing the fact that invalid entry codes had been printed.

The official rules for the “Coors Light Silver Ticket Sweepstakes” contain a limitation of liability clause that covers printing errors. It could be an interesting question as to whether this would cover the fact pattern alleged by plaintiff — that up to 5 million official entry codes were invalid. More interesting questions in the case will likely include whether there was any injury, as the defendants provided a means of obtaining entry codes free of charge. Are there any other putative class members like plaintiff who allegedly only bought beer for the chance to enter the sweepstakes (sounds like something we might have said to our parents when we were 18) and if so, how do you identify those consumers as distinct from those who enjoy the Silver Bullet with or without a valid contest entry code? 

- Alan Veronick and Amy Mudge 

Congress first enacted the Lacey Act in 1900—the first ever federal wildlife protection statute—to protect native bird species. The Act was amended a few times over the ensuing decades and, in recent years, served mainly to outlaw the importation, acquisition, or purchase of wildlife taken in violation of another jurisdiction’s laws—be that another state, federal land, or a foreign nation. For example, in a recent case, the National Oceanic and Atmospheric Administration and Immigration and Customs Enforcement relied on the Lacey Act to arrest and prosecute a group of individuals engaged in importing into the United States massive quantities of illegally poached South African rock lobster, crimes which made the perpetrators millions of dollars. (Full disclosure: one of the authors of this post, Marcus Asner, led this prosecution, United States v. Bengis et al., while serving as an AUSA in the SDNY) .

Possibly the most significant recent changes to the Lacey Act came in 2008. In response to increasing concerns about illegal logging around the world, Congress considerably expanded the Lacey Act so that it now covers plants and parts of plants — including plant products — taken in violation of foreign law. To be precise, as of May 22, 2008, it now is unlawful to acquire, possess, import, export, sell, transport or purchase any plant products if the plants were taken or exported in violation of a state, federal or foreign law or international agreement.

The changes are far reaching. The Act now covers paper, cardboard, furniture, tools, appliances—indeed, anything made in whole or in part from wood. It may even cover perfumes, cosmetics or pharmaceuticals if those products contain ingredients made from illegally harvested plants or trees. While there are some exceptions, such as for “common cultivars” or crops — which are not yet fully defined — trees and their products are specifically included under the Act’s coverage.

The Lacey Act packs a significant bite. A defendant who imports paper from illegally logged forests and knows of its illegal nature could face prison time and significant fines. A company that fails to exercise “due care” to make sure it is buying “legal” paper could be found guilty of a misdemeanor or could face civil fines of up to $10,000 for each violation. Even innocent purchasers of illegal wood products face a risk. The government can confiscate the unlawfully obtained paper even if the possessor had no knowledge of its illegality and had exercised due care.

Now, what about those declarations we talked about earlier? Each importer of plant products is currently required to fill out and submit a form declaring the products’ country of origin, species, quantity and value, as well as the percentage of any recycled content in paper products. The USDA has twice postponed enforcing these requirements for paper and paper products, and as of now, the earliest the government will enforce the declaration requirement for paper is September 1, 2010. Once the government starts enforcing the declaration requirement, customs clearance may be denied for any imported paper products that are not accompanied by an appropriate declaration

But, this delay only calls for a small sigh of relief. The far-reaching consequences of the new Lacey Act, particularly its requirement that companies import or buy only legal plant products, are already in effect. And that means that companies are busy (or should be busy) making sure they have state-of-the-art compliance programs to help them check out their suppliers to get comfort that the plant products they buy don’t run afoul of the Lacey Act.

UPDATE: Click here for a more extensive write-up on this issue.

 - Marcus Asner and Grace Pickering

Based on Williams-Sonoma’s alleged conduct, Pineda filed a putative class action alleging violations of California’s Song-Beverly Credit Card Act and her constitutionally recognized right to privacy. The trial court ultimately dismissed both claims and the Court of Appeal affirmed. In holding that Williams-Sonoma had not violated the Song-Beverly Act or Pineda’s privacy rights, the Court of Appeal relied upon two critical findings.

First, the Court found that while the Song-Beverly Act does prohibit merchants from asking credit cardholders for “personal identification information”, zip codes are not protected. Specifically, the Court noted that the Legislature included clear examples of what constituted “personal identification information” under the Act, including a “cardholder’s address and telephone number.” Construing the word of the statute, and relying on an earlier court decision addressing the same issue, the Court explained these examples indicated the Legislature intended to protect “facially individualized information,” and not “group” type information, like zip codes. The Court stated this reasoning was not lessened by the allegation that Williams-Sonoma used Pineda’s zip code to obtain her address using computer search engines. “Simply put,” the Court stated, the Act does not protect zip codes, and whether it should because a zip code can later be used to obtain an address, is an argument “best presented to the Legislature.” The Court’s reasoning here suggests that under the Song-Beverly Act it may be entirely lawful for a merchant to request other types of information that at least facially do not solely relate to the specific customer including a zip code, state of residence, city of residence, or area code.

Second, the Court found Pineda had not stated a claim for invasion of privacy under the California Constitution because she had not satisfied the “serious invasion of privacy” requirement. Pineda’s theory, the Court explained, was that she suffered a serious invasion of privacy when Williams-Sonoma allegedly obtained her zip code and then used it (along with her name and credit card) to obtain, print, and distribute to third parties her address. But nowhere in Pineda’s complaint was there any allegation that her address was not otherwise publicly available or that she had taken any effort to protect such information. “Without such facts, using a legally obtained zip code to acquire, view, print, and distribute or use an address that is otherwise publicly available does not amount to an offensive intrusion of her privacy.” As such, there was no invasion of Pineda’s privacy rights.

Retailers face extreme competitive pressures, and appropriate customer communication can be a significant competitive advantage. They must, however, carefully assess the detailed privacy laws and regulations that vary from one jurisdiction to another in order to end up, as Williams-Sonoma did, on the winning side of a consumer claim.

As noted in our previous blog post, the House recently approved an amendment to exclude certain businesses, including legal, health care, and accounting professionals, from the scope of Red Flags regulation. House Members want the FTC to let that amendment work its way through the Senate and reach the President’s desk before any enforcement action is taken under the regulation. Out of respect for these Members’ views, the FTC will hold off at least until next June.

Not only do Members of Congress think the FTC made errors in crafting the rule, but a federal judge just this past week found the same. On October 29, Judge Reggie Walton of the Federal District Court for the District of Columbia ruled that the Red Flags regulation does not apply to lawyers (court order here). In an order granting partial summary judgment for the American Bar Association (ABA), which had challenged the FTC’s characterization of lawyers as “creditors” under the rule, Judge Walton held that the FTC exceeded its statutory jurisdiction and authority by applying the rule to lawyers.

Adopted at the direction of Congress, the Red Flags rule is designed to prevent identity theft by requiring certain “financial institutions” and “creditors” to establish and implement written programs to detect and respond to warning signs of identity theft. According to the FTC, the term “creditors” means just about anyone who provides a good or service prior to being paid, including, generally, lawyers.

In its lawsuit, the ABA filed a complaint against the FTC for this inclusive interpretation of “creditor.” The ABA argued that the FTC’s interpretation was contrary to congressional intent, and Judge Walton agreed, reasoning that under the FTC’s broad interpretation, even a plumber who charges a customer  two days after service would count as a “creditor,” and that can’t be what Congress intended. The FTC may yet appeal Judge Walton’s ruling, but the agency can’t possibly ignore the “red flags” that its actions may have exceeded its authority.

- Nancy Perkins & Brian Larkin

On October 22, the Washington State Attorney General’s office filed a Complaint against RGH Marketing, Inc., and the general manager of Interstate Auto Liquidators, alleging that their claims of selling repossessed or bank-owned cars when, in fact, the cars were coming from their regular inventory or from auto auctions, violated Washington’s consumer protection laws. The Complaint also accuses defendants of misleading consumers by using the term “$0 Down Delivers!” in its advertising. The lawsuit seeks a permanent injunction against defendants as well as restitution for aggrieved consumers. 

Meanwhile, on Monday of this week, the State of Florida Attorney General’s office announced that it had filed a Complaint against Hollywood Auto Gallery, Inc., and related companies, accusing them of unfair trade practices by claiming the cars they were selling were under warranty when, in fact, the warranty was only good for a maximum of $500 in repairs. According to consumer complaints, the cars sold by defendants were in such bad condition that they would often break down shortly after they left the dealership. The lawsuit seeks injunctive relief prohibiting defendants from selling used cars; restitution on behalf of victimized consumers; and civil penalties. 

These actions are the latest chapter in what has been a long history of state attorney general’s cracking-down on car dealers who engage in deceptive trade practices. Since 2007, attorney general’s offices across the country, including those in New York, Illinois and Massachusetts, have filed actions against car dealerships for false and deceptive advertising practices. These actions have involved:

• a dealership in New York persistently using misleading sweepstakes promotions to lure consumers into its dealership;
• an Illinois dealership misleading consumers with false promises to repay loans on trade-in vehicles; and
• a Massachusetts dealership using misleading advertising by prominently advertising a price with an asterisk and, in small print at the bottom of the ad, indicating that the ad price presumes that the consumer will provide a certain amount of money in cash or trade.

- Alan Veronick

 Yesterday, the NAD posted a press release summarizing its findings in a challenge brought by Method Products about advertising claims made by Clorox for its Green Works Natural Cleaning Wipes, whereby Clorox described the wipes as “biodegradable” but then added qualifying language on the back of the container that said "biodegradability validated in typical compost conditions.”

In other words, the question before the NAD was, can you make a broader (and presumably more consumer friendly) claim of "biodegradable" but then qualify it to clarify that what you really mean is that the product is essentially compostable.  Because Clorox stated that it was transitioning to new packaging that would use the term "compostable", NAD did not have to directly address the issue, but noted that it "appreciated" Clorox's decision to discontinue the biodegradable claim in favor of a compostable claim.

- Randy Shaheen and Danielle Garten

In a Complaint filed in Federal District Court in New York on Tuesday, the Iconix Brand Group, Inc., the owner, licensee and/or marketer of such popular children and teenage apparel brands as Mudd, Candie’s, Bongo, and OP, was targeted by the FTC for COPPA violations. The Complaint alleged that since 2006, Iconix knowingly collected and stored personal information from approximately 1,000 children without first notifying their parents or obtaining parental consent. According to the Complaint, Iconix also enabled children to publicly share personal stories and photos online.

The Complaint underscores the need for companies not only to develop privacy policies that comply with COPPA guidelines, but to implement and comply with those policies. According to the Complaint, while Iconix posted privacy policies on its websites that contained COPPA guidelines ― it failed to implement or comply with those policies. As such, the FTC charged Iconix with falsely stating in its privacy policies that it would not seek to collect personal information from children without obtaining prior parental consent, and that it would delete any children’s personal information that it became aware of.

Rather than contest the FTC’s allegations, Iconix has agreed to pay a $250,000 civil penalty and enter into a Consent Order prohibiting the company from violating COPPA in the future; and requiring the company to delete all personal information collected and maintained in violation of COPPA and to distribute the Order and the FTC’s “How to Comply with the Children’s Online Privacy Protection Rule” to company personnel.

- Randy Shaheen and Alan Veronick

Mary Engle noted that the current substantiation requirement was meant to be tough while at the same time providing defendants flexibility in how they met it. However, some courts have not interpreted the standard in the manner intended by the FTC. She set out three primary goals for the new, tighter substantiation requirement that the FTC will roll out in future consent orders:

• It will be easier to enforce as a result of its greater specificity, which will also provide defendants greater clarity on what substantiation they need to possess.
• It will better harmonize with the laws and regulations of other agencies, such as FDA.
• It will address situations where the results of a single study relied upon by the advertiser are inconsistent with the weight of scientific evidence in the field.

We will monitor the FTC’s implementation of this new substantiation requirement for health-related claims and keep you up to date on developments.

Also presenting at the Roundtable program were David Mallen, Associate Director of NAD, who talked about current advertising issues in NAD cases, Michael Mazis, Professor Emeritus of Marketing at American University’s Kogod School of Business, who talked about methodological issues in consumer advertising surveys, and Randy Miller, a partner at Arnold & Porter LLP, who talked about Lanham Act false advertising litigation.

Materials from the Roundtable program can be found here.  Early next week, audio from yesterday's program will be available here. 

- Matthew Shultz

The Fair Credit Reporting Act was amended in 2003 to require the FTC and the Federal banking agencies to develop Red Flags regulations for banks and creditors in order to help prevent identity theft. The agencies’ respective rules mandate that written programs be created to detect and respond to warning signs of identity theft related to a customer account. The regulations apply to financial institutions and to “creditors,” which is generally defined as “a person who arranges for the extension, renewal, or continuation of credit.” This broad definition sweeps in virtually any businesses that provides consumers with goods or services in advance of payment. According to the FTC, even government and non-profit entities can be creditors under this definition. If the House bill becomes law, there will be far fewer businesses for the FTC to monitor.

The House bill responds to the concerns of small businesses, by categorically excluding some of them from the FTC regulation and providing a test by which others may also become exempt. H.R. 3763  provides that the term “creditor” does not include a health care, legal, or accounting practice with 20 or fewer employees. Additionally, the bill states that any other business can be excluded from the Red Flags rule if it can make one of three showings:

• that it knows all of its customers individually;
• that it only performs services near the residences of its customers; or
• that it has not experienced identity theft and the crime is rare for a business of that type.

The sponsor of the bill, John Adler, D-N.J., introduced the measure by noting that, “[d]uring these tough economic times, the Federal Government should not be placing burdensome regulations on small businesses.” The bill has been sent to the Senate, and referred to the Committee on Banking, Housing, and Urban Affairs.

Small businesses, and possibly some large businesses with good memories, may soon find relief from an apparently unwarranted regulatory burden.

- Nancy Perkins and Brian Larkin

To coincide with its announcement, the FDA sent an open letter to the food products industry explaining that its new approach to regulation of FOP labels was prompted by the potential for consumer deception. In particular, the FDA stated that the FOP labels currently found in the marketplace are not tied to a set of uniform nutritional criteria. Instead each FOP label is tied to its own unique nutritional standards, which may be determined and set by food manufacturers, grocery stores, trade organizations, or health organizations. Without uniformity or minimum standards, the FDA suggested, consumers cannot know exactly what a label means or that the product is nutritionally sound, which is particularly troublesome given that consumers do not verify FOP label claims by reviewing the required Nutrition Facts panel that can usually be found on the back or side of the product.

One of the specific FOP nutritional labels that Commissioner Hamburg mentioned during her announcement concerning the FDA’s new regulatory approach is the Smart Choices Program. Smart Choices is a voluntary “food rating” system that allows manufacturers to place two FOP labels (a green check mark and a calorie indicator) on their food products that meet a distinct set of nutritional criteria. The program is administered by the American Society for Nutrition and NSF International. In August, the FDA sent Smart Choices a letter indicating that it was aware that many food products were beginning to display the Smart Choices’ check mark and that it would need to “monitor” these products to ensure that the criteria used by Smart Choices was “stringent enough to protect consumers against misleading claims”. On Tuesday, although Commissioner Hamburg would not discuss any products specifically, she noted that some products with the “check mark” logo were almost “50 percent sugar”.

Supporters, users, and promoters of FOP nutritional labels, by contrast, assert that besides being accurate and tied to accepted nutritional guidelines, FOP labels are beneficial to customers in their everyday lives, a point even the FDA has recognized. In particular, FOP labels offer readily accessible information about a product’s nutritional profile, which can lead to better and more informed food choices. Furthermore, supporters assert that many manufacturers have in fact improved the overall healthfulness of their products in order to meet the criteria needed to qualify for use of a FOP like Smart Choices. In response to the FDA’s recent announcement, promoters of FOP nutritional labels, such as Smart Choices said they welcomed the opportunity to work with the FDA on any FOP labeling initiatives.

UPDATE (October 26, 2009): The Smart Choices program announced on Friday, October 23, 2009, that it would “postpone” active operations and not encourage broader use of its check mark logo while the FDA investigates food product labeling issues. A spokesperson for Smart Choices also stated that it continued to stand behind its nutritional standards and that food product manufactures currently using the check mark logo could continue to do so. (Click here for a press release)

- Suzy Wilson and Chris Tarbell

The US-EU Safe Harbor Framework allows US businesses under the jurisdiction of the FTC and the Department of Transportation to receive personal data from entities located in the EU member nations subject to strict safeguards consistent with the EU Data Protection Directive (Directive) adopted in 1995. The Directive, as implemented by the individual 27 EU member nations through their respective legislative bodies, comprehensively regulates the security, integrity, and privacy of all “personal data.” The Directive specifically prohibits the transfer of personal data to nonmember nations that fail to provide data security and privacy measures deemed “adequate” by the European Commission (EC), and allows the EC to block transfers of personal data to countries whose data privacy enforcement and regulatory regimes are not “adequate.” Following adoption of the Directive, the European Commission determined that US data privacy and security measures were not “adequate” and, therefore that special protections would be required for any transfers of personal data from the EU to the United States. One such form of special protection is the “Safe Harbor Framework” agreed to by the EU with the United States, which allows US entities that commit to the Directive’s basic privacy protection obligations to receive personal data from EU member nations without undertaking special contractual obligations.

The FTC’s recent action to enforce its deception authority under Section 5 of the FTC Act against the companies named in the World Innovator et al. complaints may have a chilling effect on US businesses’ election of the Safe Harbor as a method of compliance with the Directive. Since Safe Harbor certification is not the only way to obtain personal data from EU member nations for commercial purposes, companies seeking to limit potential liability or enforcement action by the FTC may wish to consider alternative methods for complying with the Directive.

At a minimum, companies that have already committed to the Safe Harbor should be careful to confirm that their certifications are current (i.e., recertified annually). The FTC’s recent enforcement interest in this area more generally serves as a cautionary tale against allowing stale and/or misleading information to remain (and be republished) on company websites. 

- Nancy Perkins & Taja-Nia Henderson

However, new guidelines have been published by the Competition Bureau of Canada (the Canadian equivalent to the FTC), that will restrict the ability to “wave the flag” in making local product claims.

The Bureau is at the end of a public consultation phase on its draft Enforcement Guidelines Relating to “Product of Canada” and “Made in Canada” Claims, which propose to replace its existing guide. The Guidelines clarify how the Bureau will interpret certain “Canadian” claims in relation to prohibitions on the making of false or misleading representations pursuant to legislation enforced by the Bureau. While these Guidelines are distinct from international trade rules regarding Country of Origin Marking set out in NAFTA, they will serve useful for businesses that choose to “wave the flag” and make a “Made in Canada” claim with respect to their products. The Bureau will apply the approach described in the Guidelines to determine when it should investigate a claim for non-compliance or undertake enforcement action.

Businesses with Canadian operations should be aware of the Guideline’s potential implications. First, the Guidelines only apply to non-food products sold in Canada (however, other food-specific “Made in/Product of Canada” laws would apply, a summary of which can be found on the Canadian Food Inspection Agency website). Second, the Guidelines propose new definitions to distinguish between “Made in Canada” versus “Product of Canada” claims and provides guidance for other “Canadian” claims which do not fit into either category. Third, penalties for violating these provisions can be onerous. For instance, civil penalties for corporations can include fines into the millions of dollars, such as $10-15 million under the Competition Act and criminal penalties may include imprisonment of up to 14 years.

The new requirements for “Made in Canada” claims are three-fold. First, the products must undergo their last substantial transformation change in Canada. A substantial transformation will have occurred where a product undergoes a fundamental change, resulting in a new product that is different in nature from the previous product. Second, 51% or more of the total direct costs of the production or manufacturing of the product must be incurred in Canada. Such costs of production or manufacturing may include expenditures on materials or labour incurred in the manufacturing or production of the product, but typically do not include general overhead, unless it directly relates and can be reasonably allocated to the production or manufacturing of the product. Third, a qualifying statement must complement the claim, such as “Made in Canada with imported parts” or “Made in Canada with domestic and imported parts.”

The new requirements for “Product of Canada” claims are two-fold. The first mirrors the new “Made in Canada” requirements - that is, the product must undergo its last substantial transformation in Canada. The second requires 98% or more of the total direct costs of production or manufacturing of the product be incurred in Canada. This second condition sets the bar high for “Product of Canada” claims.

When a product falls short of “Made in Canada” and “Product of Canada” claim requirements, all isn’t lost. In fact, the Bureau encourages using specific qualified claims to provide additional accurate, relevant and clear information to the consumer, such as “Sewn in Canada with imported fabric” or “Designed in Canada.” However, the Bureau discourages the use of general qualifying terms like “produced” or “manufactured” by businesses, since customers will likely associate them with “Made in Canada” or “Product of Canada” claims.

The Bureau examines the “general impression” given by the representation to determine whether it is false or misleading. Since this impression is generated from a range of factors including any words, images, illustrations, implied claims, etc. of a product, the Bureau suggests using flag symbols (Canadian, Provincial or Maple Leafs) or claims such as “Shop Canadian,” “Think Canadian” or “Proudly Canadian” with caution.

The publication of the Guidelines is a likely signal that “Product of/Made in Canada” claims are one of the Bureau’s emerging enforcement priorities. It is imperative for businesses with Canadian operations to ensure compliance with the Guidelines if any product promotion or labeling claims highlight Canadian ties.

- Les Chaiet, Bill Hearn, and Sharon Groom (Advertising & Marketing Group, McMillan LLP)

The assistance of Stacey O'Neill, Student-At-Law at McMillan LLP, in writing this blog entry is acknowledged with thanks.

Guest Post Disclaimer: Use of the blog does not create an attorney-client relationship between you and Arnold & Porter LLP or McMillan LLP.

During both presentations, Vladeck expressed his concern with abuses by affiliate network marketing, such practices as fake news stories, fabricated blogs touting endorsements without revealing sponsorship by a manufacturer and offers of free trials generated by misleading pre-checked boxes where consumers sign up for services they do not want that are impossible to cancel. Vladeck emphasized that eliminating financial fraud remains a top goal: "Many schemes prey on people pushed to the financial edge of the current economy. We focus on scams designed to take that last dollar in these times of recession." Vladeck stated that the BCP is focusing its most urgent efforts on what it considers to be “the worst types of these abuses” - high initial fees in debt repair and mortgage foreclosure schemes. The agency hopes to address these abuses by both continuing to bring enforcement actions and making changes to the applicable FTC regulations.

Commenting on the revised testimonial guides, Vladeck explained that the earlier guides were "adopted in a different world." While the original guide's basic principles remain largely valid, many examples were not relevant in the context of infomercials, the internet and virtual marketing or in areas where "the advertiser did not always disseminate the ad but expects a profit from the message." He explained that "consumers have a right to know when they are being subjected to a sales pitch" and, therefore, that any material connection between user-generated content and manufacturers should be disclosed. In eliminating the safe harbor for a disclaimer of "results not typical," Vladeck explained that disclaimers of atypicality were "not working as intended" and there was "clearly time for a change and that time has arrived." He clarified that the guides do not bar the use of such a disclaimer but advertisers are responsible for ensuring that consumers are not misled by the ad as a whole.

Environmental claims can help consumers, according to Vladeck, but only when they are not misleading. While the FTC is examining its green guides and determine if an update is needed, they will "continue to be vigilant in this area," citing its recent cases involving biodegradable claims and also allegedly unsubstantiated improved gas mileage claims. (As to one pending case where a manufacturer claimed its product would allow cars to "harness the power of nuclear fusion" to eliminate the need for gas, Vladeck said "we charged those folks with violating the laws of science.")

Additionally, he sends "a clear message that retailers are accountable for the claims they make" when packaging and selling store brands.

Vladeck mentioned efforts undertaken by the agency to protect children. These include a forthcoming guide to internet use aimed at 8 to 14-year olds that is meant to instruct children, their parents and teachers on key internet use issues facing today’s children, including social networking websites, texting, and sexting. The agency is also working with Scholastic to develop an interactive website to teach children about ad literacy.

At the ABA talk, Vladeck indicated he was working to try to figure out how to grow the FTC’s resources given the FTC’s relatively small size coupled with its vast mandate. He said they agency needs “Biblical multiplication of resources from Congress, but since we won’t get that manna,” the Staff is at work trying to harness the power of partnerships. This includes working to harmonize law enforcement efforts with sister agencies, including forming a working group with the FDA and DOJ's Consumer Litigation group and partnering with state Attorneys General and some of the larger legal services providers, particularly with regards to the BCP’s anti-fraud efforts. Through these collaborations, Vladeck hopes the agency will be able to “cover broader areas and engage in more litigation.” He also was clear about his interest in streamlining FTC processes, including "crafting more precise injunctive language for future orders." He told us when he started that he intended to maintain the FTC’s open door policy, and four month in has not changed that view. He will not tolerate delay, however, indicating “I will meet with anyone but there is a time limit. I am not going to wait to send an enforcement matter to the Commission due to [scheduling] delays.”

• I Lost 23 pounds in 4 weeks - Maybe you did but if that result isn’t typical the advertiser will have to disclose the results that consumers can typically expect. Gone is the disclaimer “results not typical.” Interestingly, in some cases companies may not actually know the “typical” outcome. Someone promoting a method to make money by buying and reselling real estate may feature testimonials from individuals stating their earnings but the promoter may not actually know -- nor be able to readily find out -- what the average earnings are.
• I’m Going to Blog About the Great Brand New Ferrari That Just Showed Up on My Driveway - In one of the more hotly debated changes, the new Guides make clear that bloggers or other types of word-of-mouth marketers can under some circumstances be considered endorsers, meaning that any material connections must be disclosed and that companies could be held liable for any claims the endorsers may make about their products. The FTC states that it will consider a number of factors including (1) whether the speaker was compensated; (2) whether the product was provided for free; (3) the terms of any agreement; (4) the length of any relationship; (5) previous receipt of products or likelihood of future receipt from the same or similar advertisers; and (6) the value of any items received. The revised Guides further state that it may not matter that the advertiser does not control whether the speaker reviews the product positively.

Notwithstanding this lengthy list of factors, the examples provided in the revised Guides suggest that the Commission is likely going to define an “endorser” broadly and companies may be wise to begin inventorying to whom they are, directly or indirectly, providing free product. Bloggers who are contacted by a blog advertising service to try a new product; bloggers who participate in marketing programs where they can receive free products to review if they so choose; a blogger who routinely receives new copies of game software; and members of a street team program who receive prizes for talking to their friends about products are all provided as examples of endorsers. In the one instance the “free” product received is a bag of dog food, suggesting that even products of fairly nominal value may trigger the Guides.

The Guides imply that only positive reviews by bloggers are considered endorsements. It is unclear, however, whether the review as a whole must be positive or whether any positive mention of the product even in a review that otherwise pans it would obligate the blogger to disclose that he or she received the product for free.

The Guides state that enforcement focus will continue to be on the advertiser and not the endorser (this point was reemphasized by an FTC official at the NAD conference earlier this week) but that advertisers can take steps to avoid liability by providing training to bloggers, monitoring their posts and taking steps to remedy any violations.

• We Feel So Confident About Our Product That We Paid for Scientific Research - Ronald Reagan once famously proclaimed in a debate with George Bush that “I paid for this microphone.” Under the new Guides companies that fund research that supports their product’s efficacy will have to disclose that fact even if they did not control the protocol or conduct of the research.
• I Actually Get Paid to Work for the Company That Makes These Great Products - Anonymity on message boards is out under the new Guides. If you promote your employer’s product on a message board, you should disclose the fact of your employment.
• I’m Not a Doctor but I Play One on TV - The revised Guides make clear that liability can extend to endorsers, in particular celebrity endorsers. Celebrity endorsers are cautioned that they must make “reasonable inquiries” that there is an adequate basis for the assertions they are making and may not make claims that are contrary to what they have personally experienced or seen.

This is not the first such litigation of its kind. 

There have been a bevy of such fruity complaints, testing the reach of Section 17200, most of which were dismissed either voluntarily or by motion, including  McKinniss v. General Mills, Inc., 2007 WL 4762172 (C.D. Cal. Sept. 18, 2007) (Berry Berry Kix, Trix, Fruity Cheerios, Trix Yogurt, Yoplait Go-gurt); McKinniss v. Kellogg USA, 2007 WL 4766060 (C.D. Cal. Sept. 19, 2007) (Froot Loops) (dismissed on defendant’s motion). 

In fact, just a few months ago, on May 21, Judge Morrison England, Jr. of the U.S. District Court for the Eastern District of California dismissed an almost identical suit, Sugawara v. PepsiCo, Inc.  In Sugawara, the plaintiff claimed that she purchased the “Cap’n Crunch with Crunchberries” cereal with the belief that the “Crunchberries” either contained or were made with real berries.  Judge England’s dismissal was particularly blunt stating that “[t]his Court is not aware of, nor has Plaintiff alleged the existence of, any actual fruit referred to as a ‘crunchberry,’” and that “it is simply impossible for Plaintiff to file an amended complaint stating a claim based upon these facts.  The survival of the instant claim would require this Court to ignore all concepts of personal responsibility and common sense.  The Court has no intention of allowing that to happen.” 

Some may wonder how the Sugawara and other fruity cereal decisions co-exist with the Ninth Circuit’s decision earlier this year permitting a plaintiff to proceed with a misleading advertising claim against Gerber’s “Fruit Juice Snacks” (decision previously described here.)  The Sugawara court expressly distinguished Williams by noting that 1) the defendant’s use of berries on the Cap’n Crunch packaging was part of the larger term “crunchberries;” 2) there were no pictures of fruit on the box, but only bright purple, red, and teal cereal puffs, and 3) there were no claims that the product was nutritious or otherwise supported healthy development.

Mr. Werbel will most likely face a motion to dismiss in his case against Froot Loop.  To avoid dismissal, he will have to argue that his facts are close to those alleged in Gerber.  In Williams v. Gerber Products Co., the Ninth Circuit did not opine on the merits of the case but determined the plaintiff’s allegations were sufficient to state a claim noting that 1) the product was actually named “Fruit Juice Snacks,” 2) the package contained pictures of a variety of real fruit, 3) the package stated that the Snacks were made from “fruit juice and other all natural ingredients,” and 4) the package stated that Snacks is “just one of a variety of nutritious Gerber Graduate foods and juices that have been specifically designed to help toddlers grow up strong and healthy.”  While the Williams court acknowledged that a “nutritious” claim on a package may be considered non-actionable puffery because nutrition is difficult to measure, the claim, when considered with the other packaging statements and pictures, could potentially mislead the average consumer. 

We will see if the latest Froot Loops litigation goes the way of the Crunchberries, but the smart
manufacturer should be cautious about inadvertently creating misleading packaging based on the impressions conveyed by the box and the ads.  Unless a product is truly a significant source of fruit, statements about a product’s nutritional and health value in conjunction with pictures of real fruit should be avoided to minimize litigation risk.  However, manufacturers probably don’t need to worry if they use fanciful fruit-like words, such as “froot” and “crunchberries” in their packaging and advertisements, at least outside the litigious state of California.  So get those creative (fruit) juices flowing.

-Suzy Wilson and Candida Harty

AT&T requested a stay in the litigation, arguing that NAD should be able to re-open the case and continue its investigation in furtherance of judicial economy. The court did not write an opinion, but “So Ordered” the stay, allowing NAD to re-open its investigation and continue in its evaluation of the claims.

The Southern District granted a similar request in the case of Russian Std. Vodka, Inc. v. Allied Domecq Spirits & Wine USA, Inc. in 2007. In that case, the court stayed a false advertising litigation to permit the NAD process to continue. These cases underscore the importance the courts are placing on NAD’s role in the investigation and evaluation of advertising claims, as well as the level of regard the courts have for NAD’s level of expertise.

This case is one of the latest of a series of cases that POM has brought against competitors. According to POM’s complaint, the “main” ingredients in Coke’s juice blend are neither pomegranate, nor blueberry, but instead apple and grape juice. Coke’s first motion to dismiss argued that POM’s claims were preempted by the Federal Food, Drug and Cosmetic Act and FDA regulations. That motion was granted in part and denied in part. The Court essentially held that to the extent POM’s Lanham Act claim implicated federal juice naming and labeling requirements, it was improper, but to the extent the claim was directed at Coke’s broader advertising, it could proceed. 

After POM amended its complaint, Coke again moved to dismiss, arguing: (1) POM’s Lanham Act claim was still improperly directed at the naming, labeling, and packaging of Coke’s juice blend and (2) POM lacked standing to pursue its UCL and False Advertising Law (“FAL”) claims because POM had not “lost money or property” due to Coke’s allegedly false advertising. Judge Otero denied the motion.

In his decision, Judge Otero held that POM’s Lanham Act claim could continue because it was still not certain whether POM’s claims focused on the naming and labeling of the juice blend, or Coke’s advertising and marketing. For instance, Judge Otero stated POM’s complaint had allegations aimed at Coke’s website, which “place[] a ‘prominent image of a split open pomegranate’ next to the Juice name, and advertise[] the Juice . . . as ‘cranberry and pomegranate juice.’” According to Judge Otero, these “informal cues” could be considered advertising or marketing and subject to a Lanham Act claim. Moreover, to the extent there was “informal naming and labeling” on Coke’s website, it would not implicate FDA regulations, and thus could also be the subject of a Lanham Act claim.

Judge Otero also rejected Coke’s argument that POM lacked standing to pursue its UCL and FAL claims. The Court noted that standing under the UCL and FAL is limited to plaintiffs who have “‘suffer[ed] losses of money or property that are eligible for restitution.’” Although the California Supreme Court has made clear that the restitutionary remedy under the UCL is limited to the return of money or property that a defendant took directly from a plaintiff, and POM had merely alleged lost market share and profits, Judge Otero still held POM has alleged facts entitling it to restitution and thus had standing. The Judge reasoned that restitution under the UCL is also proper if the plaintiff has lost money or property in which it has a “vested interest,” and POM had a “vested interest” in profits derived from Coke’s allegedly unlawfully increased market share. As such, POM had standing to bring its UCL and FAL claims.

In allowing POM’s case against Coke to proceed, Judge Otero’s decision raises a number of important issues. For companies selling products subject to FDA regulation, Judge Otero’s conclusion that Coke’s website may be subject to a Lanham Act claim because it has “informal” advertising and marketing may justify an advertising review for certain products. Furthermore, Judge Otero’s decision represents another instance in which a court has tied standing under California’s UCL to eligibility for restitution, an issue that may well be addressed in another case, Kwikset Corp. v. Superior Court, currently pending before the California Supreme Court. Finally, by finding POM may be entitled to “restitution” of the profits Coke generated from POM’s allegedly lost market share, Judge Otero’s decision raises the question of whether it has interpreted the restitution remedy available under the UCL to be indistinguishable from damages, which the California Supreme Court has clearly held are not available under the UCL.

- Suzanne Wilson, James Speyer, and Chris Tarbell

These cases were brought to address on a large scale issues frequently confronted by brand owners in their efforts against counterfeiters. Specifically, counterfeiters frequently purchase keywords from Google that correspond to registered trademarks such as “Louis Vuitton. ” When an Internet user searches for “Louis Vuitton,” this triggers advertisements in Google’s search results that redirect consumers to websites where they can purchase counterfeit merchandise (e.g., “Louis Vuitton Replica” and “fake Louis Vuitton handbags”). The Advocate General’s resolution of the questions posed to the ECJ is bad news for trademark owners.

These cases had originally been filed in French courts, which then referred a number of questions to the ECJ, including whether use of a mark by an internet search engine in return for a payment (e.g., Google's AdWords system) constitutes trademark infringement under Article 5 of the First Trademarks Directive (89/104/EEC) and whether trademark owners are entitled to prevent the sale of trademarks as keywords. It also sought guidance on the defences available to internet service providers under Article 14 of the E-Commerce Directive (2000/31/EC) - that they are acting as “a mere conduit”.

In today’s opinion, the Advocate General said that Google is not infringing a trademark by permitting advertisers to select keywords corresponding to trademarks on the grounds that such selection is not use in the form of a sale of a product or service to the general public. This use is not a use made in relation to goods or services identical or similar to those covered by the trademark under Article 5 of the First Trademarks Directive. The same argument applies to advertisers who select keywords corresponding to trademarks.

The Advocate General also said that internet users are aware that other sites, not just the rights holder's site, will appear in search results. Internet users' access to information concerning the trademark should not be limited to or by the mark owner even if the mark at issue has a reputation.

He rejected arguments that Google's actual or potential contribution to a trademark infringement by a third party should constitute an infringement in itself, concluding that mark owners would have to refer to specific instances giving rise to Google’s liability in the context of illegal damage to their trademarks.

The decision’s focus was somewhat different from U.S. decisions on this issue. Importantly, the ECJ’s decision held that “the mere display of relevant sites in response to keywords is not enough to establish a risk of confusion on the part of consumers as to the origin of goods or services.” In the U.S., most courts have focused on the possibility of confusion caused by the content of the triggered advertisements. For example, under the facts here, U.S. courts may have placed more emphasis on the use of the trademark owner’s name in the display ads.

Despite these differences, there are a number of parallels in the ECJ decision to issues that frequently arise in U.S. trademark infringement cases. The ECJ’s inquiry of whether there has been a “use that takes place in the course of trade” is analogous to the threshold “use in commerce” question that until very recently divided U.S. courts. Unlike U.S. courts, which are in general agreement that both the purchase and sale of keywords are “uses in commerce,” the ECJ distinguishes between the conduct of Google and that of Google’s customers. Namely, Google’s sale of such keywords is “in the course of trade,” whereas the purchase of such keywords is a “not a commercial activity, but a private use.” The ECJ also declined to recognize the U.S. concept of contributory infringement, rejecting “the notion that the act of contributing to a trade mark infringement by a third party . . . should constitute an infringement itself.”

This decision is a blow for trademark owners in the EU in that it will, if followed by the ECJ, result in brand owners having to specifically prove loss in order to succeed in any action for trademark infringement. This may be possible in some cases but will make bringing actions all the more difficult.

- Simon Bennett, Brent LaBarge, and Suzanne Wilson

Panelists at the event will include:

• Mary Engle, Associate Director Advertising Practices, Bureau of Consumer Protection, Federal Trade Commission
• David Mallen, Associate Director, National Advertising Division, Better Business Bureau
• Michael Mazis, Professor Emeritus of Marketing, American University School of Business
• Randy Miller, Litigation Partner, Arnold & Porter LLP (moderator)

The above attorneys and professionals in false advertising disputes will present an informal dialog on:

• Identifying and challenging implied claims in advertising litigation
• Lessons learned from recent cases -Comparison of the self-regulatory process to litigation
• How false advertising cases play out at the Federal Trade Commission (FTC) and the National Advertising Division of the Council of Better Business Bureaus, as well as those cases involving the Lanham Act, consumer class action, and state attorneys general
• The perspective of the regulators: recent developments at FTC
• How surveys are used (and misused) in advertising disputes
• Defenses: puffery, primary jurisdiction, voluntary cessation, truth, and counterclaim

NAD recently rejected a challenge by Hansen Beverages, makers of Monster, to an ad for 5 Hour Energy featuring heaping spoonfuls of white sugar being poured into a 16 ounce Monster Energy can while a voiceover touted the effects of 5 Hour Energy with its “zero sugar and only 4 calories.” Hansen argued that the ad constituted an “apples-to-oranges” comparison since the 16 ounce Monster Energy can contained two whole servings, while the 5 Hour Energy product was a mere single serving “shot” of liquid.

NAD looked at two questions: 1. Whether 5 Hour Energy could make the comparison at all in light of the obvious differences in serving sizes; and 2. If the comparison is consumer relevant, was the disclosure used by 5 Hour Energy about the serving sizes adequate? NAD began by noting that 16 ounce cans are the standard size in the industry and that consumers typically consume an entire can in one sitting. Moreover, NAD noted that it’s unlikely Monster Energy is meant to be drank over several sittings given that it is served as a carbonated beverage in a can; not particularly portable or good after sitting for long periods of time. As a result, NAD concluded that the comparison between the two products was consumer relevant given that 5 Hour Energy was intended for the same type of use. Moreover, NAD cited to the FDA Nutrition Labeling; Guidance for Industry, finding that one can is typically considered a single serving. NAD also pointed out that FDA has been encouraging manufacturers to be flexible with current regulations concerning serving sizes and consider representing a “single serving” as one that can be consumed at a single sitting.

NAD noted, however, that while it has “long held that, although advertisers are not required to limit their comparative claims to a competitor’s ‘most similar’ product, when making an apples-to-oranges comparison, the advertiser must clearly disclose any material differences between the products.” 5 Hour Energy had indeed included a tiny statement noting that the comparison was to a 16 ounce can of Monster and that each 16 ounce can contained two servings. After the initiation of the challenge by Monster, 5 Hour Energy agreed to increase the size of the disclaimer and leave it on the screen for a longer period of time. NAD was satisfied with this resolution.

The first question that comes to mind is “why would anyone do so?” and we have either three sound reasons, or at least three reasons that sound good. First, there’s no guarantee anything new will emerge from either Congress or the FTC without another “DPI” scare or unauthorized data breach fiasco to spur them along, leaving the two industry regimes as the only “guidance” companies have other than the Principles (and what the Commission may occasionally say the Principles relate to). Second, even if something new does emerge, good money is on the option where the FTC or Congress craft something that operates on top of self-regulatory programs rather than replacing them, making any differences between the Principles and those programs more important. Finally, some moves last week by a coalition of consumer privacy organizations may have upped the ante a bit. By offering detailed suggestions to address holes they see in the industry regimes, and urging Congress to plug these holes (and more), it becomes more important to know if holes really exist, and how big they might be.

As space is limited, we’ll tackle a review of the privacy organizations’ proposals in a companion piece, and focus here on the industry guidelines and the FTC’s Principles. This task is challenging enough given the size of the guidelines, inconsistent commentary or explanations, and the tendency of their drafters to use different terms, define the same terms differently, and consequently make life a bit more difficult for anyone attempting to do what we’re doing for you. 

THE FTC’s PRINCIPLES: A REVIEW AT LIGHT SPEED

The Principles track the FTC’s approach in deceptive statements and data security protections: it’s all about the data and the disclosures. Data is big in the principles, defined as information that supports BA and can be linked to a person or computer, regardless of whether its “PII”, “Non-PII”, or for that matter “Brent-Spiner Data”. At the same time, practices commonly used by companies consistent with consumers’ expectations, or raising fewer privacy concerns, are exempt. First-parties (i.e., websites consumers directly interact with) are exempt unless they sell or share data with others, or participate in BA networks. Contextual Advertising (targeting ads based on a single session) is exempt, as long as session data isn’t combined with a user’s previous browsing history, or kept around for future use. Disclosures should be “clear, concise, consumer-friendly, and prominent”, but can live inside a site privacy policy (whether visited frequently, sporadically or with the regularity of passes from Halley’s Comet). Choices can be either opt-in or opt-out, unless data raises “heightened privacy concerns” (material changes to how companies use already collected data, and use of sensitive information require prior opt-in). Whether data is sensitive depends on context, but “financial data, data about children, health information, precise geographic location information, and Social Security numbers” are pretty good examples. Lastly, data should be protected, and retained only as long as business “needs” it.

THE NAI’s CODE: WHAT YOU NEED TO KNOW IN 10 SENTENCES

NAI’s Code addresses a “traditional” advertising network model (cookies and tracking browsing habits at thousands of sites), and ignores other practices. It defines BA differently - OBA (Online BA) is only done by third parties, and a practice isn’t OBA unless data is put into consumer interest segments - collection and use of data outside those segments isn’t OBA at all. First parties get a complete free pass, even if they sell or share data, and participate in ad networks. Different practices are exempt, including “Ad Delivery & Reporting” (ADR). ADR can occur across thousands of web sites just like OBA, and continue even after a user opts-out of OBA, but ADR isn’t really OBA because data isn’t put into “consumer interest segments,” and besides, it’s less important data anyway. PII and Non-PII data each get their own provisions for notice, protection, choice, and ostensibly separate dressing rooms (although “merging” the two is a sensitive subject in the Code). PII is anything protected by law, or that can precisely locate or identify a person, but not her computer, which remains only Non-PII. The Code protects PII as zealously as a chaperone at a tween dance, but acts as though Non-PII is already heading down the path of spinsterhood and not worth the effort. The Code defines Notice and Robust Notice, but neither are required near where information is collected. Consumers are given different choices depending on data and how it’s used: opt-out for use of non-PII for OBA, and merging PII with Non-PII companies haven’t collected yet but really want to; opt-in before companies use sensitive data, or merge PII with Non-PII they already have. For compliance, the Code provides some detail on how NAI will internally resolve issues with members, but has limits for consumers who submit complaints, or wish to track the status of what they submit.

IAB’s GUIDELINES: BIGGER, BETTER, BUT WILL IT BE ENOUGH?

The Guidelines add “service providers” (ISPs, Browser Toolbar-makers & Application Builders) to the list of parties, but exempt both contextual advertising and ADR. The result? More clarity on who is covered, but less on what they can and can’t do. Disclosures depend on which party is performing which activity - generally everyone except first parties provides “clear, meaningful, and prominent notice” from their own websites and a way consumers can opt-out of collection, use, and transfer. First parties only have to provide a link to disclosure notices in privacy policies, from the bottom of pages where data is collected or used. Third parties provide “enhanced notice” by linking to disclosures in or around an ad, or at the bottom of the page, but only if first parties let them. Only third parties and service providers offer choice - third parties offer an opt-out, and service providers have to get an opt-in. Like the NAI, everyone has to get prior consent before merging PII with already-collected Non-PII. The Guidelines address data security slightly differently (same result), but keep to the theme that service providers have to do more (requiring them to hash their data, so others can’t tell who it refers to). First parties are still relatively free to share or sell data with third parties or service providers, although those groups have to get consent before they further share or sell data to anyone else. Compliance mechanisms are a work in-progress, but include a rough scheme that keeps referrals to “appropriate government agencies” as the hammer waiting to be dropped.

SO WHAT ARE THE DIFFERENCES ALREADY?

1. Data: What’s in a name? Unlike the Principles, the Code and Guidelines treat PII and Non-PII data differently. While protections for PII are generally equal to or better than those in the principles, Non-PII data is largely the red-headed step child of both. The NAI and IAB insist PII only relates to specific people, and not specific computers, so many practices that use data to target computers or mobile phones fall through the cracks, one of the main reasons the FTC decided in the first place not to make such a distinction.

2. Consent - who, me? The Principles require “affirmative express consent” (AEC) before companies can do several things, the Code requires a user “expressly consent” through “some affirmative action”, and the IAB says “Consent”. The Principles require AEC before material changes to privacy policies that affect previously-collected data. ‘Fine’ responds the Code and Guidelines, but a change is only material if it involves merging PII with previously-collected Non-PII. Neither suggest other changes to privacy policies, like the selling or sharing of data with new parties, are material and trigger heightened consent.

3. First parties are not all created equally. The Principles allow first parties to continue practices within their families of websites as long as they don’t sell or share data with third parties or participate in BA ad networks. Not so for either the Code or Guidelines. Under both, unless a first party itself starts practicing BA, by collecting data across foreign sites (not those within a family) and placing ads, it’s still exempt and free to sell / share data and participate in networks.

4. Whaddya mean I can’t use this data? The Principles only exempt contextual advertising which uses data from a single session, and doesn’t keep anything afterwards. Both the IAB and NAI also largely exempt historical data that comes from webserver log files, saying this information is needed to perform metrics and show whether users are clicking on ads. Although the FTC staff would probably agree on that point, they probably wouldn’t say you can still use this data to target ads to computers or phones after a user has opted out. Both the IAB and NAI though seem to think since data is being collected anyway in webserver log files, and it’s going to be used anyway for other purposes, companies should be able to use it to target ads as long as they don’t go overboard.

For those who prefer a visual, see attached chart for these differences spelled out in a different format. And, stay tuned to this space for further developments in the evolving great BA debate.

The FCC’s existing truth-in-billing rules, which currently only apply to wireline and wireless voice service providers, require that customer bills:

• Be clearly organized, clearly identify the service provider, and highlight any new providers;
• Contain full and non-misleading descriptions of charges; and
• Contain clear and conspicuous disclosure of information needed for the consumer to contest charges or make inquiries related to the bill.

The FCC’s present inquiry suggests that the FCC could attempt to expand (through a formal rulemaking) the scope of these rules in two ways.

First, the FCC’s existing information disclosure policy has focused on the formatting of consumer bills. The FCC now seeks information available to consumers at all stages of the purchasing process (including selecting a service provider, selecting a service plan, managing use of the service plan, and switching an existing provider or plan).

Second, the FCC has solicited comment on whether any existing truth-in-billing rules or other rules that may develop out of the current inquiry should – for the first time – apply to providers of broadband Internet access, interconnected Voice over Internet Protocol (VoIP) and video subscription services.

The FCC is asking for public input in several key areas including:

• to which services any new and current truth-in-billing rules should apply;
• whether the FCC has jurisdictional authority to adopt truth-in-billing and other consumer protections;
• information that consumers need in all stages of the purchasing process;
• best practices for display of consumer information;
• technological tools that currently or will in the future help consumers compare services and receive information;
• processes for resolving complaints;
• additional consumer education initiatives; and
• relevant consumer disability issues.

Comments and reply comments in response to the Notice are due October 13, 2009 and October 28, 2009, respectively.

- Stephanie Phillipps, Maureen Jeffreys, and Stefanie Alfonso-Frank

This saga began when the FTC initiated an action on June 2, 2004 against the defendants charging them with making false claims regarding the Coral Calcium and Supreme Greens products (complaint found here). A preliminary injunction issued on July 3, 2004 enjoining defendants from making false or misleading claims concerning any dietary supplement during the pendency of the action. Thereafter, and following discovery, the FTC filed a motion for summary judgment against the defendants arguing that they were liable for falsely claiming that the Coral Calcium and Supreme Greens products would treat, cure or prevent any number of health related problems.

In July 2008, District Judge George A. O’Toole, Jr. of the United States District Court for the District of Massachusetts granted the FTC’s motion for summary judgment, finding that the defendants were liable for deceptively touting the cure-all affects of the Coral Calcium and Supreme Greens products. (Summary judgment decision found here) Following this decision, discovery was conducted and a bench trial had to determine the appropriate terms of injunctive relief and the amount of monetary relief to be ordered.

Judge O’Toole has now spoke . . . and he has hit hard. (August 27 decision and order found here) Acknowledging the willful nature of defendants conduct, Judge O’Toole permanently enjoined the defendants from making any representation about the health benefits, performance, or efficacy, of any product (including the Coral Calcium and Supreme Greens products) unless the representation is true, non-misleading, and, at the time the representation is made, the defendants possess and rely upon competent and reliable scientific evidence that substantiates the representation. As for the assessment of disgorgement, Judge O’Toole determined that defendants’ record keeping with respect to profits of the products was not reliable. The Court was troubled that there were multiple different versions of Defendant’s financial statements with different amounts listed for sales and net income, stating “The degree of difference was not so great that a reasonable estimate could not be made on the basis of the differing figures, but the very fact of the variations, together with other evidence about the casual and deceptive way financial information was maintained and reported . . . undermines any confidence that even the ranges reported are close to accurate. The defendants were fiction writers in their infomercial and there is reason to be concerned they were fiction writers in their financial statements.” Thus, the Court accepted the sales numbers advanced by the FTC ― net revenue numbers rather than net profits during the time the ads at issue were run, totaling approximately $70 million. The disgorged sum will be used for consumer redress.

We have blogged in this space before about some of Trudeau’s past run-ins with the FTC. The current chapter in the FTC-Trudeau saga arises from alleged violations of a 2004 consent order, which banned Trudeau from making further infomercials -- with the exception of infomercials for books. Even for books, Trudeau agreed not to “misrepresent the content of the book” in the infomercial. His infomercial for The Weight Loss Cure “They” Don’t Want You to Know About trumpeted the book as containing an “easy,” “simple” weight loss program able to be completed at home. In fact, the book’s dozens of dietary and lifestyle restrictions included a 500-calorie daily diet and injections of a prescription hormone not approved for weight loss. For this violation of the 2004 Consent Order, the district court held Trudeau in contempt, a result that the Seventh Circuit affirmed three weeks ago.  The district court also attempted to sanction Trudeau by ordering him to pay $37.6 million and banning him from appearing in infomercials of any kind for the next three years. This, the Seventh Circuit found “troubling.” 

Monetary Sanctions

First, the Seventh Circuit vacated and remanded the monetary sanction. The court found that although the $37.6 million figure might be correct, the order below did not provide enough detailed findings to permit the court to affirm the conclusion.

The court found that the sanction could not properly be considered “compensatory” because the district court’s order lacked “two key ingredients”: an explanation of how the court arrived at the $37.6 million figure, and any mention of how the sanction should be administered. If the figure represents “the loss that consumers suffered as a result of defendant’s deceptive infomercials,” the court posed the following potential follow-up questions: “Does it include all book sales, or only sales made through the 800-number provided in the infomercials? Does it include Internet sales? Does the figure include shipping and handling fees?” And so on.

Further, the Seventh Circuit invited the district court to consider whether, as Trudeau requested, to base its calculations not on consumers’ losses but rather on Trudeau’s gains, a figure Trudeau contended was a significantly smaller amount. The court noted, “Whether the [district] court chooses consumer losses or ill-gotten gains, though, the court must explain why it chose the calculation method it did and how the record supports its calculations.” (Interestingly, the court had at first imposed a fine of $5.1 million reflecting disgorgement of Trudeau’s profits but then several months later upped the fine to $37.6 million to reflect consumer losses.) Moreover, the district court must also outline how the sanction is to be administered: “Simply ordering money to be paid to the U.S. Treasury rather than to reimburse consumers looks more like a criminal fine than a compensatory sanction.” Therefore, the court vacated the monetary sanction and remanded for further proceedings.

Infomercial Ban

The Seventh Circuit likewise vacated the district court’s three-year ban on Trudeau appearing in infomercials for any product, including books and other publications. Again, the court based its decision on the distinction between criminal and civil sanctions: “[C]ivil contempt sanctions come in two breeds, and two breeds only. They either compensate those harmed by the contemnor’s violative conduct or coerce the contemnor to cut it out. Otherwise they are criminal sanctions and require criminal process.” The infomercial ban is clearly not compensatory, but does it properly “coerce” compliance with the 2004 Consent Order prohibiting Trudeau from misrepresenting the content of his books by simply banning his infomercials outright? No, the court said, because a coercive sanction must include an opportunity to purge. The court stated, “The trouble with the infomercial ban is that it lasts for three years no matter what Trudeau does. Trudeau could take all the steps in the world to convince the FTC and the district court that he will be truthful in his next infomercial, but even if he offers to read his work word-for-word and say nothing else, he cannot free himself of the court’s sanction.” Accordingly, the court vacated the infomercial ban.

What Next?

So, where does this leave the district court and FTC? The district court might choose to fashion an appropriate coercive remedy, in line with the instructions given by the Seventh Circuit. Or, the 2004 Consent Order could be modified, either on motion from the FTC, or at the court’s discretion. But it will be interesting to see whether the court chooses to pick up on another option suggested by the Seventh Circuit: teaming with their DOJ colleagues and pursuing the imposition of a criminal sanction. On a broader note, it seems as if the Seventh Circuit is requiring a level of detail with respect to the calculation and administration of civil penalties that has often been absent in the past. It will be interesting to see whether defendants in subsequent cases are successful in imposing similar requirements.

Because the parties did not submit any consumer perception evidence, NAD put on its consumer hat and made its own determinations as to how a reasonable buyer would interpret the advertising claims. Any company bringing or defending an action at the NAD has to make the difficult choice as to whether to conduct consumer surveys, almost always an expensive proposition if done right and still subject to critique, or roll the dice with NAD’s interpretations.

NAD found that the “more value vs. less” claim stating that 20,000 FlexPoints are worth up to $400 of airline travel whereas 20,000 SkyMiles are only worth $200 worth of airline travel, misled consumers to believe that SkyMiles could only be redeemed with American Express’ “Pay with Miles” program. However, SkyMiles may be redeemed in a variety of ways and 20,000 SkyMiles have potential values greater than $200.00. US Bank did provide a parenthetical disclosure that the “more value for less” claim applies only to comparisons between US Bank’s “Awards Tickets” program and the American Express “Pay with Miles” program. However, NAD found the disclosure to be inadequate for two reasons: 1) many ordinary consumers would not understand these terms and the fact that the programs are qualitatively different, and 2) the parenthetical was too small and inconspicuous.

In addition, NAD found that there was no evidence that FlexPerks consumers earned points “fast” as compared to SkyMiles consumers. Further, FlexPerks consumers do not “always” earn “double rewards” on either gas, groceries or airline purchases because the “double rewards” program does not apply to such expenditures exceeding $12,000 per year; and SkyMiles redemptions are not subject to “blackout dates” because consumers could choose to redeem more miles to obtain tickets for certain flights that are unavailable at the general miles requirement level.

NAD did find that evidence supported US Bank’s “free vs. fee” and “half as many places” claims; Delta did impose fees “up to” $150.00 on certain redemptions, and Visa is accepted in over twice as many global locations as American Express. However, NAD did recommend that US Bank modify the latter claim by clearly stating that the claim is based on global as opposed to domestic data.

When creating direct comparisons with a specific competitive product, advertisers should take care to ensure accuracy, that the express words selected for comparison do not include unintended implied claims, that all bases of comparison are clear, and to make necessary disclaimers conspicuous. If you’re going to make a claim, you have to make sure it is true under all circumstances or, if not, clearly disclose when it is or is not true, even if the circumstances under which it is not true are very limited.

See NAD’s press release here.

Thus, despite the fact that it has become more difficult for private plaintiffs in California to enforce laws, Proposition 64 hung a carrot in front of government agencies, giving them an incentive to file suit against the state’s businesses. Not surprisingly, the result has been an increasing trend of government enforcement of California’s consumer laws. Because a company’s violation of any law -- local, state, or federal -- is a violation of California’s Unfair Competition Law, it provides for catchall enforcement regardless of the policies of regulatory agencies. Areas of special focus include false advertising, slack fill prohibitions, financial disclosures, and chemical labeling requirements. The consumer protection divisions of many government prosecutors’ offices now have a growing source of funds dedicated solely to the enforcement of these laws. Furthermore, state and local prosecutors also regularly work across county lines to increase the impact of these new-found resources.

These actions include the recently-settled alleged violations of California’s unusually detailed gift card requirements brought by a coalition of district attorneys from of Sonoma, Monterey, and Shasta counties. See here. California’s gift card requirements have traditionally been enforced almost exclusively by private plaintiff’s lawyers under the state’s Unfair Competition Law. But recently, California’s district attorneys and city attorneys have become increasingly active in enforcing this statute and other “only in California” requirements. 

Similar recent enforcement actions of obscure consumer laws, just to name a few, include:

• An action brought by district attorneys from Monterey, Napa, Solano and Sonoma counties against a major discount retailer and the manufacturer of its private label gear oil regarding allegations that the oil did not meet advertised viscosity levels (see here);
• An action brought by the California Attorney General against a retail pharmacy chain regarding allegations that contrary to the company’s representations to consumers, products were kept on the shelves after their expiration dates (see here);
• An action brought by district attorneys from Los Angeles, Sacramento and Shasta counties against a cold medicine manufacturer regarding allegations that products contained non-functional slack fill (see here); and
• An action brought by district attorneys from Marin, Sonoma, Ventura, Solano, Napa, Santa Clara, Sacramento, Los Angeles and the City Attorney of Los Angeles against an office supplies retailer regarding alleged failure to charge the correct prices for certain merchandise (see here).

In light of California’s widely-publicized economic woes, including the issuing of IOU’s to local governments and mandatory furlough days for state employees, the enforcement trend is only likely to gain ground as state and local governments scramble to figure out how to operate with severely restricted budgets. With more than 60 government prosecutors’ offices authorized to bring Unfair Competition Law suits, and keep the penalties they collect, those doing business in California should be prepared for the continuing increased government scrutiny.

There several key points to remember if your company becomes ensnared in a government investigation. Companies often will naturally be inclined to cooperate with the agency conducting the investigation, and while that certainly is a good instinct in many circumstances, it is important to also keep in mind that the goal of the government investigators is not necessarily to assist the company in complying with the law, but rather to develop evidence to prosecute the company.

Additionally, regardless of the apparent scope of the issues, it is important to get an attorney involved in the process (in-house or outside counsel) as early as possible. Even for a seemingly small matter, sensitive legal questions could arise and it is critical that someone is able to fully consider all of the legal consequences of any actions the company takes in response to an investigation. If documents are requested by the government, it is important that the company balance the need to ensure that it does not withhold any information that has been validly requested, while minimizing the risk that it will be found to have waived any applicable privileges. The company should demonstrate to the government and the public that it is interested in a rigorous, honest and complete examination of the potential violations. Because outside counsel is independent of the company, their involvement may provide an advantage in building credibility with government prosecutors. As facts are developed, the company should constantly be looking for arguments against prosecution or circumstances mitigating the amount of potential penalties. Finally, early on in the process, the company should explore its insurance coverage to determine if attorneys fees may be covered, particularly if the policy requires that the carrier be notified of the potential claim.

- Mark Pifko

Click here to read the full adjudication. A video of the advertisement can be found here.

- Richard Dickinson and Jake Marshall