Advertising Law - December 31, 2013

by Manatt, Phelps & Phillips, LLP
Contact

FTC Shines a Light on Flashlight App’s Geolocation Data Sharing

In the agency’s first action involving geolocation data, Goldenshores Technologies, LLC, settled charges with the Federal Trade Commission that the company failed to adequately disclose that users’ location information was shared with third parties.

Noting that “Brightest Flashlight Free” app is “one of the most popular” apps for Android mobile devices, the FTC said that Goldenshores deceived the “tens of millions” of users that downloaded the app. The company’s privacy policy informed users that Goldenshores would collect data, providing a list of the types of information that would be gathered. But since at least February 2011, the company neglected to mention that geolocation information would be shared with third parties, including ad networks, the FTC alleged.

In addition, Goldenshores offered users a deceptive choice, the FTC said. After downloading the app, the first time users opened it, they were presented with the company’s End User License Agreement and a choice to “Accept” or “Refuse” the terms. The decision was illusory with regard to data collection, the agency claimed, because even before the user accepted the terms the app was already collecting and sharing their unique device identifier and exact geographic location.

“When consumers are given a real, informed choice, they can decide for themselves whether the benefit of a service is worth the information they must share to use it,” Jessica Rich, Director of the FTC’s Bureau of Consumer Protection, said in a press release about the settlement. “But this flashlight app left them in the dark about how their information was going to be used.”

Under the terms of the proposed settlement, the defendants – Goldenshores and Erik M. Geidl, manager of the company – would be required to delete any personal information collected from users. Future misrepresentations about the collection and sharing of customer information, including the level of control given to consumers about how their data is used, would be prohibited. Finally, Goldenshores promised to add a just-in-time disclosure regarding geolocation data requiring affirmative express consent from users before the collection, use, and sharing of the information.

The proposed consent order is open for public comment until January 6, 2014.

To read the complaint and the proposed consent order in In the Matter of Goldenshores Technologies, LLC, click here.

Why it matters: The Goldenshores action signals focus by the agency on the intersection of consumer privacy and geolocation data, an issue previously recognized by Sen. Al Franken (D-Minn.). Last year Sen. Franken introduced the Location Privacy Protection Act, which would have required mobile apps to receive user permission before collecting and sharing location data. Although the bill was approved by the Senate Judiciary Committee in a voice vote, it also faced opposition from the Interactive Advertising Bureau, which argued the law would have posed technological challenges for the mobile industry.

back to top

Internet of Things Open for Comment

A recent Federal Trade Commission workshop on the Internet of Things was only the beginning.

After spending a day discussing the burgeoning ecosystem, the agency is now requesting comment on some of the topics discussed about the “ability of everyday devices to communicate with each other and with people.”

Specifically, the FTC wants to learn more about the potential benefits for consumers from the Internet of Things. Counterbalancing the benefits, the agency asked about the privacy and security challenges posed by the new technology. “How can privacy and security risks be weighed against potential societal benefits (such as improved health-care decision-making or energy efficiency) for consumers and businesses?” the FTC asked.

As discussed during the workshop, the agency questioned what the appropriate role of the Fair Information Practice Principles should be in the Internet of Things, and what steps companies can take – prior to releasing a product or service on the market – to limit potential security problems.

Notice and choice for consumers may also present unique challenges within the Internet of Things, the FTC acknowledged, asking what options companies have when providing effective notice and choice is impossible.

The agency also queried what effect the Internet of Things may have on data de-identification or anonymization and how companies can reach consumers without an ongoing relationship. For example, how can consumers be notified if a software update or security patch is available for a product?

The deadline for filing comments with the agency is January 20, 2014.

To learn more about the workshop, from the agenda to videos of the proceedings, click here.

Why it matters: At the workshop, FTC speakers indicated that the agency plans to release a report on the Internet of Things in 2014 with recommended best practices for smart devices. While Jessica Rich, Director of the FTC’s Bureau of Consumer Protection, also said the agency does not intend to issue new regulations on the topic, the FTC asked for comment on whether “new use-restrictions [are] necessary to protect[ ] consumers’ privacy,” as well as sought input on how the FTC should “encourage innovation in this area while protecting consumers’ privacy and the security of their data.”

back to top

Spotify Sued Over Automatic Renewals

According to a new class action suit filed in California, music streaming service Spotify violated state law by failing to obtain affirmative consent from users before enrolling them in an automatic renewal program.

Spotify offers users two membership options: the Unlimited plan, which gives users the ability to listen to music ad-free on their desktop and/or laptop for $4.99 per month, and the Premium plan, which for $9.99 per month offers the same service on multiple devices (such as a desktop, laptop, and cell phone). When Melissa Bleak accepted an offer for a one-month trial of the Premium service in August, she provided her credit card. Since then, her card “has been charged and continues to be charged, every month, on a recurring basis,” according to her complaint, without her express permission.

Users who upgrade to the Unlimited or Premium plans on their desktop or laptop computers select the desired plan and a payment method, and a statement appears: “You authorize Spotify to automatically bill your credit card each month, until you cancel your subscription. No refunds or credits for partial monthly subscription periods. You can cancel your subscription at any time by logging into your account and follow [sic] the cancellation instructions.”

Those who upgraded via a free 30-day trial link were told: “If you do not cancel your subscription before the end of the free trial the credit card you provide will automatically be charged the Spotify Premium subscription fee of US $9.99 + $0.00 sales tax per month, until you cancel. You can cancel at any time by logging into your Spotify account and follow the cancellation instructions.”

Despite these statements, Bleak claimed the company’s auto renewal plan violated Section 17602(a)(2) of California’s Business and Professions Code because users did not affirmatively consent to the terms. Spotify failed to provide a link to the terms and conditions of its service and failed to provide a mechanism such as a box for users to click that they agreed to the terms, Bleak said.

Bleak’s amended complaint noted that her suit only pertains to users who enrolled in the service via their desktop or laptop – the Spotify application requires a user to check a box stating that he or she has agreed to the terms of service.

In addition to damages and/or full restitution in the amount of the subscription payments made by all California residents who paid for the Premium and Unlimited plans on their desktop or laptop computers since December 2010, the suit seeks injunctive relief to stop Spotify’s auto renewal program.

Although Bleak originally filed her putative class action in state court, Spotify already filed a motion to remove the case to federal district court pursuant to the Class Action Fairness Act. Federal jurisdiction is appropriate because the proposed class is composed of more than 100 members and the aggregate amount in controversy exceeds $5 million, the company said. California residents spent more than $9.5 million via auto renewal payments for the Premium plan in 2013 alone, Spotify said – putting “substantially more” than $5 million in controversy.

In its motion, Spotify also said it “denied Bleak’s allegations of liability, injury and damages and will oppose certification of the putative class.”

To read the motion to remove and the complaint in Bleak v. Spotify, click here

Why it matters: Companies that offer automatic renewals should endeavor to make clear and conspicuous disclosures of all material terms of their programs or face the possibility of regulatory action or a class action suit.

back to top

Still on Sale? Retailer Faces Yet Another Inquiry into Sale Pricing

Jos. A. Bank Clothiers is dealing with yet another investigation into its advertising and marketing practices.

Having weathered inquiries from attorneys general in Florida, Georgia, and New York, the men’s clothing store chain recently received a subpoena from Ohio Attorney General Mike DeWine. The new investigation was revealed in the company’s quarterly earnings report earlier this month.

“We endeavor to monitor and comply with all applicable laws and regulations . . . to ensure that our advertising, marketing and promotional activities comply with all applicable legal requirements, many of which involve subjective judgments,” according to the report.

Jos. A. Bank is already facing legal action in the state of Ohio from a consumer class action. That suit claims the “regular price” listed by the company was “grossly inflated” to cover for the cost of offering consumers free suits in a buy one, get three free deal.

Outside of Ohio, the company has dealt with other legal woes based on its promotional materials. In 2004, the retailer paid $425,000 to settle charges of deceptive pricing in New York for having merchandise “perpetually ‘on sale,’ ” making the sale price actually the real price. A subsequent investigation was launched in 2011 by the state’s new Attorney General, Eric Schneiderman.

Jos. A. Bank’s most recent report states other challenges for the company with an investigation by Georgia’s Office of Consumer Protection, while a subpoena and inquiry from Florida’s AG “requiring the production of certain information relating to our advertising and sales promotion practices” is now closed.

Why it matters: The myriad of legal actions Jos. A. Bank is currently tackling provides an important lesson for advertisers: review promotional materials to avoid violations of relevant state law and potential regulatory or consumer legal action.

- See more at: http://www.manatt.com/ThreeColumn.aspx?pageid=28295&id=530816#sthash.j1NbsxCC.dpuf

FTC Shines a Light on Flashlight App’s Geolocation Data Sharing

In the agency’s first action involving geolocation data, Goldenshores Technologies, LLC, settled charges with the Federal Trade Commission that the company failed to adequately disclose that users’ location information was shared with third parties.

Noting that “Brightest Flashlight Free” app is “one of the most popular” apps for Android mobile devices, the FTC said that Goldenshores deceived the “tens of millions” of users that downloaded the app. The company’s privacy policy informed users that Goldenshores would collect data, providing a list of the types of information that would be gathered. But since at least February 2011, the company neglected to mention that geolocation information would be shared with third parties, including ad networks, the FTC alleged.

In addition, Goldenshores offered users a deceptive choice, the FTC said. After downloading the app, the first time users opened it, they were presented with the company’s End User License Agreement and a choice to “Accept” or “Refuse” the terms. The decision was illusory with regard to data collection, the agency claimed, because even before the user accepted the terms the app was already collecting and sharing their unique device identifier and exact geographic location.

“When consumers are given a real, informed choice, they can decide for themselves whether the benefit of a service is worth the information they must share to use it,” Jessica Rich, Director of the FTC’s Bureau of Consumer Protection, said in a press release about the settlement. “But this flashlight app left them in the dark about how their information was going to be used.”

Under the terms of the proposed settlement, the defendants – Goldenshores and Erik M. Geidl, manager of the company – would be required to delete any personal information collected from users. Future misrepresentations about the collection and sharing of customer information, including the level of control given to consumers about how their data is used, would be prohibited. Finally, Goldenshores promised to add a just-in-time disclosure regarding geolocation data requiring affirmative express consent from users before the collection, use, and sharing of the information.

The proposed consent order is open for public comment until January 6, 2014.

To read the complaint and the proposed consent order in In the Matter of Goldenshores Technologies, LLC, click here.

Why it matters: The Goldenshores action signals focus by the agency on the intersection of consumer privacy and geolocation data, an issue previously recognized by Sen. Al Franken (D-Minn.). Last year Sen. Franken introduced the Location Privacy Protection Act, which would have required mobile apps to receive user permission before collecting and sharing location data. Although the bill was approved by the Senate Judiciary Committee in a voice vote, it also faced opposition from the Interactive Advertising Bureau, which argued the law would have posed technological challenges for the mobile industry.

Internet of Things Open for Comment

A recent Federal Trade Commission workshop on the Internet of Things was only the beginning.

After spending a day discussing the burgeoning ecosystem, the agency is now requesting comment on some of the topics discussed about the “ability of everyday devices to communicate with each other and with people.”

Specifically, the FTC wants to learn more about the potential benefits for consumers from the Internet of Things. Counterbalancing the benefits, the agency asked about the privacy and security challenges posed by the new technology. “How can privacy and security risks be weighed against potential societal benefits (such as improved health-care decision-making or energy efficiency) for consumers and businesses?” the FTC asked.

As discussed during the workshop, the agency questioned what the appropriate role of the Fair Information Practice Principles should be in the Internet of Things, and what steps companies can take – prior to releasing a product or service on the market – to limit potential security problems.

Notice and choice for consumers may also present unique challenges within the Internet of Things, the FTC acknowledged, asking what options companies have when providing effective notice and choice is impossible.

The agency also queried what effect the Internet of Things may have on data de-identification or anonymization and how companies can reach consumers without an ongoing relationship. For example, how can consumers be notified if a software update or security patch is available for a product?

The deadline for filing comments with the agency is January 20, 2014.

To learn more about the workshop, from the agenda to videos of the proceedings, click here.

Why it matters: At the workshop, FTC speakers indicated that the agency plans to release a report on the Internet of Things in 2014 with recommended best practices for smart devices. While Jessica Rich, Director of the FTC’s Bureau of Consumer Protection, also said the agency does not intend to issue new regulations on the topic, the FTC asked for comment on whether “new use-restrictions [are] necessary to protect[ ] consumers’ privacy,” as well as sought input on how the FTC should “encourage innovation in this area while protecting consumers’ privacy and the security of their data.”

Spotify Sued Over Automatic Renewals

According to a new class action suit filed in California, music streaming service Spotify violated state law by failing to obtain affirmative consent from users before enrolling them in an automatic renewal program.

Spotify offers users two membership options: the Unlimited plan, which gives users the ability to listen to music ad-free on their desktop and/or laptop for $4.99 per month, and the Premium plan, which for $9.99 per month offers the same service on multiple devices (such as a desktop, laptop, and cell phone). When Melissa Bleak accepted an offer for a one-month trial of the Premium service in August, she provided her credit card. Since then, her card “has been charged and continues to be charged, every month, on a recurring basis,” according to her complaint, without her express permission.

Users who upgrade to the Unlimited or Premium plans on their desktop or laptop computers select the desired plan and a payment method, and a statement appears: “You authorize Spotify to automatically bill your credit card each month, until you cancel your subscription. No refunds or credits for partial monthly subscription periods. You can cancel your subscription at any time by logging into your account and follow [sic] the cancellation instructions.”

Those who upgraded via a free 30-day trial link were told: “If you do not cancel your subscription before the end of the free trial the credit card you provide will automatically be charged the Spotify Premium subscription fee of US $9.99 + $0.00 sales tax per month, until you cancel. You can cancel at any time by logging into your Spotify account and follow the cancellation instructions.”

Despite these statements, Bleak claimed the company’s auto renewal plan violated Section 17602(a)(2) of California’s Business and Professions Code because users did not affirmatively consent to the terms. Spotify failed to provide a link to the terms and conditions of its service and failed to provide a mechanism such as a box for users to click that they agreed to the terms, Bleak said.

Bleak’s amended complaint noted that her suit only pertains to users who enrolled in the service via their desktop or laptop – the Spotify application requires a user to check a box stating that he or she has agreed to the terms of service.

In addition to damages and/or full restitution in the amount of the subscription payments made by all California residents who paid for the Premium and Unlimited plans on their desktop or laptop computers since December 2010, the suit seeks injunctive relief to stop Spotify’s auto renewal program.

Although Bleak originally filed her putative class action in state court, Spotify already filed a motion to remove the case to federal district court pursuant to the Class Action Fairness Act. Federal jurisdiction is appropriate because the proposed class is composed of more than 100 members and the aggregate amount in controversy exceeds $5 million, the company said. California residents spent more than $9.5 million via auto renewal payments for the Premium plan in 2013 alone, Spotify said – putting “substantially more” than $5 million in controversy.

In its motion, Spotify also said it “denied Bleak’s allegations of liability, injury and damages and will oppose certification of the putative class.”

To read the motion to remove and the complaint in Bleak v. Spotify, click here

Why it matters: Companies that offer automatic renewals should endeavor to make clear and conspicuous disclosures of all material terms of their programs or face the possibility of regulatory action or a class action suit.

Still on Sale? Retailer Faces Yet Another Inquiry into Sale Pricing

Jos. A. Bank Clothiers is dealing with yet another investigation into its advertising and marketing practices.

Having weathered inquiries from attorneys general in Florida, Georgia, and New York, the men’s clothing store chain recently received a subpoena from Ohio Attorney General Mike DeWine. The new investigation was revealed in the company’s quarterly earnings report earlier this month.

“We endeavor to monitor and comply with all applicable laws and regulations . . . to ensure that our advertising, marketing and promotional activities comply with all applicable legal requirements, many of which involve subjective judgments,” according to the report.

Jos. A. Bank is already facing legal action in the state of Ohio from a consumer class action. That suit claims the “regular price” listed by the company was “grossly inflated” to cover for the cost of offering consumers free suits in a buy one, get three free deal.

Outside of Ohio, the company has dealt with other legal woes based on its promotional materials. In 2004, the retailer paid $425,000 to settle charges of deceptive pricing in New York for having merchandise “perpetually ‘on sale,’ ” making the sale price actually the real price. A subsequent investigation was launched in 2011 by the state’s new Attorney General, Eric Schneiderman.

Jos. A. Bank’s most recent report states other challenges for the company with an investigation by Georgia’s Office of Consumer Protection, while a subpoena and inquiry from Florida’s AG “requiring the production of certain information relating to our advertising and sales promotion practices” is now closed.

Why it matters: The myriad of legal actions Jos. A. Bank is currently tackling provides an important lesson for advertisers: review promotional materials to avoid violations of relevant state law and potential regulatory or consumer legal action.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Manatt, Phelps & Phillips, LLP | Attorney Advertising

Written by:

Manatt, Phelps & Phillips, LLP
Contact
more
less

Manatt, Phelps & Phillips, LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Privacy Policy (Updated: October 8, 2015):
hide

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.

Security

JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.