In This Issue:
Linda Goldstein Invited to Speak at Electronic Retailing Self-Regulation Program Workshop
This year’s Electronic Retailing Self-Regulation Program (ERSP) workshop on October 2 focuses on the prevailing trends in the direct response industry, including recent regulatory scrutiny of telemarketing practices and lead generation advertising.
Linda Goldstein, Chair of Manatt’s Advertising, Marketing & Media Division, will participate in a panel presentation titled “Direct Response Year in Review and What’s to Come.” The session will highlight recent developments in direct response marketing and advertising and practical considerations involving claim substantiation. Linda’s copresenters include Peter Marinello (Director, ERSP and VP, CBBB) and Maryana DeZarlo (Director, Broadcast Standards & Practices, Fox Broadcasting Company).
The event will be held at the Ritz-Carlton New York, Battery Park. For more information or to register for this conference, click here.
FTC Members Speak Out About Data Brokers, Big Data
Federal Trade Commission Chairwoman Edith Ramirez and Commissioner Julie Brill both spoke out recently about the issue of “big data.”
Referencing the revelations about the extent to which the National Security Agency collected information about citizens, Brill authored an op-ed in The Washington Post in which she noted that consumers have called on the government to increase transparency. Similar calls, she said, should be made on data brokers. “All day long, as we surf the Web, tap at apps or power up our smartphones, we send digital information out into cyberspace,” she wrote. “As we live our wired lives, we constantly add to the veins from which data miners pull pure gold.”
But the use of such collected information ranges from the benign – an ad for suede boots, for example – to illegal, when data dossiers are used to determine “what rates we pay, even what jobs we get.”
Therefore, Brill reiterated her call for a “Reclaim Your Name” program to be adopted by the data broker industry.
As envisioned by Brill, the self-regulatory program would “empower people to find out how brokers are collecting and using their data; give people access to information that data brokers have amassed about them; allow people to opt out if they learn that a data broker is selling their information for marketing purposes; and provide consumers the opportunity to correct errors in information used for decisions about substantive benefits.”
Brill’s piece concluded on a positive note. She suggested that data brokers and consumers can coexist peacefully “with a system that empowers consumers to make real choices about how our privacy information is used. Such a system would go a long way toward restoring consumer trust in the online and mobile ecosystems, allowing us to continue to enjoy all the convenience, entertainment and wonder that cyberspace has to offer.”
FTC Chairwoman Edith Ramirez also recently discussed data collection practices in her keynote speech at the Technology Policy Institute’s annual conference, where she cautioned that the agency plans to target companies with large quantities of data.
“Big data” poses a threat to privacy and enhances the need for data security, she said, and the agency intends to use its powers “like a lifeguard at the beach” to investigate and take action against companies that falsely state how they use consumers’ data or harm consumers with inadequate data security practices.
“Like a vigilant lifeguard, the FTC’s job is not to spoil anyone’s fun but to make sure that no one gets hurt,” Ramirez said. “With big data, the FTC’s job is to get out of the way of innovation while making sure that consumer privacy is respected.”
To that end, Ramirez – who noted that the agency has brought over 40 data security cases, including some against “very large data companies” like LexisNexis and ChoicePoint – made some suggestions to companies collecting consumer data.
Dangers like the indiscriminate collection of data, the lack of meaningful consumer choice, and the threat of a data breach could be minimized or avoided by the use of privacy by design, greater transparency, and meaningful consumer choice.
She also said the agency intends to release a report on data brokers by the end of the year and reiterated her support for the (currently stalled) Do Not Track initiative.
To read Brill’s op-ed, click here.
To read Woolley’s letter in response, click here.
To read the text of Ramirez’s speech, click here.
Why it matters: Linda A. Woolley, president and CEO of the Direct Marketing Association, issued an open letter in response to Brill’s “alarmist” editorial. “Asserting that consumers need to ‘reclaim their names’ focuses on speculative harms and ignores the consumer protection derived from customization and personalization of Internet experiences through the commercial use of data,” she wrote. “Suggesting that marketing data is used to ‘determine what offers we receive, what rates we pay, even what jobs we get’ is factually inaccurate and misleading, given that the use of any data – including marketing data – for eligibility determinations is already illegal under the Fair Credit Reporting Act. The op-ed wrongly suggests that this is not the case for some data. In fact, a ‘reclaim your name’ campaign would lead to more fraud and limit the efficacy of companies and data discussed in the op-ed.” Rachel Thomas, vice president of government affairs for the DMA, told MediaPost that Brill’s move doesn’t help the ongoing talks between her group and the agency. “These kinds of attacks do not help having that kind of productive conversation that we were involved in,” Thomas said. “The conflation of what the NSA does in terms of data practices, and what responsible marketers do, is irresponsible and inaccurate.” Companies compiling data should also note that Ramirez cautioned about the agency’s continuing focus on “big data” and its willingness to implement enforcement actions as needed. Or, as she put it, paraphrasing a well-known superhero adage: “With big data comes big responsibility.”
FCRA Settlement Results in Record $3.5M Payment to FTC
In the second-largest settlement negotiated by the agency under the Fair Credit Reporting Act, the Federal Trade Commission reached a deal with Certegy Check Services for $3.5 million based on allegations that the company failed to follow the correct dispute procedures under the Act.
Florida-based Certegy – one of the largest check authorization service providers in the country – compiles information about consumers to help merchants decide whether to accept their checks. But according to the FTC, Certegy failed to follow reasonable procedures to “assure maximum possible accuracy” of the information provided to retailers and then exacerbated the problem by not following the appropriate dispute procedures required by the FCRA.
Specifically, the defendant failed to timely investigate consumer disputes and follow up by deleting inaccurate, incomplete, or unverifiable information. The company also lacked a streamlined process so that consumers could get a free copy of Certegy’s report on them, the agency said.
According to the FTC, instead of investigating information disputed by consumers, the defendant passed the responsibility off to the consumer. According to the complaint, “If a consumer disputes that he has a returned check from a particular merchant, Certegy requires the consumer to contract the merchant himself to resolve the dispute,” and “When the decline is a result of an ‘invalid’ ID, Certegy requires that the consumer obtain and send driving records to Certegy to ‘prevent future declines.’”
The suit was also the first filed by the agency under the Furnisher Rule, which took effect July 1, 2010.
Pursuant to the terms of the settlement, Certegy is banned from future violations of the FCRA and must pay $3.5 million to the agency. The company also agreed to change its practices. It would henceforth no longer require that consumers contact third parties to resolve disputes and it agreed to provide consumers with copies of their reports within 15 days after receipt of a request.
To read the complaint and the stipulated final judgment in U.S. v. Certegy Check Services, click here.
Why it matters: The agency said the case against Certegy is part of a broader initiative targeting data brokers. “Inaccurate information in a consumer reporting agency’s file can have a huge impact on a person’s everyday life, starting with their check being denied at the grocery store,” Jessica L. Rich, director of the FTC’s Bureau of Consumer Protection, said in a press release about the suit. “In this case, we alleged that Certegy delivered a one-two punch: the company not only failed to assure that the information it provided to retailers was accurate, but it also failed to follow proper dispute procedures. Today’s settlement will benefit consumers who use checks to pay for essential goods and services, including many older consumers and people without alternate means of payment, such as credit cards.”
Fake Virus Ads Result in Healthy $1.2M Settlement With FTC
Virus-scan ads that appeared on Android mobile devices while consumers played Angry Birds were the basis of a $1.2 million settlement between Jesta Digital, Inc. and the Federal Trade Commission.
The agency alleged that Jesta Digital – also known as Jamster – designed banner ads similar to the Android operating system’s robot logo to dupe consumers into thinking their device was cautioning them about a potential virus. When consumers clicked on the ad they were taken through a series of landing pages. The screen displayed banners warning “stop mobile virus now” and “protect your android today,” but nothing indicated that more information was below. If a consumer scrolled down, they would have found “the smallest print on the page” stating “20 downloads for 9.99/mo.”
Ironically, if consumers actually clicked on a “subscribe” button and attempted to download the anti-virus software, the download often failed, the agency said. As evidentiary support for its complaint, the FTC referenced an internal Jesta e-mail which stated the company was “anxious to move [the] business out of being a scam and more into a valued service.”
According to the complaint, if a consumer clicked anywhere on the pages, they were enrolled in a monthly program for mobile-related content like ringtones, with the monthly charge of $9.99 added to their phone bill. Jesta’s mobile cramming utilized a billing method known as Wireless Access Protocol. The agency explained that WAP captures the consumer’s mobile phone number from the device and then uses it to place the charge on the mobile phone bill – without affirmative consent from the consumer.
To settle charges of violation of Section 5 of the FTC Act, Jesta agreed to a $1.2 million fine and to refund consumers who were billed for any good or service that involved the company’s claim that a device was infected with malware since Dec. 8, 2011.
The company is also prohibited from making deceptive statements about the cost of goods and services, the conditions of a purchase, and viruses and anti-virus software. Express, verifiable authorization prior to placing a charge on a consumer’s mobile phone bill must also be received.
To read the complaint and stipulated final order in FTC v. Jesta, Inc., click here.
Why it matters: In a press release about the case, the FTC noted that the complaint against Jesta was its second mobile cramming case and the first addressing WAP billing and scareware. Mobile “cramming” – the placement of unauthorized charges on a consumer’s phone bill – is an area of interest to the agency, which also held a roundtable on the topic earlier this year.
TCPA Suit Results in $5.2 Million Judgment
A federal court judge in Michigan ordered Lake City Industrial Products Inc. and its president to pay $5,254,500 for violating the Telephone Consumer Protection Act by sending more than 10,000 fax ads to potential customers.
Fax recipient American Copper & Brass Inc. brought the suit in 2009 and moved for summary judgment earlier this summer. Lake City objected, raising three defenses: first, that it lacked the requisite intent under the Act; second, that the plaintiff could not prove the actual number of fax recipients; and third, that a ruling for the plaintiff would cause it to file for bankruptcy.
U.S. District Court Judge Gordon J. Quist rejected each contention.
Jeffrey Meeder, Lake City’s president, conceded that he worked with Business to Business Solutions. Meeder responded to a B2B ad, completed a questionnaire used to design the Lake City fax advertisement, reviewed a draft and revised it, and ultimately approved the ad before sending it to the 10,000 targeted fax numbers. The defendants then tried to point the finger at B2B as the “sender” of the faxes.
But Judge Quist said that the TCPA is essentially a strict liability statute and the relevant Federal Communications Commission regulations define “sender” as “the person or entity on whose behalf a facsimile unsolicited advertisement is sent or whose goods or services are advertised or promoted in the unsolicited advertisement.” Lake City and Meeder clearly fell under this definition, the court said.
Even if the TCPA wasn’t a strict liability statute, “defendants would be vicariously liable for B2B’s broadcast fax,” he added.
The statute also does not require that a plaintiff establish the actual receipt of a faxed advertisement; instead, the court said, the “text merely requires that a defendant ‘send’ the fax and that the fax equipment be capable of transcribing text or images.” An expert report proffered by the defense identifying possible errors sending faxes between qualifying machines was therefore useless.
Judge Quist acknowledged that the issue of which devices fall within the scope of the TCPA “is a potentially complicated issue” because unsolicited faxes sent as email do not fall within the TCPA’s prohibitions. However, in the case at hand, the court said the evidence showed the devices used to send and receive the faxes were within the scope of the Act.
Finally, Lake City requested that the court consider the financial impact of the potential judgment against it, which it said would sound a “death knell” against the company. The relevance of the financial impact is one factor used by federal appellate courts, the judge wrote, but “for purposes of liability at the summary judgment stage, the court will not consider defendants’ ability to pay a judgment.”
Judge Quist then entered judgment against the defendants for $5,254,500.
To read the opinion in American Copper & Brass v. Lake City Industrial Products, click here.
Why it matters: Judge Quist’s decision accords with those of other courts that have considered whether the TCPA is a strict liability statute, but the decision is notable for the fact that a small Midwestern mom-and-pop operation will likely go under due to junk faxes. Meeder, Lake City’s president, claimed that he asked B2B whether its practices were legal and when a representative from the company responded in the affirmative, he accepted the answer. As Judge Quist noted in his opinion, “it appears that Meeder and Lake City are bigger victims of fraud or negligence (for not consulting a lawyer) than any individual member of the class.”
Apple, AssertID React to COPPA Rule Changes
Companies are responding to the changes that took effect July 1 to the Children’s Online Privacy Protection Act Rule with a proposal for compliance and revised guidelines.
Pursuant to the Rule, verifiable parental consent is required from a child’s parents before an online site or service may collect, use, or disclose personal information about a child under the age of 13. The Rule sets forth methods for obtaining such consent. Interested parties may also file a written request for Federal Trade Commission approval of a new method, pursuant to Section 312.2(a) of the Rule.
In an 85-page proposal, AssertID described a method to obtain the necessary consent and requested that the agency grant approval. In turn, the agency requested public comment on the proposed method and specifically asked whether it is already covered by the existing methods in the Rule, whether it meets the requirement that consent be “reasonably calculated” to ensure that the person providing consent is actually the child’s parent, and whether the program poses a risk to consumer information that outweighs its benefits.
According to the proposal, the method actually encompasses six processes to collectively ensure compliance with the Rule: a process for parental notification of a consent request; a process for presentment of consent-request direct notices to parents; a process for recording and reporting a parent’s response to a consent request to the operator; a process for recording and reporting a parent’s request to revoke consent previously granted and have their child’s personal information deleted; a process for verification of the parent-child relationship; and a process to ensure that only a parent of the child for whom consent is being requested can access and respond to such requests.
Comments will be accepted until Sept. 20.
In other COPPA news, Apple revised its App Store guidelines with a new section called Kids Apps. The company informed developers that behavioral targeting techniques can no longer be used for such apps, which must also now include privacy policies.
Additionally, contextual ads that appear in child-directed apps must be “appropriate for kids,” Apple told developers, and parental permission is required prior to allowing users under the age of 13 to “engage in commerce” such as making an in-app purchase.
To read AssertID’s proposal, click here.
Why it matters: Despite the efforts by AssertID and Apple at compliance, other companies are struggling to meet the mandates of the new COPPA Rule. According to AdAge, the changes to the Rule have resulted in “plummeting” ad revenue for child-directed apps. The operator of Apples4TheTeacher, a site with educational resources for both kids and teachers, told the publication that the cost of ads on her site dropped from $3 to $0.32. A similar drop in ad revenue has been felt since July 1 by the operator of “Papa’s Cupcakeria,” an app featuring games for kids, which the founder estimated at 50 percent. “Unfortunately, this was all too predictable, as the IAB warned for two years that the impact of the new COPPA rules would mean less revenue for child directed sites and fewer free offerings for families,” Mike Zaneis, senior VP and general counsel of the Interactive Advertising Bureau, told AdAge.