In This Issue:

• CARU Corrects Kudos’ COPPA Consent Crack-up
• Tech Specs Released for Transparency and Consent Framework
• FTC Mutes Alleged Deceptive Amplifier Claims
• Business Groups Demand Clarity on Autodialers
• District Court Brings BOGO-free Claim Into Focus

CARU Corrects Kudos’ COPPA Consent Crack-up

Self-reg council: App producer failed to implement rigorous consent procedures

Beautiful Dreamer

Kudos is a mobile application developed to give children “the courage to express themselves, to create, to co-exist, connect and to respect one another.” The app has a familiar look and feel to Facebook and its lesser known brethren and includes common social media features such as profiles, friends, posts/comments, interest groups and image sharing. But like any app aimed at children, Kudos is charged by law and by the advertising industry with maintaining a high standard of privacy and security.

The Children’s Advertising Review Unit (CARU) ran across Kudos in the course of its regular monitoring activities, and found the app wanting in several ways.

Does Your Mother Know?

The Kudos registration process, as described by CARU, begins with a selfie that the child must provide to Kudos before moving forward. Next comes a request for a birthdate, user ID and password. Users who claim to be under 13 are forwarded to a page requesting a parent’s email address; but if a child clicks the “back” button, he or she can increase the age number and avoid the parent email request.

Parents whose children stick to the under-13 designation will receive an email explaining the app and asking parents to click a link to consent to the child’s use of the app.

Permission Slips

CARU cast a suspicious eye on these practices, determining that they fell short of its own standards as well as strictures mandated by the Children’s Online Privacy Protection Act (COPPA). COPPA requires operators such as Kudos that collect children’s personal information to obtain verifiable parental consent prior to collecting or disclosing a child’s information.

Parental consent was the tripwire; CARU determined that the app targeted children as its primary audience, and as such, Kudos was required to obtain parental consent from all users, not just those under the age of 13.

Further, CARU took issue with the content of the notice sent to parents to obtain their verifiable parental consent. To comply with COPPA and CARU’s Self-Regulatory Program for Children’s Advertising, an operator must tell parents that it collects the parent’s online contact information, that parental consent is required for the collection of a child’s personal information, and that the company will not collect, use or disclose any of that personal information if the parent does not provide consent. Further, notices must describe the types of personal information it will collect and the opportunities for disclosure of that information if the parent consents. Finally, the notices must indicate that parental contact information will be deleted should parents fail to respond within a prescribed period. CARU found that Kudos’ notices did not comply with these requirements.

CARU also took issue with the method by which parents could provide consent – clicking a link in an email. Kudos claimed that the company did not require consent through a credit card transaction or a government ID because it did not want to exclude children whose parents did not have access to either. CARU was not persuaded, and determined that the method of consent was not sufficient to ensure that an actual parent was providing the required consent, noting that there are several other methods of obtaining consent that do not involve the use of credit cards or IDs.

Kudos agreed to CARU’s recommendations that it join an FTC-approved Safe Harbor program, which would provide certification and ensure that Kudos is compliant with COPPA.

The Takeaway

Companies intending to collect personal information from children should tread carefully and ensure compliance with COPPA and other industry guidance. And certainly, companies must make sure that any parental consent is verified as such.

Tech Specs Released for Transparency and Consent Framework

GDPR-compliant framework helps companies track and expose how consumer data is used

Voilà

The General Data Protection Regulation (GDPR) kicks in for the European Union at the end of May 2018, and it promises surprises not only for consumers but for advertisers as well.

Despite sounding like a cold-war-era spy service, the GDPR is about revealing secrets – consumers will be exposed to how their data is used when they view an advertisement. But this will also help advertisers understand and manage the multiple players and layers involved in their own relationships, and how user data is shuttled among them.

MetaSpy

In anticipation of the GDPR, in April 2018, the Interactive Advertising Bureau Europe (IAB Europe) and IAB Technology Laboratory (IAB Tech Lab) crafted a Transparency & Consent Framework (the Framework). Reflecting the input of a number of publishers, agencies and ad tech companies, the standard “supports online services and their partners in their efforts to provide transparency and choice mechanisms for their users.” The Framework will allow adopters to observe how online services use personal data and also track third-party use of the same in accordance with the requirements of the GDPR. Notably, the Framework is aimed at enhancing the relationship between publishers and vendors and provides guidance to vendors with regard to their use of publisher customer data.

The underlying technical structure of the Framework creates transparency about third-party information and stores user preferences as well. The Framework’s key attribute, a Global Vendor List, bolsters the whole and provides a registry of third parties that publishers can trust with their users’ information and end devices.

The Takeaway

The IAB believes that the Framework will help content publishers identify companies that will collect their users’ data and provide a lasting “audit trail” of a user’s decisions regarding how the user’s data is handled. The Framework will disclose which companies are adhering to its standards and profile how they handle user data – helping publishers choose which vendors to work with.

According to one media outlet, the Framework was designed to be compatible with future regulations, such as the California Consumer Privacy Act, which is up for a vote later in 2018.

FTC Mutes Alleged Deceptive Amplifier Claims

Manufacturer accused of making unsubstantiated performance claims regarding hearing aids

Wait, What?

In early May 2018, the Federal Trade Commission (FTC) launched a complaint in the Southern District of Florida against Global Concepts Limited (GCL), its related corporate persona, and Laurie Braden, its principal officer. The suit claims that, from 2012 to 2016, GCL poured $3 million into an ad campaign, including websites and short video advertisements, some of which appeared on cable and local television networks, regarding a hearing aid called the MSA 30X. Consumers could purchase the aid directly from the defendants or at third-party retailers such as CVS, Walgreens or Walmart.

According to defendants, the MSA 30X, is a “small, rechargeable electronic wearable sound amplifier.” For about $30, consumers would get the MSA 30X and related accoutrement: a charging base, cleaning brush and five silicon ear tips. Consumers also had the option of adding on to the basic arrangement and could take advantage of “buy one get one” offers for an increased price.

According to the commission, the ads prominently featured older people touting the benefits of the MSA 30X: 30 times better hearing and perfectly clear hearing in a number of contexts, including crowded restaurants. GCL touted “independent studies” that backed up their claims.

Listen to This

“In fact,” the FTC alleges, “independent studies do not prove that MSA 30X helps users hear up to 30 times better.” The FTC claimed that GCL violated Section 5 of the FTC Act, 15 U.S.C. § 45(a), which prohibits unfair or deceptive acts or practices, by making false or unsubstantiated efficacy claims and false establishment claims.

According to the complaint, there are fertile grounds for deceptive ads in the hearing loss device market: Hearing aids are often not covered by Medicare and other insurance plans, and can be prohibitively expensive. A cheap option such as the MSA 30X would be welcome news to an individual who is hard of hearing and short on cash.

The Takeaway

Pursuant to the settlement, defendants are barred from making claims that their device improves hearing by a factor of 30 or helps people hear clearly in crowded contexts. Any claims about the efficacy of any of their products are barred unless the company can muster the scientific evidence to back it up. A judgment of $47 million was also imposed, but it was suspended after the first payment of $500,000.

This case signals that the FTC will continue to take advertisers to task if claims, particularly establishment claims, are not supported by competent and reliable scientific evidence.

Business Groups Demand Clarity on Autodialers

TCPA is being abused because of broad FCC interpretation of technology, petitioners claim

Light Brigade

An array of business associations – drawn largely from the financial services industry – petitioned the Federal Communications Commission (FCC or Commission) in May 2018. Their goal: to wrest clarity from the FCC regarding a single aspect of the Telephone Consumer Protection Act (TCPA) that they maintain is leaving the door wide open to abuse of the law.

Chronicles

The petition focuses on the TCPA’s definition of “automatic telephone dialing system” (ATDS), which is at the heart of the act’s mandate.

The history so far, according to the petitioners:

Confusion over the exact definition led to an explosion of frivolous and expensive lawsuits that strayed beyond the original intent of lawmakers. Desperate calls for clarity led to the Commission’s 2015 Omnibus Order, which only made matters worse by embracing a broader ATDS definition that swept in many more devices than the text of the law supports – according to the petition, TCPA litigation jumped 46 percent in the wake of the Omnibus Order.

The petitioners declare their gratitude for a recent D.C. Circuit decision that vacated portions of the Omnibus Order, especially the FCC’s definition of ATDS, which the court called “utterly unreasonable,” “incompatible with” the statute’s goals and “impermissibly expansive.” But this decision is no substitute for a positive definition, which the petition urges the FCC to establish.

Capacity Fluxing

For the petitioners, it comes down to one word: capacity. The act defines ATDS to mean “equipment which has the capacity to store or produce telephone numbers to be called, using a random or sequential number generator; and to dial such numbers.” The petition states that the Omnibus Order broadly defined “capacity” so that devices that might be modified in the future to store or generate numbers and dial them were subject to TCPA litigation, even if they were not currently configured to do so.

The Takeaway

The petitioners, after citing numerous examples of allegedly exorbitant and frivolous lawsuits, “urge the Commission to ... (1) confirm that to be an ATDS, equipment must use a random or sequential number generator to store or produce numbers and dial those numbers without human intervention, and (2) find that only calls made using actual ATDS capabilities are subject to the TCPA’s restrictions.”

The petition may risk an overly narrow definition, however, when it asks the Commission to exclude devices that are not “inherently” autodialers. For instance, smartphones “require downloading an app or changing software code to gain auto dialing capabilities,” the petition reads. “Those capabilities are not built in.”

Alternatively, “other calling equipment can become an autodialer simply by clicking a button on a drop-down menu,” the petition states. “That function is already part of the device and requires a simple change in setting rather an alteration of the device.”

While such a distinction would certainly “narrow the range” of TCPA-covered devices, it will be interesting to see how the FCC takes it. Simply put, if a smartphone can use an autodialer app, isn’t it ... an autodialer?

District Court Brings BOGO-free Claim Into Focus

Eyewear retailer can’t make class action invisible

Now You See It…

In this era of acronyms – OMG, YOLO, MAGA – add BOGO: as in “Buy One Get One” free. It’s a familiar offer that’s at the heart of a recent class action complaint brought by one Jennifer Mora, who claims to have made two buy-one-get-one-free purchases of eyeglasses from Visionworks of America (Visionworks), one of the country’s largest eyewear retailers.

Her amended complaint, filed in the Middle District of Florida in April 2018, pulled no punches. It quoted the company’s vice president of marketing to the effect that the word free is “a message that matters to consumers ... helping to drive sales.” According to Mora, Visionworks deceptively describes its offers as BOGO when, in fact, it inflates the purchase price for the first pair of glasses so that consumers mistakenly believe that they are getting a good deal.

Now You Don’t…

Mora claimed that Visionworks was making two offers: The BOGO offer, in which a second pair was given to the consumer after the purchase of the first, and an “unadvertised alternative,” in which consumers who did not want to take the BOGO offer received a 40 percent discount to one pair of glasses. The contrast between the two offers, she claimed, was a problem.

This contrast, the complaint alleges, “is evidence that the true regular price of a single pair of glasses, uninflated by the constant use of the word free, is actually 40% less than the price offered in the buy-one-get-one-free offer.” In short, Mora alleges that Visionworks increased the price of one pair of glasses in order to cover the cost of the second pair, which ultimately resulted in the customer paying more than the normal cost of one pair of glasses.

Here, it’s the consistent, lengthy use of the word “free” by Visionworks that becomes crucial. Mora claims that the company used the word in its ad campaigns over 48 weeks in 2014 and continued those ads into 2015 and beyond. “Since the word free is used continuously and repeatedly,” the complaint reads, “over time the price of a single pair of glasses inflates to cover both the first pair and the second, supposedly ‘free’ pair.”

Mora charged the company with unjust enrichment and violations of the Florida Deceptive and Unfair Trade Practices Act.

The Takeaway

Visionworks moved to dismiss the action shortly after Mora filed her complaint; the motion was denied shortly thereafter by the Middle District on May 2, 2018.

The court maintained that Mora’s allegations were detailed and factual and did not fail to state a claim as Visionworks had argued, and that the company was better off critiquing her claims at summary judgment after discovery was complete.

The court also cut short the company’s challenge that Mora could not bring her unjust enrichment charge because she already had an adequate remedy under the Florida Deceptive and Unfair Trade Practices Act. According to the court, Visionworks overlooked “the Federal Rules of Civil Procedure which explicitly provides that ‘[a] party may state as many claims or defenses as it has, regardless of consistency.’”