Advertising Law -- Feb 15, 2013

by Manatt, Phelps & Phillips, LLP

In This Issue:

The FTC and the Mobile Ecosystem: Enforcement Action, Report, and Educational Materials Released

Addressing the mobile ecosystem on three fronts, the Federal Trade Commission simultaneously announced an enforcement action against a mobile app provider, a new report recommending best practices for app developers and other industry stakeholders, and the release of an educational guide for small businesses.

The “mobile revolution” offers consumers enormous benefits, FTC Chairman Jon Leibowitz said at a press conference announcing the news. But it also “presents unique privacy challenges.”

Case in point: the agency filed suit against Path, a social networking application where users can keep journals and share their thoughts with friends. To encourage others to join the site, the app offers users the option to import the contacts from their address book. However, the app collected and stored the information from users’ address books – including their names, addresses, e-mail addresses, phone numbers, and dates of birth – even if they declined to share their information. This collection, the agency alleged, constituted a deceptive practice in violation of the Federal Trade Commission Act. The site also collected data from approximately 3,000 children under the age of 13 without parental consent and notification in violation of the Children’s Online Privacy Protection Act, according to the complaint.

To settle the charges, Path agreed to pay $800,000 for the alleged COPPA violations, establish a comprehensive privacy policy and obtain independent privacy assessments – similar to the settlements with Facebook and Google, Leibowitz noted – for a period of 20 years. The company is also required to delete information collected from children under age 13.

Although many apps collect information from users’ address books, Leibowitz said that Path was targeted because it engaged in “clear deception” and its malfeasance involved children. “That’s a red flag combination for us,” he said.

Reflecting the need to provide guidance to companies engaged in mobile commerce, the agency also released a report calling for better privacy disclosures on mobile devices, Leibowitz said. The report provided guidance for mobile platforms, app developers, advertising networks, and other third parties in the mobile ecosystem.

Companies should offer “just in time” disclosures to consumers and obtain affirmative, express consent before collecting sensitive information such as geolocation data and health or financial information. Smartphone users should be offered a “Do Not Track” option, according to “Mobile Privacy Disclosures: Building Trust Through Transparency.” The report also suggested that mobile platforms develop icons that provide users with information about data practices, and that advertising networks strive for open lines of communication with app developers to provide truthful disclosures to consumers.

“Best practices are better than enforcement actions,” Leibowitz said. The report is intended “to encourage best practices in this ecosystem. But when companies fall below, we will bring enforcement actions.”

Finally, the FTC created an educational guide to the mobile ecosystem: “Mobile App Developers: Start With Security.” Education regarding privacy is particularly important in the app space, where “a number of small developers are rushing to get cool, new technology to the public and not addressing privacy issues,” Leibowitz said.

Speaking generally about the intersection of consumer privacy and mobile devices, Leibowitz emphasized that the industry should “tell consumers what you are doing with their data and don’t mislead them.” Once companies have collected data, they should “be responsible stewards,” he added. Leibowitz also cautioned that privacy is “the quintessential bi-partisan issue in Congress,” and a failure by industry to self-regulate will likely result in prescriptive legislation.

To read more about the FTC settlement with Path, click here.

To read the FTC’s staff report, click here.

Why it matters: Privacy remains a key issue for the agency, as evidenced by the multifaceted approach of guidance and enforcement action. The FTC’s focus on data collection and use in the mobile ecosystem follows the recent release of a report on children’s data in the context of mobile apps. 

Size Really Does Matter – At Least for Subway Sandwiches

After measurements showed that some Subway "Footlong" sandwiches are fewer than 12 inches, multiple consumers recently filed suit against the sandwich company.

The sandwich maker's current ad campaign features a catchy "$5 Footlong" jingle that some consumers claim is inaccurate. The suits – filed in state and federal courts in New Jersey as well as state courts in Illinois and Pennsylvania against Subway's parent company, Doctor's Associates Inc. – were prompted by a picture posted on the Internet of a Subway "Footlong" held up to a ruler and measuring just 11 inches. The image went viral and consumers around the globe began measuring their own sandwiches.  

Subway’s initial reaction to the photo, posted by an Australian man, was to defend its sandwiches. The Australian arm of the company responded that the term “Footlong” is “a descriptive name for the sub sold in Subway restaurants and is not intended to be a measurement of length.”

But additional subs falling short of one foot appeared on the Web, followed by multiple lawsuits.

In the federal lawsuit, New Jersey resident Jason Leslie claims he has eaten Footlongs for seven years. “They advertise in all these commercials, ‘Footlong, Footlong, Footlong,’ and now I feel like an idiot,” he told The New York Post. According to his complaint, Subway profits more than $142 million from deceptive advertising, based on a calculation that 25 percent of the company’s $2.85 billion in revenues is derived from Footlong sandwiches, which are at least a half-inch less than the promised 12 inches. The suit seeks to certify a nationwide class of Footlong purchasers asking for compensatory, statutory, and punitive damages.

An Illinois resident filed a similar suit seeking $5 million after he measured his Subway sandwich at fewer than 11 inches. Nguyen Buren alleges that the company engaged in a “pattern of fraudulent, deceptive and otherwise improper advertising, sales and marketing practices,” according to his complaint. “This is no different than if you bought a dozen eggs and they gave you 11 or you bought a dozen doughnuts and they gave you 11,” Buren’s attorney Tom Zimmerman told The Chicago Tribune. “Here, you bought a dozen inches of sandwich and you got less than 11. It’s no different, and yet you’re paying for 12.”

In the New Jersey state court suit, two residents of Burlington County allege that the Footlongs are “consistently and significantly” less than 12 inches long. “A foot is 12 inches. They call it the Footlong, making people believe they’re getting a foot-long sandwich,” the plaintiffs’ attorney Stephen DeNittis told The New York Post. “If they were calling it the ‘Big Sandwich,’ or the ‘Big Kahuna,’ this case wouldn’t have been filed.”

As the bad publicity multiplied and the lawsuits piled up, Subway issued a statement apologizing for shorting customers.

“We regret any instance where we did not fully deliver on our promise to our customers,” the company said. “We freshly bake our bread throughout the day in our more than 38,000 restaurants in 100 countries worldwide, and we have redoubled our efforts to ensure consistency and correct length in every sandwich we serve. Our commitment remains steadfast to ensure that every Subway Footlong sandwich is 12 inches at each location worldwide.”

To read the complaint in the federal lawsuit, Leslie v. Doctor’s Associates Inc., click here.

Why it matters: Subway learned an important lesson about the potential for a seemingly minor incident (one picture of a short sub) to go viral because of the Internet. The company now faces multiple class action lawsuits as well as a spate of bad publicity.

Will Maryland Be the Next California?

Following in the footsteps of the California Privacy Enforcement and Protection Unit, Maryland Attorney General Douglas Gansler announced the creation of a new group that will monitor online data collection practices.

The Internet Privacy Unit will focus on several issues, including compliance with the Children’s Online Privacy Protection Act, cyberbullying, cybersecurity, and the examination of “weaknesses in online privacy policies,” Gansler said.

“Internet privacy is one of the most essential consumer protection issues of the 21st century,” Gansler said in a press release. “I created this new unit to ensure that Marylanders who use the Internet every day have someone on their side, watching out for illicit online activities and working with key stakeholders to improve gaps in privacy policies.”

The interdivisional unit will pursue enforcement actions “where appropriate,” Gansler promised. The state attorneys will also “work alongside major industry stakeholders and privacy advocates to provide outreach and education to businesses and consumers to broaden awareness about privacy rights so they are more equipped to manage online privacy challenges.”

Gansler, who made his announcement on Data Privacy Day, appears to be following in the footsteps of California Attorney General Kamala Harris, who created a similar unit in 2012. As the current president of the National Association of Attorneys General, Gansler has made privacy a priority for that group as well. He declared that “Privacy in the Digital Age” would be his presidential initiative for 2013. At a privacy-related conference, he told attendees that in addition to bringing attention to location privacy issues, the initiative will also work to create transparency in data collection and dissemination practices as well as empower consumers with opt-out controls. 

To read the press release about the formation of the Internet Privacy Unit, click here.

Why it matters: Companies may now face the threat of regulatory action from both coasts, with privacy units in California and Maryland focusing attention on Internet privacy. AG Harris established her privacy unit just last year but already reached a major agreement with mobile app providers that the state’s privacy law applies to their platforms. She also filed a highly publicized lawsuit against Delta for its failure to provide users of its app with a privacy policy.

CARU Chides Kraft for Kids' Sweepstakes

Companies should take special care when offering sweepstakes programs for kids to guard against exploiting children’s immaturity, the Children’s Advertising Review Unit emphasized in a recent decision.

Kraft Foods Global hosted the “Never Be Bored Again Sweepstakes” for its Lunchables line, and CARU reviewed the company’s television advertising and Web site materials.

The homepage featured an ad in the center of the screen for the sweepstakes, reading “You could win one of over 1,000,000 prizes. Enter Now.” Images around the ad included children jumping on a trampoline, sporting equipment, and kids playing board games. A link reading “Learn More” takes users to another page that stated, “You could win an ultimate tree house, ultimate game room, ultimate sport court or one of over 1,000,000 other prizes. Enter Now.” Yet another link took users to a third page, which described the grand prizes in greater detail and disclosed the rest of the prizes. There, the site informed users that “25,000 First Prizes” are available, including various toys or games as well as “1,000,000 Second Prizes,” where the winner chose a video download.

CARU expressed concern about whether the prizes were clearly depicted and whether the odds of winning were clearly disclosed.

Kraft argued that the site was fully compliant with CARU’s Guidelines in part because the sweepstakes was structured to have a very high percentage of winners. Therefore, the phrase “Many will enter, few will win” failed to reflect the high win ratio while “Many will enter, many will win” would create a false expectation that everyone wins, Kraft said. The company chose to state “Odds of winning depends upon number of online game plays,” which it contended was accurate and appropriate.

But CARU disagreed, finding the “odds of winning” statement insufficient because there was no disclosure up front stating exactly how many winners there would be of the grand prizes or even the first prizes.

“The net impression of advertising that contained the phrase, ‘You could win one of over 1,000,000 prizes’ coupled with images of tons of cool prizes pictured in the background like sporting equipment, arcade games and a flat-screen television, is that there is a reasonable chance of winning one of these prizes. Although there were many prizes to be won, the majority of the prizes available were video downloads, which were not mentioned on the landing page.”

Further, children should not have to wade three pages into the Web site to find out prize details by clicking links. “CARU has held that there must be promotional copy located immediately adjacent to prize claims,” according to the decision. “It is not sufficient to place this type of disclosure in an area of the website that is only reached by a child having to click several pages through. . . . Many children, invariably, will not take the time to click through a website to find out prize details.”

Therefore, CARU determined that the prizes were not clear and understandable to a child audience and recommended that Kraft move prize descriptions up front where children would be sure to see them and to employ a disclosure such as “Many will enter, three will win a grand prize” to clarify the likelihood of winning.

To read CARU’s press release about the decision, click here.

Why it matters: Summarizing the matter, CARU emphasized two points: first, sweepstakes prizes must be clearly depicted. And second, “Advertisers should recognize that children may have unrealistic expectations about the chances of winning a sweepstakes or contest or inflated expectations of the prize(s) to be won. Therefore the likelihood of winning should be clearly disclosed in language readily understandable to the child audience.”

Orange Juice Plaintiff's Suit Dismissed as "Much Ado" over Fresh Squeezed Claims

Citrus World Inc. won the dismissal of a false advertising class action alleging that the company misled consumers by labeling its Florida's Natural Orange Juice product as "100 percent orange juice," "fresh," and "pure."

The suit claimed that the juice had actually been processed and had added flavors and aromas and could not be truthfully labeled “fresh” or “pure.”

But U.S. District Court Judge Inge Prytz Johnson granted the juice maker’s motion to dismiss, ruling that the plaintiff had failed to articulate an actual injury by purchasing the drink and therefore, he lacked standing to bring the suit.

“[The plaintiff] states he did not know store bought orange juice was not fresh squeezed, but nowhere alleges any harm from its purchase or consumption. He does not even claim that upon learning packaged orange juice was not truly ‘fresh,’ he now must squeeze his own oranges,” she wrote. “[T]he fact that the plaintiff may have believed defendant hired individuals to hand squeeze fresh oranges one by one into juice cartons, then boxed up and delivered the same all over the country does not translate into a concrete injury to plaintiff upon his learning that beliefs about commercially grown and produced orange juice were incorrect.”

The court said “nothing in the labeling” of the Florida Natural orange juice “would in any way deceive a reasonable consumer into believing that the orange juice in question is anything but pasteurized orange juice,” denying the plaintiff’s motion to amend his complaint.

“As a matter of common sense, whatever is in a container on a store shelf with an expiration date some weeks hence cannot contain ‘fresh’ anything,” the Alabama judge concluded.

To read the court’s order in Veal v. Citrus World, Inc., click here.

Why it matters: Judge Johnson’s opinion was adamant that the plaintiff lacked standing on multiple grounds. After noting that the plaintiff “offers no explanation as to why he does not squeeze his own oranges if he truly seeks fresh squeezed orange juice,” the court also noted that the complaint would likely be preempted by regulations promulgated by the Food and Drug Administration.

Noted and Quoted…Partner Marc Roth Authors Article on Legal and Regulatory Developments Impacting Privacy and Data Security

On February 13, 2013, InsideCounsel sought Manatt partner Marc Roth’s insight on the importance of closely monitoring developments affecting privacy and data security. In the first article in a series of three, Marc highlighted issues corporate counsel should consider in these areas; he notes that the FTC has been at the forefront of privacy regulation but that state regulators are starting to enter the fray. According to Marc, in‑house counsel “must keep abreast of privacy developments beyond their defined walls in order to best serve their clients’ needs. Most privacy developments are not occurring within existing regulatory regimes but, rather, in the vacuum that is created by developing technologies and consumer behavior, most notably in the social media arena.”

To read the full article, click here.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Manatt, Phelps & Phillips, LLP | Attorney Advertising

Written by:

Manatt, Phelps & Phillips, LLP

Manatt, Phelps & Phillips, LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.