In This Issue:

• FTC’s Data Broker Report: Transparency And Consumer Control
• Ad Groups Support Data Breach Notification Law
• Lice Prevention Claims Bug FTC, Yield $500,000 Settlement
• NAD, N.Y. Federal Court Deal With GMO Claims
• Noted and Quoted . . . Bloomberg BNA Turns to Jesse Brody on Top Privacy Issues for Digital Marketing Campaigns

FTC’s Data Broker Report: Transparency And Consumer Control

Calling for greater transparency and an increase in consumer control, the Federal Trade Commission has released its report on the data broker industry.

Based on a study of nine data brokers, the FTC’s “Data Brokers: A Call for Transparency and Accountability” report concluded that the industry operates with a “fundamental” lack of transparency and recommended that federal legislation be enacted to regulate data brokers. Consumers should be given greater control over their personal information, the agency said, and it suggested that a centralized portal be created to provide consumer access and the ability to opt out from the use of their data.

While the report did acknowledge some of the benefits provided by the collection and use of consumer data (such as targeted advertising), the FTC said the industry’s control over “vast amounts of consumer information” raised privacy concerns.

“The extent of consumer profiling today means that data brokers often know as much – or even more – about us than our family and friends, including our online and in-store purchases, our political and religious affiliations, our income and socioeconomic status, and more,” Chairwoman Edith Ramirez said in a statement about the report. “It’s time to bring transparency and accountability to bear on this industry on behalf of consumers, many of whom are unaware that data brokers even exist.”

The report documented the size of brokers’ data collections, noting that a single broker held information on more than 1.4 billion consumer transactions, while another adds upwards of 3 billion new data points each month. The report also found that data brokers collect consumer data from both online (social media activity) and offline (magazine subscriptions) sources and often share data with each other.

Much of the data collection is done without consumers’ knowledge, the FTC said. Information is combined and analyzed to make inferences about consumers, “including potentially sensitive inferences” related to their ethnicity, income, religion, or health conditions. Consumers are characterized into groups such as “Rural Everlasting” (single adults over age 66 with low educational attainment) and “Urban Scramble” (low-income Latinos and African-Americans).

The compiled data poses risks to consumers when used for unanticipated reasons, the agency said. For example, “Bike Enthusiasts” could receive offers for discounts on motorcycles but could also be on the receiving end of higher insurance rates because their “risky behavior” has been identified as a result.

Concluding that federal legislation to regulate the industry would improve transparency and consumer control, the report recommended that a “centralized mechanism” be created where data brokers would identify their company and explain their practices to consumers who would be given access to their data and the ability to opt out from its use.

A law should also require data brokers to inform consumers about the inferences they derive from the data and provide consumers with information about their sources and with whom they share their information. Affirmative opt-in consent to collect and share sensitive information – like health data – should also be mandated, the FTC said.

The 110-page report concluded with three best practices for the data broker industry: implement the privacy by design principles set forth in the agency’s consumer privacy report, “implement better measures” to refrain from collecting information from children and teens, and take “reasonable precautions” to ensure that downstream users don’t use data for eligibility determinations or for unlawful discriminatory purposes.

To read the FTC’s report, click here. 

Why it matters: With the data broker industry already under the scrutiny of Sen. Jay Rockefeller (D-W.Va.) and the subject of multiple federal reports (from the Governmental Accountability Office), the FTC report produced few revelations or surprises. However, the call for a federal law builds upon prior demands for industry regulation and could heighten legislative efforts.

Ad Groups Support Data Breach Notification Law

Seeking an end to the patchwork of state laws governing data breaches, advertising industry groups penned a letter to legislators requesting the passage of a federal law to create a uniform standard.

Sixteen organizations – including the Direct Marketing Association, American Association of Advertising Agencies, American Advertising Federation, Association of National Advertisers, and the Interactive Advertising Bureau – reached out to Senate Majority Leader Harry Reid (D-Nev.) and Speaker of the House of Representatives John Boehner (R-Ohio) to express “ongoing support” for a national bill that would preempt state laws.

“Currently, disparate laws in 47 states plus the District of Columbia, Guam, Puerto Rico and the Virgin Islands, frustrate efficient and uniform breach notification to consumers,” the groups wrote. “This is particularly true when a data breach affects individuals nationwide who reside in a number of jurisdictions covered by these various laws.”

The groups suggested that the trigger for notifying consumers of a breach should not be overly inclusive, which could result in unnecessary notifications and confused consumers. Instead, “any federal notification regime should only be triggered by a breach event that poses a significant risk of identity theft or other economic harm to the affected individuals.”

When defining “sensitive personally identifiable information,” any data derived from public records should be excluded, the groups said. The timing of notification should balance the need to notify consumers with a company’s efforts to gather facts, secure the system, and work with law enforcement, the letter added.

“[B]usinesses should always act to notify consumers without unreasonable delay, and, if additional time is required to complete what often becomes a criminal investigation, then law enforcement involved in helping companies track down criminals responsible for the breach should not have their investigation compromised by premature public notification.”

As for enforcement, given “the complexities of both data breach response and notification – often layered with the added complication of an ongoing criminal investigation – we believe that a federal notification standard should not allow for a private right of action,” the groups wrote. “Similarly, we do not believe that the Federal Trade Commission should be granted additional civil penalty authority in this area.”

To read the letter from the ad groups to federal lawmakers, click here.

Why it matters: Emphasizing the importance of data use and sharing to businesses in the American economy, the groups said that the $246 per compromised record in the United States represents the highest costs related to data breaches in the world. Such costs could be greatly reduced with the enactment of a uniform law, the letter argued, and the signatory groups promised to provide continued support for national data breach notification legislation. “We need Congress to act now to enact legislation to help businesses effectively inform and ultimately protect the customers they serve when data compromises do occur.”

Lice Prevention Claims Bug FTC, Yield $500,000 Settlement

A company making deceptive claims about the efficacy of its lice prevention products (“The best way to treat lice? Avoid getting them!”) recently reached a $500,000 settlement with the Federal Trade Commission.

Lornamead, Inc., attempted to differentiate itself by claiming that its Lice Shield shampoo, stick, and spray products prevented lice, rather than as a treatment for lice infestations. Accompanying the company’s banner, Web, and print ads was an image of a sword wielding child dressed in a knight’s helmet with shield, while cartoon lice bounce off his helmet.

The personal care company claimed that ingredients like citronella and other essential oils in the Lice Shield product line would “dramatically reduce” the risk of head lice infestations and were “scientifically shown to repel head lice” – representations that were false, the FTC alleged. The FTC also found that the company failed to substantiate its claims that spraying Lice Shield Gear Guard onto items like hats and helmets would reduce the likelihood of getting lice.

In addition to the $500,000 payment, Lornamead agreed not to make deceptive claims about lice prevention in the future. For claims that the product can repel lice or reduce the risk of infestation by a specific percentage or amount, the company must have at least one well-controlled human clinical study supporting the claims.

Future claims about the health benefits of any drug, cosmetic, or pesticide require competent and reliable scientific evidence under the agreement. Lornamead also promised not to misrepresent any tests, studies, or research in marketing such products.

To read the complaint and proposed consent order in In re Lornamead, click here. 

Why it matters: “As any parent knows, an outbreak of lice can wreak havoc,” Jessica Rich, director of the FTC’s Bureau of Consumer Protection, said in a statement about the case. “When marketers say their products can be used to avoid these pests, they’d better make sure they can back up their claims.”

NAD, N.Y. Federal Court Deal With GMO Claims

Genetically modified organisms continue to present advertisers with problems, as evidenced by new decisions from a New York federal court and the National Advertising Division.

In the New York case, Smucker’s was unable to avoid a lawsuit challenging the use of “All Natural” claims for Crisco oils when a judge rejected the company’s argument that the putative class action should be preempted by Food and Drug Administration policies and regulations.

The complaint alleged that Crisco’s pure vegetable oil, pure canola oil, and pure corn oil are not “natural” because they were made from soy beans, rapeseeds, and corn, all of which were genetically modified organisms (GMO). The oils are also “so heavily processed” they are really manmade, according to the suit.

Smucker’s moved to dismiss the suit on preemption grounds, but the court said the plaintiff could move forward on her state law claims. The court noted that the FDA has not defined the term “natural,” that no federal specifications exist, and that the FDA in January 2014 explicitly declined to consider the specific issue in the case: “whether and under what circumstances food products containing ingredients produced using genetically engineered ingredients may or may not be labeled ‘natural.’”

The agency’s failure to address the issue was not significant, U.S. District Court Judge Paul A. Crotty wrote, and did not signal an approval of the “All Natural” phrase to describe foods containing GMOs. “Where the FDA is unable to address a potentially deceptive practice, state claims are one of the few means of safeguarding consumers and therefore should not be preempted by the FDA’s inaction.”

In denying Smucker’s motion to dismiss, the court noted that “While it might be better for the FDA to commence an administrative proceeding or process, involving all stakeholders, focusing on how, why, and when products can be labeled ‘all natural,’ the fact is that the FDA has not done so and is not likely to do so in the near future.”

In a second case, the National Advertising Division considered a challenge brought by Gerber against competitor Nuture, Inc., makers of Happy Baby and Happy Family infant and toddler food products, which claimed that its products contain “No GMOs” and were superior to nonorganic products because they were “truly enlightened [and] use the best ingredients nature has to offer . . . so babies are healthier.”

The NAD agreed that such comparative superiority messages should be modified or discontinued because Nurture lacked testing or scientific studies demonstrating that its products were richer in nutrients than conventionally grown produce.

In evaluating Happy Family’s “No GMOs” claims, the NAD noted that reasonable consumers would not construe a “No GMOs” claim to mean that absolutely no trace contamination has occurred, but that the product was produced without the intentional use of genetic engineering. “Until such time as science is capable of substantiating that there is a zero level of bioengineered material in a product, claims such as ‘No GMOs’ or ‘non-GMO’ accurately convey information regarding the manner in which a product has been produced (i.e., without the use of genetic engineering) and not that the products are actually GMO free.”

Although the “No GMO” claim was not misleading in and of itself, the self-regulatory body expressed concern about the way the claim appeared on product packaging under “Why happy baby?” alongside other claims differentiating the product from competitors. The context of the claim improperly implied product superiority, the NAD said, and appeared as an answer as to why consumers should buy the product rather than conveying simple factual information.

The use of the claim “clearly implies that there is some type of benefit associated with the product’s ‘No GMO’ status, whether it be on the basis of health, safety, or some other reason,” the NAD said. “The advertiser presented no evidence to support such a message. Further, as noted by the FDA, a label statement would be misleading if it implies that a food is superior because it is not bioengineered.”

To avoid conveying the unsupported message that the Happy Family products are superior to competitor products because they do not contain genetically modified ingredients, the NAD recommended that Nurture modify its advertising.

To read the opinion in Ault v. J.M. Smucker Co., click here.

To read the NAD’s press release about the decision, click here. 

Why it matters: GMO labeling continues to pose a real challenge for advertisers. Companies that choose to make such claims in the hope of taking advantage of consumer interest in organic food products need to be careful or face action from competitors, consumers, or both – and may soon have to contend with legislative restrictions in states that follow Vermont’s lead and enact labeling restrictions.

Noted and Quoted . . . Bloomberg BNA Turns to Jesse Brody on Top Privacy Issues for Digital Marketing Campaigns

For companies employing innovative digital marketing tactics to promote their products and services – including elements like user-generated content, viral marketing, mobile applications and social media – it is more important than ever to consider the potential business repercussions of failing to comply with applicable privacy laws.

Manatt partner Jesse Brody authored an article for Bloomberg BNA’s Privacy & Security Law Report titled, “Top 10 Privacy Considerations for Digital Marketing Campaigns,” a quick reference overview of the most pressing issues for marketers and their lawyers to consider before launching a digital marketing campaign that collects information from consumers.

To read the full article, click here.