Advertising Law - June 2014

by Manatt, Phelps & Phillips, LLP

In This Issue:

  • FTC’s Data Broker Report: Transparency And Consumer Control
  • Ad Groups Support Data Breach Notification Law
  • Lice Prevention Claims Bug FTC, Yield $500,000 Settlement
  • NAD, N.Y. Federal Court Deal With GMO Claims
  • Noted and Quoted . . . Bloomberg BNA Turns to Jesse Brody on Top Privacy Issues for Digital Marketing Campaigns

FTC’s Data Broker Report: Transparency And Consumer Control

Calling for greater transparency and an increase in consumer control, the Federal Trade Commission has released its report on the data broker industry.

Based on a study of nine data brokers, the FTC’s “Data Brokers: A Call for Transparency and Accountability” report concluded that the industry operates with a “fundamental” lack of transparency and recommended that federal legislation be enacted to regulate data brokers. Consumers should be given greater control over their personal information, the agency said, and it suggested that a centralized portal be created to provide consumer access and the ability to opt out from the use of their data.

While the report did acknowledge some of the benefits provided by the collection and use of consumer data (such as targeted advertising), the FTC said the industry’s control over “vast amounts of consumer information” raised privacy concerns.

“The extent of consumer profiling today means that data brokers often know as much – or even more – about us than our family and friends, including our online and in-store purchases, our political and religious affiliations, our income and socioeconomic status, and more,” Chairwoman Edith Ramirez said in a statement about the report. “It’s time to bring transparency and accountability to bear on this industry on behalf of consumers, many of whom are unaware that data brokers even exist.”

The report documented the size of brokers’ data collections, noting that a single broker held information on more than 1.4 billion consumer transactions, while another adds upwards of 3 billion new data points each month. The report also found that data brokers collect consumer data from both online (social media activity) and offline (magazine subscriptions) sources and often share data with each other.

Much of the data collection is done without consumers’ knowledge, the FTC said. Information is combined and analyzed to make inferences about consumers, “including potentially sensitive inferences” related to their ethnicity, income, religion, or health conditions. Consumers are characterized into groups such as “Rural Everlasting” (single adults over age 66 with low educational attainment) and “Urban Scramble” (low-income Latinos and African-Americans).

The compiled data poses risks to consumers when used for unanticipated reasons, the agency said. For example, “Bike Enthusiasts” could receive offers for discounts on motorcycles but could also be on the receiving end of higher insurance rates because their “risky behavior” has been identified as a result.

Concluding that federal legislation to regulate the industry would improve transparency and consumer control, the report recommended that a “centralized mechanism” be created where data brokers would identify their company and explain their practices to consumers who would be given access to their data and the ability to opt out from its use.

A law should also require data brokers to inform consumers about the inferences they derive from the data and provide consumers with information about their sources and with whom they share their information. Affirmative opt-in consent to collect and share sensitive information – like health data – should also be mandated, the FTC said.

The 110-page report concluded with three best practices for the data broker industry: implement the privacy by design principles set forth in the agency’s consumer privacy report, “implement better measures” to refrain from collecting information from children and teens, and take “reasonable precautions” to ensure that downstream users don’t use data for eligibility determinations or for unlawful discriminatory purposes.

To read the FTC’s report, click here

Why it matters: With the data broker industry already under the scrutiny of Sen. Jay Rockefeller (D-W.Va.) and the subject of multiple federal reports (from the Governmental Accountability Office), the FTC report produced few revelations or surprises. However, the call for a federal law builds upon prior demands for industry regulation and could heighten legislative efforts.

Ad Groups Support Data Breach Notification Law

Seeking an end to the patchwork of state laws governing data breaches, advertising industry groups penned a letter to legislators requesting the passage of a federal law to create a uniform standard.

Sixteen organizations – including the Direct Marketing Association, American Association of Advertising Agencies, American Advertising Federation, Association of National Advertisers, and the Interactive Advertising Bureau – reached out to Senate Majority Leader Harry Reid (D-Nev.) and Speaker of the House of Representatives John Boehner (R-Ohio) to express “ongoing support” for a national bill that would preempt state laws.

“Currently, disparate laws in 47 states plus the District of Columbia, Guam, Puerto Rico and the Virgin Islands, frustrate efficient and uniform breach notification to consumers,” the groups wrote. “This is particularly true when a data breach affects individuals nationwide who reside in a number of jurisdictions covered by these various laws.”

The groups suggested that the trigger for notifying consumers of a breach should not be overly inclusive, which could result in unnecessary notifications and confused consumers. Instead, “any federal notification regime should only be triggered by a breach event that poses a significant risk of identity theft or other economic harm to the affected individuals.”

When defining “sensitive personally identifiable information,” any data derived from public records should be excluded, the groups said. The timing of notification should balance the need to notify consumers with a company’s efforts to gather facts, secure the system, and work with law enforcement, the letter added.

“[B]usinesses should always act to notify consumers without unreasonable delay, and, if additional time is required to complete what often becomes a criminal investigation, then law enforcement involved in helping companies track down criminals responsible for the breach should not have their investigation compromised by premature public notification.”

As for enforcement, given “the complexities of both data breach response and notification – often layered with the added complication of an ongoing criminal investigation – we believe that a federal notification standard should not allow for a private right of action,” the groups wrote. “Similarly, we do not believe that the Federal Trade Commission should be granted additional civil penalty authority in this area.”

To read the letter from the ad groups to federal lawmakers, click here.

Why it matters: Emphasizing the importance of data use and sharing to businesses in the American economy, the groups said that the $246 per compromised record in the United States represents the highest costs related to data breaches in the world. Such costs could be greatly reduced with the enactment of a uniform law, the letter argued, and the signatory groups promised to provide continued support for national data breach notification legislation. “We need Congress to act now to enact legislation to help businesses effectively inform and ultimately protect the customers they serve when data compromises do occur.”

Lice Prevention Claims Bug FTC, Yield $500,000 Settlement

A company making deceptive claims about the efficacy of its lice prevention products (“The best way to treat lice? Avoid getting them!”) recently reached a $500,000 settlement with the Federal Trade Commission.

Lornamead, Inc., attempted to differentiate itself by claiming that its Lice Shield shampoo, stick, and spray products prevented lice, rather than as a treatment for lice infestations. Accompanying the company’s banner, Web, and print ads was an image of a sword wielding child dressed in a knight’s helmet with shield, while cartoon lice bounce off his helmet.

The personal care company claimed that ingredients like citronella and other essential oils in the Lice Shield product line would “dramatically reduce” the risk of head lice infestations and were “scientifically shown to repel head lice” – representations that were false, the FTC alleged. The FTC also found that the company failed to substantiate its claims that spraying Lice Shield Gear Guard onto items like hats and helmets would reduce the likelihood of getting lice.

In addition to the $500,000 payment, Lornamead agreed not to make deceptive claims about lice prevention in the future. For claims that the product can repel lice or reduce the risk of infestation by a specific percentage or amount, the company must have at least one well-controlled human clinical study supporting the claims.

Future claims about the health benefits of any drug, cosmetic, or pesticide require competent and reliable scientific evidence under the agreement. Lornamead also promised not to misrepresent any tests, studies, or research in marketing such products.

To read the complaint and proposed consent order in In re Lornamead, click here

Why it matters: “As any parent knows, an outbreak of lice can wreak havoc,” Jessica Rich, director of the FTC’s Bureau of Consumer Protection, said in a statement about the case. “When marketers say their products can be used to avoid these pests, they’d better make sure they can back up their claims.”

NAD, N.Y. Federal Court Deal With GMO Claims

Genetically modified organisms continue to present advertisers with problems, as evidenced by new decisions from a New York federal court and the National Advertising Division.

In the New York case, Smucker’s was unable to avoid a lawsuit challenging the use of “All Natural” claims for Crisco oils when a judge rejected the company’s argument that the putative class action should be preempted by Food and Drug Administration policies and regulations.

The complaint alleged that Crisco’s pure vegetable oil, pure canola oil, and pure corn oil are not “natural” because they were made from soy beans, rapeseeds, and corn, all of which were genetically modified organisms (GMO). The oils are also “so heavily processed” they are really manmade, according to the suit.

Smucker’s moved to dismiss the suit on preemption grounds, but the court said the plaintiff could move forward on her state law claims. The court noted that the FDA has not defined the term “natural,” that no federal specifications exist, and that the FDA in January 2014 explicitly declined to consider the specific issue in the case: “whether and under what circumstances food products containing ingredients produced using genetically engineered ingredients may or may not be labeled ‘natural.’”

The agency’s failure to address the issue was not significant, U.S. District Court Judge Paul A. Crotty wrote, and did not signal an approval of the “All Natural” phrase to describe foods containing GMOs. “Where the FDA is unable to address a potentially deceptive practice, state claims are one of the few means of safeguarding consumers and therefore should not be preempted by the FDA’s inaction.”

In denying Smucker’s motion to dismiss, the court noted that “While it might be better for the FDA to commence an administrative proceeding or process, involving all stakeholders, focusing on how, why, and when products can be labeled ‘all natural,’ the fact is that the FDA has not done so and is not likely to do so in the near future.”

In a second case, the National Advertising Division considered a challenge brought by Gerber against competitor Nuture, Inc., makers of Happy Baby and Happy Family infant and toddler food products, which claimed that its products contain “No GMOs” and were superior to nonorganic products because they were “truly enlightened [and] use the best ingredients nature has to offer . . . so babies are healthier.”

The NAD agreed that such comparative superiority messages should be modified or discontinued because Nurture lacked testing or scientific studies demonstrating that its products were richer in nutrients than conventionally grown produce.

In evaluating Happy Family’s “No GMOs” claims, the NAD noted that reasonable consumers would not construe a “No GMOs” claim to mean that absolutely no trace contamination has occurred, but that the product was produced without the intentional use of genetic engineering. “Until such time as science is capable of substantiating that there is a zero level of bioengineered material in a product, claims such as ‘No GMOs’ or ‘non-GMO’ accurately convey information regarding the manner in which a product has been produced (i.e., without the use of genetic engineering) and not that the products are actually GMO free.”

Although the “No GMO” claim was not misleading in and of itself, the self-regulatory body expressed concern about the way the claim appeared on product packaging under “Why happy baby?” alongside other claims differentiating the product from competitors. The context of the claim improperly implied product superiority, the NAD said, and appeared as an answer as to why consumers should buy the product rather than conveying simple factual information.

The use of the claim “clearly implies that there is some type of benefit associated with the product’s ‘No GMO’ status, whether it be on the basis of health, safety, or some other reason,” the NAD said. “The advertiser presented no evidence to support such a message. Further, as noted by the FDA, a label statement would be misleading if it implies that a food is superior because it is not bioengineered.”

To avoid conveying the unsupported message that the Happy Family products are superior to competitor products because they do not contain genetically modified ingredients, the NAD recommended that Nurture modify its advertising.

To read the opinion in Ault v. J.M. Smucker Co., click here.

To read the NAD’s press release about the decision, click here

Why it matters: GMO labeling continues to pose a real challenge for advertisers. Companies that choose to make such claims in the hope of taking advantage of consumer interest in organic food products need to be careful or face action from competitors, consumers, or both – and may soon have to contend with legislative restrictions in states that follow Vermont’s lead and enact labeling restrictions.

Noted and Quoted . . . Bloomberg BNA Turns to Jesse Brody on Top Privacy Issues for Digital Marketing Campaigns

For companies employing innovative digital marketing tactics to promote their products and services – including elements like user-generated content, viral marketing, mobile applications and social media – it is more important than ever to consider the potential business repercussions of failing to comply with applicable privacy laws.

Manatt partner Jesse Brody authored an article for Bloomberg BNA’s Privacy & Security Law Report titled, “Top 10 Privacy Considerations for Digital Marketing Campaigns,” a quick reference overview of the most pressing issues for marketers and their lawyers to consider before launching a digital marketing campaign that collects information from consumers.

To read the full article, click here.



DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Manatt, Phelps & Phillips, LLP | Attorney Advertising

Written by:

Manatt, Phelps & Phillips, LLP

Manatt, Phelps & Phillips, LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.