Advertising Law - March 2016 #4

by Manatt, Phelps & Phillips, LLP
Contact

In This Issue:

  • FCC Releases Privacy Regime for ISPs
  • As an Unsubstantiated Express Performance Claim, Product Name Must Be Changed, NAD Says
  • FTC, DOJ Hang up on Telemarketing Operation Offering Energy Savings
  • Did You Hear That? FTC Warns App Developers About Listening Software

FCC Releases Privacy Regime for ISPs

Creating a storm of controversy, the Federal Communications Commission released information about its privacy proposal for Internet service providers.

Pursuant to the plan, consumers must provide consent before a broadband provider can make use of their Internet history for behavioral targeting unless the ads are related to other communications services, which require opt-out consent. The proposal "does not prohibit ISPs from using or sharing customer data, for any purpose," the FCC explained, "[i]t simply proposes that consumers have choices—either to opt out in some instances or to require that the ISP first obtain customers' permission before using and sharing the customer's data in others."

In a fact sheet released by the agency, the FCC emphasized that ISPs have access to personal and private information about broadband consumers, giving them the ability "to create detailed profiles about [consumers'] lives." Based on the websites consumers visit and the applications they use, a broadband provider can discover information such as a chronic medical condition or financial problems, the FCC said.

"A consumer's relationship with her ISP is very different than the one she has with a website or app," according to the fact sheet. "Consumers can move instantaneously to a different website, search engine or application. But once they sign up for broadband service, consumers can scarcely avoid the network for which they are paying a monthly fee."

The FCC based its privacy proposal on three principles: choice, transparency, and security. Consumers have the right to exercise "meaningful and informed control" over the personal data used by a broadband provider, the agency said, and deserve to know what information is being collected about them, how it's being used, and under what circumstances it will be shared. Accurate disclosures of privacy practices must be provided to consumers "in an easily understandable and accessible manner," the FCC added.

As for security, the agency was clear: "Broadband providers have a responsibility to protect consumer data, both as they carry it across their networks and wherever it is stored." To that end, ISPs would at a minimum be required to "adopt risk management practices; institute personnel training practices; adopt strong customer authentication requirements; identify a senior manager responsible for data security; and take responsibility for use and protection of customer information when shared with third parties."

Consumers must be notified if their data has been compromised, with the proposal mandating that affected customers receive notice no later than ten days after discovery of the breach with just seven days to notify the Commission (and other federal agencies if the breach involved more than 5,000 customers).

To read the FCC's fact sheet, click here.

Why it matters: The full Commission will consider the proposal and vote at a March 31 meeting. If the NPRM is adopted, a period of public comment would follow. Not surprisingly, the release of the fact sheet was met with praise from consumer advocates and protests from broadband providers. USTelecom President Walter McCormick issued a statement that privacy rules should be "evenly applied across the Internet economy," arguing that ISPs should not be subject to more stringent privacy regulations than websites the FCC doesn't have jurisdiction over, which are governed by the Federal Trade Commission. Moody's Investor Services rated the proposal "credit negative," stating that it believes the plan "to be a long-term risk to the current TV advertising business model, as well as all broadband providers who also have ad sales exposure." The Commission itself is divided on the proposal, with Commissioner Michael O'Rielly releasing a statement in opposition. "The 'fact' sheet demonstrates that the FCC is doubling down on its misguided and broken Net Neutrality decision by imposing troubling and conflicting 'privacy' rules on Internet companies, as well as freelancing on topics like data security and data breach that are not even mentioned in the statute," he wrote.

As an Unsubstantiated Express Performance Claim, Product Name Must Be Changed, NAD Says

The product name for Rust-Oleum's "Painter's Touch Ultra Cover 2X Spray Paint" is an express performance claim and should be changed because it falsely implies it provides twice as much coverage as competing spray paint products, the National Advertising Division recently determined.

Competitor Sherwin-Williams Company challenged express claims, including "Twice the coverage" and "Ultra Cover 2X," as well as arguing that the advertiser made implied claims that all of the Ultra Cover 2X paints and clearcoats of all finishes are proven to cover twice as much area in ordinary consumer use than all competing products and that competing spray paints, such as Sherwin-Williams' Krylon brand, provide insufficient coverage.

Rust-Oleum defended its advertising, providing comparative testing from 2008, 2009, 2014, and 2015 to support its claims and telling the self-regulatory body that the product name was not a performance claim but simply a category of general purpose aerosol paint products.

Calling the challenged claim "impactful," the NAD said it could "influence consumers' purchasing decisions." Product packaging featured a "very prominent 2X" adjacent to a gold seal stating "made with double cover technology," with a depiction of "one = two cans" next to the word "coverage," all of which led the NAD to conclude that the product name is an express performance claim "because 2X is followed directly by the claim 'Cover.' "

With that in mind, the NAD considered Rust-Oleum's product testing to support the claim. The 2008 and 2009 testing occurred on paints that are no longer on the market. As it is "well-established that comparative performance claims must be based on testing on products that are currently in marketplace," the self-regulatory body said the advertiser could not rely on those tests.

Although the 2014 and 2015 comparative testing of multiple samples and finishes constituted a sufficiently large sampling, the NAD expressed a number of other concerns about the test methodology and results. The testing was conducted in-house and the advertiser had insufficient controls in place to prevent bias—for example, the test samples were not blinded, "which creates the potential for bias in favor of the Rust-Oleum products," according to the decision.

In addition, it was unclear whether the use instructions for Krylon's products were followed or if the distance at which the spray paints were sprayed correlated with the coverage (if sprayed at a closer distance, the chart may have been completely covered more quickly, the NAD noted). Most problematic, testing results varied greatly, from 0.41X to over 6X. Such wide variations could not be averaged to form the basis of the 2X coverage claim, the self-regulatory body wrote.

"[T]he impactful 2X claim (along with the one = two cans of spray paint imagery adjacent to the claim) appears on each and every color and finish of Painter's Touch Ultra Cover 2X," the NAD said. "Thus, consumers will reasonably expect that the 2X coverage claim is true for every color—not that it is true 'on average' and, hence, that there is the possibility that the Ultra Cover 2X product a consumer chooses to buy may not provide 2X coverage."

Product testing results must not only be statistically significant, but also consumer meaningful, the self-regulatory body added. "The advertiser presented no statistical analysis of its test results to explain the variation between test results," the NAD wrote. "The advertiser chose the basis of the comparison—a prominent quantified performance claim—yet the variations in the test results within each test mean that the averaged results (2X) might be inaccurate (and sometimes vastly inaccurate) for nearly 50 percent of the products in the category."

Therefore, the NAD recommended that the advertiser discontinue the challenged 2X coverage claims—including the product name—along with accompanying visuals.

In its advertiser's statement, Rust-Oleum indicated it will appeal the part of the NAD's decision with regard to the product name. "Rust-Oleum does not believe that the statement 'Ultra Cover 2X' is a claim that requires, as support, testing evidence that each color provides at least twice the coverage of each color … of competing general purpose paints," the company said. "Rust-Oleum believes that this finding is inconsistent with NAD precedent, reasonable marketing practice and consumer understanding."

To read the NAD's press release about the case, click here.

Why it matters: The decision reminds advertisers that product names can be advertising claims. Here, NAD recommended that the advertiser discontinue the brand name Ultra Cover 2X without requiring extrinsic evidence of consumer confusion because it determined that the product name was an express performance claim that the product would deliver two times the coverage of competing cans of paint.

FTC, DOJ Hang up on Telemarketing Operation Offering Energy Savings

Together with the Department of Justice, the Federal Trade Commission filed suit against an individual defendant and his companies to halt a telemarketing operation that allegedly promised consumer energy savings using illegal robocalls.

Prerecorded calls made by the defendants stated: "This is an urgent call about your energy bill" and "stop the 14% increase coming soon," encouraging consumers to "press one" to lower their electric bills. If a consumer did so, he or she was transferred to a telemarketer who asked if the consumer was interested in solar panels.

Those who replied in the affirmative then provided their contact information, which the defendants in turn sold as leads to solar panel installation companies, the FTC and DOJ said. Consumers who requested not to be called again were often ignored, the federal agencies alleged.

Francisco Salvat's telemarketing operation—including business entities KFJ Marketing, Sunlight Solar Leads, and Go Green Education—violated the Telemarketing Sales Rule by continuing to call consumers who asked not to be called again, calling consumers on the federal Do Not Call Registry, failing to transmit accurate caller ID information, and making illegal robocalls, according to the complaint.

The California federal court lawsuit seeks a permanent ban on the alleged illegal conduct and civil penalties.

"Mr. Salvat's companies ignored the Do Not Call Registry and made illegal robocalls," Jessica Rich, Director of the FTC's Bureau of Consumer Protection, said in a statement about the action. "Breaking the law isn't a great way for a company to introduce itself to potential customers."

To read the complaint in United States v. KFJ Marketing, click here.

Why it matters: The federal complaint filed by the DOJ and FTC claims the defendants violated the TSR in four different ways: placing an estimated 1.3 million calls to customers on the federal Do Not Call Registry, spoofing their caller ID information by transmitting phony data so consumers could not ascertain the true source of the call, continuing to call consumers who had already asked the defendants to stop, and making illegal robocalls.

Did You Hear That? FTC Warns App Developers About Listening Software

In warning letters to 12 app developers, the Federal Trade Commission cautioned the companies about the use of software that can monitor a device's microphone to listen for audio signals that are embedded in television advertisements.

Silverpush designed software that features a "Unique Audio Beacon" technology enabling mobile applications to listen for unique codes embedded in TV audio signals. The software can then determine what television shows or advertisements are playing on a nearby television.

"This functionality is designed to run silently in the background, even while the user is not actively using the application," Maneesha Mithal, Associate Director of the Division of Privacy and Identity Protection, explained in the letters from the agency. "Using this technology, Silverpush could generate a detailed log of the television content viewed while a user's mobile phone was turned on."

Recipients of the agency's letter offered apps in the Google Play store with code similar to Silverpush, configured to access the device's microphone to collect audio information even when the application is not in use, the FTC said.

"Moreover, your application requires permission to access the mobile device's microphone prior to install, despite no evident functionality in the application that would require such access," the agency wrote in a sample letter. "Upon downloading and installing your mobile application that embeds Silverpush, we received no disclosures about the included audio beacon functionality—either contextually as part of the setup flow, in a dedicated standalone privacy policy, or anywhere else."

Silverpush has represented that its audio beacons are not currently embedded into any television programming aimed at U.S. households. But the FTC still felt the need to warn app developers.

"[I]f your application enabled third parties to monitor television-viewing habits of U.S. consumers and your statements or user interface stated or implied otherwise, this could constitute a violation of the Federal Trade Commission Act," specifically Section 5, which prohibits unfair or deceptive acts or practices in or affecting commerce, Mithal wrote. "We would encourage you to disclose this fact to potential customers, empowering them to make an informed decision about what information to disclose in exchange for using your application."

To read a sample warning letter from the FTC to an app developer, click here.

Why it matters: The warning letter emphasized the complete lack of disclosures found in the apps, with no warning to consumers of the audio beacon functionality during the downloading or installation process, either contextually or in a separate privacy notice. While the FTC noted that Silverpush represents that audio beacons are not currently embedded in any television programming in the United States, the FTC warned that if they are later embedded, the app developers could violate the FTC Act if they fail to disclose to consumers that third parties could monitor their television viewing habits. This latest series of warning letters is a reminder that the FTC is closely watching disclosures to ensure that consumers have the ability to make informed decisions regarding privacy matters.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Manatt, Phelps & Phillips, LLP | Attorney Advertising

Written by:

Manatt, Phelps & Phillips, LLP
Contact
more
less

Manatt, Phelps & Phillips, LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):
hide

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.

Security

JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.