Advertising Law - March 2017 #2

by Manatt, Phelps & Phillips, LLP
Contact

Manatt, Phelps & Phillips, LLP

In This Issue:
  • Privacy Policy, Notifications Mandatory Under Updated Google Rules
  • FCC Hits Pause on Controversial Data Security Rule
  • NAD Compares Wegmans, Costco Price Comparison Claims
  • New in False Ad Suits: Paint, Beer, Dog Food and Shampoo

Privacy Policy, Notifications Mandatory Under Updated Google Rules

On March 1, Google updated its Play Store policies with a host of changes that took effect on March 15, including a requirement that app developers post a privacy policy to the store listing and provide certain in-app privacy disclosures.

Google Play’s Developer Policy Center summarized the company’s position on privacy and security, stating “You must be transparent in how you handle user data (e.g., information provided by a user, collected about a user, and collected about a user’s use of the app or device), including by disclosing the collection, use, and sharing of the data, and you must limit use of the data to the description in the disclosure.”

If an app handles personal or sensitive data—defined to include personally identifiable information, financial and payment information, authentication information, phonebook or contact data, microphone and camera sensor data, and sensitive device data—then the app must include a privacy policy within the app itself and in the store listing. Further, user data must be handled securely and transmissions must be sent using modern cryptography (over HTTPS, for example).

The privacy policy must “comprehensively” disclose how data is collected, used and shared, and the types of parties with whom the data is shared. Apps that monitor or track a user’s behavior on a device must present users with a persistent notification and a unique icon that “clearly” identifies the app, Google mandated.

In addition, if the app collects personal data unrelated to the app’s functionality, then it must “prominently” highlight how that data will be used prior to the collection and ensure that the user provides affirmative consent for such use.

More specific requirements were added for certain types of data. An app that handles financial or payment information must “never publicly disclose any personal or sensitive user data related to financial or payment activities,” and the unauthorized publishing or disclosure of people’s nonpublic phonebook or contact information is forbidden.

Google provided examples of common violations, such as apps that do not treat a user’s inventory of installed apps or phone and contact books as personal or sensitive data, all of which runs afoul of the company’s Privacy Policy, Secure Transmission, and Prominent Disclosure requirements.

To read the privacy and security requirements in Google Play’s Developer Policy Center, click here.

Why it matters: The updated privacy requirements are a must-read for all app developers, particularly as Google has been sending letters to nudge developers into compliance, cautioning them that their app could be removed from the store if it fails to meet the new requirements.

FCC Hits Pause on Controversial Data Security Rule

Just days before the Federal Communications Commission’s controversial data security rule was set to take effect, the agency voted two-to-one to issue a stay.

Part of an Order passed last year along party lines under former Chairman Tom Wheeler established privacy regulations that required Internet service providers to obtain opt-in consent before sensitive data (defined to include browsing and app usage history) can be collected and used for ad targeting purposes.

The new rule caused much consternation in the advertising industry, with groups calling it “unprecedented, misguided, counterproductive, and potentially extremely harmful.” After the change in administration, the groups requested that the Commission’s new leadership reconsider and/or rescind the rule.

Others joined the pushback, and a total of eleven separate petitions to reconsider the Order and a motion to stay the rule were filed by trade associations in the cable industry. On March 1, the FCC granted the motion to stay.

“[W]e determine that it is in the public interest for the Commission to address and resolve, prior to the rule taking effect, the parties’ claims that the data security requirements need to be clarified or reconsidered, so that (1) consumers are not subject to two different privacy regimes, vitiating their uniform expectation of online privacy, and (2) [broadband Internet access service, or BIAS] providers and other telecommunications carriers do not incur substantial and unnecessary compliance costs while the possibility of changes to the requirements still exist,” the Commission wrote.

A majority of the three-member Commission agreed with the petitioners that the new rule would cause uncertainty for covered entities, particularly in terms of how the “reasonable measures” standard used by the FCC would interact with the Federal Trade Commission’s data security oversight. In addition, requiring companies to incur costs and allocate resources toward implementing the rules was “wasteful and counterproductive to the public interest,” the Commission added.

Commissioner Michael O’Rielly authored a statement supporting the decision to stay the Order while Commissioner Mignon L. Clyburn issued a scathing dissent.

She noted that the Commission announced its decision to stay the rule on the same day a major content distribution network revealed that the private data of millions of users from thousands of websites had been exposed for several months. The “irony here is inescapable,” she wrote. “With a stroke of the proverbial pen, the Federal Communications Commission—the same agency that should be the ‘cop on the beat’ when it comes to ensuring appropriate consumer protections—is leaving broadband customers without assurances that their providers will keep their data secure.”

Acting Chair of the Federal Trade Commission Maureen K. Ohlhausen voiced her support for the stay in a joint statement with FCC Chair Ajit Pai. “The FTC has a long track record of protecting consumers’ privacy and security throughout the Internet ecosystem,” the regulators said. “It did not serve consumers’ interests to abandon this longstanding, bipartisan, successful approach.”

Calling the rule “not consistent with the FTC’s privacy framework,” Pai and Ohlhausen said the stay will remain in place “until the FCC rules on a petition for reconsideration of its privacy rules,” and the agencies work together on “harmonizing” the FCC’s privacy rules with the FTC’s standards. “Americans care about the overall privacy of their information when they use the Internet, and they shouldn’t have to be lawyers or engineers to figure out if their information is protected differently depending on which part of the Internet it is,” the regulators said.

To read the FCC Order, click here.

Why it matters: Although the stay was decried by privacy advocates and consumers groups, it appears to be the first step towards rescinding the data security rule entirely or significantly reworking it.

NAD Compares Wegmans, Costco Price Comparison Claims

Wegmans Food Markets should modify certain in-store comparison pricing displays with additional disclosures, the National Advertising Division recommended in a new decision.

Competitor Costco challenged claims such as “Who has time to comparison shop? We do. We check hundreds of prices each week so you don’t have to” and “Don’t shop around town … shop at Wegmans and save.” In addition to these claims, on more than one occasion Wegmans’ in-store comparison pricing displays showed an incorrect price for Costco products, the company said.

Wegmans told the self-regulatory body that it conducted weekly visits on Mondays to competing stores for its price comparisons and that the frequency of its price checks was in accord with both accepted industry practices and NAD precedent. Costco conducts its own competitor price comparisons on Wednesdays and Thursdays, the advertiser argued, and then lowers its prices to ensure they are as low or lower than Wegmans—meaning Wegmans’ claims are accurate when they are posted.

The NAD cited the Federal Trade Commission Guides Against Deceptive Pricing and its own precedent, relying heavily on a 1996 National Advertising Review Board decision in Winn-Dixie Stores, Inc. In that case, the NARB took notice of the typical weekly advertising cycle in the retail grocery business and allowed some “modest leeway” within the seven-day period for advertisers to perform the requisite price checks, record the data, plan advertising copy, and publish the advertising.

“[G]iven the absence of any convincing evidence in the present record demonstrating that price comparison data is now collected by means other than weekly in-store visits, NAD found no reason to reach a different finding in the instant matter,” according to the decision. “Although Costco asserted that using today’s digital technology market retailers can compare prices on a daily basis, it provided no evidence to support this assertion. NAD concluded that the advertiser’s current competitor price-checking and posting was in keeping with FTC and NAD precedent and that one week is a reasonable period of time to check on prices to keep them current.”

The NAD was not persuaded that modern technology necessitated a shorter time period for the lifespan of price comparison claims. “While it may be true that advertisers, through the use of digital technology, can and do update prices with much greater rapidity than they did 20 years ago, there is nothing in the record to demonstrate that, at the present time, they can feasibly do so in less than one week (i.e., daily) without unreasonable burden,” the self-regulatory body wrote.

However, Wegmans’ price comparison boards—which already disclose that the comparisons are of a specified date within the seven-day period—should “be modified to provide clear, conspicuous and prominent disclosure to the effect that prices are subject to change,” the NAD recommended.

While the NAD determined that Wegmans’ claim “Who has the time to comparison shop?” was adequately qualified, it recommended that the claim “Don’t shop around town … shop at Wegmans and save” should be partially discontinued. The first phrase instructed consumers not to comparison shop, the NAD said, and “directly contradicts the recommended qualifier that prices are subject to change.” Nothing precluded the advertiser from claiming that consumers can “Shop at Wegmans and save,” the NAD added.

To read the NAD’s press release about the decision, click here.

Why it matters: The takeaway for advertisers? “If an advertiser wishes to make comparative pricing claims in an industry or market in which it is known that prices change frequently, it is incumbent upon that advertiser to take steps to insure that the comparison is current and accurate,” the NAD wrote.

New in False Ad Suits: Paint, Beer, Dog Food and Shampoo

From paint to beer to dog food to shampoo, consumer class action false advertising suits continue to proliferate.

Citing a decision from the National Advertising Division, two plaintiffs filed suit against Rust-Oleum Corporation in Illinois federal court, accusing the company of scamming consumers with statements that its paint provides “twice the coverage in a single pass” and will get projects done “in half the time at half the cost of competitive brands.”

Not true, the plaintiffs said, asserting that the “2X” product paint line “performs below its express representations.” Even after the NAD recommended that the company discontinue its 2X claims and change the name of the product, Rust-Oleum has continued to “aggressively” market its paint line as “remarkably superior” to competitors to justify a price premium, the plaintiffs alleged.

The suit seeks an order compelling a corrective advertising campaign as well as disgorgement, restitution, and damages.

In California federal court, a pair of consumers is seeking recovery from Craft Brew Alliance, alleging that they were tricked about Kona Brewing Company’s line of beers. The company “intentionally misleads” consumers into believing the beer line is locally brewed in Hawaii by using marketing and labeling with imagery of the Hawaiian islands, when the beverages are actually brewed on the mainland, the plaintiffs said.

Each beer is branded with its own Hawaiian theme, from the Wailua Wheat Ale to the Longboard Island Lager. For example, the Hanalei Island IPA is named for a town in Kauai, Hawaii. Two people kayaking in the ocean in front of the mountains of Hawaii are depicted on the bottle label accompanied by a description of the beer: “Kayak the stunning Hanalei Bay and ease your way through the tropical paradise of northern Kauai. Refresh your senses with this crisp Island IPA—the subtle bitterness of hops is balanced by passionfruit, orange and guava. Easy does it.”

The “prominent Hawaii imagery and wording on the product labels, taken both in isolation and as a whole, are clearly designed to create the mistaken impression that Kona Brewing Co. beer is made in Hawaii,” the plaintiffs stated, and its social media campaign is “rife” with Hawaiian imagery and references.

The suit seeks injunctive relief as well as monetary damages.

Despite being labeled “natural” and containing “no artificial preservatives,” Rachael Ray’s line of dog food in fact contains artificial additives and preservatives, according to a California consumer’s new lawsuit. Ainsworth Pet Nutrition Holdings deceived consumers in order to capitalize on their preference for natural food products—even for pets—in a $40 million national advertising campaign, the complaint alleged.

Requesting declaratory relief, a corrective advertising campaign, restitution, and monetary damages, the suit emphasized the “prominent” use of the word “natural” not only on the pet food packaging but also on the products’ websites.

Finally, a line of “Sexy Hair” products—including shampoos and conditioners—was the recipient of a consumer class action complaint in Massachusetts federal court. The plaintiff accused Sexy Hair Concepts of advertising its line of products in stores and online as sulfate and salt free when the ingredients list—“printed in very small type on the back side of the container”—states the shampoo contains both sodium sulfate and sodium chloride (salt).

The plaintiff purchased the product thinking that shampoo without salt and sulfates would be good for her hair, she claimed. The plaintiff argued that she was injured by the false promises and asked the court for injunctive relief and monetary damages, trebled under Massachusetts’ consumer protection law.

To read the complaint in Leggett v. Rust-Oleum Corporation, click here.

To read the complaint in Cilloni v. Craft Brew Alliance, click here.

To read the complaint in Grimm v. APN, Inc., click here.

To read the complaint in Crane v. Sexy Hair Concepts, click here.

Why it matters: As the four newly-filed complaints demonstrate, consumer class actions alleging false advertising continue to be filed across the country against a broad range of products.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Manatt, Phelps & Phillips, LLP | Attorney Advertising

Written by:

Manatt, Phelps & Phillips, LLP
Contact
more
less

Manatt, Phelps & Phillips, LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):
hide

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.

Security

JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.