Advertising Law - Oct 17, 2012

by Manatt, Phelps & Phillips, LLP

In This Issue:

I Spy . . . A Settlement with the FTC

The Federal Trade Commission settled with seven rent-to-own companies and a software design firm which licensed software that defendants used to spy on 420,000 consumers via rented computers.

The software was intended to track the location of rented computers, but when activated by the defendants without renter’s knowledge or consent, it “revealed private, confidential, and personal details about the computer user,” according to one of the complaints filed by the agency.

DesignerWare LLC licensed the software on computers rented to consumers by rent-to-own companies Aaron’s, Aspen Way Enterprises, B. Stamper Enterprises, ColorTyme, Premier Rental Purchase, Showplace, Inc., Watershed Development Corp. and affiliates.

According to the FTC, the “Detective Mode” software captured screenshots, logged computer keystrokes, and even took webcam pictures.  Data collected by the defendants included user names and passwords for e-mail accounts, for social media Web sites, and for financial institutions. The software also captured Social Security numbers, medical records, bank and credit card statements, private e-mail messages, webcam pictures of children, and partially undressed individuals engaged in intimate activities at home.

The agency alleged that DesignerWare and the rental companies violated the FTC Act: DesignerWare by providing the means for the companies to use geolocation tracking software without the renters’ knowledge and consent, and the rental companies for illegally collecting renters’ confidential and personal information.

Under the terms of the settlement, the defendants are barred from any spying in the future, from activating location-tracking software without consumer consent and notice, and from deceptively collecting and disclosing information about consumers.

The agreements are open for public comment until October 25.

To read the complaints and proposed agreements in the actions, click here.

Why it matters:  “An agreement to rent a computer doesn’t give a company license to access consumers’ private emails, bank account information, and medical records, or, even worse, webcam photos of people in the privacy of their own homes,” Chairman of the FTC Jon Leibowitz said in a statement about the cases. “The FTC orders today will put an end to their cyber spying.”

POM Suffers Two Losses in One Week

POM had a less than wonderful week.  Over the course of just a few days, a federal court judge dismissed the pomegranate product maker’s suit against the Federal Trade Commission and a U.S. district court judge on the opposite side of the country certified a nationwide class in a false advertising suit against the company.

The FTC case has a lengthy history.  POM filed suit against the FTC in September 2010 after the agency entered into consent agreements with two other companies that the FTC claimed had overstated their products’ effect on disease prevention, mitigation, and treatment.  According to POM, the requirements in the agreements – that all disease-based health representations be preapproved by the Food and Drug Administration and that future health claims required at least two human clinical studies – constituted a new rule.

POM sought a declaratory judgment that the alleged new rule violated statutory and constitutional law.  In response, the FTC filed an administrative complaint against POM, alleging that the company engaged in deceptive and false advertising with respect to health claims regarding its pomegranate products.

Earlier this year, an administrative law judge ordered POM to cease and desist making health and benefits claims after finding that it lacked competent and reliable scientific evidence for a number of its ad claims that promised pomegranate juice can treat or prevent heart disease, prostate cancer, and erectile dysfunction.  However, the Administrative Law Judge (ALJ) rejected the FTC’s proposed order which would have required that POM obtain FDA preapproval for its health claims. The ALJ also rejected the FTC’s claim that studies must comply with the same double-blind, randomized, placebo-controlled requirements imposed on pharmaceuticals.

Noting that the administrative action against POM is ongoing, U.S. District Court Judge Richard W. Roberts said a number of factors led him to dismiss the declaratory judgment suit.

“Generally, in the interest of judicial efficiency, courts decline to hear declaratory judgment actions that would not fully resolve the parties’ claims.  Here, if the court resolved the issues POM raised in its declaratory judgment action, the parties would still have to litigate whether POM’s health claims about its products were false, misleading, and unsubstantiated in violation of the FTC Act,” he wrote.

“POM will have a full opportunity to challenge any FTC final action against it upon the conclusion of the administrative action with a fully developed administrative record available.”

In the second suit, a California federal court judge certified a nationwide class of plaintiffs that claim the company falsely advertised the health benefits of its pomegranate juice.

Despite POM’s argument that California law could not be applied to consumers nationwide, the court said the company’s ties to the state were strong enough to ensure that California’s consumer protection law could be constitutionally applied.

“POM is headquartered and located solely in California, developed its marketing strategies in California, and produced all of its pomegranate juice products in California,” U.S. District Court Judge Dean D. Pregerson wrote.  POM “fails to carry its burden to demonstrate that the interests of any foreign jurisdiction outweigh California’s interest in applying its own consumer protection laws to the facts of this case.”

Judge Pregerson also shot down POM’s contention that because the class members viewed different ads, their reliance and motives for purchase were too individualized for class proceedings.

“The mere fact that POM used several different advertisements to convey its health message is not dispositive,” the court said.  “A false or misleading advertising campaign need not ‘consist of a specifically-worded false statement repeated to each and every [member] of the plaintiff class.’ ”

The court certified a nationwide class of persons who purchased a POM juice product between October 2005 and September 2010.

To read the court’s order in POM Wonderful v. FTC, click here.

To read the class certification order in In re: POM Wonderful Marketing and Sales Practices Litigation, click here.

Why it matters:  POM’s tough week in court leaves the company facing two legal challenges:  its ongoing battle with the FTC as well as a nationwide class action suit, both involving allegations that the company made false and misleading health claims about its pomegranate products.

FTC Targets “Tech Support” Scams

Announcing a “major, international crackdown” on tech support scams, the Federal Trade Commission filed suit against six defendants who tricked consumers into purchasing fixes for viruses or malware.

Five of the defendants used telemarketing calls to contact consumers, the agency alleged, while the sixth placed ads on Google that would appear when consumers searched for the tech support number of their computer company. 

The defendants claimed they were affiliated with companies like McAfee and Norton and told consumers that malware had been detected on their computers.  Consumers were directed to the “Event Viewer” in their computer’s utility log where defendants claimed innocuous entries were really evidence of a virus.

For fees ranging from $49 to $450, the defendants offered to “fix” the computer.  Consumers were instructed to download software allowing the defendants remote access from which they would remove the malware or virus.  In addition, the defendants offered consumers long-term technical support or security services for additional fees.

Targeting consumers not only in the United States but Australia, Canada, Ireland, New Zealand, and the United Kingdom, the defendants used 80 different domain names and 130 different phone numbers, according to the complaint.

The complaints alleged that 14 corporate defendants and 17 individual defendants violated the FTC Act, the Telemarketing Sales Rule, and made illegal calls to numbers on the federal Do Not Call Registry.

A federal court judge in New York already issued an order against the defendants, halting their business operations and freezing their assets.

To read the complaints and the court’s order granting a temporary restraining order, click here.

Why it matters:  Tech scams are keeping the agency busy.  Just one day prior to the announcement of the international crackdown, the FTC confirmed that a U.S. District Court Judge imposed a $163 million judgment in a case against a “scareware” operation.  The defendants in that case also used Internet ads to trick consumers into believing their computers were infected and then sold them software to fix the problem.  The judge imposed the penalty after a two-day trial against the remaining defendant in the suit (the other defendants previously settled with the agency; two agreed to pay $8.2 million last year).  Finding the sole remaining defendant joint and severally liable, the judge imposed the $163 million penalty, a sum calculated by the FTC to reflect either the amount of consumer redress, or the amount paid by consumers for the defendants’ products, minus any refunds.

FTC Fines Children’s Fan Site $1M for COPPA Violations

As the agency finalizes changes to its Children’s Online Privacy Protection Act (COPPA), the Federal Trade Commission reached a $1 million settlement with a celebrity fan site operator over allegations it violated the act.

Artist Arena, the operator of fan Web sites for artists like Rihanna, Justin Bieber, and Demi Lovato, violated COPPA by collecting personal information from children under the age of 13 without parental consent, according to the agency’s complaint.  Visitors to sites like and could create profiles, register to join a fan club, and sign up for newsletters.

Although the site claimed that it would not activate a child’s registration without their parent’s consent, Artist Arena’s procedures were inadequate to comply with COPPA, the FTC said.

In one example, children who registered for the Selena Gomez newsletter were told to provide a parental e-mail address so that an adult could provide the necessary consent.  Although the parents received a message with a link to approve the subscription, the company had already registered the child on the site and created a profile, the agency said.

Artist Arena knowingly registered more than 25,000 children under age 13, the FTC alleged, and collected and maintained information from an additional 75,000 children who started but did not complete the registration process.  The company collected information including the names, addresses, e-mail addresses, birth dates and gender of the children, according to the complaint.

In addition to the $1 million penalty, Artist Arena agreed to destroy the illegally collected information.  The company is also prohibited from future violations of COPPA and agreed to place a link on its Web sites to the FTC’s guide for protecting children’s online privacy.

To read the complaint in U.S. v. Artist Arena, click here.

To read the consent decree, click here.

Why it matters:  The settlement reiterates the agency’s focus on COPPA and children’s privacy even as it readies changes to COPPA.  Even if the proper procedures are in place – like Artist Arena’s parental e-mail system – companies that market to children under the age of 13 should ensure that their compliance measures are functioning – unlike the defendant’s system that allows registration prior to receiving parental consent.  Or, as FTC Chairman Jon Leibowitz said in a press release about the settlement, “Marketers need to know that even a bad case of Bieber Fever doesn’t excuse their legal obligation to get parental consent before collecting personal information from children.  The FTC is in the process of updating COPPA to ensure that it continues to protect kids growing up in the digital age.”

Did Facebook Violate its FTC Agreement?

Consumers groups have sent a letter to the Federal Trade Commission, charging that a new marketing program launched by Facebook violates the terms of the social networking site’s settlement with the agency earlier this year.

In August, the agency finalized a settlement with Facebook over allegations that the company made user information public by default, even though the company promised to keep the information private.

Just one month later, the Electronic Privacy Information Center (EPIC) and Center for Digital Democracy (CDD) sent a letter to the agency seeking an investigation into a new “data-matching” deal the site recently launched with Datalogix.

A data-mining company, Datalogix collects consumer information from offline retailers that includes names, addresses, e-mail addresses, and behavioral information like purchase history.  The agreement allows Datalogix to match its database with Facebook user information with the goal of profiling consumer offline commercial activity, according to the letter.

This sharing of information violates the site’s consent decree with the FTC, under which Facebook was required to make “clear and prominent” disclosures and obtain affirmative consent from users prior to the sharing of any user’s nonpublic information, the letter argues. Neither Facebook’s data use policy nor its statement of rights and responsibilities explains that the information is disclosed, and the one reference to Datalogix is difficult to find, the groups argue.  The page where it is located “requires at least five actions to reach from the home page and simply directs users to the Datalogix privacy policy.”  The failure to notify users constitutes a misrepresentation by omission in violation of the consent agreement, they contend.

In addition, although Facebook said that the data will all be hashed and that no individual user’s information will be shared, the anonymization technique is “vastly overrated,” the groups wrote, expressing concern that the data would not be matched anonymously.

Finally, the opt-out language for the program is “confusing and ineffective,” according to the letter, and “hidden within Datalogix’s long privacy policy.”  Opting out also requires an opt-out cookie, the groups said, which users often delete, not realizing they have removed the record of their request to be treated anonymously.

To read the letter to the FTC, click here.

Why it matters:  Facebook remains a lightning rod for privacy issues.  The social networking site’s agreement with the FTC was barely finalized before EPIC and CDD sent their letter to the agency alleging violations of the agreement.  It remains to be seen whether the FTC investigates the data-matching arrangement between Datalogix and Facebook.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Manatt, Phelps & Phillips, LLP | Attorney Advertising

Written by:

Manatt, Phelps & Phillips, LLP

Manatt, Phelps & Phillips, LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.