Advertising Law -- Sep 04, 2013

by Manatt, Phelps & Phillips, LLP

In This Issue:

Linda Goldstein Invited to Speak at Electronic Retailing Self-Regulation Program Workshop

This year’s Electronic Retailing Self-Regulation Program (ERSP) workshop on October 2 focuses on the prevailing trends in the direct response industry, including recent regulatory scrutiny of telemarketing practices and lead generation advertising.

Linda Goldstein, Chair of Manatt’s Advertising, Marketing & Media Division, will participate in a panel presentation titled “Direct Response Year in Review and What’s to Come.” The session will highlight recent developments in direct response marketing and advertising and practical considerations involving claim substantiation. Linda’s copresenters include Peter Marinello (Director, ERSP and VP, CBBB) and Maryana DeZarlo (Director, Broadcast Standards & Practices, Fox Broadcasting Company).

The event will be held at the Ritz-Carlton New York, Battery Park. For more information or to register for this conference, click here.

FTC Members Speak Out About Data Brokers, Big Data

Federal Trade Commission Chairwoman Edith Ramirez and Commissioner Julie Brill both spoke out recently about the issue of “big data.”

Referencing the revelations about the extent to which the National Security Agency collected information about citizens, Brill authored an op-ed in The Washington Post in which she noted that consumers have called on the government to increase transparency. Similar calls, she said, should be made on data brokers. “All day long, as we surf the Web, tap at apps or power up our smartphones, we send digital information out into cyberspace,” she wrote. “As we live our wired lives, we constantly add to the veins from which data miners pull pure gold.”

But the use of such collected information ranges from the benign – an ad for suede boots, for example – to illegal, when data dossiers are used to determine “what rates we pay, even what jobs we get.”

Therefore, Brill reiterated her call for a “Reclaim Your Name” program to be adopted by the data broker industry.

As envisioned by Brill, the self-regulatory program would “empower people to find out how brokers are collecting and using their data; give people access to information that data brokers have amassed about them; allow people to opt out if they learn that a data broker is selling their information for marketing purposes; and provide consumers the opportunity to correct errors in information used for decisions about substantive benefits.”

Brill’s piece concluded on a positive note. She suggested that data brokers and consumers can coexist peacefully “with a system that empowers consumers to make real choices about how our privacy information is used. Such a system would go a long way toward restoring consumer trust in the online and mobile ecosystems, allowing us to continue to enjoy all the convenience, entertainment and wonder that cyberspace has to offer.”

FTC Chairwoman Edith Ramirez also recently discussed data collection practices in her keynote speech at the Technology Policy Institute’s annual conference, where she cautioned that the agency plans to target companies with large quantities of data.

“Big data” poses a threat to privacy and enhances the need for data security, she said, and the agency intends to use its powers “like a lifeguard at the beach” to investigate and take action against companies that falsely state how they use consumers’ data or harm consumers with inadequate data security practices.

“Like a vigilant lifeguard, the FTC’s job is not to spoil anyone’s fun but to make sure that no one gets hurt,” Ramirez said. “With big data, the FTC’s job is to get out of the way of innovation while making sure that consumer privacy is respected.”

To that end, Ramirez – who noted that the agency has brought over 40 data security cases, including some against “very large data companies” like LexisNexis and ChoicePoint – made some suggestions to companies collecting consumer data.

Dangers like the indiscriminate collection of data, the lack of meaningful consumer choice, and the threat of a data breach could be minimized or avoided by the use of privacy by design, greater transparency, and meaningful consumer choice.

She also said the agency intends to release a report on data brokers by the end of the year and reiterated her support for the (currently stalled) Do Not Track initiative.

To read Brill’s op-ed, click here.

To read Woolley’s letter in response, click here.

To read the text of Ramirez’s speech, click here.

Why it matters: Linda A. Woolley, president and CEO of the Direct Marketing Association, issued an open letter in response to Brill’s “alarmist” editorial. “Asserting that consumers need to ‘reclaim their names’ focuses on speculative harms and ignores the consumer protection derived from customization and personalization of Internet experiences through the commercial use of data,” she wrote. “Suggesting that marketing data is used to ‘determine what offers we receive, what rates we pay, even what jobs we get’ is factually inaccurate and misleading, given that the use of any data – including marketing data – for eligibility determinations is already illegal under the Fair Credit Reporting Act. The op-ed wrongly suggests that this is not the case for some data. In fact, a ‘reclaim your name’ campaign would lead to more fraud and limit the efficacy of companies and data discussed in the op-ed.” Rachel Thomas, vice president of government affairs for the DMA, told MediaPost that Brill’s move doesn’t help the ongoing talks between her group and the agency. “These kinds of attacks do not help having that kind of productive conversation that we were involved in,” Thomas said. “The conflation of what the NSA does in terms of data practices, and what responsible marketers do, is irresponsible and inaccurate.” Companies compiling data should also note that Ramirez cautioned about the agency’s continuing focus on “big data” and its willingness to implement enforcement actions as needed. Or, as she put it, paraphrasing a well-known superhero adage: “With big data comes big responsibility.”

FCRA Settlement Results in Record $3.5M Payment to FTC

In the second-largest settlement negotiated by the agency under the Fair Credit Reporting Act, the Federal Trade Commission reached a deal with Certegy Check Services for $3.5 million based on allegations that the company failed to follow the correct dispute procedures under the Act.

Florida-based Certegy – one of the largest check authorization service providers in the country – compiles information about consumers to help merchants decide whether to accept their checks. But according to the FTC, Certegy failed to follow reasonable procedures to “assure maximum possible accuracy” of the information provided to retailers and then exacerbated the problem by not following the appropriate dispute procedures required by the FCRA.

Specifically, the defendant failed to timely investigate consumer disputes and follow up by deleting inaccurate, incomplete, or unverifiable information. The company also lacked a streamlined process so that consumers could get a free copy of Certegy’s report on them, the agency said.

According to the FTC, instead of investigating information disputed by consumers, the defendant passed the responsibility off to the consumer. According to the complaint, “If a consumer disputes that he has a returned check from a particular merchant, Certegy requires the consumer to contract the merchant himself to resolve the dispute,” and “When the decline is a result of an ‘invalid’ ID, Certegy requires that the consumer obtain and send driving records to Certegy to ‘prevent future declines.’”

The suit was also the first filed by the agency under the Furnisher Rule, which took effect July 1, 2010.

Pursuant to the terms of the settlement, Certegy is banned from future violations of the FCRA and must pay $3.5 million to the agency. The company also agreed to change its practices. It would henceforth no longer require that consumers contact third parties to resolve disputes and it agreed to provide consumers with copies of their reports within 15 days after receipt of a request.

To read the complaint and the stipulated final judgment in U.S. v. Certegy Check Services, click here.

Why it matters: The agency said the case against Certegy is part of a broader initiative targeting data brokers. “Inaccurate information in a consumer reporting agency’s file can have a huge impact on a person’s everyday life, starting with their check being denied at the grocery store,” Jessica L. Rich, director of the FTC’s Bureau of Consumer Protection, said in a press release about the suit. “In this case, we alleged that Certegy delivered a one-two punch: the company not only failed to assure that the information it provided to retailers was accurate, but it also failed to follow proper dispute procedures. Today’s settlement will benefit consumers who use checks to pay for essential goods and services, including many older consumers and people without alternate means of payment, such as credit cards.”

Fake Virus Ads Result in Healthy $1.2M Settlement With FTC

Virus-scan ads that appeared on Android mobile devices while consumers played Angry Birds were the basis of a $1.2 million settlement between Jesta Digital, Inc. and the Federal Trade Commission.

The agency alleged that Jesta Digital – also known as Jamster – designed banner ads similar to the Android operating system’s robot logo to dupe consumers into thinking their device was cautioning them about a potential virus. When consumers clicked on the ad they were taken through a series of landing pages. The screen displayed banners warning “stop mobile virus now” and “protect your android today,” but nothing indicated that more information was below. If a consumer scrolled down, they would have found “the smallest print on the page” stating “20 downloads for 9.99/mo.”

Ironically, if consumers actually clicked on a “subscribe” button and attempted to download the anti-virus software, the download often failed, the agency said. As evidentiary support for its complaint, the FTC referenced an internal Jesta e-mail which stated the company was “anxious to move [the] business out of being a scam and more into a valued service.”

According to the complaint, if a consumer clicked anywhere on the pages, they were enrolled in a monthly program for mobile-related content like ringtones, with the monthly charge of $9.99 added to their phone bill. Jesta’s mobile cramming utilized a billing method known as Wireless Access Protocol. The agency explained that WAP captures the consumer’s mobile phone number from the device and then uses it to place the charge on the mobile phone bill – without affirmative consent from the consumer.

To settle charges of violation of Section 5 of the FTC Act, Jesta agreed to a $1.2 million fine and to refund consumers who were billed for any good or service that involved the company’s claim that a device was infected with malware since Dec. 8, 2011.

The company is also prohibited from making deceptive statements about the cost of goods and services, the conditions of a purchase, and viruses and anti-virus software. Express, verifiable authorization prior to placing a charge on a consumer’s mobile phone bill must also be received.

To read the complaint and stipulated final order in FTC v. Jesta, Inc., click here.

Why it matters: In a press release about the case, the FTC noted that the complaint against Jesta was its second mobile cramming case and the first addressing WAP billing and scareware. Mobile “cramming” – the placement of unauthorized charges on a consumer’s phone bill – is an area of interest to the agency, which also held a roundtable on the topic earlier this year.

TCPA Suit Results in $5.2 Million Judgment

A federal court judge in Michigan ordered Lake City Industrial Products Inc. and its president to pay $5,254,500 for violating the Telephone Consumer Protection Act by sending more than 10,000 fax ads to potential customers.

Fax recipient American Copper & Brass Inc. brought the suit in 2009 and moved for summary judgment earlier this summer. Lake City objected, raising three defenses: first, that it lacked the requisite intent under the Act; second, that the plaintiff could not prove the actual number of fax recipients; and third, that a ruling for the plaintiff would cause it to file for bankruptcy.

U.S. District Court Judge Gordon J. Quist rejected each contention.

Jeffrey Meeder, Lake City’s president, conceded that he worked with Business to Business Solutions. Meeder responded to a B2B ad, completed a questionnaire used to design the Lake City fax advertisement, reviewed a draft and revised it, and ultimately approved the ad before sending it to the 10,000 targeted fax numbers. The defendants then tried to point the finger at B2B as the “sender” of the faxes.

But Judge Quist said that the TCPA is essentially a strict liability statute and the relevant Federal Communications Commission regulations define “sender” as “the person or entity on whose behalf a facsimile unsolicited advertisement is sent or whose goods or services are advertised or promoted in the unsolicited advertisement.” Lake City and Meeder clearly fell under this definition, the court said.

Even if the TCPA wasn’t a strict liability statute, “defendants would be vicariously liable for B2B’s broadcast fax,” he added.

The statute also does not require that a plaintiff establish the actual receipt of a faxed advertisement; instead, the court said, the “text merely requires that a defendant ‘send’ the fax and that the fax equipment be capable of transcribing text or images.” An expert report proffered by the defense identifying possible errors sending faxes between qualifying machines was therefore useless.

Judge Quist acknowledged that the issue of which devices fall within the scope of the TCPA “is a potentially complicated issue” because unsolicited faxes sent as email do not fall within the TCPA’s prohibitions. However, in the case at hand, the court said the evidence showed the devices used to send and receive the faxes were within the scope of the Act.

Finally, Lake City requested that the court consider the financial impact of the potential judgment against it, which it said would sound a “death knell” against the company. The relevance of the financial impact is one factor used by federal appellate courts, the judge wrote, but “for purposes of liability at the summary judgment stage, the court will not consider defendants’ ability to pay a judgment.”

Judge Quist then entered judgment against the defendants for $5,254,500.

To read the opinion in American Copper & Brass v. Lake City Industrial Products, click here.

Why it matters: Judge Quist’s decision accords with those of other courts that have considered whether the TCPA is a strict liability statute, but the decision is notable for the fact that a small Midwestern mom-and-pop operation will likely go under due to junk faxes. Meeder, Lake City’s president, claimed that he asked B2B whether its practices were legal and when a representative from the company responded in the affirmative, he accepted the answer. As Judge Quist noted in his opinion, “it appears that Meeder and Lake City are bigger victims of fraud or negligence (for not consulting a lawyer) than any individual member of the class.”

Apple, AssertID React to COPPA Rule Changes

Companies are responding to the changes that took effect July 1 to the Children’s Online Privacy Protection Act Rule with a proposal for compliance and revised guidelines.

Pursuant to the Rule, verifiable parental consent is required from a child’s parents before an online site or service may collect, use, or disclose personal information about a child under the age of 13. The Rule sets forth methods for obtaining such consent. Interested parties may also file a written request for Federal Trade Commission approval of a new method, pursuant to Section 312.2(a) of the Rule.

In an 85-page proposal, AssertID described a method to obtain the necessary consent and requested that the agency grant approval. In turn, the agency requested public comment on the proposed method and specifically asked whether it is already covered by the existing methods in the Rule, whether it meets the requirement that consent be “reasonably calculated” to ensure that the person providing consent is actually the child’s parent, and whether the program poses a risk to consumer information that outweighs its benefits.

According to the proposal, the method actually encompasses six processes to collectively ensure compliance with the Rule: a process for parental notification of a consent request; a process for presentment of consent-request direct notices to parents; a process for recording and reporting a parent’s response to a consent request to the operator; a process for recording and reporting a parent’s request to revoke consent previously granted and have their child’s personal information deleted; a process for verification of the parent-child relationship; and a process to ensure that only a parent of the child for whom consent is being requested can access and respond to such requests.

Comments will be accepted until Sept. 20.

In other COPPA news, Apple revised its App Store guidelines with a new section called Kids Apps. The company informed developers that behavioral targeting techniques can no longer be used for such apps, which must also now include privacy policies.

Additionally, contextual ads that appear in child-directed apps must be “appropriate for kids,” Apple told developers, and parental permission is required prior to allowing users under the age of 13 to “engage in commerce” such as making an in-app purchase.

To read AssertID’s proposal, click here.

Why it matters: Despite the efforts by AssertID and Apple at compliance, other companies are struggling to meet the mandates of the new COPPA Rule. According to AdAge, the changes to the Rule have resulted in “plummeting” ad revenue for child-directed apps. The operator of Apples4TheTeacher, a site with educational resources for both kids and teachers, told the publication that the cost of ads on her site dropped from $3 to $0.32. A similar drop in ad revenue has been felt since July 1 by the operator of “Papa’s Cupcakeria,” an app featuring games for kids, which the founder estimated at 50 percent. “Unfortunately, this was all too predictable, as the IAB warned for two years that the impact of the new COPPA rules would mean less revenue for child directed sites and fewer free offerings for families,” Mike Zaneis, senior VP and general counsel of the Interactive Advertising Bureau, told AdAge.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Manatt, Phelps & Phillips, LLP | Attorney Advertising

Written by:

Manatt, Phelps & Phillips, LLP

Manatt, Phelps & Phillips, LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.