The FTC has long used policy statements, public workshops, reports, and warning letters to influence the marketplace and communicate its thinking about key issues and aspects of its mission. Examples from my tenure at the FTC include workshops and reports on big data, data brokers, mobile payments, and the internet of things; policy statements on deceptively formatting advertisements and homeopathic drug claims; and warning letters to a range companies making health claims (see here, here, and here, for instance).
The current FTC has embraced this strategy with gusto, issuing multiple statements, reports, and letters announcing new policies and priorities, as well as law enforcement “crackdowns” it has launched or is planning. While some of these statements come from the Commission and others come from staff, the effect is largely the same – companies subject to the FTC’s jurisdiction pay attention (or should).
It’s worth pausing for a moment to recall some of the more prominent of these statements since Lina Khan became Chair. (I focus here on the FTC’s consumer protection mission, though there are plenty of examples in antitrust too.) Consider these:
- Tech@ FTC Blogpost on Breach Disclosures (emphasizing the importance of breach notification and stating that FTC precedent shows that companies have a legal obligation to provide it under the FTC Act) (May 20, 2022)
- Commission Policy Statement on EdTech and COPPA (emphasizing COPPA’s substantive limits on the use of EdTech in schools, and the FTC’s commitment to crack down on illegal surveillance of children in this area) (May 19, 2022)
- Commission Enforcement Policy Statement Regarding Negative Option Marketing (warning companies that the FTC is ramping up enforcement against illegal tactics that trick or trap consumers into purchasing subscription services – aka “dark patterns”) (October 28, 2021)
- Penalty Offense Letters for False Money-Making Claims (announcing that the FTC sent warning letters to over 1,100 companies, laying the groundwork for steep penalties under Section 5(m)(1)(b) of the FTC Act if any of these companies make deceptive money-making claims in the future) (October 28, 2021)
- FTC Staff 6(b) Report on Internet Service Providers (finding that ISPs collect troves of personal data while giving consumers few options to stop it) (October 21, 2021).
- Penalty Offense Letters for Fake Reviews and Other Misleading Endorsements (announcing warning letters to over 700 companies, laying the groundwork for future penalties for deceptive endorsements) (October 13, 2021)
- Penalty Offense Letters for False Claims by For-Profit Colleges (announcing warning letters to 70 for-profit colleges, laying the groundwork for future penalties for false promises about job and earnings prospects) (October 6, 2021)
- Statement by Commission on Breaches by Health Apps and Other Connected Devices (“clarifying” that health apps and connected devices are “health care providers,” subject to the FTC’s PHR Health Breach Notification Rule) (September 15, 2021)
Other such statements and guidance are in the queue. For example, on October 19, 2022, the FTC is holding a virtual event on protecting kids from “stealth advertising” in digital media, which could lead to further policymaking, if not rulemaking or enforcement (though, see our cautionary note about an FTC kids’ advertising rulemaking here). The FTC also is in the process of updating its Endorsement Guides and dot.com disclosure guidance and (presumably) completing the 6(b) study it launched in 2020 regarding social media and video streaming services.
Why is the FTC using these tools so much? These statements make headlines. They can change company behavior faster than one consent order (or certainly a protracted lawsuit) can. The FTC may be worried about time running out before the midterms or the next presidential election. Also, policy statements, reports, and warning letters allow the FTC to articulate principles exactly the way it wants to – not tethered to the particular facts of a case.
However, it’s important to recognize that these statements and warnings don’t themselves constitute law enforcement (notwithstanding the FTC’s repeated use of terms like “crackdown” and “ramp up”), and don’t provide the precedential effort of a litigated case, or even the “soft” precedent of a consent order. Further, the FTC’s law enforcement follow-up here (even as to statements and warning from a year ago) has thus far been slim. I also can’t help mentioning that some of the FTC’s statements advance questionable legal theories that may not survive if tested in court, or when new leadership takes over – such as the FTC’s assertion that the FTC’s Breach Notification Rule covers virtually all health apps (see our earlier post here) and the contention that FTC precedent establishes breach notification duties under the FTC Act.
Still, these announcements tell us a lot about how the current FTC analyzes the issues, how it views its priorities, and how it wants to be perceived by the public. The statements can also help us predict the legal theories, claims, and remedies that the FTC will seek to include in the cases that it does bring.
Time will tell whether these policy statements will have a lasting impact on consumer protection law or will even guide the FTC’s efforts beyond the next few months. For now, however, companies would be wise to take a fresh look at their business practices with these statements and warnings in mind, and be ready to put their best foot forward, and/or mount their best defenses, if the FTC comes calling.