Synopsis: On January 6, 2020, Andrew Smith, director of the Federal Trade Commission’s Bureau of Consumer Protection, outlined in a blog post the agency’s new approach to data security orders. The agency implemented this approach in 2019 following a December 2018 hearing it held on the topic and an 11th Circuit decision that struck down a data security order as unenforceably vague. Elevating data security considerations to the C-Suite and Board level and increasing third-party assessor accountability are key features of its new approach, which Smith described as resulting in “significant improvements.”

The FTC’s “improvements” fall into the following three categories:

Elevated data security considerations to the C-Suite and board level. Companies must now present their boards with a written information security program annually. Senior officers then must provide annual certifications of compliance to the FTC with an order’s provisions. As support for the FTC’s efforts to improve corporate governance on data security, the FTC cited a number of studies, including one that “found a 35% decrease in the probability of information security breaches when companies include the Chief Information Security Officer (or equivalent) in the top management team and the CISO has access to the board.”

More specificity. The orders continue to require that a comprehensive information security program is implemented, but now provide more specificity on how that is to be accomplished. As previously mentioned, this change was prompted in part by a 2018 case in which the Eleventh Circuit vacated an FTC order as unenforceably vague. The FTC had ordered LabMD to implement a comprehensive information security program that included: 1) designated employees accountable for the program; 2) identification of material internal and external risks to the security, confidentiality and integrity of personal information; 3) reasonable safeguards to control identified risks; 4) reasonable steps to select service providers capable of safeguarding personal information and requiring them to do so; and 5) ongoing evaluation and adjustment of the program. The court concluded that the order “mandate[d] a complete overhaul of LabMD’s data-security program and [said] precious little about how this [was] to be accomplished.”

The orders now require companies to implement specific safeguards targeted at addressing problems alleged in the complaint. Smith gave a number of examples of such safeguards, including yearly employee training, encryption, monitoring systems for data security incidents, patch management systems, and access controls.

Increased third-party assessor accountability. A third improvement focuses on increasing the rigor of third-party assessors. The FTC continues to rely on outside assessors to review the implementation of the comprehensive data security programs required by the orders. For each biennial assessment, the FTC now has the authority to approve or reject the selected assessor. The orders also require assessors to identify specific evidence to support their conclusions, including, but not limited to, documents reviewed, sampling and testing performed, and interviews conducted. Documents related to the assessment must be maintained, and the assessor cannot refuse to provide such documents on the basis of certain privileges.

On December 16, 2019, the United States Supreme Court declined to review Krakauer v. Dish Network LLC, thus leaving unresolved a circuit split regarding Article III standing under the Telephone Consumer Protection Act (“TCPA”). As you may recall, on June 3, 2019, we reported on the Fourth Circuit’s opinion in Krakauer v. Dish Network, an opinion upholding a historic, $61 million TCPA jury award in the face of an Article III standing challenge.

Dish Network’s Petition for Certiorari

Following the Fourth Circuit’s ruling, Dish Network petitioned for a writ of certiorari to the Supreme Court.  In the petition, Dish Network stated the question presented as “whether a call placed in violation of the [TCPA], without any allegation or showing of injury—even that plaintiffs heard the phone ring—suffices to establish concrete injury for purposes of Article III.”  Dish Network argued that there was no evidence that any of the 18,000 class members were even aware they received a telemarketing call.  Notably, Dish Network cited the post-Spokeo circuit split between the Eleventh Circuit and the Second, Third, Fourth, and Ninth Circuits as to the Article III concrete injury standing requirement.

Implications for Business

Business groups had hoped that the Supreme Court would take up these cases and issue a decision that would resolve the circuit split. As it stands now, consumers in the Second, Third, Fourth and Ninth Circuits can bring claims under the TCPA without showing a concrete injury beyond the mere receipt of a text message. We will continue to monitor the landscape of TCPA litigation and report on any developments. Stay Tuned.

Synopsis: On December 6, 2019, the Federal Trade Commission issued a unanimous ruling against political data firm Cambridge Analytica for violating Section 5 of the FTC Act by misrepresenting that it would not download personally identifiable information when it in fact harvested this information from over 50 million Facebook users. Specifically, Cambridge Analytica represented that it would not download Facebook users’ name or any other identifiable information. To the contrary, its app collected a bevy of personally identifiable information, notably including Facebook User IDs, in creating voter profiles and targeted advertising leading up to the 2016 US Presidential election. The FTC also found that Cambridge Analytica made false or misleading representations that it still participated in the EU-US Privacy Shield Framework, an agreement designed to protect personal data transferred from the EU to the United States. The FTC imposed a 20-year injunction which, among other things, required that Cambridge Analytica delete or destroy the Facebook data it deceptively obtained and any information or work product, including any resultant algorithms or equations. While Cambridge Analytica is now in bankruptcy, this injunction also restrains its successors, assigns, officers, agents, employees, and attorneys, and all other persons in active concert or participation with any of them, from disclosing, using, selling or receiving any benefit from the information collected about the individual consumers. The FTC further ordered, among other things, that none of these affiliates of Cambridge Analytica shall possess or control personal information from an EU resident without complying with the EU-US Privacy Shield framework principles.

Background

Cambridge Analytica obtained Facebook data in 2014, which it used to develop methods that allegedly could identify personality traits of American voters and influence their behavior through targeted advertising. Cambridge Analytica obtained this data by paying Facebook users small sums to take a survey and download an app, which harvested private information from their profiles and their Facebook friends’ profiles. An outside researcher then used the survey responses and public Facebook page “likes” harvested from users and their friends to populate and train an algorithm that predicted users’ personality traits.

To gain access to the users’ data, Cambridge Analytica misrepresented to users the collection of data as follows: “In this part, we would like to download some of your Facebook data using our Facebook app. We want you to know that we will NOT download your name or any other identifiable information—we are interested in your demographics and likes.” Cambridge Analytica only included this representation after finding that half of the survey participants initially refused to grant the app permission to collect their profile data. Contrary to this representation, the app collected the Facebook User ID of these users, which is a unique identifier that connects individuals to their profiles. The app also harvested additional profile data, such as users’ gender, birthdate, location, friends list, and Facebook page “likes.” Cambridge Analytica ultimately harvested profile data from approximately 250,000 to 270,000 app users located in the United States and approximately 50 to 65 million friends of these users, without the users’ knowledge or informed consent.

In the wake of this scandal, the FTC imposed a $5 billion penalty on Facebook on July 24, 2019, and required it to, among other things, submit to new compliance restrictions and greater accountability at the board of directors level by establishing an independent privacy committee. That same day, the FTC filed a Complaint against Cambridge Analytica and simultaneously filed proposed settlements with its former chief executive Alexander Nix and app developer Aleksandr Kogan, which have since then been approved. Those settlements included restricting how Nix and Kogan conduct business in the future and requiring them to delete or destroy any personal information they collected. Cambridge Analytica filed for bankruptcy prior to the issuance of the Complaint. The Complaint alleged that Cambridge Analytica, Nix and Kogan deceived consumers by falsely claiming they did not collect personally identifiable information from Facebook users and by falsely claiming the Company still participated in the EU-US Privacy Shield Framework and that it adhered to Privacy Shield principles.

Takeaways

The FTC Act’s prohibition on deceptive acts or practices includes misrepresentations with respect to how companies handle consumers’ personal information. The FTC in its Opinion explained that an act or practice will be found to be deceptive if “(1) there is a representation, omission or practice, (2) that is likely to mislead consumers acting reasonably under the circumstances, and (3) the representation, omission, or practice is material.” Through a three-step inquiry, the FTC determines “(1) what claims are conveyed [to consumers]; (2) whether those claims are false, misleading or unsubstantiated; and (3) whether the claims are material.” Claims are considered material if they involve “information that is important to consumers and, hence, likely to affect their choice of, or conduct regarding a product.” Express claims, including both explicit statements made in a claim and necessary implications derived from the statements, are presumptively material.

Here, the FTC pointed to the express claims that personally identifiable information would not be downloaded and the EU-US Privacy Shield framework principles would be followed. The FTC also pointed to other evidence of materiality, including that Cambridge Analytica only included the statement regarding not downloading identifiable information in its request to collect data from survey participants after half of the participants had refused to grant access to data absent that assurance. The FTC, therefore, inferred that the assurance provided by that statement likely affected the choices and changed the decisions of a substantial number of users.

With respect to the Privacy Shield misrepresentation, this case is one of several that the FTC has brought or settled in recent months against companies for deceiving consumers over their participation in the Privacy Shield. This case is yet another reminder that companies must ensure that any representations they make to consumers about participation in the Privacy Shield or any other privacy regimen are accurate and up-to-date.

The FTC took a broad view of what is personally identifiable information in finding that Cambridge Analytica’s statement that it would not download names or other identifiable information was false and misleading. In addition to users’ Facebook ID, the FTC viewed the covered information to include any persistent identifier, such as a customer’s number held in a “cookie,” a mobile device ID, or processor serial number or information collected from data fields through Facebook about users’ “likes,” “hometowns,” “birthdates,” “photos,” “gender,” “educational information,” “religious or political views,” or “marital” or other “relationship” status and any data regarding a consumer’s activities online (e.g., searches conducted, web pages visited, or content viewed).

While the Opinion itself focused principally on the express deceptive claim that Cambridge Analytica would not download users’ names or other identifiable information, it also noted that Cambridge Analytica then went on to use the data it surreptitiously collected. Perhaps because the non-use of that data would flow as a necessary implication of the claim that no users’ identifiable information would be downloaded, the FTC did not address the undisclosed use of the data as a separate deceptive act, even though the use of that data in voter targeting is what seemed to have stoked public ire when news of the scandal broke in 2018.

For a copy of the Opinion, click here. For a copy of the Final Order, click here.

Synopsis: FTC publishes a quick-resource guide for influencers to encourage advertising compliance on social media.

For the last several years the Federal Trade Commission has been addressing the misleading marketing of consumer goods through social media influencers. At the beginning of this month, the FTC reinforced its concern with social media influencers by publishing a short guide and a video directed at those that endorse products online. Misleading influencer conduct triggers Section 5 of the FTC Act, 15 U.S.C. § 45, which prohibits unfair or deceptive acts or practices in or affecting commerce. The focus on educating influencers is part of the FTC’s increasingly aggressive action against influencers and companies using online endorsements that do not properly disclose the connection between the influencer and the company.

On April 19, 2017, the FTC announced that it sent out more than 90 letters reminding influencers and marketers to clearly and conspicuously disclose their relationships to products and companies. Less than five months later, the FTC settled its first complaint against individual social media influencers. In that case, the respondents paid influencers $2,500 to $55,000 to promote their company on YouTube, Twitch, Twitter, and Facebook, but the influencers did not disclose this financial relationship in their promotions. At the time, the FTC insisted that the action “should send a message t

hat such connections must be clearly disclosed so consumers can make informed purchasing decisions.” The following year, a public relations firm and publisher settled similar claims with the FTC, where they had not only paid two gold medal Olympians to advertise a product but also asked their employees and “friends” to do the same, all without revealing these relationships to the public. In June 2019, the FTC, this time in conjunction with the Food and Drug Administration, sent warning letters to four sellers of e-liquids, in which it “urge[d] [the recipients] to review your marketing, including endorsements by your social media influencers, and ensure that necessary and appropriate disclosures are made.”

The new guide “lays out the agency’s rules of the road for when and how influencers must disclose sponsorships to their followers.” Titled, “Disclosures 101 for Social Media Influencers,” the guide contains tips from the FTC staff about when disclosures are required. This publication joins the other existing resources on topic, including the FTC’s 2009 Endorsement Guides and 2017 Informal FAQ Sheet. Importantly, the FTC’s press release accompanying the new guide underscores that the responsibility of disclosures “lies with the influencer.”

Key take-aways from the new guide include:

(1) Material Connection: Influencers are required to make it obvious to consumers when they have a “material connection” to the product or company he or she is endorsing. A “material connection” — “in other words, a connection that might affect the weight or credibility that consumers give the endorsement” — extends beyond a business relationship with the brand and incudes a personal, family or employee relationship.

(2) Financial Isn’t Limited to Money: Influencers who receive other benefits in exchange for promoting a product, including discounted products or services, free products or other perks, still have to disclose their relationship.

(3) Endorsements Beyond Pictures: Tags, pins, reposts, likes and other methods of supporting a brand on social media qualify as endorsements.

(4) Clear and Conspicuous Disclosure: Disclosures need to be made so that they are seen by consumers. The FTC advises that, “to be both ‘clear’ and ‘conspicuous,’ the disclosure should use unambiguous language and stand out.” The disclosure should not be hidden in text, covered with multiple hashtags, or buried in a video. For example, where text for a social media post requires a consumer to click “more,” the disclosure should appear above the “more” button.

(5) Be Honest: Influencers cannot attest to a product or experience that they have not tried and misrepresent their true results. Just the same, influencers cannot make up claims about the product.

The foregoing reminders from the FTC are consistent with the prior guidelines and warning letters but are presented in a more concise and current format. The new guide is also accompanied by a short video providing advice for social media influencers. These resources are intended to remind influencers that they need to take responsibility for their role in influencing consumers and not to assume that consumers understand their relationship to the product or services they are endorsing.

This latest guidance from the FTC also serves as a reminder to those involved in social media marketing, whether as a brand, a marketer, or an influencer, to ensure the FTC’s guidelines are followed. As the FTC states in its form enforcement letter: “If your company has a written social media policy that addresses the disclosure of material connections by endorsers, you may want to evaluate how it applies to” posts made by your endorsers. “If your company does not have such a policy, you may want to consider implementing one that provides appropriate guidance” and “ensure[s] that posts contain necessary disclosures and they are clear and conspicuous.”

Seyfarth’s False Advertising, Product Labeling & Warnings practice group is here to help you understand the implications of FTC’s latest guidelines and answer any questions.

Synopsis: Last month, the Ninth Circuit issued an opinion, affirming broad Article III standing and holding that, for permissible-purpose claims, a consumer-plaintiff need allege only that his/her credit report was obtained for a purpose not authorized by the statute to survive a motion to dismiss, regardless of whether the report is published or otherwise used by the third party.

Case Background

In June 2016, Plaintiff Freshta Nayab discovered that a banking institution (“the Bank”) had made several inquiries on her Experian credit report. She sued the Bank alleging that the unauthorized inquiries violated the Fair Credit Reporting Act (“FCRA”) because she never conducted any business with nor incurred any financial obligations to the Bank.

The Bank moved to dismiss the complaint for failure to state a claim. Instead of opposing the motion, Nayab filed an amended complaint where she cited various permissible purposes for obtaining a credit report under the FCRA, and alleged that the Bank did not have any of those permissible purposes to make inquiries on her credit report.

The district court dismissed the case, finding that Nayab did not have standing to pursue her FCRA claim because, even if the Bank’s credit inquiries were impermissible under the FCRA, “absent disclosure to a third party or an identifiable harm from the statutory violation, there is no privacy violation.” Nayab, slip op. at 5. The district court also dismissed Nayab’s complaint for failure to state a claim, finding that “bare allegations that the defendant did not have a permissible purpose for obtaining a credit report, without more, are insufficient.” Id. at 5.

Nayab appealed.

The Ninth Circuit’s Opinion

In an opinion by Judge Rice, the Ninth Circuit considered two issues: (1) whether a consumer suffers a concrete Article III injury in fact when a third-party obtains her credit report for a purpose not authorized by the FCRA, and (2) whether the consumer-plaintiff must plead the third-party’s actual unauthorized purpose in obtaining the report to survive a motion to dismiss. Id. at 4.

The Ninth Circuit rejected the district court’s holding that Nayab lacked standing because she did not suffer concrete harm where the unauthorized inquiries were not disclosed or used by the Bank. Relying on Robins v. Spokeo, Inc. (Spokeo III), the Ninth Circuit reiterated that some statutory violations alone confer Article III standing. 867 F.3d 1108, 1113 (9th Cir. 2017), cert. denied, 138 S. Ct. 931 (2018). In Spokeo III, the Ninth Circuit held that a statutory violation can by itself manifest concrete injury where “the procedural right [was created] to protect a plaintiff’s concrete interests and where the procedural violation presents ‘a risk of real harm’ to that concrete interest.” Spokeo III, 867 F.3d at 1113.

Based on this reasoning, the Ninth Circuit held that Nayab had standing to pursue her FCRA claims because “obtaining a credit report for a purpose not authorized under the FCRA violates a substantive provision of the FCRA,” and thus “Plaintiff need not allege any further harm to have standing.” Nayab, slip op. at 11. The court disagreed with the district court’s finding that a user must disclose or otherwise use the credit report for the consumer to suffer an injury. Id. at 15.

Next, the Ninth Circuit found that the district court erred in holding that Nayab, as the plaintiff, had the burden of pleading the actual purpose behind the Bank’s procurement of her credit report. Id. at 16. The court instead found that the authorized purposes listed under the FCRA were exceptions that the defendant must plead as affirmative defenses. Id. at 20. The Ninth Circuit also determined that placing the burden on Nayab would be unfair because that would require her to plead a negative fact peculiarly within the knowledge of the defendant. Id.

Against this backdrop, the Ninth Circuit found that Nayab pleaded facts sufficient to give rise to a reasonable inference that the Bank obtained her credit report for an unauthorized purpose. Id. The Bank argued that Nayab’s allegations failed because there were numerous possible reasons that the Bank may have accessed her credit report that would be fully lawful under the FCRA. But the Ninth Circuit rejected this argument, noting that Nayab’s factual assertions negating each permissible purpose for which the Bank could have obtained her credit report, together with Nayab’s allegation that the Bank, in fact, obtained her report, stated a plausible claim for relief. Id.

A split Ninth Circuit reversed the district court’s dismissal of Nayab’s FCRA claim and remanded the case to the district court.

Judge Rawlinson partially dissented. Although agreeing that Nayab had standing to pursue her action under the FCRA, Judge Rawlinson took issue with the pleading standard set forth by the majority. Id. at 29. She strongly disagreed that Nayab had laid out a sufficiently plausible case. Id. at 35. Further, Judge Rawlinson found that the majority’s conclusion that Nayab had no obligation to plead the unauthorized purpose for which the credit report was obtained was inconsistent with Twombly and Iqbal.

Implications for Businesses

Businesses obtaining consumer reports, including credit reports or criminal background checks, should review their compliance practices to ensure that the business has procedures in place to ensure that reports are obtained only for permissible purposes only. Businesses may also want to consider having a process for documenting the permissible purpose for each report and for conducting periodic audits to ensure compliance with company policy. Having sound policies and procedures will ensure regular compliance and will limit liability for willful violations, which expose businesses to punitive damages.

Consumer reporting agencies (“CRAs”) furnishing consumer reports, particularly credit reports, should also review their procedures for confirming permissible purpose. All businesses obtaining reports (“users”) should be credentialed and should provide a permissible purpose before receiving any reports. Having procedures in place for periodic review of users will also reduce a CRA’s potential liability risk.

Synopsis: Unhappy with the FDA’s position on branding, Congressional representatives seek to define “natural” narrowly to limit its use in consumer advertising.

As the cosmetic industry moves on to new marketing lingo connoting healthier and safer cosmetics, including “clean beauty,” “sustainable,” “vegan,” and “pure,” New York Representative Sean Patrick Maloney introduced the Natural Cosmetics Act (the “Bill”) last week in the US House of Representatives. While the US Food and Drug Administration (FDA) has declined to define natural, through this legislation, Rep. Maloney seeks to define the terms “natural” and “naturally-derived ingredient” as used with personal care products. As Rep. Maloney pointed out in his announcement of the Bill, the FDA does not qualify false labeling of “natural” as misbranding, mainly because it is an unregulated and undefined term when used with cosmetics.

Recognizing consumers’ concerns, Rep. Maloney advocated, “[w]e’re talking about safety and health of millions of Americans who use these products. My bill will set the standard for ‘natural’ personal care products and do right by American consumers by putting transparency first.” Joining Rep. Maloney’s bill is Representative Grace Meng (also from New York), who stated, “[i]ncreasing protections, transparency and oversight of personal care products is desperately needed, and this legislation would go a long way towards ensuring strict standards for items claiming to be ‘natural.’” A number of leading brands in the dubbed “clean beauty” space have also joined Representatives Maloney and Meng in supporting passage of this new Bill.

Meanwhile, the FDA remains mum about formally defining “natural” for cosmetics despite its solicitation of comments from the public over three years ago. The FDA has a longstanding policy concerning the use of “natural” in human food labeling. In regulating food products, FDA has considered the term “natural” to mean that “nothing artificial or synthetic (including all color additives regardless of source) has been included in, or has been added to, a food that would not normally be expected to be in that food.” Similarly, the Federal Trade Commission has not acted on the term “natural” since 2016, when it approved four final consent orders against companies that allegedly misrepresented their personal care products as “All-Natural” or “100% Natural,” despite the fact that they contain man-made ingredients. Additionally, the National Advertising Division (NAD) has not addressed “natural” and “naturally” claims in cosmetics since 2016 when it recommended that a company discontinue use of these terms because the company’s labeling implied that the products were formulated without aluminum when in fact they contained aluminum.

Last year, then-FDA Commissioner Scott Gottlieb delivered a speech at the National Food Policy Conference in which he indicated that, just like other claims made on products regulated by the FDA, the “natural” claim must be true and based in science. At the same time, he recognized that there are wide differences in beliefs regarding what criteria should apply for products termed “natural” and some of those criteria are not based on public health concerns. In a letter addressed to Rep. David Valadao, dated December 19, 2018, Dr. Gottlieb added that the “FDA is actively working on this issue, and in 2019, FDA plans to publically communicate next steps regarding Agency policies related to ‘natural.’” These statements generally relate to food regulation and have not yet been followed by any formal action by the FDA.

Despite the rather dormant federal regulatory activity over “natural” advertising with cosmetics, class actions regarding misuse of the term “natural” continue to populate the federal docket. See, e.g., Yolanda Turner v. Trans-India Products, Inc., Case No. 19-cv-03422, pending in the E.D.N.Y. Courts who have addressed the issue of defining “natural” have found it means “an affirmative claim about a product’s qualities and is, therefore, not ‘an exaggeration or overstatement expressed in broad, vague, and commendatory language’” (Suarez v. California Nat. Living, Inc., No. 17 CV 9847 (VB), 2019 WL 1046662, at *7 (S.D.N.Y. Mar. 5, 2019)), and it is indicative of “the absence of synthetic ingredients” (Petrosino v. Stearn’s Prod., Inc., No. 16-CV-7735 (NSR), 2018 WL 1614349, at *7 (S.D.N.Y. Mar. 30, 2018)). But, courts are split as to whether “all natural” claims “are more within the conventional expertise of judges or whether they involve technical or policy considerations within the FDA’s particular field of expertise.” See de Lacour v. Colgate-Palmolive Co., No. 16-CV-8364 (RA), 2017 WL 6550690, at *2 (S.D.N.Y. Dec. 22, 2017). This consideration has caused some courts to stay litigation pending regulatory guidance, leading parties to settle instead of waiting in vain.

This House activity is yet another instance in which Congressional leaders are trying to keep up with regulating industry trends while the FDA lags behind. See, e.g., Senator Schumer’s call to action. Like vaping and CBD, we may see “natural” and “clean” resurface in the FDA’s priorities because of the safety concerns these marketing terms hold.

Tonya Esposito and Renee Appel of Seyfarth’s Washington, D.C. office continue to monitor these developments and welcome any questions regarding this topic.

The Federal Trade Commission recently published a preliminary staff report on two studies it conducted to understand the effectiveness of class action settlement notices and develop information to help improve consumer settlement outcomes. While the report highlights its findings relating to low refund claim rates by class members, defense counsel may be more interested in the consumer research conducted to evaluate how email sender names, subject lines, and email formats can influence a consumer to successfully complete steps to file a claim.

The FTC’s Internet-based consumer research study found that recipients’ understanding of both the nature of the email itself and the next steps needed to receive their refund was low overall. About 38 percent of respondents understood the nature of the email when viewing it in their inbox and that number rose to slightly less than half when viewing the actual email. Only around 40 percent actually understood the steps required to receive a refund.

Interestingly, the FTC found that how an email subject line is phrased impacts consumer perceptions to a greater degree than the sender name does. For example, the inclusion of a $100 refund amount in the subject line made respondents 12 percent less likely to understand the nature of the email, with some mistakenly deeming such an email as an untrustworthy scam or spam. Unsurprisingly, respondents were correspondingly 4 percent less likely to even open the email if the refund amount was listed in the subject line.

In the other study covered by this report, the FTC found in analyzing data from 149 consumer class actions that the median refund claims rate in these cases, regardless of the form of notice, was low at 9 percent. For class action members who only received email notices of their refunds rather than traditional mailings, the median claims rate dropped to 2 percent. The FTC report comes on the heels of a 2018 amendment to Fed. R. Civ. P. 23, which now specifically notes that electronic notification is an appropriate means of providing notice to a class. The report’s insights can help parties craft more effective email notices to increase email claims rates.

The 149 class action settlements examined by the FTC contained a wide variety of alleged consumer harm. The most common types of allegations included improper payment charges (30) and misrepresentation (29). Other types of consumer cases with strong showings included debt collection (15), mortgage-related (15) and privacy (14).

In slightly more than half of the cases in the sample, mailed notice packets were used to notify class members. The remainder of the cases were split between postcard and emailed notice campaigns. Less than half of the cases provided direct notice in conjunction with a more expensive publication notice. Claims rates for notice campaigns using mailed notice packets were the highest, with a median claims rate of 16% and a weighted mean rate of 10%. Postcards received a median and weighted mean of about 6 to 7 percent, while email received the lowest median and mean claim rates of 3% and 2%, respectively. The FTC noted that, surprisingly, notice by publication did not have a significant impact on the claims rate. Since publication can be expensive, potentially avoiding publication in the future could allow for a larger percentage of settlement funds returned to class members.

Of particular interest to defense counsel and the businesses they represent, a negligible number of those notified objected to the proposed settlement (0.0003%) and only 0.01% excluded themselves from the settlement.

The FTC’s preliminary finding of low claims rates reinforces previous findings from smaller scale studies, including a 2013 study conducted by Mayer Brown for the U.S. Chamber of Commerce that found few class members ever receive funds. Of the six cases in its data set for which Mayer Brown could locate claims data, five had claims rates ranging from less than 1 to only 12% of the class.

On October 29, 2019, the FTC held a public workshop on improving class action settlement notices, including examining the issues raised in the preliminary report. A video of that workshop is available here. Public comments on these or related topics can be submitted electronically at Regulations.gov through November 22, 2019, or mailed per the instructions provided here.

Seyfarth Synopsis: FTC publishes proposed consent order with cosmetic company that posted fake customer reviews but some FTC commissioners place doubt on its effectiveness because there is no financial penalty.

Earlier this year, we reported that fake news consumer reviews was on the federal regulators’ radar, especially with the passage of the Consumer Review Fairness Act in late 2017.  We identified a cosmetic company that faced negative media after a former employee leaked an internal, company email that insisted employees post positive reviews of a new product and even provided detailed instructions on what to say about the product as well as how to avoid tracing a review back to the company’s IP address.  As a result of that activity, on October 21, 2019, the FTC brought a complaint for two violations under the Federal Trade Commission Act: (1) making false or misleading claims that the fake review reflected the opinions of ordinary users of the products and (2) deceptively failing to disclose that the views were written by the company’s CEO and her employees.

In the press release announcing a proposed settlement of the complaint, Andrew Smith, Director of the FTC’s Bureau of Consumer Protection states: “Dishonesty in the online marketplace harms shoppers, as well as firms that play fair and square.”  Consistent with the press coverage last year, the FTC’s investigation revealed that the cosmetic company’s CEO, managers, and other employees posted reviews of their products under fake accounts on a third-party retailer’s website.  Pursuant to the proposed settlement agreement, the company consented to (i) not make any misrepresentations about the status of any endorser or person providing a review of the product, (ii) that any of the company’s officers, agents, employees, and attorneys and all other persons who participate with any of them who make a representation about a product must disclose their connection; and (iii) notify each employee, agent, and representative with clear disclosure responsibilities for endorsements.  In addition, the company is subject to compliance reporting and monitoring requirements.  Noticeable absent from the settlement agreement is any monetary fine or penalty, which Commissioner Rohit Chopra raised in a separate statement and Commissioner Rebecca Kelly Slaughter joined.

In dissenting the proposed order, Commissioner Chopra pointed out it “includes no redress, no disgorgement of ill-gotten gains, no notice to consumers, and no admission of wrongdoing.” Commissioner Chopra voices that because there is no financial penalty, the proposed settlement is unlikely to deter other potential wrongdoers.  To this point, she explains that for companies, the potential benefits of posting false reviews, including, “higher ratings, more buzz, better positioning relative to competitors, and higher sales,” can outweigh the potential cost of getting caught.  Review fraud, however, goes largely undetected, unless, as in this particular case, there is some whistleblower action. By the proposed resolution, Commissioner Chopra believes it suggests that even the narrow subset of wrongdoers who are caught will face minimal sanctions from law enforcement.  This, of course, sends the wrong message to the marketplace.  Commissioner Chopra insists that while monetary relief can be difficult to calculate, it should not deter form the FTC from seeking it.

This matter raises two critical take-aways:

(1) As Commissioner Chopra identifies, review fraud is permeating the online marketplace on popular websites, demanding FTC action, including analyzing the problem and determining whether e-commerce firms have the right incentives to police their platforms.

(2) Deterrence is a key factor in an enforcement action, but it is undermined when wrongdoers are merely asked to not break the law again.  This case was an instance in which the company and even its CEO were strategically involved with review fraud and are getting by with nothing more than a “stern talking to” not to do it again. This type of conduct goes beyond strict liability in that the parties were aware of the implications of their reviews, raising product rankings, and by imposter means, hiding their IP address and making multiple posts under different identities.

At this time, the proposed consent order has been placed on the public record for 30 days for receipt of comments by interested persons. After 30 days, the Commission will review the order again along with the comments received to decide whether it should withdraw the order or make it final.

“The chirp, buzz, or blink of a cell phone receiving a single text message is more akin to walking down a busy sidewalk and having a flyer briefly waved in one’s face. Annoying, perhaps, but not a basis for invoking the jurisdiction of the federal courts.”

Salcedo v. Hanna, No. 17-14077, 2019 WL 4050424, at *7 (11th Cir. 2019).

In a recent ruling, the Eleventh Circuit held that plaintiff John Salcedo’s receipt of a single unsolicited text message from his former attorney, Alex Hanna, did not constitute an “injury” sufficient to establish standing under Article III. Salcedo subsequently filed a petition for rehearing en banc, asking the full Eleventh Circuit to review the issue of “[w]hether a person who receives a text message sent to a cell phone in violation of the Telephone Consumer Protection Act (TCPA) . . . suffers concrete injuries providing standing to sue under the TCPA’s right of action for the remedies provided by the Act.” If Salcedo’s petition is denied, the panel’s ruling could begin to reshape the standing analysis in the context of TCPA claims brought based on unsolicited text messages.

The Eleventh Circuit panel’s analysis in Salcedo v. Hanna applies the Supreme Court’s tripartite framework for determining standing, focusing in particular on the “injury in fact” requirement in Lujan and Spokeo. The panel’s reasoning was remarkably practical; in reaching its ultimate determination, the panel essentially “debunked” Salcedo’s analogy to junk faxes simply by pointing out key differences in the context of text messages. For example, the panel contrasted the “tangible costs” associated with receiving junk faxes (which do establish an injury), with the “intangible costs” of receiving a text message. See Salcedo, at *3 (“A fax message consumes the receiving device entirely, while a text message consumes the receiving device not at all. . . . A fax machine’s inability to receive another message while processing a junk fax has no analogy with cell phones and text messaging.”).

The panel acknowledged that a single alleged violation of the TCPA is, in some cases, sufficient to confer Article III standing, but observed that Salcedo had relied on recycling junk fax allegations without adding specific facts to explain the applicability of these allegations to the text message he received. Salcedo failed to allege that Hanna’s text cost him any money, that he suffered a concrete loss of time as a result of receiving the text, or that he suffered any particular loss of opportunity while the text was transmitted to his phone. See Salcedo, at *4 (“We are entitled to look past this conclusory recitation to the actual factual substance of Salcedo’s allegations.”) (Citing Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009)).

The panel also expressly acknowledged its departure from the Ninth Circuit’s decision in Van Patten v. Vertical Fitness Group, LLC; however, “in the absence of controlling authority,” the panel based its decision on the history and judgment of Congress, as instructed by the Supreme Court in Spokeo. First, the panel noted that the TCPA is “completely silent on the subject of unsolicited text messages.” See Salcedo, at *4 (“We first note what Congress has said in the TCPA’s provisions and findings about harms from telemarketing via text message generally: nothing.”) (Emphasis in original). Moreover, although text messaging did not exist in its current form when the TCPA was enacted in 1991, Congress has amended the statute several times since then without any explicit mention of text messaging. At most, Congress’s silence can be deemed “tacit approval” of the FCC’s extension of the TCPA to text messages.

Similarly, the panel discussed Congress’s legislative findings about telemarketing, and found that the concerns for privacy “within the sanctity of the home” that underlie the provisions of the TCPA do not necessarily apply to text messaging. See Salcedo, at *4 (“By contrast, cell phones are often taken outside of the home and often have their ringers silenced, presenting less potential for nuisance and home intrusion.”). The practical differences between text messaging and other forms of communication governed by the TCPA, as well as separation of powers issues, led the panel to disagree with the Van Patten decision as a “broad overgeneralization of the judgment of Congress.” See Salcedo, at *5 (“Spokeo instructs us to consider the judgment of Congress about the alleged harm, not to imagine what Congress might say about a harm it has not actually addressed.”) (Emphasis added).

Second, the panel distinguished text messages from intangible harms with close relationships to traditionally redressable harms, e.g., intrusion upon seclusion, trespass, and nuisance. The receipt of a text message is fundamentally different from these other intangible harms in several respects, such as its “isolated, momentary, and ephemeral” nature, which falls far short of the severity of invasion necessary to support a tort claim. See Salcedo, at *7 (“The Ninth Circuit’s one-sentence review of history [in Van Patten] simply asserted. ‘. . . the right of privacy is recognized by most states. But as we have more thoroughly explained, an examination of those torts [intrusion upon seclusion, nuisance, etc.] reveals significant differences in the kind and degree of harm they contemplate providing redress for.”).

Finally, the panel underlined that its decision was not “attempting to measure how small or large Salcedo’s alleged injury is”; rather, based on a qualitative assessment, this is not the kind of concrete harm that constitutes an injury in fact. See Salcedo, at *8 (“These precedents strongly suggest that concrete harm from wasted time requires, at the very least, more than a few seconds. And on this point the judgment of Congress sheds a final ray of light. The TCPA instructs the FCC to establish telemarking standards that include releasing the party’s line within five seconds of a hang-up, demonstrating that, on the margin, Congress does not view tying up a phone line for five seconds as a serious intrusion.”).

Salcedo’s petition for rehearing en banc is grounded primarily on conflicting decisions in other circuit courts—including, but not limited to, the Ninth Circuit’s decision in Van Patten—and the appropriate import of privacy-related concerns, but it remains unclear whether the petition will be granted. For now, at least, the Eleventh Circuit’s ruling sets a lower limit on the “harm” TCPA plaintiffs must allege in order to meet the threshold for Article III standing, which may offer some limited protection from class and other lawsuits based on one-off unsolicited communications.

We will post any updates as they become available.

The Seventh Circuit issued a decision recently that eliminates an enforcement tool long used by the Federal Trade Commission (“FTC”)—the ability to obtain equitable monetary relief from defendants when the FTC challenges conduct under Section 13(b) of the Federal Trade Commission Act (“FTC Act”).

Under Section 13(b), the FTC may seek an injunction in federal court “[w]henever the Commission has reason to believe . . . that any person, partnership, or corporation is violating, or is about to violate, any provision of law enforced by the Federal Trade Commission.”  But the FTC has long sought and obtained restitution under Section 13(b) as an implied remedy.

In Credit Bureau Center, the FTC sued a credit monitoring service and its owner for an injunction and restitution.  The FTC brought the suit under Section 13(b) for violating several consumer protection statutes by enrolling consumers in a monthly subscription without proper notice.  The service offered a “free credit report and score” while disclosing in much smaller text that applying for the information automatically enrolled customers in an unspecified $29.94 monthly membership subscription—the defendants’ credit monitoring service.  The district court entered a permanent injunction and ordered the defendants to pay more than $5 million in restitution.

On appeal, the defendants made the straightforward argument that Section 13(b) does not authorize restitution because it does not mention restitution.  And the Seventh Circuit agreed.  It concluded that nothing in the text or structure of the FTC Act supported an implied right to restitution under Section 13(b), which by its terms authorizes only injunctions.  As a result, the court affirmed the judgment against the defendants but vacated the restitution award.

The court reached its decision despite prior Seventh Circuit precedent recognizing a right to restitution under Section 13(b) in FTC v. Amy Travel Service, Inc., 875 F.2d 564 (7th Cir. 1989).  Looking to the Supreme Court’s subsequent decision in Meghrig v. KFC W., Inc., 516 U.S. 479 (1996), the court concluded that it must consider whether an implied equitable remedy is compatible with a statute’s express remedial scheme, and that it cannot assume that a statute with elaborate enforcement provisions like the FTC Act implicitly authorizes other remedies.  The court analyzed the FTC Act’s overall text and structure, including the FTC’s various enforcement powers, and concluded that an implied restitution remedy was incompatible with Section 13(b).

In particular, the court observed that the FTC can obtain other equitable relief under separate provisions of the FTC Act that involve certain administrative procedures.  The court explained that the FTC can try cases before an administrative law judge or define unfair or deceptive practices through rulemaking and then pursue violators of the rule, and that that those mechanisms afford protections to defendants not offered under Section 13(b).  As a result, the court reasoned, the FTC asserted an unqualified right to a remedy that the FTC Act’s other enforcement provisions give only with protections or, as the court called it, “heavy qualification.”

The Seventh Circuit’s decision is significant.  It creates a circuit split on a key aspect of FTC’s enforcement authority.  The Seventh Circuit did not grant a rehearing en banc, and it is unclear whether the FTC will appeal to the Supreme Court.  Congress may attempt to resolve the split through legislation.  In the meantime, the FTC will no doubt see increased challenges to its right to recover restitution in Section 13(b) cases.  Indeed, the Seventh Circuit criticized contrary decisions in other circuits as based on a “similarly brief analysis” as Amy Travel and observed that they have been the subject of recent judicial skepticism.