Ivan Wasserman Invited to Speak on Enforcement and Self-Regulatory Activity Impacting Direct Response at ERA Conference
On September 16-18, 2014, the Electronic Retailing Association will host over 3,400 of the nation’s leading direct response industry professionals at its annual D2C Convention in Las Vegas.
Manatt partner Ivan Wasserman has been asked to participate in a panel discussion titled “Capitol Hill Rundown: What You Need to Know About the FTC and Self-Regulation.” The session will help attendees to better understand the business practices that the FTC is currently targeting, discuss developments on Capitol Hill that may impact the direct response industry, and cover recent cases and activity involving the ERA’s Electronic Retailing Self-Regulation Program (ERSP).
back to top
Cramming It All In: FTC Has a Busy Week Addressing Mobile Cramming
Mobile cramming was on the forefront of the Federal Trade Commission’s agenda recently, with the agency issuing a new report, testifying before Congress, and filing a federal complaint against a mobile crammer for making more than $100 million in deceptive charges in the course of a single week.
First up: the release of “Mobile Cramming: An FTC Staff Report,” which documented the multibillion-dollar business of third parties placing unauthorized charges for goods and services on mobile phone bills. Some add-on charges by third parties can be legitimate, the agency acknowledged, so in an effort to combat scammers, the report offered five recommendations.
Consumers should be given the right to block third-party charges and be informed of this right on an ongoing basis, the FTC said, as well as provided with an effective dispute resolution process. Third-party charges should be clearly and conspicuously displayed on mobile phone bills, perhaps by separating such charges out to make clear they are from a third party, and consumers with prepaid calling plans who do not receive bills should be given the option to be notified when a third-party charge is deducted.
The agency also recommended that express, informed consent be obtained prior to placing charges on mobile phone bills, with carriers closely monitoring refund rates and consumer complaints to keep an eye out for signs of possible cramming. Finally, the FTC advised companies that the advertising, marketing, and opt-in processes for charges should not be deceptive, with clear statements about how much and how often a consumer will be charged.
The next day, the agency announced a new suit against six companies and six individual defendants accused of a scheme that “demonstrates the kind of widespread harm that mobile phone cramming can inflict on American consumers,” Jessica Rich, director of the FTC’s Bureau of Consumer Protection, said in a statement. “It also shows why we’ve made it a priority to crack down on this problem.”
The defendants used deceptive practices such as bogus offers of gift cards or “freebies” to trick consumers into providing their mobile phone numbers, according to the complaint filed in California federal court. Consumers were then charged monthly subscription fees of $9.99 or $14.99 for services such as celebrity gossip alerts and horoscopes without authorization, the agency said, resulting in more than $100 million in unauthorized charges.
A federal court judge issued a temporary restraining order against MDK Media Inc. and the related defendants, halting business operations and freezing assets pending the litigation, in which the FTC seeks a permanent injunction and recovery of money for the roughly 1 million consumers charged.
To cap the week’s theme of mobile cramming, Commissioner Terrell McSweeny appeared before the Senate Committee on Commerce, Science and Transportation to tell lawmakers about the agency’s efforts to combat the problem, including recent lawsuits and the new report.
“Mobile cramming is a significant problem that threatens to undermine confidence in the developing payment method known as ‘carrier billing,’ ” she told the Committee. “As stakeholders have noted, carrier billing of third-party charges may be particularly beneficial for unbanked and underbanked consumers. Additionally, consumers have used text messages to donate funds to a charitable organization, with the charge placed on their mobile phone account. As carrier billing has developed, however, fraud has become a significant problem for consumers.”
The FTC’s history with cramming dates back 20 years, she said, when the Commission faced cramming on landline bills. In recent years, the focus has shifted to mobile cramming. McSweeny testified that the agency has brought six mobile cramming cases since 2013 and obtained judgments in three of the actions totaling more than $160 million, along with orders preventing the defendants from future cramming.
McSweeny told the lawmakers that the amount of harm reported understates the overall problem, as consumers are often unaware of their cramming charges or unable to discern which charges are unauthorized.
Referencing the agency’s new report, McSweeny promised that the Commission will continue to fight what it believes is “a significant consumer protection issue.”
To read the FTC report on mobile cramming, click here.
To read the complaint in FTC v. MDK Media, click here.
To read the text of Commissioner McSweeny’s testimony, click here.
Why it matters: The agency had a busy week focusing on mobile cramming, from congressional testimony to a staff report and a new lawsuit. Businesses in the industry are clearly on notice of the Commission’s focus on mobile cramming and should act accordingly, reviewing the best practices recommended in the FTC’s staff report.
back to top
FTC Keeps It Negative
The Federal Trade Commission has decided not to change the Negative Option Rule, the agency has announced, keeping the Rule in its current form.
As part of its systemic review of all guides and rules, the FTC sought comments on the “Trade Regulation Rule Concerning Use of Prenotification Negative Option Plans” in 2009.
The Rule applies to one method of negative option plans: when sellers periodically notify consumers of an upcoming merchandise shipment with a set period of time in which to decline. If the consumer takes no action, then the seller may presume acceptance of the offer.
Although the agency acknowledged the receipt of comments with “some evidence of concerns” with negative option marketing beyond the prenotification offers currently covered by the Rule, the FTC determined that it would maintain the Rule as is for now for two reasons.
First, the enactment of the Restore Online Shoppers’ Confidence Act established requirements for Internet transactions for other types of negative option plans – trial conversions, continuity plans, and automatic renewals – such as disclosures and express consent prior to charging accounts.
Second, the FTC said that proposed amendments to the Telemarketing Sales Rule will “likely address many” of the concerns expressed in the comments. The agency is considering whether to ban the use of certain payment methods such as unsigned checks and remotely created “payment orders,” which the FTC said are commonly used by “con artists and scammers.”
Why it matters: While the Rule itself will not be changed, retailers might want to consider a review of their policies and procedures to ensure compliance given the changes under the Restore Online Shoppers’ Confidence Act and the proposed tweaks to the Telemarketing Sales Rule.
back to top
3rd Circuit Agrees to Hear Wyndham’s Challenge to FTC Authority
The Third U.S. Circuit Court of Appeals breathed new life into Wyndham Hotels’ challenge to the Federal Trade Commission’s authority to regulate data security practices.
The closely watched dispute began when the FTC filed a complaint against Wyndham alleging that the company violated Section 5 of the Federal Trade Commission Act by misrepresenting the security measures in its privacy policy and by failing to protect customer information. Three separate data breaches occurred as a result, the agency said.
Wyndham fired back with a direct challenge to the FTC’s authority to assert an unfairness claim in the data security context. The company also contended that the agency violated fair notice principles by not first promulgating regulations before bringing such a claim.
In an opinion recognizing the “rapidly evolving” digital age, U.S. District Court Judge Esther Salas refused “to carve out a data security exception” to the agency’s authority.
Wyndham appealed to the Third Circuit. The case presents “two hotly contested and critically important issues of law regarding federal administrative authority over a new and burgeoning field,” the defendant wrote in its request for the court to certify its order for interlocutory appeal.
The FTC has filed or settled over 50 data security enforcement actions to date and an appellate decision on the issues of the Commission’s authority and whether it needs to provide additional notice about what the law requires to simplify pending and future enforcement efforts and provide guidance to businesses trying to puzzle their way through the issue, Wyndham said.
The business community agreed, with the U.S. Chamber of Commerce filing an amicus brief in support of Wyndham (joined by the American Hotel & Lodging Association and the National Federation of Independent Business). “Whether the FTC’s enforcement authority under Section 5 of the FTC Act . . . extends to regulation of data security is an issue of central importance to businesses that face the prospect of being investigated by the Commission,” the groups wrote. “That prospect becomes likelier every day given the increase in cyber-based attacks against businesses many of which, experts agree, are likely to succeed notwithstanding significant efforts on the part of those businesses.”
An appellate decision “would provide much needed clarity” for the business community, the Chamber told the court, particularly as companies “currently struggle to decipher coherent standards from the FTC’s dozens of consent orders and previous pronouncements on data security, and to accommodate those dictates with other security regulations and risk management protocols. With the greater certainty that an appellate decision would provide, businesses would be able to better allocate their scarce resources toward compliance with the complex regulatory regime governing data security.”
The agency did not oppose Wyndham’s motion, stating in its brief that federal appellate review “would advance the public interest by removing the uncertainty that Wyndham is attempting to generate regarding the Commission’s statutory authority to protect consumers from unreasonable and harmful data security lapses.”
After Judge Salas certified her order for appeal, the Third Circuit agreed to hear the case.
To read Wyndham’s motion to certify the order for interlocutory appeal, click here.
To read the U.S. Chamber of Commerce’s amicus brief, click here.
Why it matters: The battle continues. Backed by the business industry, Wyndham now has a second chance to convince a court that the FTC lacks the authority to regulate data security practices and/or that the agency must proactively promulgate guidance before taking enforcement actions. We will continue to watch the case throughout the appellate process.
back to top
Noted and Quoted . . . Response Turns to Jesse Brody on Recent Data Privacy and Security Law Developments
On August 5, 2014, Response Magazine published an article written by Manatt partner Jesse Brody, titled “Does Your Privacy Policy Need an Update?” The article stresses the importance of examining data privacy and security policies and practices to make sure they are compliant with recent changes to federal and state laws and regulatory guidance, noting amendments to the California Online Privacy Protection Act (CalOPPA) and the release of guidance by the California Attorney General titled “Making Your Privacy Practice Public.”
Jesse notes: “The guidance is only the most recent illustration of the need for organizations to carefully vet their privacy policies. . . . We expect to see continued enforcement against companies who have inaccurate privacy policies or policies that fail to meet the requirements set forth in various privacy laws and regulations.”
To read the full article, click here.
back to top