Podium P-O-V: Observations From Marc Roth on the PACE Conference
In late March, FTC privacy attorney Andrea Arias and I were invited by the Professional Association for Customer Engagement to speak on privacy regulations and compliance at its annual National Convention and Expo in Hollywood, Florida. PACE is the preeminent trade organization serving the customer call center industry.
Several topics were discussed; chief among them were the laws and regulations that govern privacy, a summary of FTC and Attorney General privacy related actions, and the considerable financial burden that may result from non-compliance.
As many in the audience were largely unacquainted with the FTC’s approach to possible privacy violations, we outlined situations in which the agency might elect to pursue a formal complaint, offer a settlement or issue a letter to close the matter. Recognizing that an FTC inquiry or a subpoena seeking testimony and documents will likely place considerable time and financial burdens on a company, I outlined steps to limit the scope of an agency inquiry, to expand the time frame for response, and to submit documents on a rolling basis.
We stressed that privacy violations are less likely to occur when data security is observed at all stages of product development and implementation and when all areas of the company – sales, marketing, IT and others – have a stake in developing privacy related corporate policies and procedures, all of which are echoed in the “Privacy by Design” principle announced in the FTC’s 2012 report entitled “Protecting Consumer Privacy in an Era of Rapid Change.”
Finally, Andrea offered some “should not do” advice to avoid an FTC inquiry:
- Don’t request and keep more consumer information than is necessary to perform a particular transaction.
- Don’t collect sensitive information without consumer authorization. • Don’t skimp on data protection procedures and technology.
- Don’t share information with third parties if your privacy policy says you’re not going to do so.
- Don’t misrepresent how consumer privacy settings will work, such as how long an opt-out will last or the changing of consumer-directed preferences back to default settings.
- Don’t make material changes to your privacy policy that apply retroactively.
Marc Roth is a partner in the advertising practice and Co-Chair of the TCPA Compliance and Class Action Defense Group, resident in Manatt’s New York office.
back to top
Native Advertising Needs Better Disclosures, Says NAD
Taking another look at native advertising, the National Advertising Division recommended that Internet-based ad company Taboola modify its “recommendation widget” so that consumers can more clearly understand that clicking on links will take them to sponsored content.
Competitor Congoo challenged Taboola’s native advertising practices, calling the image-plus-text ads used by the company confusing for consumers. Labels on the ads, such as, “Recommended videos,” “You Might Also Like,” and “More in the News,” were vague and could result in consumers clicking on ads they believed to contain editorial content, Congoo said.
Taboola tried to dodge the action by taking the position that it made no claims and was therefore not an advertiser, but the NAD rejected that argument and found that the company was engaged in national advertising because it “markets commercial messages and earns revenue from its widgets placed on publisher sites.”
Evaluating Taboola’s widget, the NAD explained that it appears after a consumer reads an article on an online publisher’s Web site. The title or lead appears in bold black font in the upper left corner; the upper right-hand corner, in smaller gray font, features a disclosure such as “Sponsored Content by Taboola.” If a consumer clicks on the disclosure, a pop-up appears, stating, “This content is paid for by our advertiser and publisher clients.”
Taboola argued that the disclosure, combined with the pop-up, clearly lets consumers know they are linking to sponsored – not editorial – content.
But the NAD noted that “many” of Taboola’s leads “reasonably communicate the message that the linked content is editorial and is being recommended to the consumer by the publisher.” Leads such as “From Around the Web” and “More from the Web,” “while not necessarily implying a recommendation from the publisher, can create consumer confusion as to why the links have been placed below the article, without clear and conspicuous disclosure that the links are sponsored, because consumer[s] may be confused as to why the content is linked,” the self-regulatory body wrote.
The NAD found an anology for its conclusions in the FTC’s recent guidance to search engines, where the agency emphasized that natural search results should be distinguishable from advertising results. “Similarly here, consumers should be advised when linked content is sponsored,” the NAD said.
Reviewing the totality of the message conveyed by Taboola’s ads, the NAD expressed concern that the disclosures were not sufficiently clear and conspicuous or easy to notice, read, and understand. The lighter typeface and smaller font made the text less visible, and its placement (on the upper right-hand corner) was in a portion of the Web site that consumers are less likely to notice and read.
The NAD recommended that “Taboola should modify its disclosure to increase the visibility of the ‘Sponsored Content’ or ‘Promoted Content’ disclosure in terms of font size, font color and boldness, as well as its placement on the page, to make clear that the linked content is sponsored.” In addition, “the combination of thumbnail photograph, article title, and name of the destination site “should convey a truthful and accurate message of the content to which consumers are linking.”
The self-regulatory body disagreed with Congoo that the word “advertisement” must be used to inform consumers about sponsored links, but was reluctant to mandate the use of specific words since it lacked consumer perception evidence that consumers do not understand the words “sponsored content” or “promoted content” to mean paid.
To read the NAD’s press release about the case, click here.
Why it matters: The self-regulatory body continues to play an active role in considering native advertising issues, having previously reviewed the social media practices of an at-home hair-coloring product as well as Qualcomm’s sponsorship of a series of tech-related articles featured on Mashable.com. “When consumers are linked to sponsored content in a context which consumers may reasonably understand to be editorial, consumers should be advised that the link is sponsored through the use of clear and conspicuous disclosures,” the NAD concluded.
back to top
FTC Sues Over Green Coffee Weight Loss Claims
Using fake news Web sites designed to look like legitimate news sites, Pure Green Coffee made bogus claims that its coffee bean extract could help users lose weight and burn fat, according to a new suit brought by the Federal Trade Commission.
The Florida-based company and several executives were named in the agency’s complaint, which charges the defendants with violations of Section 5 of the FTC Act. Just weeks after green coffee was promoted on the April 26, 2012 episode of The Dr. Oz Show, the company began marketing Pure Green Coffee extract at $50 for a one-month supply. Since May 2012, the defendants have sold more than 536,000 bottles of the product.
The FTC alleged that, in addition to the misleading footage from the popular TV show to promote the Pure Green Coffee product, the defendants failed to disclose that some customers were paid $200 for video testimonials and received a 30-day supply of supplement for free in exchange for an endorsement. Furthermore, the FTC said that ads on at least 11 Web sites that were built to look like news sites, made it “impossible for people to know whether they were seeing news or an ad.”
The purported news sites featured mastheads of fake organizations (such as “Women’s Healthy Journal” and “Healthy Living Reviewed”) and logos from real organizations (such as MSNBC and CNN) to make what the agency alleged were false and unsupported advertising claims that consumers using Pure Green Coffee could lose 20 pounds in four weeks and four to six inches of belly fat in three to five months.
Other claims were based on faulty studies that “proved” the product could result in weight loss and body fat loss (an average of 10.5 percent and 16 percent) without diet or exercise and unsupported statements such as “Drop 3 Dress Sizes Buy Pure Green Coffee” and “Discover the Shocking Truth About America’s Hottest Diet.”
To read the complaint in FTC v. NPB Advertising, click here.
Why it matters: The case raises a few hot-button issues for the FTC – endorsements and testimonials, substantiation for weight loss claims, and fake news sites. “Not only did these defendants trick consumers with their phony weight loss claims, they also compounded the deception by advertising on pretend news sites, making it impossible for people to know whether they were seeing news or an ad,” Jessica Rich, director of the FTC’s Bureau of Consumer Protection, said in a statement about the case. The agency has taken a dim view of false weight loss claims coupled with phony news sites in the past, having conducted a law enforcement sweep in April 2011 against the marketers of acai berry weight loss products who operated fake news sites.
back to top
Senate Hearing Addresses Online Advertising
Emerging threats related to online advertising were the focus of recent testimony by an official of the Federal Trade Commission to a congressional subcommittee.
Among other witnesses, associate director of the Division of Privacy and Identity Protection Maneesha Mithal appeared before the U.S. Senate Committee on Homeland Security and Governmental Affairs’ Permanent Subcommittee on Investigations to discuss the agency’s efforts and recommend next steps in three areas affecting online advertising: privacy, spyware and other malware, and data security.
Starting with privacy, Mithal referenced the FTC’s 2012 privacy report and noted that the agency encourages companies “to provide simpler and more streamlined choices to consumers about their data, through a robust universal choice mechanism for online behavioral advertising.” She also noted several enforcement actions brought by the FTC in the privacy arena, notably the $22.5 million settlement with Google to settle charges that the company misrepresented its use of cookies.
Turning to spyware and malware, Mithal explained that the agency’s enforcement actions are based on three principles: (i) a consumer must make the choice to install software on his or her computer; (ii) “buried disclosures” about material information are insufficient in connection with software downloads; and (iii) consumers have the right to disable or uninstall any unwanted software.
As for data security, Mithal told lawmakers that the agency has obtained settlements in 53 data security cases, stemming from allegations that the companies failed to reasonably secure consumers’ personal information. Mithal cited the agency’s most recent settlement with mobile app company Snapchat over charges that the company falsely promised users that pictures and videos sent through its service could disappear from the Internet forever.
In conjunction with the hearing, the subcommittee also released a new report on malvertising titled “Online Advertising and Hidden Hazards to Consumer Security and Data Privacy.” Based on an investigation, the report concluded that the online advertising industry operates with “significant vulnerabilities” and found that “a potential conflict of interest” exists when self-regulatory programs are dependent upon online ad networks for funding. “The self-regulatory bodies prioritize industry representatives over consumer advocates in the standard-setting process,” according to the report.
To read Mithal’s prepared testimony, click here.
The hearing also addressed the question of how to improve the online advertising landscape. Committee member Sen. John McCain (R-Ariz.) suggested that his 2011 legislation, the Commercial Privacy Bill of Rights Act, be reintroduced. Mithal recommended more education on the issue for both businesses and consumers and threw her support behind “continued industry self-regulation to ensure that ad networks are taking reasonable steps to prevent the use of their systems to display malicious ads to consumers.” She also called on the legislators to enact a federal data security and breach notification law that includes a provision granting the FTC the power to seek civil penalties in data security cases.
Why it matters: Mithal’s testimony demonstrates once again that consumer privacy remains a prime FTC and congressional concern.
back to top
Privacy Goes Public: CalOPPA Guidance Released
California Attorney General Kamala Harris issued guidance for companies seeking to comply with the state’s recently updated California Online Privacy Protection Act.
Last year, the state legislature amended CalOPPA to add two new requirements. As of January 1, 2014, Web site operators must disclose to consumers “how the operator responds to web browsers’ Do Not Track signals” and “whether other parties may collect personally identifiable information about an individual consumer’s online activities.”
Harris’s office released “Making Your Privacy Practices Public: Recommendations on Developing a Meaningful Privacy Policy,” which she called “a tool for businesses to create clear and transparent privacy policies that reflect the state’s privacy laws and allow consumers to make informed decisions.”
In a nutshell, companies should “craft privacy policy statements that address significant data collection and use practices, use plain language and are presented in a readable format,” according to the guide.
More specifically, the AG suggested that operators should “prominently label” the privacy policy’s section regarding online tracking, and should include headers such as “California Do Not Track Disclosures.” A description of how the site responds to a browser’s Do Not Track signal or similar mechanisms should be included in the privacy policy – and not via a link to another website.
Every privacy policy should describe what personally identifiable information is collected (or, at a minimum, the categories collected), how it is used, including whether it will be shared with third parties, if applicable, and how long it is retained. The AG also recommended that consumers be given a choice regarding the collection, use, and sharing of his or her personal information.
If third parties are collecting personally identifiable information, either definitely or even possibly, the privacy policy should say so, the guidance stated. Use of such information “beyond what is necessary for fulfilling a customer transaction or the basic functionality of the website or app” should also be explained.
As an overall recommendation, “plain, straightforward language that avoids legal jargon” should be used by companies in “a format that makes the policy readable.” A layered format, with the use of graphics or icons in lieu of text was suggested. The effective date of the privacy policy should be provided with an explanation of how consumers will be notified about material changes. And “Tell your customers whom they can contact with questions or concerns about your privacy policies and practices,” the AG advised.
To read the AG’s guide, click here.
Why it matters: California continues to be a leader in enacting measures to protect consumers’ online privacy. An attorney in the AG’s office told The New York Times that the office was willing to review companies’ policies and work with them to ensure compliance. For those who fail to achieve compliance, the AG will send a letter offering a 30-day warning before the office considers litigation. Industry members praised the guidance, with the Digital Advertising Alliance noting that the group’s existing privacy framework “fully aligns” with the AG’s guide.
back to top
Noted and Quoted . . . The Wall Street Journal Features Comments from Linda Goldstein on “Native” Ads
On May 29, 2014, The Wall Street Journal’s CMO Today blog called upon Manatt’s Advertising, Marketing & Media Division Chair Linda Goldstein to delve into the murky legal and regulatory territory of native advertising.
Although the law is still very much evolving in this area, publishers and marketers are taking what they believe are the appropriate steps to label native advertising content and avoid potential scrutiny. “When native advertising first appeared many [companies] thought about whether disclosure was necessary or not. I think everyone recognizes now the answer is ‘yes’, but the debate has shifted to how that disclosure actually needs to be made,” Linda said. She noted that it is still unclear whether sponsored content needs to be disclosed if it is not directly promotional. “From a legal or regulatory standpoint there’s a reasonable debate of whether there needs to be disclosure if the content isn’t actually promoting a product or service.”
back to top