Richard Newman
The Federal Trade Commission Bureau of Consumer Protection welcomes an open dialogue with parties cooperating with its investigations. According to FTC lawyers, such dialogue allows the agency to make more informed decisions on whether to recommend an enforcement action and, if so, whether such an action can be resolved without the need for protracted litigation.
However, the Federal Trade Commission is also mindful of and believes that delays in investigations can undermine the public interest by allowing alleged lawbreaking to continue and by depriving consumers of redress for harms they may have suffered. Consequently, the FTC has made it clear that while substantive engagement is welcome and constructive, the FTC is prepared to pivot more quickly to litigation if undue delay comes at the expense of redress for consumers.
Delay causes particular concern to the agency in matters where the conduct extends beyond the statute of limitations period. In these cases, the FTC’s ability to provide refunds to injured consumers may be barred in whole or in part.
This risk has become more acute following the Supreme Court’s decision in AMG Capital Management, LLC v. FTC, 141 S. Ct. 1341 (2021). Because of AMG, the FTC can no longer seek monetary relief under Section 13(b) of the FTC Act, 15 U.S.C. § 53(b), which does not have a statute of limitation. Instead, the FTC must often rely on Section 19, 15 U.S.C. § 57b, which authorizes courts to order defendants to provide redress only when violations occurred within three years of the initiation of the Commission’s action.
On December 6, 2023, Federal Communications Commission Chairwoman Jessica Rosenworcel announced a new initiative to strengthen and formalize the cooperation between the FCC and its state partners on privacy, data protection and cybersecurity enforcement matters.
As part of the work of the FCC’s Privacy and Data Protection Task Force, the FCC’s Enforcement Bureau has signed Memoranda of Understanding with Attorneys General of Connecticut, Illinois, New York and Pennsylvania to share expertise, resources and coordinated efforts in conducting privacy, data protection and cybersecurity-related investigations to protect consumers.
The Memoranda of Understanding
The new MOU affirm that the FCC and State Attorneys General “share close and common legal interests in working cooperatively to investigate and, where appropriate, prosecute or otherwise take enforcement action in relation to privacy, data protection or cybersecurity issues” under sections 201 and 222 of the Communications Act.
Coordinated action and information sharing will take place under all applicable federal and state laws, and privacy protections.
Federal and State Comments
FCC Chairwoman Rosenworcel said, in pertinent part, that “[d]efending consumer privacy is an all-of-government responsibility and a shared challenge. Today we take on evolving consumer threats with new formal partnerships with state law enforcement leaders, which have already been successful in obtaining record-breaking results in combatting illegal robocalls.”
FCC Enforcement Bureau Chief Loyann A. Egal said, in pertinent part, that “[u]se of information and communications technology and services have significantly enhanced our lives while at the same time increasing vulnerabilities to our privacy and sensitive data.
On December 13, 2023, the Federal Communications Commission adopted new rules designed to protect consumers from “scam communications” by directly addressing some of the “biggest vulnerabilities” in America’s robotext defenses and closing the “lead generator” robocall/robotexts loophole.
The new rules allow blocking of “red flagged” robotexting numbers, codifies Do-Not-Call rules for texting, and encourages an opt-in approach for delivering email-to-text messages.
Closing the Lead Generator Loophole
The new rules close a loophole through which “unscrupulous robocallers and robotexters inundate consumers with unwanted and illegal robocalls and robotexts.” The new rules make it unequivocally clear that comparison shopping websites and lead generators must obtain consumer consent to receive robocalls and robotexts one seller at a time – rather than have a single consent apply to multiple telemarketers at once.
Combating Robotext Sources
The new rules allow the FCC to “red flag” certain numbers, requiring mobile carriers to block texts from those numbers. The rules also codify that Do-Not-Call list protections apply to text messaging, making it illegal for marketing texts to be sent to numbers on the registry. And the order encourages providers to make email-to-text messages an opt-in service, which would limit the effectiveness of a major source of unwanted and illegal text messages.
Groundwork for Future Steps
In addition to the rules, the FCC also proposed and will take public comment on additional steps it might take against robotexts. The FCC proposes additional blocking requirements when the FCC notifies a provider of a likely “scam text-generating number.” The FCC will also seek further comment on text message authentication – modeled on the implementation of STIR/SHAKEN protocols for phone calls – including on the status of any industry standards in development.
One of the key issues relating to the NPRM pertains to consent being sent directly to/obtained by one seller at a time.
The FCC has now circulated its proposed rule. It has not been adopted yet but it looks like it will be in December when voted upon. It looks like the rule will become effective in or around August or September of 2024.
In pertinent part, the FCC ruling would require terminating mobile wireless providers to block all texts from a particular number when notified by the FCC of illegal texts from that number; codify that the National Do-Not-Call Registry’s protections extend to text messages; and close the lead generator loophole by making unequivocally clear that comparison shopping websites must get consumer consent one seller at a time.
Additionally, as amended “prior express written consent” shall be revised to read, as follows: “The term prior express written consent means an agreement, in writing, that bears the signature of the person called that clearly and conspicuously authorizes no more than one identified seller to deliver or cause to be delivered to the person called advertisements or telemarketing messages using an automatic telephone dialing system or an artificial or prerecorded voice.” The “seller” is not the a lead generator. It is the provider of the products or services
Moreover, “calls must be logically and topically associated with the interaction that prompted the consent and the agreement must identify the telephone number to which the signatory authorizes such advertisements or telemarketing messages to be delivered.” “[R]obotexts and robocalls that result from consumer consent obtained on comparison shopping websites must be logically and topically related to that website.
On October 18, 2023, the Federal Trade Commission announced that it has agreed to a $3.4MM settlement with New Jersey for-profit Sollers College over alleged deceptive ads that lured prospective students into unlawful contracts, purportedly falsely touting relationships with prominent employers and inflating job placement rates. The charges were brought by the FTC and the state of New Jersey.
According to the FTC’s complaint, Sollers, and its parent company, used their website, social media, and email campaigns to falsely advertise their partnerships with prominent employers in the fields of information technology, clinical research and drug safety. According to the complaint, Sollers falsely claimed that its partnerships with prominent employers, such as Pfizer, Weill Cornell Medicine, and Infosys, resulted in jobs for its graduates at those companies. Many of the businesses featured on Sollers’ website had no partnership with the school at all, says the FTC.
The complaint states that, since at least 2018, Sollers advertised that the vast majority of Sollers graduates are placed in jobs. For example, the company purportedly advertised, “90% of our students are placed within 3 months of graduation,” on its website. In reality, the job placement rate for Sollers graduates is substantially lower than the 80 percent, 82 percent, 90 percent or “near perfect” rates featured prominently on its website and in its advertising campaigns, the FTC states. According to the FTC, the school’s own data suggests that the current job-placement rate for graduates of its Life Sciences programs remains as low as 52 percent.
On October 10, 2023, California Governor Gavin Newsom signed the Delete Act (SB 362). The Act is new legislation that requires businesses that meet the definition of “data broker” to provide detailed disclosures about its practices, register with the state and delete any personal information relating to a California resident upon receiving a verifiable deletion request.
The Act requires the California Privacy Protection Agency to establish a simple deletion mechanism that permits individuals to submit deletion requests that data brokers must adhere to starting August 1, 2026. Importantly, beginning in 2028 data brokers will be subject to audits intended to demonstrate compliance with the Act.
What Businesses are Covered Under the Act?
The Delete Act defines “data broker” as a business that knowingly collects and sells personal information of a consumer that it does not have a direct relationship with, to third parties. Excluded are certain entities that may be covered by various federal and state laws relating to data, such as the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, the Confidentiality of Medical Information Act and the California Insurance Information and Privacy Protection Act.
Data brokers must register with the CPPA and pay registration fees, as well as fees for access to the deletion mechanism.
What are the Applicable Registration and Disclosure Requirements?
Data brokers are required to register with the CPPA on or before January 31 for each year that they meet the statutory definition of “data broker.” In fact,
On September 21, 2023, the Federal Trade Commission announced that it has joined the Federal Communications Commission in signing a renewed memorandum of understanding (MOU) between public authorities who are members of the Unsolicited Communications Enforcement Network (UCENet). The MOU aims to promote cross-border collaboration to combat unsolicited communications, including email and text spam, scams, and illegal telemarketing.
“The FTC is committed to using all of its tools to fight robocalls and other unsolicited communications that try to prey on consumers,” said FTC attorney and Chair Lina M. Khan. “This scourge does not respect borders, and our recommitment to this MOU underscores the importance of international communication and cooperation to combat this problem.”
UCENet members agreed to renew and make evergreen the MOU, a non-binding instrument which the FTC and its partners signed in 2016.
The 2016 MOU was aimed at facilitating information sharing, capacity building, and enforcement assistance among the partners. For the past seven years, it also has facilitated communication about emerging threats and complaint trends related to spam, scams, and illegal telemarketing.
The UCENET MOU is part of the FTC’s continuing to work to fight harms that can arise from unwanted messages. According to the announcement, unsolicited communications in the form of illegal and spoofed robocalls, text messages, and emails are often the source of scams that harm millions of consumers in the United States each year. The revised MOU also has been signed by UCENet partners in Canada,
On August 22, 2023, the Federal Trade Commission announced that as a result of an FTC lawsuit, a federal court has temporarily shut down an alleged business opportunity scheme that purportedly lured consumers to invest $22 million in online stores, using alleged unfounded claims about income and profits.
The operators of Automators also claimed to use artificial intelligence to ensure success and profitability for consumers who agreed to invest with Automators, according to the agency.
In addition to offering consumers high return as “passive investors” in profitable e-stores, Automators, which previously used the names Empire and Onyx Distribution, also offered to teach consumers how to successfully set up and manage e-stores themselves using a “proven system” and the powers of artificial intelligence, according to the FTC.
“The defendants preyed on consumers looking to provide for their families with promises of high returns and the use of AI to power such returns,” said FTC attorney Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “Their lies caused consumers to lose tens of thousands of dollars, with many losing their life savings. The FTC is working to hold defendants accountable and to secure redress for their victims.”
The FTC’s complaint against defendants Roman Cresto, John Cresto, and Andrew Chapman, through their companies Automators AI, Empire Ecommerce and Onyx Distribution, claims that the vast majority of defendants’ clients did not make the promised earnings or even recoup their investment. Instead, most clients allegedly lost significant amounts and Amazon and Walmart have routinely suspended or terminated the stores that defendants operated for repeated policy violations,
On August 14, 2023, the Federal Trade Commission announced that it will require Experian Consumer Services, which offers consumers access to their Experian credit information, to pay $650,000 to settle charges it sent consumers unsolicited email without offering them a way to opt out of such messages, as required under the CAN-SPAM Act.
In a complaint filed by the Department of Justice on behalf of the FTC, the agency says that California-based Experian Consumer Services (ECS), also known as ConsumerInfo.com, Inc., spammed consumers with marketing offers after they signed up for an account with the company in order to manage their Experian credit report information.
In the emails, the FTC alleges that the company failed to provide clear and conspicuous notice of consumers’ ability to opt out of receiving additional marketing messages and a mechanism for doing so, in violation of the CAN-SPAM Act, according to the complaint.
“Signing up for a membership doesn’t mean you’re signing up for unwanted email, especially when all you’re trying to do is freeze your credit to protect your identity,” said FTC lawyer Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “You always have the right to unsubscribe from marketing messages, and the FTC takes enforcing that right seriously.”
Consumers who wish to freeze or take other steps to manage their Experian credit information online must create an account with ECS. The complaint charges that consumers who signed up for a free membership account with ECS were then sent emails promoting Experian’s products and services such as one touting Experian Boost,
FTC advertising compliance and defense attorney Richard B. Newman was recently quoted in an article for Cybersecurity Law Report titled “Xbox and Alexa COPPA Case Lessons: Avatars, Biometrics and Other New Expectations.”
The article discusses the FTC’s recent privacy enforcement run and how it reinforces regulators’ expanding expectations for companies using video and audio recordings, smart devices and AI. The article further discusses recent agency settlements with Microsoft, Amazon and educational technology provider Edmodo that drew $51 million in penalties, broke new ground on the Children’s Online Privacy Protection Act Rule enforcement and signaled new expectations for all companies’ privacy compliance.
In discussing how COPPA is a tool for financial penalties and how these cases highlight the value of COPPA enforcement to the FTC versus its Section 5 authority under the FTC Act, Mr. Newman noted that “[i]n Amazon, obviously, the $25‑million settlement amount leaps out” for Alexa’s improper retention of voice recordings in violation of COPPA.
Mr. Newman further shared that “not just the FTC, but state attorneys general are becoming increasingly interested in expanding regulation of the use and sharing of consumer data, including geolocation data.”
While the FTC contests the issue at the federal level, data brokers and those that interact with them should expect that the plaintiffs’ class action bar and state AGs may lodge claims under state “little FTC acts” that echo the FTC’s July 2022 statement about geolocation data or the biometric one,
Topics
Archives
About This Blog and Hinch Newman’s Advertising + Marketing Practice
Hinch Newman LLP’s advertising and marketing practice includes successfully resolving some of the highest-profile Federal Trade Commission (FTC) and state attorneys general digital advertising and telemarketing investigations and enforcement actions. The firm possesses superior knowledge and deep legal experience in the areas of advertising, marketing, lead generation, promotions, e-commerce, privacy and intellectual property law. Through these advertising and marketing law updates, Hinch Newman provides commentary, news and analysis on issues and trends concerning developments of interest to digital marketers, including FTC and state attorneys general advertising compliance, civil investigative demands (CIDs), and administrative/judicial process. This blog is sponsored by Hinch Newman LLP.