State Attorneys General
On October 16, 2024, the Federal Trade Commission announced the final FTC “Click-to-Cancel” Rule pertaining to recurring subscriptions and memberships.
The Federal Trade Commission is not the only regulatory agency that actively enacts, updates and polices legislation governing autorenewals, subscriptions and continuous service offers. For example, state attorneys general are, in some instances, more aggressive than the FTC. Some notable states with automatic renewal legislation include New York, Vermont, Colorado, Illinois, Tennessee, Virginia, Minnesota, South Carolina, Utah and California.
California’s Current Automatic Renewal Law
California’s auto renewal legislation is perhaps the most aggressive of all. In short, California’s ARL applies to contracts with consumers, defined as “any individual who seeks, acquires, by purchase or lease, any goods, services, money, or credit for personal, family, or household purposes.” It includes notice and cancellation requirements for free trials and automatically renewing subscription plans. It also emphasizes the provision of a simple, easy-to-use cancellation mechanism. In California, those making an automatic renewal or continuous service offer are required to present material terms in a “clear and conspicuous manner.” Businesses are also required to seek and obtain a consumer’s affirmative consent to such terms in close proximity to making these material disclosures and prior to the point of billing the consumer.
Disclosures must include, for example and without limitation, that the subscription or purchase agreement will continue until the consumer cancels, a description of the cancellation policy, that recurring charges will be charged continuously until cancellation,
On July 30, 2024, New York Attorney General Letitia James announced the launch of two privacy guides on the Office of the Attorney General (OAG) website: a Business Guide to Website Privacy Controls and a Consumer Guide to Tracking on the Web.
The Business Guide is intended to help businesses better protect visitors to their websites by identifying common mistakes the OAG’s office believe businesses make when deploying tracking technologies, processes they can use to help identify and prevent issues, and guidance for ensuring they comply with New York law. The Consumer Guide is intended to assist New Yorkers by offering tips they can use to protect their privacy when browsing the web, including how to safeguard against unwanted online tracking.
The OAG issued the guides following a review that purportedly uncovered unwanted tracking on more than a dozen popular websites, collectively serving more than 75 million visitors per month.
“When New Yorkers visit websites, they deserve to have the peace of mind that they won’t be tracked without their knowledge, and won’t have their personal information sold to advertisers,” said Attorney General lawyer James. “All too often, visiting a webpage or making a simple search will result in countless ads popping up on unrelated websites and social media. When visitors opt out of tracking, businesses have an obligation to protect their visitors’ personal information, and consumers deserve to know this obligation is being fulfilled. These new guides that my team launched will help protect New Yorkers’ privacy and make websites safer places to visit.”
While many websites provide visitors with information about the tracking that takes place and controls to manage that tracking,
The FTC recently announced various examples of how the agency works to ensure that small businesses and consumer are not the victims of unfair or deceptive practices and unfair methods of competition.
Here are some recent examples.
“Made in the USA” Must Mean Made in the USA
Many small businesses make an effort to keep manufacturing jobs in their communities. If they meet the standards established in the FTC’s Made in USA Labeling Rule and Statement on U.S. Origin Claims, they may be able to lawfully label or advertise their products as “Made in the USA.” However, the FTC’s long record of law enforcement establishes that many manufactureres and marketers seek to undermine those efforts by falsely including an unqualified U.S. origin statement on products even though significant parts, processing and labor are not U.S.-based. Consult with an experienced Made in USA attorney to discuss agency guidance and enforcement of domestic origin claims.
Right-to-Repair Legislation
After addressing “misconceptions” about product repair in its Nixing the Fix report and bringing law enforcement actions to challenge illegal terms in product warranties, the FTC continues to work toward ensuring that dealers compete fairly with independent third-party repair businesses. One example is our work in support of state right-to-repair laws. For example, the FTC recently testified before the Colorado General Assembly’s Committee on Business Affairs and Labor in support of proposed legislation to expand the state’s right-to-repair statute to include digital electronics.
The FTC has made no secret about its recent focus upon anticompetitive practices related to repair marketers and ensuring that consumers have options when it comes to repairing products. Those that offer product warranties should take a close look at their warranty terms and related communications to ensure that they comply with the Magnuson Moss Warranty Act and developing federal and state laws specific to right to repair.
Product Repair Restrictions Workshops, Reports and Policy Statements
In 2019 Federal Trade Commission lawyers held a workshop to discuss manufacturer restrictions on proposed state consumer good repair rights legislation. For example, making it unreasonably difficult – if not impossible – for a consumer or an independent third-party – to make product repairs. Various approaches were proposed by panelists, including federal guidance on the right to repair; a requirement that manufacturers disclose product information with everyone, and not only certified repair shops; state right to repair legislation; and permitting consumers to pay for repairs.
Subsequently, in 2021, the FTC cited a report stating that there is “scant evidence to support manufacturers’ justifications for repair restrictions.” A strong statement toward legislation mandating that manufacturers ensure that consumer goods are able to be repaired without consumers having to incur extra costs.
In 2021 Federal Trade Commission attorneys approved the adoption of a policy statement reflecting aggressive enforcement against manufacturer restrictions that prevent consumers and businesses from repairing their own products. The policy statement also sanctions more aggressive enforcement of the Magnuson-Moss Warranty Act.
On June 7, 2024, the New York Attorney General announced that it applauds the passage of two legislative bills designed to protect children online and address the youth mental health in conjunction with the use of social media.
The bills, sponsored by Senator Andrew Gounardes and Assemblymember Nily Rozic, and advanced by Attorney General James in October 2023, are designed to protect children by prohibiting online websites from collecting and sharing their personal data and ”limiting addictive features of social media platforms that are known to harm their mental health and development. The nation-leading legislation will serve as a model for other states to follow as governments work to curb the most dangerous aspects of social media to protect children online.”
“Our children are enduring a mental health crisis, and social media is fueling the fire and profiting from the epidemic,” said Attorney General James. “The legislation my team worked on and supported along with bill sponsors Senator Gounardes and Assemblymember Rozic will help address the addictive features that have made social media so insidious and anxiety-producing. I applaud Governor Hochul, Senate Majority Leader Stewart-Cousins, Assembly Speaker Heastie, and the legislative majorities for supporting this legislation and for agreeing that protecting children’s mental health must be a top priority. New York state is once again leading the nation, and I hope other states will follow suit and pass legislation to protect children and put their mental health above big tech companies’ profits.”
According the New York AG’s office,
On April 10, 2024, the Federal Trade Commission issued a report to Congress detailing the FTC’s law enforcement cooperation with state attorneys general nationwide and presenting best practices to ensure continued effective collaboration.
The report, directed by the FTC Collaboration Act of 2021, “Working Together to Protect Consumers: A Study and Recommendations on FTC Collaboration with the State Attorneys General” makes legislative recommendations that would enhance these efforts, including reinstating the FTC’s authority to seek money for defrauded consumers and providing it with the independent authority to seek civil penalties.
“Today’s consumer protection challenges require an all-hands-on-deck response, and our report details how the FTC is working closely with state enforcers to share information, stop fraud, and ensure fairness in the marketplace,” said FTC attorney Samuel Levine, Director of the Bureau of Consumer Protection. “We look forward to seeking new opportunities to strengthen these ties and confront the challenges of the future.”
In June 2023, the FTC announced a request for public information seeking public comments and suggestions on ways it can work more effectively with state attorneys general to help educated and protect consumers about and from deception and fraud. After reviewing and analyzing the comments received, the FTC developed the report to Congress.
The report is divided into three sections: (i) the FTC’s Existing Collaborative Efforts with State Attorneys General to Prevent, Publicize and Penalize Frauds and Scams; (ii) Recommended Best Practices to Enhance Collaboration;
On December 6, 2023, Federal Communications Commission Chairwoman Jessica Rosenworcel announced a new initiative to strengthen and formalize the cooperation between the FCC and its state partners on privacy, data protection and cybersecurity enforcement matters.
As part of the work of the FCC’s Privacy and Data Protection Task Force, the FCC’s Enforcement Bureau has signed Memoranda of Understanding with Attorneys General of Connecticut, Illinois, New York and Pennsylvania to share expertise, resources and coordinated efforts in conducting privacy, data protection and cybersecurity-related investigations to protect consumers.
The Memoranda of Understanding
The new MOU affirm that the FCC and State Attorneys General “share close and common legal interests in working cooperatively to investigate and, where appropriate, prosecute or otherwise take enforcement action in relation to privacy, data protection or cybersecurity issues” under sections 201 and 222 of the Communications Act.
Coordinated action and information sharing will take place under all applicable federal and state laws, and privacy protections.
Federal and State Comments
FCC Chairwoman Rosenworcel said, in pertinent part, that “[d]efending consumer privacy is an all-of-government responsibility and a shared challenge. Today we take on evolving consumer threats with new formal partnerships with state law enforcement leaders, which have already been successful in obtaining record-breaking results in combatting illegal robocalls.”
FCC Enforcement Bureau Chief Loyann A. Egal said, in pertinent part, that “[u]se of information and communications technology and services have significantly enhanced our lives while at the same time increasing vulnerabilities to our privacy and sensitive data.
On October 18, 2023, the Federal Trade Commission announced that it has agreed to a $3.4MM settlement with New Jersey for-profit Sollers College over alleged deceptive ads that lured prospective students into unlawful contracts, purportedly falsely touting relationships with prominent employers and inflating job placement rates. The charges were brought by the FTC and the state of New Jersey.
According to the FTC’s complaint, Sollers, and its parent company, used their website, social media, and email campaigns to falsely advertise their partnerships with prominent employers in the fields of information technology, clinical research and drug safety. According to the complaint, Sollers falsely claimed that its partnerships with prominent employers, such as Pfizer, Weill Cornell Medicine, and Infosys, resulted in jobs for its graduates at those companies. Many of the businesses featured on Sollers’ website had no partnership with the school at all, says the FTC.
The complaint states that, since at least 2018, Sollers advertised that the vast majority of Sollers graduates are placed in jobs. For example, the company purportedly advertised, “90% of our students are placed within 3 months of graduation,” on its website. In reality, the job placement rate for Sollers graduates is substantially lower than the 80 percent, 82 percent, 90 percent or “near perfect” rates featured prominently on its website and in its advertising campaigns, the FTC states. According to the FTC, the school’s own data suggests that the current job-placement rate for graduates of its Life Sciences programs remains as low as 52 percent.
On October 10, 2023, California Governor Gavin Newsom signed the Delete Act (SB 362). The Act is new legislation that requires businesses that meet the definition of “data broker” to provide detailed disclosures about its practices, register with the state and delete any personal information relating to a California resident upon receiving a verifiable deletion request.
The Act requires the California Privacy Protection Agency to establish a simple deletion mechanism that permits individuals to submit deletion requests that data brokers must adhere to starting August 1, 2026. Importantly, beginning in 2028 data brokers will be subject to audits intended to demonstrate compliance with the Act.
What Businesses are Covered Under the Act?
The Delete Act defines “data broker” as a business that knowingly collects and sells personal information of a consumer that it does not have a direct relationship with, to third parties. Excluded are certain entities that may be covered by various federal and state laws relating to data, such as the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, the Confidentiality of Medical Information Act and the California Insurance Information and Privacy Protection Act.
Data brokers must register with the CPPA and pay registration fees, as well as fees for access to the deletion mechanism.
What are the Applicable Registration and Disclosure Requirements?
Data brokers are required to register with the CPPA on or before January 31 for each year that they meet the statutory definition of “data broker.” In fact,
FTC advertising compliance and defense attorney Richard B. Newman was recently quoted in an article for Cybersecurity Law Report titled “Xbox and Alexa COPPA Case Lessons: Avatars, Biometrics and Other New Expectations.”
The article discusses the FTC’s recent privacy enforcement run and how it reinforces regulators’ expanding expectations for companies using video and audio recordings, smart devices and AI. The article further discusses recent agency settlements with Microsoft, Amazon and educational technology provider Edmodo that drew $51 million in penalties, broke new ground on the Children’s Online Privacy Protection Act Rule enforcement and signaled new expectations for all companies’ privacy compliance.
In discussing how COPPA is a tool for financial penalties and how these cases highlight the value of COPPA enforcement to the FTC versus its Section 5 authority under the FTC Act, Mr. Newman noted that “[i]n Amazon, obviously, the $25‑million settlement amount leaps out” for Alexa’s improper retention of voice recordings in violation of COPPA.
Mr. Newman further shared that “not just the FTC, but state attorneys general are becoming increasingly interested in expanding regulation of the use and sharing of consumer data, including geolocation data.”
While the FTC contests the issue at the federal level, data brokers and those that interact with them should expect that the plaintiffs’ class action bar and state AGs may lodge claims under state “little FTC acts” that echo the FTC’s July 2022 statement about geolocation data or the biometric one,
Topics
Archives
About This Blog and Hinch Newman’s Advertising + Marketing Practice
Hinch Newman LLP’s advertising and marketing practice includes successfully resolving some of the highest-profile Federal Trade Commission (FTC) and state attorneys general digital advertising and telemarketing investigations and enforcement actions. The firm possesses superior knowledge and deep legal experience in the areas of advertising, marketing, lead generation, promotions, e-commerce, privacy and intellectual property law. Through these advertising and marketing law updates, Hinch Newman provides commentary, news and analysis on issues and trends concerning developments of interest to digital marketers, including FTC and state attorneys general advertising compliance, civil investigative demands (CIDs), and administrative/judicial process. This blog is sponsored by Hinch Newman LLP.