Advertising & Marketing
Subscribe to Advertising & Marketing's Posts

FCC Releases Order Clarifying TCPA

Last Friday, July 10, 2015, the Federal Communications Commission (FCC) released Declaratory Ruling and Order 15-72 (“Order 15-72”) to address more than 20 requests for clarity on FCC interpretations of the Telephone Consumer Protection Act (TCPA). The release of Order 15-72 follows a June 18th open meeting at which the FCC adopted the rulings now reflected in Order 15-72 that are intended to “close loopholes and strengthen consumer protections already on the books.”

Keys rulings in Order 15-72 include:

  • Confirming that text messages are “calls” subject to the TCPA;
  • Clarifying that consumers may revoke their consent to receive robocalls (i.e., telemarketing calls or text messages from an automated system or with a prerecorded or artificial voice) “at any time and through any reasonable means”;
  • Making telemarketers liable for robocalls made to reassigned wireless telephone numbers without consent from the current account holder, subject to “a limited,one-call exception for cases in which the caller does not have actual or constructive knowledge of the reassignment”;
  • Requiring consent for internet-to-phone text messages;
  • Clarifying that “nothing … prohibits” implementation of technology that helps consumers block unwanted robocalls;
  • Allowing certain parties an 89-day (after July 10, 2015) window to update consumer consent to “prior express written consent” as the result of an ambiguous provision in the 2012 FCC Order that established the “prior express written consent” requirement; and
  • Exempting from the consent requirement certain free “pro-consumer financial- and healthcare-related messages”.

We are reviewing the more than 135 pages of Order 15-72, as well as the separate statements of FCC Commissioners Wheeler, Clyburn, Rosenworcel (dissenting in part), Pai (dissenting) and O’Rielly (dissenting in part). Please check back soon for more information and analysis.




read more

FTC Approves Final Order with AmeriFreight: Websites Must Disclose Endorsements

Earlier this year, AmeriFreight, a Georgia-based auto shipment broker, settled with the Federal Trade Commission (FTC) over charges that the company posted customer reviews on its website while failing to disclose that it had given cash discounts to customers in exchange for the reviews.  According to the FTC complaint, AmeriFreight touted on its website homepage that it had “more highly ranked ratings and reviews than any other company in the automotive transportation business” and that a majority of the online reviews on  AmeriFreight’s website failed to disclose that the reviewers were compensated $50 for posting reviews and were also eligible to receive an additional $100 if selected for the “Best Monthly Review Award.”  The FTC charged that AmeriFreight, by failing to disclose the incentives it had given to reviewers, had misrepresented its customer reviews as those of unbiased consumers.  The FTC’s position can be summed up best by the following quotes from its Director of the Bureau of Consumer Protection: “Companies must make it clear when they have paid their customers to write online reviews” and if companies “fail to do that – as AmeriFreight did – then they’re deceiving consumers, plain and simple.”

The FTC’s Endorsement Guidelines

Guidelines issued in 2009 by the Federal Trade Commission (the “FTC Endorsement Guidelines”) make clear that an advertiser must fully disclose any connection between the advertiser and an endorser of the advertiser’s product or service that might materially affect the weight or credibility of the endorsement, such as the fact that the endorser received compensation or some other benefit or incentive from the advertiser in exchange for providing a favorable review.  An advertiser’s failure to disclose an endorser’s material connection with the advertiser constitutes an unfair and deceptive trade practice as well as false advertising, both in violation of Section 5(a) of the Federal Trade Commission Act.  The requirement of disclosure of material connections applies not only to celebrity, expert or professional endorsers, but also to ordinary consumer-endorsers.  Many companies today use consumer endorsements in promoting their products or services, including the so-called “word-of-mouth advertising” whereby satisfied customers tell other people how much they like a product or service.  A common example of this form of advertising is publishing consumer-submitted reviews on the internet.  Good word of mouth generated by favorable customer reviews can make a big difference in a company’s online ad campaign.  However, companies that are looking to incentivize customers to submit good reviews must be wary of not running afoul of the FTC Endorsement Guidelines.  In particular, where a company offers money or other benefits to customers in exchange for good reviews, it must disclose such fact when publishing reviews.

Key Takeaways for Businesses

The FTC’s complaint against AmeriFreight is the first time the agency has charged a company with misrepresenting online reviews by failing to disclose that it gave cash discounts to customers to post the reviews.  This has significant implications for businesses that use customer [...]

Continue Reading




read more

Junk Fax Act Compliance: One Week Left to Request a Waiver for Non-Compliance

Thursday, April 30, 2015, marks the last day a business can request a retroactive waiver for failing to comply with certain fax advertising requirements promulgated by the Federal Communications Commission (FCC). The scope of these requirements was clarified on October 30, 2014, when the FCC issued an Order (2014 Order) under the Junk Fax Prevention Act of 2005 (Junk Fax Act). The 2014 Order confirms that senders of all advertising faxes must include information that allows recipients to opt out of receiving future faxes from that sender.

The 2014 Order clarifies certain aspects of the FCC’s 2006 Order under the Junk Fax Act (the Junk Fax Order). Among other requirements, the Junk Fax Order established the requirement that the sender of an advertising fax provide notice and contact information that allows a recipient to “opt out” of any future fax advertising transmissions.

Following the FCC’s publication of the Junk Fax Order, some businesses interpreted the opt-out requirements as not applying to advertising faxes sent with the recipient’s prior express permission (based on footnote 154 in the Junk Fax Order). The 2014 Order provided a six-month period for senders to comply with the opt-out requirements of the Junk Fax Order for faxes sent with the recipient’s prior express permission and to request retroactive relief for failing to comply. The six-month period ends on April 30, 2015. Without a waiver, the FCC noted that “any past or future failure to comply could subject entities to enforcement sanctions, including potential fines and forfeitures, and to private litigation.”

For more information about the Junk Fax Act in general, or the waiver request process in particular, please contact Julia Jacobson or Matt Turnell.




read more

The Consumer Privacy Bill of Rights Redux

On February 27, 2015, the Obama White House released an “Administration Discussion Draft” of its Consumer Privacy Bill of Rights Act of 2015 (Proposed Consumer Privacy Act)

The Proposed Consumer Privacy Act revises and builds on the “Consumer Privacy Bill of Rights” that the Obama White House released in its 2012 Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy report.

As described during President Obama’s January 12 visit to the Federal Trade Commission (FTC), the Proposed Consumer Privacy Act identifies seven “basic principles to both protect personal privacy and ensure that industry can keep innovating.”   These seven principles are:

  1. Transparency (§101): Transparency is a principle frequently cited in guidance from the FTC, as well as self-regulatory framework, such as the Digital Advertising Alliance’s cross-industry code for interest based-advertising. The Proposed Consumer Privacy Act describes transparency as “concise and easily understandable language, accurate, clear, timely, and conspicuous notice about privacy and security practices.” The notice required from an entity subject to the Proposed Consumer Privacy Act (defined as a “covered entity” (CE)) must describe the entity’s collection, use, disclosure, retention, destruction and security practices.
  2. Individual Control (§102): The Individual Control principle means offering consumers a “reasonable means to control the processing (i.e., taking any action regarding) personal data about them in proportion to the privacy risk to the individual and consistent with context.” An individual must have a way to either withdraw consent related to his or her personal data that is “reasonably comparable” to the means by which the consent was initially granted consent or request that the CE “de-identify” (as defined in the Proposed Consumer Privacy Act) his or her personal data.
  3. Respect for Context (§103): Under the Respect for Context principle, a CE must process personal data reasonably “in light of context.” If the processing is not reasonable, the CE must undertake a “privacy risk analysis” to identify and take reasonable steps to mitigate privacy-related risk, including “heightened transparency and individual control,” such as just-in-time notices.  Reasonableness is presumed when a CE’s personal data processing “fulfills an individual’s request.”
  4. Focused Collection and Responsible Use (§104): The Focused Collection and Responsible Use principle requires that a CE limit its collection, retention and use of personal data to a “manner that is reasonable in light of context.” The CE also must “delete, destroy, or de-identify” personal data within a “reasonable time” after the original purpose for its collection, retention, or use has been fulfilled.
  5. Security (§105): Under the Security principle, a CE must: identify internal and external “risks to privacy and security” of personal data; implement and maintain safeguards “reasonably designed” to secure personal data; regularly assess the efficacy of the safeguards, and adjust the safeguards to reflect material changes to business practices or “any other circumstances that create a material impact on the privacy or security” of personal data under the CE’s control. The [...]

    Continue Reading



read more

The FTC Did Some Kid-ding Around in 2014

2014 was a busy year for the Federal Trade Commission (FTC) with the Children’s Online Privacy Protection Act (COPPA).  The FTC announced something new under COPPA nearly every month, including:

  • In January, the FTC issued an updated version of the free consumer guide, “Net Cetera:  Chatting with Kids About Being Online.”  Updates to the guide include advice on mobile apps, using public WiFi securely, and how to recognize text message spam, as well as details about recent changes to COPPA.
  • In February, the FTC approved the kidSAFE Safe Harbor Program.  The kidSAFE certification and seal of approval program helps children-friendly digital services comply with COPPA.  To qualify for a kidSAFE seal, digital operators must build safety protections and controls into any interactive community features; post rules and educational information about online safety; have procedures for handling safety issues and complaints; give parents basic safety controls over their child’s activities; and ensure all content, advertising and marketing is age-appropriate.
  • In March, the FTC filed an amicus brief in the 9th U.S. Circuit Court of Appeals, arguing that the ruling of U.S. District  Court for the Northern District of California in Batman v. Facebook that COPPA preempts state law protections for the online activities of teenagers children outside of COPPA’ coverage is “patently wrong.”
  • In April, the FTC updated its “Complying with COPPA:  Frequently Asked Questions” (aka the COPPA FAQs) to address how COPPA applies in the school setting.  In FAQ M.2, the FTC discussed whether a school can provide the COPPA-required consent on behalf of parents, stating that “Where a school has contracted with an operator to collect personal information from students for the use and benefit of the school, and for no other commercial purpose, the operator is not required to obtain consent directly from parents, and can presume that the school’s authorization for the collection of students’ personal information is based upon the school having obtained the parents’ consent.”  But, the FTC also recommends as “best practice” that schools provide parents with information about the operators to which it has consented on behalf of the parents.  The FTC requires that the school investigate the collection, use, sharing, retention, security and disposal practices with respect to personal information collected from its students.
  • In July, COPPA FAQ H.5, FAQ H.10, and FAQ H.16 about parental consent verification also were updated.  In FAQ H.5, the FTC indicates that “collecting a 16-digit credit or debit card number alone” is not sufficient as a parental consent mechanism, in some circumstances, “collection of the card number – in conjunction with implementing other safeguards – would suffice.”  Revised FAQ H.10 indicates that a developer of a child-directed app may use a third party for parental verification “as long as [developers] ensure that COPPA requirements are being met,” including the requirement to “provide parents with a direct notice outlining [the developer’s] information collection practices before the parent provides his or her consent.” In revised FAQ H.16, the FTC [...]

    Continue Reading



read more

Privacy and Data Protection: 2014 Year in Review

In 2014, regulators around the globe issued guidelines, legislation and penalties in an effort to enhance security and control within the ever-shifting field of privacy and data protection. The Federal Trade Commission confirmed its expanded reach in the United States, and Canada’s far-reaching anti-spam legislation takes full effect imminently. As European authorities grappled with the draft data protection regulation and the “right to be forgotten,” the African Union adopted the Convention on Cybersecurity and Personal Data, and China improved the security of individuals’ information in several key areas. Meanwhile, Latin America’s patchwork of data privacy laws continues to evolve as foreign business increases.

This report furnishes in-house counsel and others responsible for privacy and data protection with an overview of key action points based on these and other 2014 developments, along with advance notice of potential trends in 2015. McDermott will continue to report on future updates, so check back with us regularly.

Read the full report here.




read more

Join Us at BAA’s Marketing Law Conference for a Panel Discussion on Developments in Mobile Marketing

For those Of Digital Interest readers attending the Brand Activation Association’s (BAA) 36th Annual Marketing Law Conference, please join McDermott partner – and Of Digital Interest editor – Julia Jacobson as she moderates a panel titled “New and Unexpected: Developments in Mobile Marketing – Mobile Tracking, Apps and Mobile Payments.” She will be joined by Ira Schlussel of HelloWorld, Inc., Paul Twarog of Google Inc. and co-moderator Terese Arenth. The panel session starts at 3:20 pm on Thursday, November 6.  We hope to see you there.




read more

Be Careful Who You Hire To Make Those Calls! Ninth Circuit Takes Expansive View of Vicarious Liability under the TCPA

A recent ruling by the Ninth Circuit took an expansive view of vicarious liability under the Telephone Consumer Protection Act (TCPA).  Reversing the district court’s grant of summary judgment, the court in Gomez v. Campbell held that a marketing consultant could be held liable for text messages sent in violation of the TCPA, even though the marketing consultant itself had not sent the texts and even though the texts were sent on behalf of the marketing consultant’s client, not the consultant itself.

Among other things, the TCPA prohibits (with certain exceptions) the use of automatic telephone dialing systems in making calls to cellphones.  Both the Federal Communications Commission (FCC) and the courts have interpreted this provision to bar the use of automated systems to send unsolicited texts to cellphones.  In Gomez, the Campbell-Ewald Company had been hired by the Navy to conduct a multimedia recruiting campaign.  Campbell-Ewald had then outsourced the text-messaging component of the campaign to a third party, Mindmatics.  Mindmatics then allegedly sent text messages to the plaintiff and others who had not given consent.

On appeal, Campbell-Ewald raised two variations of the arguments that it should not be held liable for texts that it had not itself sent.  First, Campbell-Ewald argued that it did not “make” or “initiate” any calls under the TCPA because Mindmatics had sent the texts.  As the statue only provides for liability for those that “make” or “initiate” prohibited calls, Campbell-Ewald argued that it could not be held liable.  Second, addressing another potential avenue of liability, Campbell-Ewald noted that the FCC had interpreted the TCPA to allow for liability against those “on whose behalf” unsolicited calls are made.  But, Campbell-Ewald argued, it could not be held liable on this ground either because the texts had been sent on behalf of its client, the Navy, not Campbell-Ewald.

In the end, the Ninth Circuit sidestepped both these arguments and found Campbell-Ewald potentially liable on a third basis, “ordinary tort-related vicarious liability rules.”  The court noted that where a statute is silent on vicarious liability—as the court judged the TCPA to be—traditional common law standards of vicarious liability apply.  Thus, the court held, Campbell-Ewald could be liable under the TCPA based on the agency relationship between Campbell-Ewald and Mindmatics.  The court further noted that FCC had stated that the TCPA imposes liability “under federal common law principles of agency,” and held that the FCC’s interpretation was entitled to deference.

Finally, the court noted that it made little sense to subject both the actual sender and the ultimate client to liability, while absolving the middleman marketing consultant, noting, “a merchant presumably hires a consultant in party due to its experience in marketing norms.”

The decision reinforces the importance for companies to closely monitor anyone sending texts or placing calls on their behalf or at their direction.  Following Gomez, it is clear that any company that had a role in sending unsolicited calls or texts can potentially be held liable under the TCPA; and the company with the [...]

Continue Reading




read more

France About to Embark on a Cookies Sweep Day

Impending sweep day to verify compliance with guidelines on cookies

During the week of September 15–19, 2014, France’s privacy regulator, the Commission Nationale de l’Informatique et des Libertés (CNIL), is organizing a “cookies sweep day” to examine compliance with its guidelines on cookies and other online trackers.

Starting in October 2014, the CNIL will also be conducting onsite and remote inspections to verify compliance with its guidelines on cookies.

Depending on the findings of the sweep and inspections, the CNIL may issue warnings or financial sanctions to non-compliant websites and applications.

Investigations gaining momentum

France is not the only country stepping up its data privacy efforts.  Parallel sweeps to the one conducted by the CNIL in September 2014 will be undertaken simultaneously by data protection authorities across the European Union.  The purpose of the coordinated action is to compare practices on the information given by websites to internet users and the methods to obtain their consent for cookies.

Nor is this the first time such a sweep has been organized in France.  In May 2013, the CNIL joined 19 counterparts worldwide in an audit of the 2,180 most visited websites and applications.  In that operation, known as “Internet Sweep Day”, the CNIL examined the compliance of 250 frequently visited websites and found that 99 percent of websites visited by French internet users collect personal information.  Of those that provided information on their data privacy policy, a considerable number did not render it easily accessible, clearly articulated or even written in French.

Compliance made simpler through CNIL guidelines

EU Directive 2002/58 on Privacy and Electronic Communications imposes an obligation to obtain prior consent before placing or accessing cookies and similar technologies on web users’ devices, an obligation incorporated into French law by Article 32-II of the French Data Protection Act.

Not all cookies require prior consent by internet users.  Exempt are cookies used “for the sole purpose of carrying out the transmission of a communication over an electronic communications network” and those that are “strictly necessary for the provision of an information service explicitly requested by the subscriber or user.”

For those cookies that require prior consent, the CNIL will verify how consent is obtained.  Under the CNIL guidelines, consent may be obtained either through an actual click or by the user’s further navigation within the site notwithstanding a continuing banner informing him or her of the website’s use of cookies.

Website owners can rely on tools made available by the CNIL to ensure their compliance with the cookie requirements.  In particular, a set of guidelines released by the CNIL in December 2013 explains how to obtain consent for the use of cookies and other online trackers in compliance with EU and French data protection requirements.

Under the CNIL guidelines, owners of websites may not force internet users to accept cookies.  Instead, the users must be able to block advertising cookies and still use the relevant service.  Internet users can withdraw their consent at any time, and cookies have a [...]

Continue Reading




read more

Digital Marketing Minute: Bot Fraud Hampers Digital Advertising

Fraudulent web traffic is an increasingly common headache for digital marketers who work with advertising networks to deliver online ads.  A predominant source of fraudulent web traffic is software applications known as “bots,” which hijack consumers’ computers and redirect browsers to a website delivering online ads.  Bots can then automatically generate false ad views and false clicks, as well as automatically generate false user profiles or enter other information into a website’s form fields.  Despite prohibitions on bot-type activity in their terms of use, website operators have not been particularly successful in stopping bot fraud.  According to the Interactive Advertising Bureau, an estimated 36 percent of all web traffic is bot generated.

Many in the digital advertising industry are concerned about this trend, because advertisers often pay for digital advertising based on online ad views and clicks, and fraudulent views and clicks could be causing advertisers to waste significant amounts of money on ad campaigns.  Digital advertisers are also concerned that fraud skews ad campaign performance statistics, since distinguishing human activity from the bot generated activity is virtually impossible.  Unchecked, bot fraud could cause advertisers to lose confidence in the effectiveness of digital advertising ecosystem.

To help stem bot-related fraud, the Association of National Advertisers (ANA), an industry trade group, recently announced the launch of a joint study in conjunction with the online fraud detection firm White Ops to determine the level of bot fraud in the digital advertising industry. The ANA will publish a report with the results of the study and recommendations for action in mid-October 2014.




read more

STAY CONNECTED

TOPICS

ARCHIVES

2021 Chambers USA top ranked firm
LEgal 500 EMEA top tier firm 2021
U.S. News Law Firm of the Year 2022 Health Care Law