Consumer Protection Connection

Consumer Protection
Connection

FTC Streamlines its Fur, Textile and Wool Labeling Filing Process

Posted in Labeling, Regulations

Continuing Acting Chair Maureen K. Ohlhausen’s regulatory reform agenda, the Federal Trade Commission (FTC) has updated its website at  RN.FTC.GOV to allow real-time electronic filings of requests to obtain, update, or cancel registered identification numbers (RN) under the Fur, Textile and Wool Labeling Rules. The new web-based process is intended to streamline applications from businesses and speed up FTC responses. The FTC’s website at has been updated to allow “real-time data validation for applicants and alert them to possible errors to avoid unnecessary delays.”

Under the current rules, most clothing and textile and fur products must have a label that identifies the manufacturer or other business responsible for marketing or handling the item. The updated RN system means that businesses can avoid putting long company names on labels.

The FTC advises businesses with RN numbers to visit the site and verify that their information is accurate.

First FTC Complaint Against Social Media Influencers Settles

Posted in Regulations

When two celebrity gamers endorsed an online lotto service, they didn’t gamble on the Federal Trade Commission’s (FTC) insistence they tell their fans they actually owned the business they were promoting. Now, Trevor Martin and Thomas Cassell, and their company, CSGO Lotto, Inc., have settled charges of deceptive advertising. This is the first case the FTC has brought against social media influencers individually.

Martin and Cassell are known to millions of online gamers on YouTube as “TmarTn” and “Syndicate Project.” According to the FTC complaint, from 2015, Martin and Cassell operated and advertised the csglotto.com website. The men uploaded videos to the social media site which showed them playing—and winning—on a gaming site called CSGO Lotto. When Martin and Cassell had major windfalls on CSGC Lotto, they would post new videos that promised to tell viewers how they, too, could also “win big” on the site. However, the gaming superstars neglected to tell their fans two important facts: (1) they jointly owned the company that ran the game, and (2) other celebrity endorsers on social media were also paid for to flack CSGC Lotto.

Under the terms of the settlement, Martin and Cassell are required to “clearly and conspicuously disclose any material connections” with anyone promoting their products or services. They must also establish and maintain a system to monitor and review endorsers having material connections to their services and products, and are barred from misrepresenting their endorsers’ impartiality.

It was just a matter of time before the FTC began to crack down on actual endorsers who fail to disclose that they get paid to promote products and services on social media. Earlier this year, the FTC sent letters to 90 marketers and influencers warning them to “clearly and conspicuously disclose their relationships … when promoting or endorsing products through social media.” FTC staff sent additional warning letters to 21 social media influencers it contacted earlier this year regarding their Instagram posts, reminding them of their obligations to transparency and demanding responses to specific questions about their relationships with companies whose products they are promoting.

FTC Acting Chairman Maureen Ohlhausen commented: “Consumers need to know when social media influencers are being paid or have any other material connection to the brands endorsed in their posts. This action, the FTC’s first against individual influencers, should send a message that such connections must be clearly disclosed so consumers can make informed purchasing decisions.”

In addition, the FTC issued updated staff guidance that includes “specific questions social media influencers and marketers may have about whether and how to disclose material connections in their posts,” including tagging, Instagram and Snapchat disclosures, and where such disclosures need to be made.

Many advertisers have social media policies in place to ensure they comply with material disclosure rules, but it can be challenging to police all influencers. The FTC has now let social media influencers know it’s game on: endorsers themselves may be targets of enforcement action if they fail to disclose their relationship with the brands they are promoting.

Dietary Supplement Company and its Endorsers Settle with FTC Over Deceptive Marketing Claims

Posted in Advertising

Remember those ads from the 80s where an actor would start a medicine endorsement with the disclaimer: “I’m not a doctor, but I play one on TV”? A recent Federal Trade Commission (FTC) settlement order relating to the marketing of the dietary supplements CogniPrin and FlexiPrin is a good reminder about the importance of using clear and conspicuous disclosures in advertising and ensuring that health-related claims are supported by competent and reliable scientific evidence.

Last February, the FTC and the Maine Attorney General filed a joint complaint against nine defendants for allegedly making false and misleading claims related to the dietary supplements CogniPrion and FlexiPrin that were not backed by reliable scientific evidence. The complaint also alleged that print and Internet ads featured fake testimonials about the products, radio ads gave the impression that they were educational segments rather than advertorials, one of the company’s expert endorsers failed to examine the products and disclose that he received a percentage of sales revenue, and the ads failed to disclose material conditions relating to a “free trial” period.

Six of the defendants settled with the FTC and the Maine Attorney General in March, and the remaining three (the marketing company, its owner, and its expert endorser) entered into a settlement on August 23. The most recent settlement order imposes a $6.5 million fine and prohibits the defendants from making health-related claims that are not supported by “randomized, double-blind, and placebo-controlled” testing. In addition, the defendants are required to disclose whether their endorsers receive compensation, and customers must give express consent before being enrolled in continuity programs.

The FTC has warned marketers and influencers about their obligation to clearly and conspicuously disclose their relationships when endorsing products, and has filed complaints against a number of businesses for lack of adequate endorsement disclosures. In addition, as we previously reported, the FTC recently sent warning letters to several influencers advising them about their obligations.  As the recent settlements over the marketing of CogniPrin and FlexiPrin make clear, marketers should also ensure that all material terms of their offers are clearly and conspicuously disclosed and that any health-related claims are backed by reliable scientific evidence. Companies that fail to do so may find themselves subject to some strong medicine from the FTC.

FTC Green Lights TRUSTe’s Proposed Safe Harbor Program Modifications

Posted in Data Security

The Federal Trade Commission (FTC) has approved changes TRUSTe proposed to its safe harbor program several months ago under the Children’s Online Privacy Protection Act (COPPA) Rule. The approved modifications include a new requirement that program participants conduct an annual internal assessment of third-parties’ collection of personal information from children on their websites or online services by checking for tracking technologies. Other changes include: TRUSTe’s program requirements are now referred to as “Children’s Privacy Certification Standards; the use of “seal” rather than “trustmark” and “Privacy Notice” in place of “Privacy Statement; additional data security requirements; and personnel training requirements for participating businesses. TRUSTe claims its new rules “meet or exceed COPPA requirements” and by approving the revisions, the FTC agreed.

The COPPA Rule requires that operators of commercial websites and online services directed to children under the age of 13 must post comprehensive privacy policies on their sites, notify parents about their information practices, and obtain parental consent before collecting, using, or disclosing any personal information from children under the age of 13. TRUSTe manages an approved safe harbor program intended to ensure that online businesses are complying with COPPA rules.

In its role as a safe harbor operator under COPPA, TRUSTe is required to carry out annual reviews of website operators’ policies, practices, and representations. TRUSTe proposed the changes following a settlement earlier this year with the New York Attorney General over allegations that the company did not adequately assess whether companies certified under its program allowed third parties to track children at participant sites.

Cybersecurity Update

Posted in Cybersecurity

As connected products are increasingly integrated into everyday life, measures to address the security of Internet of Things (IoT) devices continue to evolve. Some of the latest initiatives include the following.

NTIA issues guidance on cybersecurity communications
Last month, as part of an ongoing multi-stakeholder initiative, a working group of the National Telecommunications and Information Administration (NTIA) issued guidance to help IoT manufacturers more effectively communicate cybersecurity and privacy information to consumers. The working group considered guidance from other agencies, including the Federal Trade Commission and Department of Homeland Security, nonprofits, and industry.

The NTIA document, Communicating IoT Device Security Update Capability to Improve Transparency for Consumers, focuses on “key elements” for manufacturers to consider communicating to consumers prior to purchase, which are crucial for transparency and informed choice. They include informing consumers upfront whether their devices will receive security updates, how updates will be communicated (e.g., will they update automatically?), and when updates will end. NTIA also recommends addressing how users are notified about security updates; what happens when a device no longer receives update support; how the manufacturer secures updates; any costs for consumers to keep their devices current once updates end; and when or whether a device ceases to operate or loses functionality when security support ends, or whether users bear the risk of operating the device once security updates end.

The guidance emphasizes that updates and patches do not offer complete device protection and are not the sole security measures that IoT manufacturers and consumers should take. Thus, while the guidance provides a useful roadmap for IoT manufacturers, companies may wish to consider advising on additional security practices and policies that apply to the device and prudent steps for consumers to take to maintain device security, such as password management. The recent focus on communicating about IoT updates and patches appears to stem from the recognition that IoT devices are powered by software, and that software is updated and replaced, sometimes frequently.

Internet of Things (IoT) Cybersecurity Improvement Act of 2017
On August 1, Senate Cybersecurity Caucus co-chairs Mark Warner (D-VA) and Cory Gardner (R-CO) introduced a bill to provide minimum cybersecurity operational standards for connected products purchased by federal agencies. Per Senator Gardner, the Internet of Things (IoT) Cybersecurity Improvement Act of 2017 would “ensure the federal government leads by example and purchases devices that meet basic requirements to prevent hackers from penetrating our government systems.” The bill would require agencies to include a clause in procurement contracts requiring suppliers of connected products to meet basic industry-wide cybersecurity standards. Suppliers would be obliged to provide written certification that devices do not contain any known security vulnerabilities or defects, and allow for patching of security updates. In addition, connected devices would be prohibited from including hard-coded passwords, which can provide a back door for malware.

Although this bill would apply only to connected products purchased by the federal government, federal procurement standards are often mirrored by state procurement officials and can find their way into other specifications as well.

ANSI introduces first independent cybersecurity standard
Another development affecting cybersecurity of connected products is the finalization of the first independent standard for IoT device cybersecurity. The American National Standards Institute (ANSI) introduced UL 2900-1, General Requirements for Software Cybersecurity for Network-Connectable Products, on July 5. Developed as part of UL’s Cybersecurity Assurance Program, the UL 2900 series applies established security design principles to measurable criteria to assess vulnerabilities of connected products. UL 2900 has been recognized by the Food and Drug Administration, which is expected to formally announce its adoption in the next Federal Register notice.

As cybersecurity standards, guidelines, and proposed regulations for IoT devices proliferate, it is important to remember that the specific security measures adopted must be relevant to the type of information collected by a particular IoT device, including the potential sensitivity of that data.

Internal Reforms Announced for FTC’s Bureau of Consumer Protection

Posted in Privacy

The Federal Trade Commission’s Bureau of Consumer Protection is about to undergo reform, according to FTC Acting Chairman Maureen Ohlhausen. In a press release issued on July 17, the FTC stated that the changes are part of an ongoing initiative to simplify information requests and improve transparency that began last April, when Ohlhausen announced new internal working groups on agency reform and efficiency.

“It is our duty to carry out our vital mission in the most effective and efficient way possible. The changes announced today will reduce unnecessary and undue burdens of FTC investigations without compromising our ability to protect American consumers,” Ohlhausen stated.

The current round of reforms concern Civil Investigative Demands (CIDs) in consumer protection cases. According to the FTC, the changes include:

  • Plain language descriptions of the CID process and business education materials;
  • More detailed descriptions of the scope and purpose of investigations to provide a better understanding of the information requested;
  • Reduced time periods for investigations to minimize the burden on companies;
  • Streamlined instructions for providing electronically stored data; and
  • Where appropriate, longer response times for CIDs to improve quality and timeliness.

The reforms are intended to make investigatory/information gathering requests less burdensome to businesses and more efficient generally. If effective, they will narrow the scope of information requested to specific pertinent information. As in many areas of legal and regulatory compliance, responding to CIDs—even in the absence of any wrongdoing or evidence thereof—can be time consuming and costly to businesses.

Other regulatory reform initiatives have been announced by the FTC in recent months, so it is reasonable to expect that more changes will be on horizon. Most recently, the FTC announced that it is seeking public comments on the Picture Tube, Textile, Energy Labeling, and CAN-SPAM Rules to inform the agency’s decision on whether to update them.  More information is available in Keller and Heckman LLP’s Consumer Protection Connection blog post Regulatory Reforms Afoot at FTC: Now’s Your Chance to Weigh In.

Regulatory Reforms Afoot at the FTC: Now’s Your Chance to Weigh in

Posted in Regulations

As part of Acting Chair Maureen K. Ohlhausen’s regulatory reform initiative, the Federal Trade Commission (FTC) is asking for the public’s input on the Picture Tube, Textile, Energy Labeling, and CAN-SPAM Rules. The comments will inform the Commission’s decision on whether to update these rules.

  • The Textile Rule obliges marketers of textiles to label their goods properly for identification purposes. The FTC seeks comments on a proposal to eliminate the obsolete labelling provisions, “which require marketers to attach a label to a textile product disclosing the manufacturer or marketer name, the country where the product was processed or manufactured, and the generic names and percentages by weight of the fibers in the product.”
  • The Picture Tube Rule requires manufacturers to adopt uniform measurement of television screen sizes and requires advertisers to base any representation of the screen size on the horizontal dimension of the actual, viewable area so that consumers know exactly what to expect. The FTC is looking for particular feedback regarding whether the rule is still needed at all as well as opinions on its “efficiency, costs, benefits and impact.”  The commission will consider new television technology “including plasma, LED, OLED, and other similar materials in flat display screens” as it deliberates possible changes.
  • Under the Energy Labeling Rule, EnergyGuide labels are required on certain appliances “to help consumers compare similar models.” The Commission is proposing to update this rule “to eliminate provisions that are obsolete and unnecessarily burdensome and to account for new products in the marketplace.” The FTC’s proposed changes are informed by feedback it received in an earlier call for comments that ended in September 2016.
  • The CAN-SPAM Rule  implements the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act and sets forth requirements for commercial email messages. The FTC is seeking comment on the benefits of the Rule, the costs of compliance, and whether it should be amended, for example, to account for technological or economic changes.

Comments on the Textile Rule must be submitted by July 31, 2017. Feedback on the Picture Tube Rule and the CAN-SPAM Rules must be submitted by August 31, 2017. All comments should be submitted at www.ftc.gov/policy/public-comments.

Acting Chair Ohlhausen stated: “Regulations can be important tools in protecting consumers, but when they are outdated, excessive, or unnecessary, they can create significant burdens on the U.S. economy, with little benefit. Private firms face constant market pressure to innovate and improve, and I see no reason why government should operate any differently. American taxpayers should expect nothing less from us.”

As the reform process continues, the FTC may update or repeal other rules. Stay tuned.

What’s Happening at the CPSC

Posted in Product Safety

Acting Consumer Product Safety Commission (CPSC) Chair Ann-Marie Buerkle recently released an update regarding CPSC’s current projects, some of which involve stakeholder participation.

Mid-Year Adjustments

The Commission has approved its FY 2017 Mid-Year Review and Proposed Operations Plan Adjustments. Top priority has been given a project concerning improving the safety of lithium ion batteries. In addition, the Regulatory Robot project, which provides information to the regulated community about CPSC regulations, will be updated and improved. The CPSC’s e-filing study – which aims to discover the value of different types of information for assisting the Office of Import Surveillance in targeting products and shipments at import – is also moving forward.

CPSC will also be holding a public hearing on its priorities for Fiscal Year 2018 and Fiscal Year 2019. The hearing will begin at 10 a.m. on Wednesday, July 26, 2017.

Help for CPSC on Reducing Regulatory Burdens

The CPSC put out a request for information on ways to reduce burdens and costs of existing rules, regulations, or practices. CPSC is interested in hearing any and all ideas, big or small, that might help ease regulatory burdens, including comments on third party testing, eliminating or updating a rule, changing a practice, and providing guidance.

Comments on how to reduce regulatory burdens may be submitted electronically here. The deadline is September 30, 2017.

Recall Effectiveness Workshop

On Tuesday, July 25, CPSC will hold a workshop to explore and develop proactive measures that CPSC and stakeholders can take to improve recall effectiveness. The workshop will be held in the Hearing Room at CPSC’s headquarters in Bethesda, MD from 9 a.m.  to 3 P.m.

Register to attend here.

11 States Sue Department of Energy over Inaction on Efficiency Standards

Posted in Uncategorized

Eleven states, led by New York Attorney General Eric Schneiderman and California Attorney General Xavier Becerra, and including the city of New York, a Pennsylvania regulator, and three nonprofit groups, have jointly filed suit in federal court to sue the Department of Energy (DOE). The lawsuit seeks to compel implementation of new and updated energy efficiency standards for air compressors, commercial boilers, portable air conditioners, power supplies, and walk-in coolers and freezers.

The rules subject to the lawsuit were finalized in 2016. The coalition argues that federal law required the rules to go effect in March 2017, after the mandatory 45-day error correction review had passed. But in late January, the White House directed agency heads to impose a freeze on new regulations until they had an opportunity to review them, and newly appointed DOE Secretary Rick Perry left the status of the rules in limbo.

According to estimates, the new energy efficiency standards would collectively save U.S. consumers between $11 to $12 billion on electricity bills annually, and would reduce greenhouse gas emissions by more than 159 million tons over 30 years.

In the new environment where the federal government is taking an increasingly deregulatory stance, states, municipalities, and NGOs may become increasingly willing to take legal action to compel rulemaking. In April, the same coalition (less Maryland) brought suit in New York circuit court to compel the DOE to implement ceiling fan efficiency standards, but the DOE relented before the case was heard. DOE confirmed the ceiling fan regulations will go into effect in September 2017.

CPSC Issues Safety Warning for LayZBoard Hoverboards

Posted in Product Safety

It is no secret that hoverboards – two-wheeled, battery-powered, self-balancing scooters – have proved enormously popular with kids and teenagers. But allegations regarding defective battery packs have triggered recalls. The latest hoverboard incident was associated with a fatal fire in Harrisburg, Pennsylvania last March.

The U.S. Consumer Product Safety Commission (CPSC) started an investigation into the Harrisburg incident after fire officials blamed the accident on a charging hoverboard. Now, the CPSC has asked consumers to immediately stop using the brand of hoverboard used, LayZ Board. The CPSC made clear that the warning does not apply to Lazyboard scooters, which are a separate brand made by a different manufacturer.

Some 3,000 LayZ Board hoverboards have been imported into the U.S. Among the incidents the CPSC investigated were reports of burns and property damage across 20 states, allegedly causing in excess of $2 million in property damage. In September 2016, the CPSC recalled 501,000 hoverboards from eight manufacturers after documenting 99 incidents stemming from the scooters’ lithium-ion battery packs overheating and, in some instances, catching fire or exploding. Since then, the CPSC added another 500 scooters from a ninth manufacturer to the recall.

Lithium ion batteries offer manufacturers the ability to design and produce devices that can run for long period of time without recharging. But, after a series of high-profile accidents, the dangers posed by cheaper makes of the batteries have been widely publicized. In June 2016, CPSC’s then-Chair Elliot Kaye stated: “Unless the manufacturer can show that the device has been certified as safe by Underwriters Laboratories (UL), it should be considered “a fire hazard waiting to happen.” He urged consumers to return any non-certified hoverboard back to the manufacturers for a refund.

The first hoverboard certification was granted by UL in May 2016, meaning that earlier models would have been manufactured before the UL hoverboard standards were in place. That does not automatically mean that earlier models are unsafe if the manufacturer used a high degree of due diligence when choosing batteries for use in their products, but it is likely that they will have to demonstrate that level diligence if investigated. It is unlikely that retailers will now accept new models of hoverboards that are not certified.

It is worth noting that while the CPSC’s has issued a warning notice about LayZ Board rather than a recall, the Commission can still initiate a recall down the road.

.
Consumer Protection Connection