Photo of Sheila MillarPhoto of Tracy Marshall

One of the first formal privacy safe harbor programs was created under the Children’s Online Privacy Protection Act (COPPA). Put simply, businesses are deemed in compliance with COPPA if they belong to an FTC-approved COPPA safe harbor program and follow the safe harbor program’s guidelines. But the FTC takes seriously any false claim about participation in or compliance with any privacy safe harbor program, as Switzerland-based digital game maker Miniclip, S.A. discovered.

The FTC’s complaint alleges that Miniclip, a major player in the children’s gaming space, falsely claimed participation in the Children’s Advertising Review Unit (CARU), despite having its membership terminated by CARU in 2015. Nonetheless, from 2015 to 2019, Miniclip continued to advertise its CARU membership on its website and Facebook games privacy policy page. On May 19, 2020, the FTC announced a proposed settlement order with Miniclip that requires the company to refrain from misrepresenting its participation or certification in any privacy or security program sponsored by a government or any self-regulatory organization, including the CARU COPPA safe harbor program. Miniclip must also supply compliance reports on request from the Commission and create records demonstrating full compliance with each provision of the order for ten years.

Commissioner Rohit Chopra issued a separate concurring statement in which he approved the settlement but called on the FTC to routinely review COPPA safe harbor programs, advocating continuing oversight by the FTC, bans on the ability of safe harbor organizations to generate consulting fees, and mandatory disclosure of documents and information related to members. He also urged that the FTC terminate safe harbor programs “that do not adequately fulfill their oversight requirements.” If adopted, however, Commissioner Chopra’s recommendation of mandatory disclosure requirements could undermine a fundamental purpose of safe harbor programs: offering a mechanism for companies to review compliance with an independent third party and quickly correct identified deficiencies. Safe harbor programs can avoid the time and cost of regulatory enforcement for both businesses and the FTC, but the participant must make a good faith effort to comply.

Safe harbor programs, such as the EU-U.S. Privacy Shield, the Swiss-U.S. Privacy Shield, and the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules system, are also an important part of the privacy compliance landscape. We have previously reported on FTC enforcement actions against false Privacy Shield claims. The FTC’s action against Miniclip once again demonstrates the seriousness with which the FTC treats misrepresentations of participation in safe harbor frameworks, and especially COPPA. At a time when the FTC has solicited comments on possible revisions to the COPPA Rule, false COPPA safe harbor claims may get extra scrutiny. Companies should ensure that their membership in any safe harbor program – not just a COPPA safe harbor program – is current, that they adhere to all relevant safe harbor program guidelines, and that their advertising does not misrepresent the status of their participation.


Photo of Sheila MillarPhoto of Tracy Marshall

The COVID-19 pandemic has prompted regulatory agencies to take swift action against companies that falsely advertise their products as treatments for the virus. As we previously reported, the Federal Trade Commission (FTC) and Food and Drug Administration (FDA) issued joint warning letters to seven companies in March for advertising and selling products or services that the agencies allegedly falsely claimed to lessen or prevent COVID-19, in violation of Section 5 of the FTC Act and the Food, Drug, and Cosmetic Act (FD&C Act). That action was followed by a second set of similar warning letters from the FTC to another ten businesses on April 24, 2020 and a third set of warning letters to another 45 companies on May 7, 2020. The letters have been sent to a wide spectrum of businesses making unsupported claims related to COVID-19 therapies or treatments, including manufacturers of air purifiers/sanitizers and water filters, ozone therapy marketers, chiropractors, supplement manufacturers, and businesses offering stay-at-home work opportunities.

The FTC targeted three manufacturers of air purifiers and water filters, EcoShield LLC, John Ellis Water, and Vaniman Manufacturing Co., that the Commission asserted made COVID-19 protection claims not based in science. EcoShield claimed its wearable device “releases chlorine dioxide which is known to protect and disinfect against diseases such as influenza, common colds, bronchitis, tuberculosis, and respiratory infections.” Its Facebook ads proclaimed in capital letters that the device was “more effective than a mask” and included hashtags such as #coronavirus #flu #covid19 #covid #WuhanPneumonia #WuhanCoronavirus #coronavirusoutbreak to direct consumers to Ecoshield’s social media accounts. John Ellis Water claimed its water filter “removes viruses, toxins, pathogens, and bacteria from your bloodstream” with “UV vapors” that “kill(s) viruses on contact.” Vaniman Manufacturing advertised that its air purifier “can greatly help to reduce the spread AND capture the COVID virus in your home or workplace.”

In each case, the FTC reminded the companies that

…it is unlawful under the FTC Act, 15 U.S.C. § 41 et seq., to advertise that a product can prevent, treat, or cure human disease unless you possess competent and reliable scientific evidence, including, when appropriate, well-controlled human clinical studies, substantiating that the claims are true at the time they are made. For COVID-19, no such study is currently known to exist for the product identified above.

The FTC also brought its first court case against a business for making false COVID-19 health claims. In its complaint against Marc Ching, individually and doing business as herbal supplement company Whole Leaf Organics, the FTC asserts that the company’s Thrive herbal supplement was advertised as able to treat, prevent, or reduce the risk of COVID-19. Ads for the Thrive supplement claimed that it is an “antiviral wellness booster” and “the perfect way to strengthen your immune system against pathogens like COVID-19, the Coronavirus.” Thrive’s marketing copy also claimed that the supplement is “safe for daily short-term use to combat ailments like the flu, colds, bronchial infections, fungal and yeast-based issues, as well as the coronavirus.” As the FTC pointed out, however, “there is no competent and reliable scientific evidence that Thrive or any of its ingredients treats, prevents or reduces the risk of COVID-19.”

Because of the urgency of removing fake COVID-19 “cures” from the market, the FTC took the unusual step of asking the United States District Court for the Central District of California for a temporary restraining order and preliminary injunction to prevent interim harm to consumers while it concurrently filed an administrative complaint. The FTC had cause to be concerned that Ching would continue selling his products barring an injunction to stop sale because it was not the first time the government warned him against making unsupported health claims. In November 2019, the FDA sent the company a warning letter for making unapproved new human and animal drug claims for cannabidiol (CBD) products, including cancer-curing claims, contrary to the FD&C Act. The FTC’s complaint also included a count alleging false cancer claims, in addition to the false COVID claims, and false proof claims based on the company’s statements that the products were scientifically or clinically proven.

At a time when consumers are especially anxious about their health and well-being due to the coronavirus, they can be even more vulnerable to false promises about cures and protection. When a business makes unsupported claims that could adversely affect public health and safety in the short term, the government has a strong incentive to act swiftly and forcefully. As the pandemic continues, the vigorous crackdown by federal agencies on companies purporting to sell treatments for the coronavirus is very likely to continue as well. That should be reassuring to businesses that carefully vet claims to assure they are grounded in both facts and applicable regulatory regimes.

Photo of Sheila Millar

Online shopping has taken on greater importance for many people homebound since the coronavirus lockdowns began. And, while many are lounging at home in pajamas and yoga pants, there are still a lot of fashion-conscious shoppers out there anxious to take advantage of bargain prices and speedy deliveries. But how is a stay-at-home fashionista supposed to remain au courant if the clothes she orders are out of style by the time they arrive? The Federal Trade Commission (FTC) has something to say about this. The FTC’s Trade Regulation Rule Concerning the Sale of Mail, Internet or Telephone Order Merchandise (the Mail Order Rule), requires that companies live up to their shipping promises and, to quote fashion guru Tim Gunn, “make it work” or give customers the option to get their money back. On April 21, 2020, the FTC announced a settlement with California retailer Fashion Nova for $9.3 million, the highest sum ever imposed for violations of the Mail Order Rule, for making assurances about its shipping times that came apart at the seams.

The Mail Order Rule bars sellers from soliciting mail, internet, or telephone order sales unless they have a reasonable basis to expect that they can ship the ordered merchandise within the time stated on the solicitation or, if no time is stated, within 30 days. In the event the company cannot ship the goods, it must offer customers the option either to consent to a further delay or to cancel the order and to receive a refund – not simply store credit or a gift card – within a reasonable time.

According to the FTC’s complaint, Fashion Nova made numerous representations about the speed of its shipping. Despite marketing promises of “Free 2 Day Shipping on all U.S. Orders $75 and Up,” “Fast Canada Shipping Only $10,” and “Fast International 6-10 Shipping Only $15,” Fashion Nova failed to deliver the goods. Items were frequently out of stock or materially different from what consumers ordered – for example, a different size, damaged, or used. Moreover, the company failed to provide an expedient way for customers to cancel orders and neglected to issue prompt refunds. The FTC also charged Fashion Nova with making false claims about the speed of its shipping options in violation of Section 5 of the FTC Act.

In addition to the fine, the stipulated order permanently restrains Fashion Nova from making representations about its shipping being faster than 30 days without clearly and conspicuously disclosing, before payment, the date by which the merchandise will be shipped or received.

Even with the inevitable delays caused by increased online shopping during the current pandemic, it is still vital for retailers to ensure they are fulfilling orders in compliance with the Mail Order Rule. Expensive settlements like this one are so last season.

Photo of Sheila MillarPhoto of Tracy Marshall

Canadian company Tapplock, Inc. sells smart locks to the U.S. market that the company advertised as “sturdy,” “secure,” and even “unbreakable.” Tapplock’s assurances that the locks were strengthened with “double-layered lock design” and made with “anti-shim and anti-pry technologies” could be quite an enticement for consumers looking for top-of-the-line connected home security. There was a small problem with Tapplock’s claims, however: three researchers hacked into the locks using several methods – one simply by unscrewing the product’s back panel in a few seconds. The locks are not so smart after all, according to the Federal Trade Commission (FTC), which issued a complaint alleging the company’s locks contained vulnerabilities that made them anything but unbreakable.

Tapplock’s padlocks are fingerprint enabled and open via a mobile app when the user is within Bluetooth range. The app logs usernames, email addresses, profile photos, location history, and geolocation of a user’s smart lock. But researchers found several serious flaws that compromised security. In one case, researchers were able to bypass the account authentication process, gaining full access to the accounts of all Tapplock users and their personal information without being re-directed to the login page. Another vulnerability was the company’s failure to encrypt the Bluetooth communication between the lock and the app, which allowed researchers to lock and unlock nearby Tapplock smart locks. The app also had a flaw that prevented users from effectively revoking access by third parties who were previously authorized.

The FTC alleged that these flaws could have been easily fixed had Tapplock taken reasonable steps to identify possible risks. Standard security measures include conducting vulnerability or penetration testing; taking sufficient measures to detect and prevent users from bypassing authentication procedures to gain access to other users’ accounts; adopting and implementing written data security standards, policies, procedures, or practices; and providing privacy and security training for employees.

Under the proposed settlement terms, Tapplock must implement a comprehensive data security plan that is assessed by an independent third party biennially. The order also prohibits the company from misrepresenting its privacy and security practices.

The FTC’s proposed settlement agreement serves as a reminder that smart device manufacturers must ensure that privacy and security measures are part of the design and that security measures are described accurately. Overselling data security may attract customers in the short term but attracting this kind of attention from the FTC is anything but smart.

Photo of Sheila Millar

While the Federal Trade Commission (FTC)’s recent action against Williams-Sonoma for allegedly false “Made in USA” claims garnered headlines for its $1 million penalty, FTC staff continue to offer insights into the Commission’s enforcement position on such claims through its closing letter process. For example, the FTC sent a closing letter to epoxy manufacturer J-B Weld on March 19, 2020 following a referral from the National Advertising Review Board (NARB) after the company refused to accept all of NARB’s recommendations regarding its “Made in USA” claims. The FTC declined to take further action in light of the advertiser’s remedial steps, including updating packaging for several product lines, removing U.S.-origin “line” claims from its website and social media channels, and requiring third-party sellers to update their information about the origin of the company’s products.

J-B Weld’s U.S. origin claims were challenged by a competitor before the National Advertising Division (NAD). In particular, the objections centered on whether “Made in the USA” claims were proper for J-B Weld’s glues and adhesive products when tubes, caps, syringes, and applicators were foreign-made. Acknowledging that the FTC’s guidance did not expressly address the question of packaging, NAD agreed that the origin of point of sale, paper packaging and “bubble” material typically discarded by consumers was not relevant to the claim, but that the other packaging items were because they were central to how the product was dispensed. NARB agreed with NAD that information on the percentage of the total manufacturing cost represented by the foreign content was necessary to support a domestic origin claim. The advertiser refused to comply, noting that NARB declined to consider information from third-party suppliers not available during the NAD review, and that the cost data was highly confidential. NARB referred the matter to the FTC.

The FTC observed that the company made epoxy and silicone adhesive products in the United States, but also sells cyanoacrylate and other adhesive products that either incorporate significant imported content or are wholly imported. Notably, the FTC commented on the issue of packaging for the product, saying:

While the glue contained in that packaging was “all or virtually all” made in the United States, the packaging itself, which had no independent value to consumers and was typically discarded upon depletion, was not. In the absence of consumer perception evidence showing otherwise, FTC staff finds it is unlikely that reasonable consumers interpreted the unqualified U.S. origin claims on these adhesive products as covering the incidental, discarded packaging.

NAD and NARB rules have been applied strictly to prevent introduction of evidence on appeal, but the FTC will consider additional evidence in the case of a referral and did so in issuing the closing letter.

Photo of Sheila Millar

Home furnishings giant Williams-Sonoma – whose brands include Pottery Barn, Le Creuset, and West Elm – invokes an upscale, modern American lifestyle. Many of its products are marketed not only as “quality” but also “crafted in America.” Consumers who received mattress pads from the Pottery Barn Teen and Kids were therefore surprised to see labels indicating that the products were “Made in China.” The Federal Trade Commission (FTC) wasn’t pleased.

In its complaint against Williams-Sonoma, the FTC alleged that items from its Rejuvenation, Goldtouch Bakeware and items from its Pottery Barn Teens and Pottery Barn Kids lines were advertised as wholly “Made in USA” but were actually made elsewhere. Unfortunately, this was not the first time the FTC received similar complaints. In 2018, the FTC received complaints that Williams-Sonoma’s online ads and promotional materials for Pottery Barn Teen organic mattress pads stated the pads were “Crafted in America from local and imported materials” when the law labels stated the pads were made in China. When the FTC approached Williams-Sonoma about the issue, the company apologized for what it called human error and promised to take immediate steps to rectify its country-of-origin verification process.

However, the following year, the FTC found that the company “continued to disseminate advertisements and promotional materials, including through its website and social media platforms, which deceptively claimed certain categories of Williams-Sonoma products were all or virtually all made in the United States.” Made in the USA claims went beyond mattress pads. The company also touted that its Rejuvenation furniture, Goldtouch Bakeware, and products from its Pottery Barn Teen and Kids lines were “Made in America” or “Made in the USA.” But according to the FTC, “numerous Goldtouch Bakeware products, Rejuvenation-branded products, and Pottery Barn Teen and Pottery Barn Kids-branded upholstered furniture products are wholly imported or contain significant imported materials or components.”

Under the terms of the settlement agreement, Williams-Sonoma will pay a fine of $1 million and is barred from representing that its products are made in the USA unless:

  • The final assembly or processing of the product occurs in the United States, all significant processing that goes into the product occurs in the United States, and all or virtually all ingredients or components of the product are made and sourced in the United States; or
  • A clear and conspicuous qualification appears immediately adjacent to the representation that accurately conveys the extent to which the product contains foreign parts, ingredients, components, and/or processing;
  • For a claim a product is made in the U.S., that the product is last substantially transformed in the United States, the product’s principal assembly takes place in the United States, and United States assembly operations are substantial

Whether an investigation by the FTC involves a U.S.-origin claim or another matter, the lesson of this enforcement action is that companies must deliver on promises to the FTC to take corrective action, and ensure that substantiation and claims of “Made in USA” comply with the FTC’s country of origin rules.

Photo of Boaz I. GreenPhoto of Sheila Millar

With millions of children home due to school closures, the Consumer Product Safety Commission (CPSC) recently issued checklists with guidance on keeping homes safe during this period. Protecting children from accidental ingestion of potentially harmful products found in the home featured prominently in these documents. CPSC’s current focus on poison prevention continues a recent trend of increased enforcement of child-resistant closure requirements under the Poison Prevention Packaging Act (PPPA). We previously noted an uptick in recalls of products containing lidocaine for PPPA violations and predicted that this trend would not only continue but also expand to other products. As we expected, recalls for PPPA violations rose to 14 in 2019. These recalls involved various products, including those containing lidocaine, dietary supplements, prescription medication, and wintergreen essential oils. To date, the CPSC has already announced nine recalls for PPPA violations in 2020, including eight recalls in March for prescription drugs, chemical products and a pain relieving skin cream.

These recent recalls are occurring at a time when supply chains are under tremendous strain due to the COVID-19 crisis. As states and municipalities scramble to contain the coronavirus pandemic, many have shut down all but “essential” services, which threatens to limit the manufacture of packaging and its components. To help guide local decisions on business closures and restrictions, the Cybersecurity and Infrastructure Security Agency’s (CISA) published its Guidance on the Essential Critical Infrastructure Workforce: Ensuring Community and National Resilience in COVID-19 Response on March 19, 2020. As noted in our sister blog, The Daily Intake, the guidance was broad in scope. However, only packaging for Food and Agriculture products was initially expressly covered, despite the critical role that child-resistant closures and packaging play in ensuring the continued supply of numerous essential goods and services. After pushback from business, CISA published version 2.0 of its guidance on March 28, which broadened coverage of the packaging supply chain to include not just Food and Agriculture, but Transportation and Logistics.

Allowing companies manufacturing child-resistant packaging to continue to operate is critical. Restrictions on the ability to manufacture and distribute child-resistant packaging would have resulted in even greater shortages of essential products like medicines and many household cleaners, including sanitizing cleaners.

Despite the strains on supply chains, companies selling medications and household chemicals remain vigilant about maintaining compliance procedures for both the product and the packaging. At a time when market needs are rising, it is vital that new entrants into the cleaning and sanitizing market educate themselves about all regulatory requirements before introducing these products. This will avoid the costs and disruptions of regulatory enforcement should the product or packaging not comply. More importantly, use of proper packaging is crucial to protect children, especially at a time when so many families are confined to their homes.

Photo of JC WalkerPhoto of Sheila Millar

In a notice approved for publication in the Federal Register, the Federal Trade Commission (FTC) advised on March 27, 2020 that it is soliciting feedback on proposed new EnergyGuide label requirements for portable air conditioners. The FTC’s Energy Labeling Rule requires manufacturers to attach yellow EnergyGuide labels to major home appliances and other consumer products to help consumers compare models’ energy usage and costs.

In prior calls for comments on the Energy Labeling Rule, The FTC garnered feedback from industry, consumer groups, and other stakeholders in favor of, or unopposed to, EnergyGuide labels for portable air conditioners. However, a regulatory freeze in January 2017 caused the Department of Energy (DOE) to postpone finalizing efficiency standards for portable air conditioners and the Commission likewise delayed finalizing the label requirements. Now that a new compliance date has been set by the DOE, the Commission proposes requiring EnergyGuide labeling for portable air conditioners to coincide with new DOE efficiency standards for portable air conditioners beginning January 10, 2025.

The FTC also seeks comments on updating the Rule to conform with new DOE energy descriptors for central air conditioners and current requirements for layout, format, and adhesion of EnergyGuide labels.

Comments from interested stakeholders should be submitted 60 days after publication in the Federal Register, which is expected soon.

Photo of Sheila MillarPhoto of Tracy Marshall

As fears escalate over the spread of coronavirus (COVID-19), scared consumers may be more susceptible to claims by companies offering cure-all remedies. The Federal Trade Commission (FTC) and Food and Drug Administration (FDA) are aware and looking out for consumers. The two agencies sent joint warning letters to seven companies – Vital Silver, Quinessence Aromatherapy Ltd., N-ergetics, GuruNanda, LLC, Vivify Holistic Clinic, Herbal Amy LLC, and The Jim Bakker Show – demanding that they immediately stop making unsupported health claims and cease advertising unapproved and misbranded products as medicines.

The warning letters admonish the businesses for violating Section 5 of the Federal Trade Commission Act and the Food, Drug, and Cosmetic Act (FD&C Act). For example, the Jim Bakker Show apparently touted its Silver Solution as “proven … to kill every pathogen it has ever been tested on … and it can kill any of these known viruses.” However, the FDA makes clear that no product currently exists that has been confirmed to treat or cure COVID-19. Products that are not approved by the FDA but marketed as safe and/or effective for the treatment or prevention of a particular virus violate sections 301, 331, and 502 of the FD&C Act. The companies were given 48 hours to respond and outline what steps they are taking to address the issues raised by the FTC and FDA. The letters bluntly advise that failure to immediately correct the violations can result in enforcement action.

In a press release, the FTC confirmed that “coronavirus-related advertising claims will be subject to exacting scrutiny,” including “product names, URLs, metatags, and other ways companies can suggest or imply claims to consumers.” Given the potential harm to consumers who rely on unproven cures to prevent contracting coronavirus, the FDA is taking urgent measures to protect consumers from products that, without approval or authorization, claim to mitigate, prevent, treat, diagnose, or cure COVID-19.

While the FTC and FDA crack down on fraudulent cures, the Environmental Protection Agency (EPA), which has jurisdiction over products classified as pesticides (including anti-microbials and disinfectants), issued a statement that lists certain products as effective against killing coronaviruses on surfaces. The EPA advises potential purchasers to check the EPA registration number to confirm that the product is effective against the specific pathogen of interest.

It’s a point we’ve made before but that bears repeating any time a company states or implies that a product could treat or cure a disease or condition: these claims not only must be backed by competent and reliable scientific testing, but may require FDA approval. Failure to follow these standards of conduct is not just potentially misleading to consumers but could compromise their health. That’s why these types of false claims risk agency action and a lot of bad press.

Photo of Boaz I. GreenPhoto of Sheila Millar

Some months after Environmental Protection Agency (EPA) official Nancy Beck was rumored to be the President’s choice to serve as Chair of the Consumer Product Safety Commission (CPSC), the news is now official. The White House announced Beck’s nomination on March 2, 2020.

Beck’s nomination, if approved by the Senate, would bring the CPSC back to its full complement of five Commissioners and break the political deadlock at the Commission. The departure of CPSC Acting Chair Ann Marie Buerkle, a Republican, last October, and the surprising appointment of Democrat Robert Adler as acting head of the agency, resulted in a 2-2 split along party lines. In an equally divided Commission, there is no natural majority, making rulemaking and other Commission-level decisions more difficult to pass. The Acting Chair has significant authority to direct resources and staff activities in ways that both keep the Commission functioning and affect policy without relying on Commission votes, but the business community has long endorsed a fully functioning slate of CPSC Commissioners. Nominating an individual with years of technical and scientific experience to helm CPSC would bring a new type of expertise to an agency that strives to be data and science driven.

Beck currently serves as the Principal Deputy Assistant Administrator for the Office of Chemical Safety and Pollution Prevention at EPA. She came to EPA after working for the American Chemistry Council and the Washington State Department of Health.