Consumer Protection Connection
Keller and Heckman LLP

Consumer Protection
Connection

Sheila Millar and Boaz Green Author Law360 Article “CPSC Is Shifting Toward Voluntary Standards”

By Sheila Millar and Boaz Green on Posted in Cybersecurity, Privacy, Product Safety

Sheila Millar and Boaz Green discuss CPSC’s activities in 2018 and give their predictions on possible agency actions in the coming year in the Law360 article “CPSC Is Shifting Toward Voluntary Standards” (Feb. 6). Law360 featured the article in its newsletter sections for Consumer Protection, Cybersecurity, and Product Safety. To read the full article, click here. For a pdf version of the article, click here.

Partner Sheila Millar is a frequent contributor to Law360 and an authority in consumer protection law, including product safety, privacy, data security, cybersecurity, and advertising matters. Before joining Keller & Heckman as Counsel, Boaz Green was Chief Counsel to Commissioner Marietta Robinson at the CPSC where he advised on rulemaking, policy, and other agency matters.

For more information, contact:
Sheila A. Millar at millar@khlaw.com or +1 202.434.4143
Boaz Green at green@khlaw.com or +1 202.434.4267.

White House Re-nominates Ann Marie Buerkle for Chair and Commissioner

By Sheila Millar and Boaz Green on Posted in Product Safety

On January 16, 2019, the White House re-nominated Consumer Product Safety Commission (CPSC) Acting-Chair Ann Marie Buerkle to be Chairman, and for another seven-year term as Commissioner. Acting Chair Buerkle was first nominated in July of 2017, and re-nominated in January of last year, but the Senate did not act on these nominations.

The business community has been very supportive of Ms. Buerkle’s nomination. As Acting Chair, Buerkle has worked hard to secure funding for the agency and has shown a relatively light hand in making policy and personnel changes. She has also repeatedly stated her interest in working collaboratively with all stakeholders to advance consumer product safety. Acting Chair Buerkle has voiced a strong preference for voluntary over mandatory standards, which the business community sees as a more flexible and adaptable approach. Under her leadership, the CPSC has also shown willingness to take a more creative approach to dealing with potential hazards, as shown in the recent settlement of litigation lodged against a jogging stroller manufacturer, Britax, which resulted in a plan for a robust educational campaign, coupled with consumer incentives, without forcing the company to label the corrective action as a “recall.”

Acting Chair Buerkle is now in her holdover year as a Commissioner, and the Senate will have to act on the nomination before October if she is to remain on the Commission. Doing so will help avoid regulatory uncertainty for all stakeholders, including CPSC’s staff and management.

 

Supplement Company Settles with FTC Over Diabetes Pill Marketing Claims

By Sheila Millar and Tracy Marshall on Posted in Advertising

Any product purporting to be a panacea for a serious health issue needs serious evidence to back up such a promise. Take Nobetes, a dietary supplement touted as “the miracle product [diabetics have] been waiting for.” The company and its two principal officers claimed Nobetes lowered blood sugar and reduced the need for insulin. They even had a “doctor” endorse the product on TV.

The Federal Trade Commission (FTC) doesn’t believe in miracle products, however. The FTC’s complaint alleges that between 2015 and 2018, Nobetes Corporation and its officers marketed and sold Nobetes on television, radio, and social media in violation of Sections 5(a) and 12 of the FTC Act, which prohibit unfair or deceptive acts or practices and false advertisements for food, drugs, devices, services, or cosmetics. Among the unsubstantiated claims made in the ads were that Nobetes can “control blood sugar within normal levels” and “fill the nutritional shortages that diabetes causes.” The company failed to provide scientific evidence to support the claims, even after the Food and Drug Administration (FDA) warned the company in 2016 that it needed to back up such assertions with reliable scientific evidence.

In addition, one of the television ads used consumer testimonials from people who stated that they were able to reduce their insulin intake with Nobetes. The company failed, however, to disclose that the consumers featured in the ads were being compensated with free products in exchange for their testimonials and that the “doctor” endorsing Nobetes in the same ad was in fact a paid actor. This violates the FTC’s Endorsement and Testimonial Guides, which require that any connection between an advertiser and an endorser that might materially affect the weight or credibility of the endorsement be fully disclosed.

But wait, there’s more! Consumers were offered a two-for-one deal that required them to give a credit card number to only to cover shipping and handling costs of $6.95. Yet, according to the FTC, the company then used the credit card numbers to automatically enroll customers in a continuity program, charging a $29.95 monthly fee without their authorization.

The FTC charged the company and its officers with making unsubstantiated health claims, using fake “experts” to endorse the product, neglecting to disclose material connections between spokespersons and the company, failing to disclose the terms of “free trial” offers, and billing customers without their consent. Under the terms of the settlement order, the company is required to pay a fine of $182,000 and its officers are permanently barred from advertising or selling Nobetes or any other diabetes product. They are also prohibited from using false endorsements, making unsubstantiated health claims, billing consumers without their consent, and misrepresenting the terms of any free trial or other special offer.

The FTC has been active in enforcing the Endorsement and Testimonial Guides. Just last year, the agency sent out letters to 90 marketers and their influencers warning them of their obligation to clearly and conspicuously disclose their relationships when promoting or endorsing products through social media. The Nobetes settlement is a reminder for companies to familiarize themselves with the FTC’s rules, regulations, and guidelines when marketing their goods and services and ensure that any product claims are backed up by credible evidence.

CPSC Settles with Britax over Allegedly Defective Strollers

By Sheila Millar on Posted in Product Safety

The U.S. Consumer Product Safety Commission (CPSC) settled an administrative lawsuit against Britax Child Safety, Inc. over claims that some models of their B.O.B. jogging strollers present a substantial product hazard due to an alleged design defect. As we previously reported, the suit was filed in February 2018 after reports that the front wheel of the strollers can detach during use if consumers don’t fully engage the quick-release mechanism for attaching the front wheels. Britax opposed a recall, arguing that the problem was caused by user error rather than any design flaw.

Under the terms of the consent agreement, Britax will develop and launch an information campaign that will include an instructional video demonstrating how to safely and correctly operate the quick release on the front wheel of the strollers. All purchasers of covered B.O.B. strollers can receive a 20% discount towards purchase of a new stroller. Alternatively, consumers can receive a free replacement thru-bolt or modified quick release mechanism instead of the discount. The remedy offered by Britax is not a recall, and Britax did not admit that the strollers contain a defect or are a substantial product hazard.

The agreement was approved by a vote of 3-2. Two commissioners, Robert Adler and Elliot Kaye, who voted in favor of filing the lawsuit, dissented. In a joint statement, Adler and Kaye argued, among other things, that the remedy offered under the agreement should have been characterized as a “recall.”

The agreement reached between the CPSC and Britax offers a creative solution to the problem of consumer misuse of these strollers. It allows the company to avoid the headaches associated with characterizing a constructive industry response to perceived safety concerns as a “recall” while continuing to allow consumers to operate the stroller safely with no loss to utility or value. The agreement is a welcome sign that the CPSC may be open, where appropriate, to innovative resolutions that advance safety without the undue burdens of a recall.

FTC Releases Cybersecurity Resources for Small Businesses

By Sheila Millar and Tracy Marshall on Posted in Cybersecurity, Data Security, Privacy

Small businesses face the same cybersecurity risks as large multinationals but lack a large IT infrastructure to help protect themselves. At the direction of former Federal Trade Commission (FTC) Acting Chairman Maureen Ohlhausen, the FTC launched a new cybersecurity campaign aimed at helping small businesses navigate the ever-evolving cyber landscape, coordinated with the Department of Homeland Security (DHS), the National Institute of Standards and Technology (NIST), and the Small Business Administration (SBA). More information about the program and upcoming events is available at the FTC’s website.

Earlier this year, FTC staff published a report detailing the resources available to help small organizations. FTC staff also held several workshops and a result of feedback, the agency developed a series of modules that cover the following topics: Cybersecurity Basics, Understanding the NIST Cybersecurity Framework, Physical Security, Ransomware, Phishing, Business Email Imposters, Tech Support Scams, Vendor Security, Cyber Insurance, Email Authentication, Hiring a Web Host, and Secure Remote Access.

Implementing security mechanisms that are tailored to an organization’s size and risk exposure can be complex. However, the FTC modules and report provide a useful starting point for smaller businesses looking for practical guidance on handling a range of cybersecurity and data protection matters.

National Privacy Legislation May be on the Horizon

By Sheila Millar and Tracy Marshall on Posted in Privacy

The recent passage of the California Consumer Privacy Act (CCPR) earlier this summer and the entry into force of the General Data Protection Regulation (GDPR) last May has put consumer privacy squarely on the national agenda. Now there are signs that government is responding. While a number of privacy bills have been introduced in Congress that never made it out of committee, Senator John Thune (R-SD), the ranking Republican on the Senate Commerce Committee, recently indicated this may be changing. Thune opened a recent hearing of the Committee at which Google, Amazon, Twitter and AT&T commented that both Republicans and Democrats support a national privacy law, but noted: “the question is what shape that law should take.” The companies testifying expressed support for preemptive federal legislation that gives consumers more control over their data and stresses transparency, but avoids a one-size-fits-all approach that might stifle innovation.

In the wake of the hearing, the U.S. Department of Commerce National Telecommunications and Information Administration (NTIA) is now seeking comments on several high-level goals that are intended to protect consumer privacy while encouraging innovation. The strategy outlined in the Request for Comments is “outcome-based” rather than prescriptive and offers seven key objectives:

  1. The collection, use, sharing and storage of personal data should be transparent;
  2. Users should be able to exercise reasonable control over the collection, use, storage, and disclosure of their personal data;
  3. Data minimization principles should apply;
  4. Organizations should ensure safeguards are in place to protect personal data from loss and unauthorized use;
  5. Consumers should have the right to rectify and delete their personal data;
  6. Privacy tools should be flexible enough to encourage innovation while also protecting consumer data;
  7. Organizations should be accountable for data processing activities.

Comments are due to NTIA by October 26, 2018.

A number of trade associations, fearing unduly prescriptive federal legislation or a patchwork of state privacy laws, have also weighed in. The Chamber of Commerce, The Internet Association and other organizations recently published privacy proposals that call for preemptive, process-driven rules, themes that were echoed during the recent Commerce committee hearing. Senator Thune stated that a second hearing will take place starting in early October at which Alastair Mactaggart, the driving force behind the California ballot initiative whose withdrawal resulted in enactment of the CCPA, and European Data Protection Board (EDPB) Chairwoman Andrea Jelinek will testify.

Privacy legislation will likely continue to be a hot topic for the rest of the year, and for the new Congress in January, and we anticipate that state legislatures will also be looking at privacy and data security in 2019.

Agency Comings and Goings

By Sheila Millar, Tracy Marshall and Boaz Green on Posted in Data Security, Privacy, Product Safety

This week has seen several significant changes at the Commission level at both the Consumer Product Safety Commission (CPSC) and the Federal Trade Commission (FTC).

CPSC

After several months of stasis, the Senate voted to confirm Peter Feldman as a Commissioner on the CPSC, with a term expiring October 26, 2019. Feldman takes the place of Joseph Mohorovic, who resigned in October 2017. The Senate is also expected to approve Feldman’s nomination for a second term of 7 years shortly, which would expire in 2026.

Feldman, a Republican, will fill out the slate of commissioners at CPSC, giving the Republicans a 3-2 majority at the Commission for the first time since 2006. Acting Chair Ann Marie Buerkle still awaits confirmation as permanent Chair and for another seven-year term since her renomination to both posts by President Trump in January. Buerkle’s term formally ends in October, although she can hold over for one year.

FTC

At the FTC, Christine Wilson was sworn in as commissioner on September 26, 2018, replacing former Acting Chair and Commissioner Maureen Ohlhausen, whose term ended September 25. Ohlhausen worked for the FTC for the better part of 20 years, first as a staffer from 1998-2008 and then as director of the Office of Policy Planning. She was nominated by President Obama in 2012 and confirmed as a commissioner. Ohlhausen became Acting Chair in January 2017 when Edith Ramirez resigned her Chairmanship following the 2016 presidential election. Under Ohlhausen’s leadership, the FTC brought 20 privacy-related actions, including its first case relating to smart toys. In addition, the agency brought or settled over 138 cases that resulted in $300 million in compensation paid to 3.7 million people and refunds to consumers amounting to $6 million.

Wilson, a Republican, previously served at the FTC as Chief of Staff to Chairman Tim Muris during the George W. Bush administration. Prior to her tenure at the FTC, Wilson practiced as an attorney specializing in consumer protection and competition at law firms Kirkland & Ellis LLP and O’Melveny & Myers LLP. Phillips’ term will run until September 2023.

NIST Launches Development of Voluntary Privacy Risk Management Framework

By Sheila Millar and Tracy Marshall on Posted in Cybersecurity, Data Security, Privacy

The National Institute of Standards and Technology (NIST) has launched a collaborative effort to develop a voluntary framework that will help organizations manage privacy risks and protect consumer privacy when developing and using innovative technologies. According to NIST, a robust cybersecurity program can help manage risks, but organizations need customizable tools for addressing the challenges posed by an increasingly connected environment. The intent is to “bridge the gaps between privacy professionals and senior executives so that organizations can respond effectively to these challenges without stifling innovation.”

The privacy framework, which will be designed through an open process of stakeholder engagement to provide solutions for a wide range of organizations, is modeled on NIST’s Cybersecurity Framework. Alongside NIST, the National Telecommunications and Information Administration is leading the development of a set of privacy principles in coordination with the International Trade Administration.

Starting in October, NIST will convene a series of workshops to gather input from stakeholders. Organizations that wish to weigh on the direction of the framework can find events here.

FTC Approves ESRB’s Updated COPPA Safe Harbor Program

By Sheila Millar and Tracy Marshall on Posted in Data Security, Privacy

The Federal Trade Commission (FTC) approved modifications to the video game industry’s Children’s Online Privacy Protection Act (COPPA) program. Earlier this year, the Entertainment Software Ratings Board (ESRB) proposed several substantive changes intended to take account of recent FTC COPPA rules and guidance.

To receive FTC approval, COPPA safe harbor programs must “implement substantially similar requirements that provide the same or greater protections for children as those contained in the Rule; (2) an effective mandatory mechanism for the independent assessment of the safe harbor program participants’ compliance with the guidelines; and (3) disciplinary actions for noncompliance by safe harbor participants.”

Five NGOs and individuals submitted comments during a public comment period on a number of ESRB’s proposed changes, including amending the definition of “personal information and data,” ensuring that links to privacy statements be prominent and clearly labeled, and clarifying the program’s data minimization requirements. ESRB also revised the program to incorporate FTC enforcement guidance on how voice data was handled. The FTC approval letter noted that ESRB made revisions to address certain objections raised by three of the NGOs.

The Commission vote to approve the changes to ESRB’s COPPA safe harbor program was unanimous.

23 California DAs Obtain $1.5 Million Settlement for Deceptive Biodegradable Claims

By Sheila Millar and JC Walker on Posted in Litigation

Environmentally conscious consumers often look for products advertised as “green.” But labeling plastic products as “biodegradable” may land you on the legal compost heap if you can’t meet federal and state regulations governing green marketing. Amazon was just the latest company to find itself in the crosshairs when 23 California district attorneys charged that it violated state law when it marketed and sold products labeled “biodegradable” or “compostable.” Amazon settled the lawsuit for $1.5 million.

Most advertisers interested in degradability and similar claims should be familiar with the requirements in the FTC’s Guides for the Use of Environmental Marketing Claims. Advertisers also need to be aware of 2011 amendments to the California Public Resources Code restricting green claims for plastic products. The California law prohibits businesses from selling plastic goods that are labeled “compostable,” “biodegradable,” “degradable,” or other wording that implies the product will break down in a landfill or other environment, unless the product meets specific standards set forth in the law. There are differences, however, in how the FTC and the state of California view available standards from a substantiation standpoint.

Under the settlement, Amazon is prohibited from selling plastic products labeled as “biodegradable” or “compostable” if the product has not been certified as such in accordance with California’s requirements. In addition, the company will pay CalRecycle, the state agency responsible for recycling, $50,000 to test plastic products that are advertised as compostable or degradable.

California has shown itself to be an aggressive enforcer against misleading green marketing claims. In the last few years, the state has pursed legal action against several companies for alleged deceptive green labeling, settling claims against ENSO Plastics in 2013 with an $18,000 fine, and obtaining agreed-to penalties of $27,000 and $940,000 against Overstock.com and Walmart, respectively, in 2017. It is worth noting that any penalties received under the California law go directly to the jurisdiction that brings suit, providing DAs with an incentive to pursue degradable and compostable claims.

Any advertiser interested in developing and marketing products that are degradable or compostable should pay special attention to the requirements of both federal and state laws since they do not always align. In particular, it is essential for businesses to fully understand the nuances of FTC guidance and California law in assessing how they substantiate their claims.

.
Consumer Protection Connection

We and our analytics and advertising providers may use cookies and similar technologies to enhance the browsing experience, facilitate sharing of content, and generate statistics about use of the website. For more information or to change your preferences, click here.

I Agree