FTC Continues Focus on “Made in America” Claims

By Sheila Millar on April 24, 2019 Posted in Advertising

Making the same false country-of-origin claims that initially resulted in a Federal Trade Commission (FTC) consent order is a good way to land a company with substantial civil penalties and corrective advertising obligations. iSpring Water Systems LLC found this out the hard way. Instead of complying with its earlier promise not to falsely advertise its products as made in the USA, the water filtration systems company breached a 2017 administrative order. Ispring is now on the hook for $110,000 in civil penalties.

Sold online and in major retailers, iSpring water filtration systems were marketed as “Designed and crafted in USA” and “Proudly Built in the USA.” The problem with this advertising, however, is that the product was actually being manufactured in China. In 2017, the company settled an FTC complaint, agreeing not to make such claims unless it could provide evidence that all significant processing was USA-based and that nearly all components were made here. That promise went down the drain.

The proposed settlement contains an admission of liability after the company’s owner and officer admitted falsely advertising that the filtration systems were USA-made In addition to paying the civil penalty, the new order imposes a corrective advertising remedy: iSpring must identify and notify all consumers who purchased iSpring products between March 10, 2018 and July 15, 2018 that the company made misleading claims about country of origin. This is the type of corrective advertising remedy used in a series of false “VOC-free” claims we previously described. The company is also required to submit to compliance reporting and monitoring for 20 years.

The FTC also approved final consent orders in two other “Made in America” cases we reported on last year, involving hockey puck manufacturer Patriot Puck and recreational gear companies Sandpiper and PiperGear USA, Inc.

The orders prohibit Patriot Puck, Sandpiper and Piper from making misleading or deceptive Made in the USA statements. To make a “Made in the USA” claim the advertiser must show that:

The product’s final assembly or processing occurs in the United States, all significant processing occurs in the United States, and all or virtually all ingredients or components of the product are made and sourced in the United States; or
A clear and conspicuous qualification appears immediately adjacent to the representation that accurately conveys the extent to which the product contains foreign parts, ingredients or components, and/or processing. To make an “Assembled in the USA” claim the advertiser must show that the product is last substantially transformed in the United States, its principal assembly takes place in the United States, and its U.S. assembly operations are substantial.

The FTC continues to target companies that make misleading or unsubstantiated Made in the USA claims. Businesses making US-origin claims would do well to consult the FTC’s Enforcement Policy Statement on U.S. Origin Claims to avoid winding up in hot water with the Commission.

FTC’s 2018 Data Privacy and Security Update Highlights Enforcement

By Sheila Millar and Tracy Marshall on April 1, 2019 Posted in Cybersecurity, Data Security, Enforcement

The Federal Trade Commission (FTC) recently released its annual report highlighting its work on privacy and data security during 2018. The FTC initiated five enforcement actions arising out of data breaches and nine data privacy enforcement actions in 2018, including cases against online payment system Venmo and mobile phone maker BLU for misrepresenting their privacy protections and providing inadequate security. One of the most high-profile enforcement actions of 2018 was the FTC’s expanded settlement with Uber, which stemmed from a major data breach in 2016 that the company failed to report for over a year. The FTC also launched an investigation into whether Facebook violated its consent decree with the agency when it shared the personal information of its users with political research firm Cambridge Analytica.

On children’s privacy issues, the FTC settled with two companies for violations of the Children’s Online Privacy Protection Act (COPPA), including the agency’s first case involving connected toys, against toy manufacturer VTech, and another case against talent agency Explore Talent. The FTC alleged that both companies failed to obtain parental consent before collecting personal information from hundreds of thousands of children under 13 and failed to provide the required notice of their privacy policies. The FTC also sent letters to two watch manufacturers, Gator Group Co., Ltd. and Tinitell, Inc., warning them that their children’s smart watches must comply with COPPA. The agency alleged that the companies failed to provide proper notice about their personal information collection practices and obtain verifiable parental consent before collecting personal information of children under 13.

In November of last year, the FTC launched a series of public hearings on Competition and Consumer Protection in the 21st Century which are ongoing and examine the intersection of big data, privacy, and competition. The FTC also held its third annual PrivacyCon, which brings together a range of stakeholders to discuss trends and developments in consumer privacy and security.

On the policy front, several FTC commissioners testified before the Senate Commerce Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security, the House Energy and Commerce Subcommittee on Digital Commerce and Consumer Protection, and the Senate Banking, Housing and Urban Affairs Committee. Recurrent themes in their testimony included a push for greater rulemaking and enforcement powers for the FTC and the need for national data privacy legislation. FTC staff submitted a comment to the Consumer Product Safety Commission (CPSC) on the potential safety risks and hazards related to connected consumer products in which the FTC which recommended that: (1) CPSC consider how companies might better communicate with customers regarding notifications and recalls for Internet of Things (IoT) devices; (2) CPSC’s approach should be technology-neutral and flexible; and (3) any certification requirements for IoT devices should require manufacturers to publicly set forth the standards to which they adhere.

With COPPA under review following the recent introduction of a bill to modify its provisions and the debate over national privacy and data security legislation raising the possibility of greater FTC powers, 2019 is shaping up to be a very busy year for the agency.

Significant Changes Ahead for COPPA?

By Sheila Millar and Tracy Marshall on March 27, 2019 Posted in Cybersecurity, Privacy

As expected, 2019 is shaping up to be the year for privacy reforms, including possible amendments to the 20-year old Children’s Online Privacy Protection Act (COPPA). Senators Edward Markey (D-Mass) and Josh Hawley (R-MO) have introduced legislation that would expand COPPA’s scope to offer new protections to minors age 13-15, establish new limitations on collecting personal information on children and minors, and create a new division within the Federal Trade Commission (FTC) charged with overseeing marketing directed at children and minors, among other things.

For insight into the COPPA Amendments see Keller and Heckman’s March 25, 2019 Client Alert “Senators Markey and Hawley Introduce Bill to Expand COPPA” authored by Privacy Partners Sheila Millar and Tracy Marshall.

California Consumer Privacy Act: Your at-a-glance guide to key business obligations

By Sheila Millar and Tracy Marshall on March 25, 2019 Posted in Privacy

The California Consumer Privacy Act of 2018 (CCPA) gives California residents new rights and imposes new obligations on companies doing business in California, effective January 1, 2020. Keller and Heckman LLP Privacy and Security Partners Sheila Millar and Tracy Marshall have provided an overview to help businesses understand the new requirements.

Since publication of the guide, the California Attorney General and State Senator Jackson proposed an amendment to the CCPA that would (1) extend the private right of action to any individual whose rights are violated, and not just individuals whose information is subject to a data breach, and (2) remove the 30-day period for businesses to cure an alleged violation before the private right of action can be exercised. Additional amendments are possible before the new law takes effect next year.

Download a copy of the Guide here.

Company Settles “Natural” Class Action Claims for $1.5 Million

By Sheila Millar on March 19, 2019 Posted in Advertising, Labeling

A recent class action lawsuit that claimed a manufacturer misrepresented its laundry detergent products as “all natural” when they, in fact, contained synthetic ingredients, has resulted in a $1.5 million settlement. A New York federal court gave preliminary approval to the settlement, which also requires the company to add qualifying language that states “contains naturally derived and other ingredients” and to add a “USDA Certified Bio-Based” label. The company must modify its website content to reflect the labeling changes and refrain from selling products that do not adhere to the new labeling mandates. Importantly, the settlement does not constitute an admission of liability by the company.

With the increase in interest in environmental claims, it is a useful time to briefly review the Federal Trade Commission (FTC) Green Guides. First published in 1992 (the guides were updated and revised in 1996, 1998, and 2012), the Guides provide guidance on ways to properly structure many specific environmental claims so that they are not deemed misleading to consumers under Section 5 of the FTC Act. The Green Guides provide guidance on 1) general principles that apply to all environmental marketing claims; 2) how consumers are likely to interpret particular claims; and 3) how marketers can substantiate and qualify their claims to avoid deceiving consumers.

While “natural” claims are not specifically addressed by the Green Guides, the FTC has made clear it will vigorously pursue businesses that do not substantiate such claims, as it did when it took enforcement action against four companies for misrepresenting their products as “All-Natural” or “100% Natural” when they contained man-made ingredients. In a response to a submitted comment on the proposed orders settling those actions, the FTC rejected the suggestion that the term “natural” means the same thing as “all natural,” but the agency also stated:

…the order protects consumers by prohibiting “natural” and other composition claims unless they are true and not misleading. For example, if an advertisement states that a product is “natural,” and if reasonable consumers would interpret that advertisement as a whole to imply that the product is “all natural,” this claim would violate the order unless it is true and not misleading.

Certain claims, such as “organic,” “all-natural,” and “x-chemical-free” resonate with consumers seeking products that they think might be healthier or better for the environment. Generally, claims that are material to a consumer’s decision to buy a product – including environmental claims – must be supported by competent and reliable evidence and qualified to the extent necessary. As FTC enforcement actions and court and self-regulatory challenges illustrate, regulators, competitors, and class action lawyers are taking aim at green claims, and advertisers are well-advised to take note.

Sheila Millar and Boaz Green Author Law360 Article “CPSC Is Shifting Toward Voluntary Standards”

By Sheila Millar and Boaz Green on February 7, 2019 Posted in Cybersecurity, Privacy, Product Safety

Sheila Millar and Boaz Green discuss CPSC’s activities in 2018 and give their predictions on possible agency actions in the coming year in the Law360 article “CPSC Is Shifting Toward Voluntary Standards” (Feb. 6). Law360 featured the article in its newsletter sections for Consumer Protection, Cybersecurity, and Product Safety. To read the full article, click here. For a pdf version of the article, click here.

Partner Sheila Millar is a frequent contributor to Law360 and an authority in consumer protection law, including product safety, privacy, data security, cybersecurity, and advertising matters. Before joining Keller & Heckman as Counsel, Boaz Green was Chief Counsel to Commissioner Marietta Robinson at the CPSC where he advised on rulemaking, policy, and other agency matters.

For more information, contact:
Sheila A. Millar at millar@khlaw.com or +1 202.434.4143
Boaz Green at green@khlaw.com or +1 202.434.4267.

White House Re-nominates Ann Marie Buerkle for Chair and Commissioner

By Sheila Millar and Boaz Green on January 18, 2019 Posted in Product Safety

On January 16, 2019, the White House re-nominated Consumer Product Safety Commission (CPSC) Acting-Chair Ann Marie Buerkle to be Chairman, and for another seven-year term as Commissioner. Acting Chair Buerkle was first nominated in July of 2017, and re-nominated in January of last year, but the Senate did not act on these nominations.

The business community has been very supportive of Ms. Buerkle’s nomination. As Acting Chair, Buerkle has worked hard to secure funding for the agency and has shown a relatively light hand in making policy and personnel changes. She has also repeatedly stated her interest in working collaboratively with all stakeholders to advance consumer product safety. Acting Chair Buerkle has voiced a strong preference for voluntary over mandatory standards, which the business community sees as a more flexible and adaptable approach. Under her leadership, the CPSC has also shown willingness to take a more creative approach to dealing with potential hazards, as shown in the recent settlement of litigation lodged against a jogging stroller manufacturer, Britax, which resulted in a plan for a robust educational campaign, coupled with consumer incentives, without forcing the company to label the corrective action as a “recall.”

Acting Chair Buerkle is now in her holdover year as a Commissioner, and the Senate will have to act on the nomination before October if she is to remain on the Commission. Doing so will help avoid regulatory uncertainty for all stakeholders, including CPSC’s staff and management.

Supplement Company Settles with FTC Over Diabetes Pill Marketing Claims

By Sheila Millar and Tracy Marshall on December 27, 2018 Posted in Advertising

Any product purporting to be a panacea for a serious health issue needs serious evidence to back up such a promise. Take Nobetes, a dietary supplement touted as “the miracle product [diabetics have] been waiting for.” The company and its two principal officers claimed Nobetes lowered blood sugar and reduced the need for insulin. They even had a “doctor” endorse the product on TV.

The Federal Trade Commission (FTC) doesn’t believe in miracle products, however. The FTC’s complaint alleges that between 2015 and 2018, Nobetes Corporation and its officers marketed and sold Nobetes on television, radio, and social media in violation of Sections 5(a) and 12 of the FTC Act, which prohibit unfair or deceptive acts or practices and false advertisements for food, drugs, devices, services, or cosmetics. Among the unsubstantiated claims made in the ads were that Nobetes can “control blood sugar within normal levels” and “fill the nutritional shortages that diabetes causes.” The company failed to provide scientific evidence to support the claims, even after the Food and Drug Administration (FDA) warned the company in 2016 that it needed to back up such assertions with reliable scientific evidence.

In addition, one of the television ads used consumer testimonials from people who stated that they were able to reduce their insulin intake with Nobetes. The company failed, however, to disclose that the consumers featured in the ads were being compensated with free products in exchange for their testimonials and that the “doctor” endorsing Nobetes in the same ad was in fact a paid actor. This violates the FTC’s Endorsement and Testimonial Guides, which require that any connection between an advertiser and an endorser that might materially affect the weight or credibility of the endorsement be fully disclosed.

But wait, there’s more! Consumers were offered a two-for-one deal that required them to give a credit card number to only to cover shipping and handling costs of $6.95. Yet, according to the FTC, the company then used the credit card numbers to automatically enroll customers in a continuity program, charging a $29.95 monthly fee without their authorization.

The FTC charged the company and its officers with making unsubstantiated health claims, using fake “experts” to endorse the product, neglecting to disclose material connections between spokespersons and the company, failing to disclose the terms of “free trial” offers, and billing customers without their consent. Under the terms of the settlement order, the company is required to pay a fine of $182,000 and its officers are permanently barred from advertising or selling Nobetes or any other diabetes product. They are also prohibited from using false endorsements, making unsubstantiated health claims, billing consumers without their consent, and misrepresenting the terms of any free trial or other special offer.

The FTC has been active in enforcing the Endorsement and Testimonial Guides. Just last year, the agency sent out letters to 90 marketers and their influencers warning them of their obligation to clearly and conspicuously disclose their relationships when promoting or endorsing products through social media. The Nobetes settlement is a reminder for companies to familiarize themselves with the FTC’s rules, regulations, and guidelines when marketing their goods and services and ensure that any product claims are backed up by credible evidence.

CPSC Settles with Britax over Allegedly Defective Strollers

By Sheila Millar on December 10, 2018 Posted in Product Safety

The U.S. Consumer Product Safety Commission (CPSC) settled an administrative lawsuit against Britax Child Safety, Inc. over claims that some models of their B.O.B. jogging strollers present a substantial product hazard due to an alleged design defect. As we previously reported, the suit was filed in February 2018 after reports that the front wheel of the strollers can detach during use if consumers don’t fully engage the quick-release mechanism for attaching the front wheels. Britax opposed a recall, arguing that the problem was caused by user error rather than any design flaw.

Under the terms of the consent agreement, Britax will develop and launch an information campaign that will include an instructional video demonstrating how to safely and correctly operate the quick release on the front wheel of the strollers. All purchasers of covered B.O.B. strollers can receive a 20% discount towards purchase of a new stroller. Alternatively, consumers can receive a free replacement thru-bolt or modified quick release mechanism instead of the discount. The remedy offered by Britax is not a recall, and Britax did not admit that the strollers contain a defect or are a substantial product hazard.

The agreement was approved by a vote of 3-2. Two commissioners, Robert Adler and Elliot Kaye, who voted in favor of filing the lawsuit, dissented. In a joint statement, Adler and Kaye argued, among other things, that the remedy offered under the agreement should have been characterized as a “recall.”

The agreement reached between the CPSC and Britax offers a creative solution to the problem of consumer misuse of these strollers. It allows the company to avoid the headaches associated with characterizing a constructive industry response to perceived safety concerns as a “recall” while continuing to allow consumers to operate the stroller safely with no loss to utility or value. The agreement is a welcome sign that the CPSC may be open, where appropriate, to innovative resolutions that advance safety without the undue burdens of a recall.

FTC Releases Cybersecurity Resources for Small Businesses

By Sheila Millar and Tracy Marshall on October 24, 2018 Posted in Cybersecurity, Data Security, Privacy

Small businesses face the same cybersecurity risks as large multinationals but lack a large IT infrastructure to help protect themselves. At the direction of former Federal Trade Commission (FTC) Acting Chairman Maureen Ohlhausen, the FTC launched a new cybersecurity campaign aimed at helping small businesses navigate the ever-evolving cyber landscape, coordinated with the Department of Homeland Security (DHS), the National Institute of Standards and Technology (NIST), and the Small Business Administration (SBA). More information about the program and upcoming events is available at the FTC’s website.

Earlier this year, FTC staff published a report detailing the resources available to help small organizations. FTC staff also held several workshops and a result of feedback, the agency developed a series of modules that cover the following topics: Cybersecurity Basics, Understanding the NIST Cybersecurity Framework, Physical Security, Ransomware, Phishing, Business Email Imposters, Tech Support Scams, Vendor Security, Cyber Insurance, Email Authentication, Hiring a Web Host, and Secure Remote Access.

Implementing security mechanisms that are tailored to an organization’s size and risk exposure can be complex. However, the FTC modules and report provide a useful starting point for smaller businesses looking for practical guidance on handling a range of cybersecurity and data protection matters.