Photo of Sheila MillarPhoto of Tracy Marshall

Protecting the online privacy of children by enforcing the Children’s Online Privacy Protection Act (COPPA) continues to be of paramount importance to federal and state regulators. In addition to the Federal Trade Commission (FTC), several state attorneys general (AGs) have brought COPPA actions recently, including the New Mexico and California AGs, and, most notably, the New York AG, who in 2019 worked in concert with the FTC to obtain a record civil penalty against YouTube for alleged COPPA violations. The latest COPPA enforcement action comes from Washington State AG Bob Ferguson, who announced a $100,000 settlement with California-based technology company Super Basic LLC and its parent company, Maple Media LLC, on June 24, 2020.

COPPA applies to operators of websites and online services that collect personal information from children, defined as under 13. Operators may not collect personal information from children without first obtaining verifiable parental consent. AG Ferguson charged that the social media platform We Heart It, operated by Super Basic and Maple Media, collected and disclosed children’s personal information without parental consent, in violation of COPPA. The complaint also asserted that the conduct amounted to an unfair or deceptive business practice under the Washington Consumer Protection Act.

According to the AG’s complaint, We Heart It, which has some 500,000 active monthly users across the United States, hosts a number of channels whose content is designed to appeal to children, such as fan pages for Disney, Harry Potter, DC Comics, and Pokemon. The platform also has its own website where users can create an account and profile, and the default setting on the platform meant that user profiles, including those of children, were public and could be seen by any user. When an account was created, We Heart It collected an email address, name, and username, as well as persistent identifiers, including cookies, IP address, iOS advertising ID, and Android advertising ID. It also permitted third party advertising networks to collect persistent identifiers. In addition, We Heart It collected metadata from uploaded photos that sometimes included geolocation data. The AG contended that the platform did not implement an age gate or obtain parental consent prior to the collection of children’s personal information.

In addition to the $100,000 settlement, Super Basic and Maple Media will be subject to $400,000 in penalties if the companies violate the terms of the consent decree. On top of the fine, the consent decree mandates that the companies set up an age gate to prevent children under 13 from creating accounts without parental consent, and the companies must delete or remove any information collected from children under 13 immediately upon learning that an age gate has been breached. The consent decree requires that the companies operate within the rules of COPPA, including by providing direct notice to parents of the companies’ data collection and disclosure practices; obtaining verifiable parental consent prior to collecting personal information from children under 13; deleting children’s personal information upon request from a parent; and retaining children’s personal information no longer than necessary to achieve the purpose for which it was collected. In addition, the companies must audit users’ profiles, tags, posts, and activity where content is relevant to or directed to children or where the companies have actual knowledge of use by children. Super Basic and Maple Media must also submit a detailed compliance report to the AG’s Office within 15 months.

The FTC’s determination in the FTC-YouTube settlement that a general audience platform has responsibilities under COPPA if content channels are directed to children has obviously caught the attention of regulators at both the national and state level. Protecting the online privacy of children by enforcing COPPA continues to garner intense interest in the age of COVID-19, particularly when many children are engaging more than ever with digital media. It is therefore unsurprising that state AGs are watching closely whether platforms that may attract children are complying with COPPA.

Photo of Sheila Millar

The Federal Trade Commission (FTC) has for some years targeted deceptive Made in USA claims as an enforcement priority, as we have previously discussed (see our most recent blog post on Made in USA here). Since 1999, the FTC has brought 28 enforcement actions against companies falsely claiming their products were American made. The Commission also sent closing letters to more than 150 businesses after they agreed to remove the offending statements.

Even though Made in USA cases frequently attract FTC scrutiny, no existing federal rule specifically governs such claims, although Congress authorized FTC rulemaking to address Made in USA claims on “labels or equivalent thereof” when it enacted Section 45a of the FTC Act. Instead, the FTC’s 1997 Enforcement Policy Statement on U.S.-Origin Claims, and its consent agreements and closing letters offers guidance to marketers about when the Commission views an unqualified “Made in USA” claim may potentially deceive consumers. In the wake of a workshop held last year on such claims, on June 22, 2020, the FTC posted a Notice of Proposed Rulemaking that would codify the Enforcement Policy Statement principles for all Made in USA claims.

The proposed Rule would bar companies from making unqualified Made in USA claims unless the company can show that the advertised product satisfies the following three criteria:

1) final assembly or processing of the product occurs in the United States

2) all significant processing that goes into the product occurs in the United States

3) all or virtually all ingredients or components of the product are made and sourced in the United States

The proposed Rule, if adopted, would apply not only to labels, but also to mail order catalog and mail order promotional material, defined to include “any materials, used in the direct sale or direct offering for sale of any product or service, that are disseminated in print or by electronic means, and that solicit the purchase of such product or service by mail, telephone, electronic mail, or some other method without examining the actual product purchased.” The proposed Rule would not preempt federal or state statutes or regulations relating to country-of-origin labels, except and to the extent such laws or regulations are inconsistent with the Rule. States whose protections are greater than the proposed Rule’s provisions would not be considered inconsistent.

Businesses that violate the Rule’s requirements would face civil penalties.

The proposed rulemaking follows publication of a staff report on the FTC’s Made in USA workshop, held last fall. Staff noted in the report that consumer research and feedback from thousands of workshop attendees made clear that a large number of consumers expect that products that advertise “Made in USA” are 100% homegrown, including all parts and ingredients.

The Commission vote approving publication of the proposed Made in USA Labeling Rule Federal Register notice was 4-1, but several Commissioners issued dissenting or separate statements addressing whether the scope of the proposed rule was consistent with the FTC’s statutory authority under Section 45a.

Commissioner Noah Joshua Phillips dissented and issued a statement in which he voiced the opinion that the proposed Rule overstepped the Commission’s authority under this provision, which applies to Made in USA “labels,” or “equivalent thereof.” Specifically, Commissioner Phillips objected to the addition of mail order catalogs and advertising in the Rule.

Commissioner Christine Wilson approved issuing the Notice of Proposed Rulemaking, but agreed with Commissioner Phillips, commenting, “I support seeking comment on this proposed rule, but write separately to emphasize that the decision to issue an NPRM seeking comment does not prejudge the outcome of the process, which must observe the boundaries of our statutory authority.” She noted her reluctance to leave to the courts the question of whether the FTC overstepped its statutory authority and highlighted express language in Section 45a limiting application to “labels.”

In contrast, Commissioner Rohit Chopra argued that the Rule should have wide reach, including mail order advertising. In fact, he expressed the view that Made in the USA fraud should be subject to “a broader prohibition.”

Comments will be accepted on any aspect of the proposed Rule, including the scope of the Commission’s authority to issue a rule governing claims that may not constitute “labeling” within 60 days after publication in the Federal Register. As of this posting, the proposal has not been published, but publication is expected soon.

Photo of Sheila MillarPhoto of Tracy Marshall

A recent Federal Trade Commission (FTC) settlement with an online game company that allegedly tracked children illegally highlights some important questions, namely, how should the FTC assess the penalties it imposes for privacy violations, and what is the most effective way to both deter and punish companies for such violations?

The complaint in question was filed by the Department of Justice (DOJ) on behalf of the FTC. It charged mobile game developer Hyperbeard, Inc. and its principals with allowing third-party ad trackers to collect children’s personal information without first obtaining verifiable parental consent, in violation of the Children’s Online Privacy Protection Act Rule (COPPA Rule). The COPPA Rule requires that websites and online service providers obtain verifiable parental consent before collecting personal information from children under 13. The FTC alleged that Hyperbeard not only knew that children were using its apps, which used animated animal cartoon characters and child-friendly language, but also created products specifically for kids based on the characters. Hyperbeard also neglected to tell its ad networks that the apps were often child-directed and therefore subject to COPPA, according to the complaint.

The proposed settlement, which bars Hyperbeard and its officers from collecting, benefitting from, or using personal information from children under 13, included a civil penalty of $4 million, which was reduced to $150,000 because of Hyperbeard’s inability to pay. This amount is less than 4% of the stated civil penalty. While the FTC voted 4-1 in favor of the stipulated final order, the outcome sparked a disagreement between FTC Chair Joe Simons and Commissioner Noah Phillips over penalties. Commissioner Phillips and Chairman Simons both issued statements outlining considerations that should underpin the FTC’s approach to remedying and deterring privacy violations.

In his dissent, Commissioner Phillips took a harms-based stance, arguing that the initial $4 million penalty was excessive in relation to the extent of consumer harm caused by Hyperbeard’s violations of the COPPA Rule. Phillips decried what he described as a “recent push to heighten financial penalties even where the law permits only equitable relief, without clear direction other than to maximize the amount in every case,” which he views as potentially unfair and counterproductive – a position he also took regarding YouTube’s settlement with the FTC last September. Chairman Simons addressed Commissioner Phillip’s criticisms directly with a statement of disagreement. Simons expressed the view that the $4 million fine was appropriate because, while harm was an important factor, deterrence was the key priority. “If our goal is to make compliance more attractive than violation, we should also consider the cost and effect of the other sanctions imposed in the context of an enforcement action,” he wrote.

Protecting privacy and safeguarding sensitive information – particularly where children are concerned – are vital goals of the FTC, and those goals are shared by responsible businesses. But in crafting public policy, it is equally important that penalties for alleged privacy violations are appropriate and consistent. The debate over whether a harms-based or deterrent approach should prevail is not likely to be resolved soon, and is part of a larger conversation about how to balance competing public policy considerations where privacy violations are concerned that is likely to play out in continued legislative discussions as well as within the FTC.

Photo of Sheila MillarPhoto of Tracy Marshall

On June 1, 2020, California Attorney General Xavier Becerra submitted the final package of regulations implementing the California Consumer Privacy Act (CCPA) to the California Office of Administrative Law (OAL) for approval. The regulations reflect key CCPA compliance obligations for businesses, including specific actions that must be taken to allow consumers to exercise their rights under the law. Substantively, the regulations remain unchanged from the last draft submitted in March of this year. To learn more about the final regulations and what businesses might expect in terms of CCPA enforcement, read our analysis here.

Photo of Sheila MillarPhoto of Tracy Marshall

One of the first formal privacy safe harbor programs was created under the Children’s Online Privacy Protection Act (COPPA). Put simply, businesses are deemed in compliance with COPPA if they belong to an FTC-approved COPPA safe harbor program and follow the safe harbor program’s guidelines. But the FTC takes seriously any false claim about participation in or compliance with any privacy safe harbor program, as Switzerland-based digital game maker Miniclip, S.A. discovered.

The FTC’s complaint alleges that Miniclip, a major player in the children’s gaming space, falsely claimed participation in the Children’s Advertising Review Unit (CARU), despite having its membership terminated by CARU in 2015. Nonetheless, from 2015 to 2019, Miniclip continued to advertise its CARU membership on its website and Facebook games privacy policy page. On May 19, 2020, the FTC announced a proposed settlement order with Miniclip that requires the company to refrain from misrepresenting its participation or certification in any privacy or security program sponsored by a government or any self-regulatory organization, including the CARU COPPA safe harbor program. Miniclip must also supply compliance reports on request from the Commission and create records demonstrating full compliance with each provision of the order for ten years.

Commissioner Rohit Chopra issued a separate concurring statement in which he approved the settlement but called on the FTC to routinely review COPPA safe harbor programs, advocating continuing oversight by the FTC, bans on the ability of safe harbor organizations to generate consulting fees, and mandatory disclosure of documents and information related to members. He also urged that the FTC terminate safe harbor programs “that do not adequately fulfill their oversight requirements.” If adopted, however, Commissioner Chopra’s recommendation of mandatory disclosure requirements could undermine a fundamental purpose of safe harbor programs: offering a mechanism for companies to review compliance with an independent third party and quickly correct identified deficiencies. Safe harbor programs can avoid the time and cost of regulatory enforcement for both businesses and the FTC, but the participant must make a good faith effort to comply.

Safe harbor programs, such as the EU-U.S. Privacy Shield, the Swiss-U.S. Privacy Shield, and the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules system, are also an important part of the privacy compliance landscape. We have previously reported on FTC enforcement actions against false Privacy Shield claims. The FTC’s action against Miniclip once again demonstrates the seriousness with which the FTC treats misrepresentations of participation in safe harbor frameworks, and especially COPPA. At a time when the FTC has solicited comments on possible revisions to the COPPA Rule, false COPPA safe harbor claims may get extra scrutiny. Companies should ensure that their membership in any safe harbor program – not just a COPPA safe harbor program – is current, that they adhere to all relevant safe harbor program guidelines, and that their advertising does not misrepresent the status of their participation.

 

Photo of Sheila MillarPhoto of Tracy Marshall

The COVID-19 pandemic has prompted regulatory agencies to take swift action against companies that falsely advertise their products as treatments for the virus. As we previously reported, the Federal Trade Commission (FTC) and Food and Drug Administration (FDA) issued joint warning letters to seven companies in March for advertising and selling products or services that the agencies allegedly falsely claimed to lessen or prevent COVID-19, in violation of Section 5 of the FTC Act and the Food, Drug, and Cosmetic Act (FD&C Act). That action was followed by a second set of similar warning letters from the FTC to another ten businesses on April 24, 2020 and a third set of warning letters to another 45 companies on May 7, 2020. The letters have been sent to a wide spectrum of businesses making unsupported claims related to COVID-19 therapies or treatments, including manufacturers of air purifiers/sanitizers and water filters, ozone therapy marketers, chiropractors, supplement manufacturers, and businesses offering stay-at-home work opportunities.

The FTC targeted three manufacturers of air purifiers and water filters, EcoShield LLC, John Ellis Water, and Vaniman Manufacturing Co., that the Commission asserted made COVID-19 protection claims not based in science. EcoShield claimed its wearable device “releases chlorine dioxide which is known to protect and disinfect against diseases such as influenza, common colds, bronchitis, tuberculosis, and respiratory infections.” Its Facebook ads proclaimed in capital letters that the device was “more effective than a mask” and included hashtags such as #coronavirus #flu #covid19 #covid #WuhanPneumonia #WuhanCoronavirus #coronavirusoutbreak to direct consumers to Ecoshield’s social media accounts. John Ellis Water claimed its water filter “removes viruses, toxins, pathogens, and bacteria from your bloodstream” with “UV vapors” that “kill(s) viruses on contact.” Vaniman Manufacturing advertised that its air purifier “can greatly help to reduce the spread AND capture the COVID virus in your home or workplace.”

In each case, the FTC reminded the companies that

…it is unlawful under the FTC Act, 15 U.S.C. § 41 et seq., to advertise that a product can prevent, treat, or cure human disease unless you possess competent and reliable scientific evidence, including, when appropriate, well-controlled human clinical studies, substantiating that the claims are true at the time they are made. For COVID-19, no such study is currently known to exist for the product identified above.

The FTC also brought its first court case against a business for making false COVID-19 health claims. In its complaint against Marc Ching, individually and doing business as herbal supplement company Whole Leaf Organics, the FTC asserts that the company’s Thrive herbal supplement was advertised as able to treat, prevent, or reduce the risk of COVID-19. Ads for the Thrive supplement claimed that it is an “antiviral wellness booster” and “the perfect way to strengthen your immune system against pathogens like COVID-19, the Coronavirus.” Thrive’s marketing copy also claimed that the supplement is “safe for daily short-term use to combat ailments like the flu, colds, bronchial infections, fungal and yeast-based issues, as well as the coronavirus.” As the FTC pointed out, however, “there is no competent and reliable scientific evidence that Thrive or any of its ingredients treats, prevents or reduces the risk of COVID-19.”

Because of the urgency of removing fake COVID-19 “cures” from the market, the FTC took the unusual step of asking the United States District Court for the Central District of California for a temporary restraining order and preliminary injunction to prevent interim harm to consumers while it concurrently filed an administrative complaint. The FTC had cause to be concerned that Ching would continue selling his products barring an injunction to stop sale because it was not the first time the government warned him against making unsupported health claims. In November 2019, the FDA sent the company a warning letter for making unapproved new human and animal drug claims for cannabidiol (CBD) products, including cancer-curing claims, contrary to the FD&C Act. The FTC’s complaint also included a count alleging false cancer claims, in addition to the false COVID claims, and false proof claims based on the company’s statements that the products were scientifically or clinically proven.

At a time when consumers are especially anxious about their health and well-being due to the coronavirus, they can be even more vulnerable to false promises about cures and protection. When a business makes unsupported claims that could adversely affect public health and safety in the short term, the government has a strong incentive to act swiftly and forcefully. As the pandemic continues, the vigorous crackdown by federal agencies on companies purporting to sell treatments for the coronavirus is very likely to continue as well. That should be reassuring to businesses that carefully vet claims to assure they are grounded in both facts and applicable regulatory regimes.

Photo of Sheila Millar

Online shopping has taken on greater importance for many people homebound since the coronavirus lockdowns began. And, while many are lounging at home in pajamas and yoga pants, there are still a lot of fashion-conscious shoppers out there anxious to take advantage of bargain prices and speedy deliveries. But how is a stay-at-home fashionista supposed to remain au courant if the clothes she orders are out of style by the time they arrive? The Federal Trade Commission (FTC) has something to say about this. The FTC’s Trade Regulation Rule Concerning the Sale of Mail, Internet or Telephone Order Merchandise (the Mail Order Rule), requires that companies live up to their shipping promises and, to quote fashion guru Tim Gunn, “make it work” or give customers the option to get their money back. On April 21, 2020, the FTC announced a settlement with California retailer Fashion Nova for $9.3 million, the highest sum ever imposed for violations of the Mail Order Rule, for making assurances about its shipping times that came apart at the seams.

The Mail Order Rule bars sellers from soliciting mail, internet, or telephone order sales unless they have a reasonable basis to expect that they can ship the ordered merchandise within the time stated on the solicitation or, if no time is stated, within 30 days. In the event the company cannot ship the goods, it must offer customers the option either to consent to a further delay or to cancel the order and to receive a refund – not simply store credit or a gift card – within a reasonable time.

According to the FTC’s complaint, Fashion Nova made numerous representations about the speed of its shipping. Despite marketing promises of “Free 2 Day Shipping on all U.S. Orders $75 and Up,” “Fast Canada Shipping Only $10,” and “Fast International 6-10 Shipping Only $15,” Fashion Nova failed to deliver the goods. Items were frequently out of stock or materially different from what consumers ordered – for example, a different size, damaged, or used. Moreover, the company failed to provide an expedient way for customers to cancel orders and neglected to issue prompt refunds. The FTC also charged Fashion Nova with making false claims about the speed of its shipping options in violation of Section 5 of the FTC Act.

In addition to the fine, the stipulated order permanently restrains Fashion Nova from making representations about its shipping being faster than 30 days without clearly and conspicuously disclosing, before payment, the date by which the merchandise will be shipped or received.

Even with the inevitable delays caused by increased online shopping during the current pandemic, it is still vital for retailers to ensure they are fulfilling orders in compliance with the Mail Order Rule. Expensive settlements like this one are so last season.

Photo of Sheila MillarPhoto of Tracy Marshall

Canadian company Tapplock, Inc. sells smart locks to the U.S. market that the company advertised as “sturdy,” “secure,” and even “unbreakable.” Tapplock’s assurances that the locks were strengthened with “double-layered lock design” and made with “anti-shim and anti-pry technologies” could be quite an enticement for consumers looking for top-of-the-line connected home security. There was a small problem with Tapplock’s claims, however: three researchers hacked into the locks using several methods – one simply by unscrewing the product’s back panel in a few seconds. The locks are not so smart after all, according to the Federal Trade Commission (FTC), which issued a complaint alleging the company’s locks contained vulnerabilities that made them anything but unbreakable.

Tapplock’s padlocks are fingerprint enabled and open via a mobile app when the user is within Bluetooth range. The app logs usernames, email addresses, profile photos, location history, and geolocation of a user’s smart lock. But researchers found several serious flaws that compromised security. In one case, researchers were able to bypass the account authentication process, gaining full access to the accounts of all Tapplock users and their personal information without being re-directed to the login page. Another vulnerability was the company’s failure to encrypt the Bluetooth communication between the lock and the app, which allowed researchers to lock and unlock nearby Tapplock smart locks. The app also had a flaw that prevented users from effectively revoking access by third parties who were previously authorized.

The FTC alleged that these flaws could have been easily fixed had Tapplock taken reasonable steps to identify possible risks. Standard security measures include conducting vulnerability or penetration testing; taking sufficient measures to detect and prevent users from bypassing authentication procedures to gain access to other users’ accounts; adopting and implementing written data security standards, policies, procedures, or practices; and providing privacy and security training for employees.

Under the proposed settlement terms, Tapplock must implement a comprehensive data security plan that is assessed by an independent third party biennially. The order also prohibits the company from misrepresenting its privacy and security practices.

The FTC’s proposed settlement agreement serves as a reminder that smart device manufacturers must ensure that privacy and security measures are part of the design and that security measures are described accurately. Overselling data security may attract customers in the short term but attracting this kind of attention from the FTC is anything but smart.

Photo of Sheila Millar

While the Federal Trade Commission (FTC)’s recent action against Williams-Sonoma for allegedly false “Made in USA” claims garnered headlines for its $1 million penalty, FTC staff continue to offer insights into the Commission’s enforcement position on such claims through its closing letter process. For example, the FTC sent a closing letter to epoxy manufacturer J-B Weld on March 19, 2020 following a referral from the National Advertising Review Board (NARB) after the company refused to accept all of NARB’s recommendations regarding its “Made in USA” claims. The FTC declined to take further action in light of the advertiser’s remedial steps, including updating packaging for several product lines, removing U.S.-origin “line” claims from its website and social media channels, and requiring third-party sellers to update their information about the origin of the company’s products.

J-B Weld’s U.S. origin claims were challenged by a competitor before the National Advertising Division (NAD). In particular, the objections centered on whether “Made in the USA” claims were proper for J-B Weld’s glues and adhesive products when tubes, caps, syringes, and applicators were foreign-made. Acknowledging that the FTC’s guidance did not expressly address the question of packaging, NAD agreed that the origin of point of sale, paper packaging and “bubble” material typically discarded by consumers was not relevant to the claim, but that the other packaging items were because they were central to how the product was dispensed. NARB agreed with NAD that information on the percentage of the total manufacturing cost represented by the foreign content was necessary to support a domestic origin claim. The advertiser refused to comply, noting that NARB declined to consider information from third-party suppliers not available during the NAD review, and that the cost data was highly confidential. NARB referred the matter to the FTC.

The FTC observed that the company made epoxy and silicone adhesive products in the United States, but also sells cyanoacrylate and other adhesive products that either incorporate significant imported content or are wholly imported. Notably, the FTC commented on the issue of packaging for the product, saying:

While the glue contained in that packaging was “all or virtually all” made in the United States, the packaging itself, which had no independent value to consumers and was typically discarded upon depletion, was not. In the absence of consumer perception evidence showing otherwise, FTC staff finds it is unlikely that reasonable consumers interpreted the unqualified U.S. origin claims on these adhesive products as covering the incidental, discarded packaging.

NAD and NARB rules have been applied strictly to prevent introduction of evidence on appeal, but the FTC will consider additional evidence in the case of a referral and did so in issuing the closing letter.

Photo of Sheila Millar

Home furnishings giant Williams-Sonoma – whose brands include Pottery Barn, Le Creuset, and West Elm – invokes an upscale, modern American lifestyle. Many of its products are marketed not only as “quality” but also “crafted in America.” Consumers who received mattress pads from the Pottery Barn Teen and Kids were therefore surprised to see labels indicating that the products were “Made in China.” The Federal Trade Commission (FTC) wasn’t pleased.

In its complaint against Williams-Sonoma, the FTC alleged that items from its Rejuvenation, Goldtouch Bakeware and items from its Pottery Barn Teens and Pottery Barn Kids lines were advertised as wholly “Made in USA” but were actually made elsewhere. Unfortunately, this was not the first time the FTC received similar complaints. In 2018, the FTC received complaints that Williams-Sonoma’s online ads and promotional materials for Pottery Barn Teen organic mattress pads stated the pads were “Crafted in America from local and imported materials” when the law labels stated the pads were made in China. When the FTC approached Williams-Sonoma about the issue, the company apologized for what it called human error and promised to take immediate steps to rectify its country-of-origin verification process.

However, the following year, the FTC found that the company “continued to disseminate advertisements and promotional materials, including through its website and social media platforms, which deceptively claimed certain categories of Williams-Sonoma products were all or virtually all made in the United States.” Made in the USA claims went beyond mattress pads. The company also touted that its Rejuvenation furniture, Goldtouch Bakeware, and products from its Pottery Barn Teen and Kids lines were “Made in America” or “Made in the USA.” But according to the FTC, “numerous Goldtouch Bakeware products, Rejuvenation-branded products, and Pottery Barn Teen and Pottery Barn Kids-branded upholstered furniture products are wholly imported or contain significant imported materials or components.”

Under the terms of the settlement agreement, Williams-Sonoma will pay a fine of $1 million and is barred from representing that its products are made in the USA unless:

  • The final assembly or processing of the product occurs in the United States, all significant processing that goes into the product occurs in the United States, and all or virtually all ingredients or components of the product are made and sourced in the United States; or
  • A clear and conspicuous qualification appears immediately adjacent to the representation that accurately conveys the extent to which the product contains foreign parts, ingredients, components, and/or processing;
  • For a claim a product is made in the U.S., that the product is last substantially transformed in the United States, the product’s principal assembly takes place in the United States, and United States assembly operations are substantial

Whether an investigation by the FTC involves a U.S.-origin claim or another matter, the lesson of this enforcement action is that companies must deliver on promises to the FTC to take corrective action, and ensure that substantiation and claims of “Made in USA” comply with the FTC’s country of origin rules.