Photo of Sheila MillarPhoto of Anushka R. Stein

Following its report to Congress in 2021 on what it characterized as unlawful repair restrictions, Nixing the Fix, the Federal Trade Commission (FTC or Commission) announced that it would prioritize investigations into limits on consumer repair rights pursuant to its authority under the Magnuson-Moss Warranty Act (Warranty Act) and Section 5 of the FTC Act. In its subsequent Policy Statement on Repair Restrictions Imposed by Manufacturers and Sellers, the FTC explained that “restricting consumers and businesses from choosing how they repair products can substantially increase the total cost of repairs, generate harmful electronic waste, and unnecessarily increase wait times for repairs.” With three successive enforcement actions, the FTC has signaled that it means business. Companies that restrict consumers’ right to repair goods at the servicer or supplier of their choice may well find themselves the target of an FTC complaint, as Harley-Davidson, Westinghouse, and Weber Stephens recently discovered.

On June 23, 2022, the FTC announced that it had brought a complaint against motorcycle icon Harley-Davidson Motor Company (Harley-Davidson) and generator manufacturer Westinghouse Outdoor Power Equipment/MWE Investments, LLC (MWE). Shortly thereafter, on July 7, 2022, the Commission brought a third complaint on similar grounds against grill company Weber-Stephens (Weber). In each case, the FTC alleged that the company imposed illegal stipulations on consumer repair rights in violation of the Warranty Act § 2302(c), which prohibits a warrantor “from conditioning a warranty for a consumer product that costs more than $5 on the consumer’s use of an article or a service, other than an article or a service provided without charge, which is identified by brand, trade, or corporate name, unless the warrantor applies for and receives a waiver from the Commission.” The FTC also charged the companies with deceptive conduct for representing that their warranties were conditioned on the use of brand products or services in violation of Section 5 of the FTC Act.

Harley Davidson and Westinghouse/MWE Investments

The FTC’s complaint against Harley-Davidson alleges that the company conditions its warranty on the use of genuine Harley-Davidson parts and accessories, in violation of the Warranty Act. For instance, the company’s 2021 warranty tells customers to “insist that your authorized Harley-Davidson dealer uses only genuine Harley-Davidson replacement parts and accessories to keep your Harley-Davidson motorcycle and its limited warranty intact.” The FTC also charged Harley-Davidson with failing to fully explain what is covered or excluded from its warranty, which instead instructs customers to “see an authorized Harley-Davidson dealer for details.”

The FTC complaint against Westinghouse licensor and manufacturer MWE alleges that the company conditioned its warranty for electric and gas generators on using Westinghouse suppliers and service providers for repairs. MWE’s warranty for portable generators, for example, excludes “portable generators that utilize non-MWE Investments, LLC replacement parts” and “products that are altered or modified in a manner not authorized in writing by MWE Investments, LLC.”

The Harley-Davidson consent order and MWE consent order are nearly identical and require each company to cease conditioning warranties on a customer’s use of parts or services affiliated with the brand (unless the parts or services are provided free of charge or the company has been granted a waiver by the FTC under 15 U.S.C. § 2303(c)). The orders require both companies to disclose clearly and conspicuously in their warranties the following statement: “Except as described in ____, taking your products to be serviced by a repair shop that is not affiliated with [company name] will not void this warranty and using third-party parts will not void this warranty.” The companies must notify customers, dealers, and service providers of the revised warranty and publish it on their websites. Further, Harley-Davidson must provide a “clear description and identification of products, or parts, or characteristics, or components or properties covered by the warranty and where necessary for clarification, excluded from the warranty.”

The order does, however, make clear that certain types of product damage to Harley-Davidson vehicles caused by third-party parts or servicers can be excluded from the “warranty coverage for defects or damage caused by unauthorized parts, service, or use of the vehicle, including defects or damage caused by use of aftermarket parts or use of the vehicle for racing or competition, and denial of coverage may be based on installation of parts designed for unauthorized uses of the vehicle, such as a trailer hitch.” The company may also, pursuant to a 2017 Consent Decree between Harley-Davidson and the Environmental Protection Agency, “exclude warranty coverage and deny all warranty claims for functional defects of powertrain components for any Harley-Davidson motorcycle registered in the United States if the vehicle was tuned using a tuning product not covered by a California Air and Resources Board Executive Order.” Importantly, these exclusions allow the company to protect the safety and roadworthiness of their motorcycles and to meet environmental regulatory requirements.

Weber-Stephens

As with Harley-Davidson and MWE, the FTC complaint against Weber charges the company with improperly conditioning warranties on a customer’s use of the company’s servicers and parts. The Weber consent order, like the Harley-Davidson and MWE orders, prohibits the company from imposing warranties that require customers to use the company’s parts and services and requires it to inform purchasers of its gas or electric grills that “using third-party parts will not void this warranty.”

Commission Approval

The Commission vote to issue the administrative complaint and to accept the consent agreement was in each case unanimous. FTC Chair Lina Khan and Commissioner Rebecca Slaughter released a joint statement following the Harley-Davidson and MWE orders in which they noted that “the consent orders obtained in these matters bar both manufacturers from continuing the unlawful tying of their warranties to the use of authorized service or parts and prohibit them from misrepresenting any material facts about the warranty. Importantly, the firms are also required to note clearly and conspicuously in public statements that using third-party parts or repair services will not void the warranty. They must also provide customers with clear notice alerting them of the change.”

Imposition of warranty limits on a consumer’s right to repair is a priority issue for the Commission. For some types of products, unauthorized service or installation of unauthorized parts could create potential safety concerns that will have to be carefully evaluated. Businesses should examine their warranties thoroughly for compliance with the Warranty Act requirements and consider the need to seek a waiver or to consider other options.

Photo of Sheila MillarPhoto of Tracy Marshall

On July 8, 2022, the California Privacy Protection Agency (Agency) announced the start of the formal rulemaking process to adopt proposed regulations implementing the California Privacy Rights Act (CPRA), which amends and expands the California Consumer Privacy Act (CCPA).

The CCPA entered into force on January 1, 2020; most of the CPRA’s provisions become effective on January 1, 2023, with a look-back to January 2022.

The Agency was created and granted rulemaking authority via a provision in the CPRA. On May 5, 2022, the California Office of Administrative Law approved the transfer of existing CCPA regulations to the Agency’s jurisdiction; these proposed regulations will be the Agency’s first rulemaking.

The proposed CPRA regulations (1) update existing CCPA regulations to harmonize them with CPRA; (2) operationalize new rights and concepts introduced by the CPRA; and (3) reorganize and consolidate requirements to make the regulations easier to follow and understand.

Public hearings on the proposed regulations and received comments are slated for August 24 and August 25, 2022, at 9:00 am PDT, during which the Agency will hear comments from interested parties. Written comments must be submitted by August 23.

Photo of Sheila MillarPhoto of Jean-Cyril Walker

In keeping with its 5-year schedule for comparability range updates to the Energy Labeling Rule (Rule), the Federal Trade Commission (FTC) published a Notice of Proposed Rulemaking on May 25, 2022, seeking to revise the Rule to require EnergyGuide labels to update comparability range information on EnergyGuide labels for televisions, refrigerators and freezers, dishwashers, water heaters, room air conditioners (ranges only), clothes washers, furnaces, and pool heaters.

The Rule requires manufacturers to affix EnergyGuide labels to many consumer products and prohibits retailers from removing the labels or making them illegible. EnergyGuide labels must contain three disclosures: a product’s estimated annual energy cost, its energy consumption or energy efficiency rating as determined by Department of Energy (DOE) test procedures, and a comparability range that shows the highest and lowest energy costs or efficiency ratings for all similar models. The FTC periodically updates comparability range and annual energy cost information based on current manufacturer data, pursuant to the Rule. The FTC is now proposing two amendments to the Rule: revising the average energy cost figures based on the national average cost figures published by the DOE and clarifying that manufacturers must use current DOE requirements to determine capacity for room air conditioners.

Manufacturers must display the updated information on product labels 90 days from publication of the final Notice announcing updated ranges for specific products. Manufacturers of room air conditioners will have until October 1, 2022, to give them time to change their packaging to include the updated labels and to coincide with the effective date of EnergyGuide labels for portable air conditioners.

The vote to approve publication of the Notice of Rulemaking in the Federal Register was 3-1. Commissioner Christine S. Wilson dissented, arguing that while the proposed revisions to the Rule are necessary, the Commission “fail(s) to take the opportunity to revisit the Rule’s highly prescriptive requirements,” including the detailed label requirements illustrated in the Notice.

Comments are due by July 11, 2022.

Photo of Sheila MillarPhoto of Tracy Marshall

The Federal Trade Commission (FTC or Commission) has issued several new proposals or policy statements affecting advertisers recently, including resurrection of its Penalty Offense Authority and an Enforcement Policy Statement Regarding Negative Option Marketing (which we previously reported on here). The FTC is now seeking public feedback on a proposal to enhance and strengthen the FTC’s Guides Concerning the Use of Endorsements and Testimonials in Advertising (the Endorsement Guides) and a review of its .com Disclosures: How to Make Effective Disclosures in Digital Advertising (.com Disclosures Guidance or Guidance).

Proposed Updates to the Endorsement Guides

At an open meeting on May 19, 2022, the FTC voted unanimously to publish a notice in the Federal Register proposing updates to the current Endorsement Guides. The FTC’s proposed updates to the Endorsement Guides, which were first published in 1980 and last revised in 2009, focus on advertisers that post fake positive reviews or delete negative reviews and advertisers whose disclosures fall short. One area of concern identified by the FTC is influencers who are paid, receive free products or services, or have a relationship with a brand but fail to disclose the material connection with the advertiser, in violation of the Endorsement Guides.

In addition to adding more examples to improve understanding of the Endorsement Guides, the FTC’s proposed updates include the following:

  • Expanding the definition of “product” to include brands;
  • Clarifying that marketing and promotional messages, including social media tags, can constitute endorsements;
  • Extending the definition of an “endorser” to cover “fabricated endorsers”;
  • Adding a new section that addresses consumer reviews and clarifies that advertisers should not distort or misrepresent what consumers think of their products;
  • Clarifying that the substantiation requirement covers both express and implied claims;
  • Tightening the definition of “clear and conspicuous” to mean a disclosure that is “difficult to miss … and easily understandable by ordinary consumers”;
  • Clarifying that a material connection can exist regardless of whether an advertiser offers payment or free products to an endorser;
  • Adding a new section that explains the potential liability of intermediaries such as advertising agencies and public relations firms;
  • Clarifying that an advertiser may be liable for an endorser’s deceptive statement even when the endorser is not liable and adding a new section that explains when endorsers can be liable for their statements;
  • Adding a new section regarding endorsements directed to children and emphasizing that “practices which would not ordinarily be questioned in advertisements addressed to adults might be questioned in such cases.” (The FTC will hold a public event on October 19, 2022, to discuss how children perceive online advertising and advertisers’ responsibilities for disclosures to children.)

Comments are due 60 days after the date of publication of the proposed updates in the Federal Register, which has not occurred as of the date of this posting.

Proposed Updates to the .com Disclosures Guidance

The FTC is also seeking comments on proposed changes to the .com Disclosures Guidance. First issued in 2000 and updated in 2013, the .com Disclosures Guidance focuses on how businesses can evaluate the effectiveness of online disclosures to assure they are clear and conspicuous. The Guidance also includes factors the FTC uses to evaluate whether such disclosures comply with the FTC Act.

In a Request for Comments published on June 3, 2022, FTC staff seek public input on updates to the Guidance. The FTC welcomes comments on any issue but is particularly interested in the following:

  • Issues raised by online technologies, activities, or features, such as sponsored and promoted advertising on social media platforms, advertising content embedded in games, and dark patterns;
  • Whether the current Guidance adequately addresses mobile advertising;
  • Whether further guidance concerning multi-party selling arrangements is needed;
  • Whether the Guidance adequately addresses how to make qualifying disclosures when consumers must navigate multiple webpages to complete purchases;
  • Whether the Guidance should address issues related to advertising that appears in virtual reality or the metaverse;
  • How the guidance on the use of hyperlinks can be made more effective; and
  • What existing guidance is outdated or unnecessary, and what guidance should be clarified, expanded, strengthened, or limited.

Comments on the proposed changes to the .com Disclosures Guidance must be received by August 2, 2022.

Photo of Sheila Millar

Nearly a year after she was first nominated, Mary Boyle was confirmed Wednesday to be a Commissioner of the U.S. Consumer Product Safety Commission (CPSC). When she takes office for a term that will run through October 2025, Boyle will bring the Commission to its full five-member strength for the first time since 2019.

Boyle has been at CPSC for more than a decade, serving as an attorney in the Office of General Counsel (OGC), as General Counsel herself, and currently as the agency’s Executive Director. A graduate of Georgetown University and the University of Maryland, Boyle is the second CPSC Executive Director to join the Commission in recent years, following former Chair Elliot Kaye, who served from 2014 to 2021.

Boyle’s nomination had been held up in the Senate Committee on Commerce, Science, & Transportation amid Republicans’ concerns about her role in the agency’s unauthorized disclosures of company and consumer information in 2019 and in staffing of CPSC’s import surveillance operations amid COVID-19 disruptions. The first session of the 117th Congress ended in December 2021 with Boyle’s nomination still in committee. Her nomination was returned to the White House, and President Biden swiftly renominated her in early 2022.

The Commerce Committee failed to report Boyle’s nomination favorably on a 14-14 party-line vote in March. Her nomination was ultimately discharged from committee on May 12 by a straight party-line vote, with Vice President Kamala Harris breaking the 50-50 tie. Republican opposition followed Boyle to the floor with a filibuster that was broken by a 49-47 cloture vote on June 16, 2022. Wednesday’s confirmation vote was 50-48.

Boyle joins Chair Alexander Hoehn-Saric and Commissioner Richard Trumka, Jr., forming a Biden-administration majority on the Commission alongside Trump appointees Dana Baiocco and Peter Feldman. With Boyle’s confirmation, CPSC’s leadership appears set for the next two-plus years. The Commissioners’ terms are as follows:

Biden Consumer Product Safety Commission
Commissioner Term Through
Dana Baiocco (R) 2024
Mary Boyle (D) 2025
Peter Feldman (R) 2026
Alexander Hoehn-Saric (D, Chair) 2027
Richard Trumka, Jr. (D) 2028

 

Photo of Sheila MillarPhoto of Tracy Marshall

In the continuing absence of Congressional action on a comprehensive U.S. federal privacy law, five states have now enacted their own laws. We previously provided a summary of the California, Virginia, and Colorado laws (available here), and Connecticut and Utah have since enacted new privacy laws. The Connecticut Act Concerning Personal Data Privacy and Online Monitoring (CTDPA) was signed into law on May 10, 2022 and is scheduled to take effect on July 1, 2023. The Utah Consumer Privacy Act (UCPA) was signed into law on March 24, 2022 and is scheduled to take effect on December 31, 2023. The CTDPA and UCPA are similar to the recently enacted Colorado Privacy Act (CPA) and Virginia Consumer Data Protection Act (VCDPA) in many respects, but there are some key differences among these laws and the California Consumer Privacy Act (CCPA), which took effect in 2020 and was amended by the California Privacy Rights Act (CPRA). To help businesses plan for compliance, Keller and Heckman LLP has created a side-by-side comparison of some of the key provisions of each law, along with an overview of some recently introduced federal privacy bills. Click here to read the full article.

Photo of Sheila MillarPhoto of Tracy Marshall

Alvaro Bedoya, a Democrat, was confirmed on May 11, 2022, to serve as the fifth Commissioner of the Federal Trade Commission (FTC). With the Senate deadlocked at 50-50 along partisan lines, Vice President Kamala Harris cast the tie-breaking vote. Bedoya replaces former Commissioner Rohit Chopra, who left the FTC last October to lead the Consumer Financial Protection Bureau. Bedoya will serve for a term of seven years (beginning September 26, 2019).

Bedoya founded the Center on Privacy and Technology at Georgetown University Law Center, where he was a Visiting Professor of Law. His academic work centered on privacy law, particularly the effects of facial recognition technology on race and gender. Prior to his tenure at Georgetown, Bedoya served as Chief Counsel of the U.S. Senate Judiciary Subcommittee on Privacy, Technology, and the Law, where he worked on issues relating to mobile location privacy and biometrics, drafted bipartisan legislation to protect victims of sexual assault, and helped draft the USA FREEDOM Act.

Bedoya’s confirmation comes on the heels of a debate in Congress over the Consumer Protection Remedies Act of 2022 (S.4145), which would empower the FTC to seek court orders for restitution, refunds, rescission of contracts, or disgorgement where the FTC believes a company has violated Section 13 of the Federal Trade Commission Act (FTCA).

Section 13(b) of the FTCA allows the FTC to pursue injunctions against ongoing or future violations in court, and for years the FTC had requested – and courts had granted – equitable and monetary relief in the form of refunds or restitution. In April 2021, however, a unanimous Supreme Court held in AMG Capital Management that the clear language of Section 13(b) does not authorize such equitable monetary relief orders. The Consumer Protection Remedies Act would expressly authorize those orders. The FTC does have authority to seek monetary relief under the provisions of Section 19 of the FTCA, but the FTC seeks expanded authority to go directly to court to obtain both monetary and injunctive relief.

Currently, there is no House companion to the Consumer Protection Remedies Act, and some industry groups have raised objections to an expansion of FTC authority.

Photo of Sheila MillarPhoto of Anushka R. Stein

In a complaint dated April 12, 2022, the Federal Trade Commission (FTC) brought its first action under the new Made in USA Labeling Rule (the Rule) against Lithionics Battery LLC (Lithionics) and its owner, Steven Tartaglia, for falsely advertising Lithionics’ lithium-ion batteries as USA-made.

According to the FTC’s complaint, from at least 2018 until at least August 30, 2021, Lithionics advertised its lithium-ion batteries as American-made by labeling its products “Proudly Designed and Built in USA” alongside an image of the American flag. The company repeated similar claims on its social media pages and on its website, where the “Made in USA” link stated that the company’s “battery systems are engineered and manufactured in Clearwater, FL USA …” In addition, the company’s marketing materials included a *chart that emphasized the “‘advantage[s]’ of Lithionics’ battery systems over imported competing products,” when in fact, all Lithionics batteries included foreign sourced lithium-ion cells and “significant other imported components.”

The Rule, which took effect on August 13, 2021, codifies the FTC’s long-established enforcement policy statement on U.S. origin claims. It prohibits companies from labeling products as “Made in USA” (MUSA) unless: (1) “the final assembly or processing of the product occurs in the United States”; (2) “all significant processing that goes into the product occurs in the United States”; and (3) “all or virtually all ingredients or components of the product are made and sourced in the United States.” While the Rule does not impose new responsibilities on businesses, it authorizes the FTC to issue rules relating to MUSA labeling and to seek civil penalties for violations of the Rule’s provisions. It also adds a new partial or full exemption for businesses who can demonstrate that “application of the rule’s requirements to a particular product or class of product is not necessary to prevent the acts or practices to which the rule relates.”

Under the proposed stipulated order, Lithionics and its owner would have to pay a civil penalty of $105,319.56, which an FTC press release explains is equivalent to three times Lithionics’ profits from its illegal activities. The company is required to notify affected consumers that the batteries they purchased were not in fact USA-made and is barred from claiming, expressly or impliedly, that its products are MUSA unless it can prove that those products meet the Rule’s three requirements for such assertions. In the case of partial MUSA claims, the company must ensure that a clear and conspicuous qualification “appears immediately adjacent to the representation that accurately conveys the extent to which the product contains foreign parts, ingredients or components, and/or processing.” For “Assembled in USA” type claims, the company would need proof that “the product is last substantially transformed in the United States, the product’s principal assembly takes place in the United States, and United States assembly operations are substantial.”

Although the case against Lithionics and its owner is the first since the FTC finalized the Rule, the prohibitions under the proposed stipulated order are similar to those imposed under orders the Commission previously issued to other companies for false MUSA claims (see, for example, the FTC’s Decision and Order In the Matter of Sandpiper of California, Inc. and Pipergear USA, Inc.). Where this stipulated order differs is the civil penalty. Over the past six months, the Commission has revived and expanded its Penalty Offense Authority under Section 5(m)(1)(B) of the FTC Act to support settlement amounts. Under the Penalty Offense Authority, companies could face civil penalties of up to $46,517 per violation. While the proposed penalty in this case is much lower than the millions that have been assessed against other companies for false or misleading marketing claims, this enforcement action demonstrates the FTC’s ongoing commitment to cracking down on false MUSA claims. Companies should consider themselves on notice that the FTC can and will enforce against false MUSA claims, and the penalties can be significant.

All case documents are available here (*Exhibit D with chart referred to above was omitted).

Photo of Sheila MillarPhoto of Tracy Marshall

As cyberattacks from a myriad of sources continue to proliferate and target organizations of all types and sizes, the Cybersecurity and Infrastructure Security Agency (CISA) continues to update its Shield’s Up webpage with specific cybersecurity guidance for organizations, CEOs, business leaders, and individuals. The stated goal is to “reduce the likelihood of a damaging cyber intrusion, ensure that cybersecurity/IT personnel identify and quickly assess any unexpected or unusual network behavior, ensure that the organization is prepared to respond if an intrusion occurs, and maximize the organization’s resilience to a destructive cyber incident.” CISA offers recommendations for responding to all types of cyber incidents, including ransomware attacks, and for improving cyber hygiene.

The Shields Up webpage also provides cybersecurity news updates, useful background materials, and free cybersecurity services and tools from government partners and industry. The Shield’s Up program serves as a helpful reminder to both large and small organizations on how to prepare for, respond to, and mitigate the effects of cyberattacks.

Photo of Sheila MillarPhoto of Tracy MarshallPhoto of Peter Craddock

After the EU-U.S. Privacy Shield was rendered invalid by the Court of Justice of the European Union (CJEU) in July 2020, and following a prior challenge to the U.S.-EU Safe Harbor, many businesses operating on both sides of the pond scrambled to find other ways to protect data flows between the EU and U.S. that meet the EU General Data Privacy Regulation (GDPR) adequacy standards. Now it appears that a replacement is finally on the horizon. On March 25, 2022, the White House announced that the U.S. and EU have committed to a new Trans-Atlantic Data Privacy Framework (Framework) to facilitate data flows from the EU to the United States and address concerns raised by the CJEU when it struck down the European Commission’s adequacy decision underlying the EU-U.S. Privacy Shield Framework in 2020.

Having worked through two prior frameworks that both governments previously supported, businesses are asking if the new Framework can solve the difficulties that undermined its predecessors. According to the White House press release, the Framework will address the CJEU’s concern in Schrems II, in which the court held that U.S. surveillance activities left EU citizens without a judicial remedy for potential privacy violations by the U.S. government. The new Framework pledges to “strengthen the privacy and civil liberties safeguards governing U.S. signals intelligence activities; establish a new redress mechanism with independent and binding authority; and enhance its existing rigorous and layered oversight of signals intelligence activities.”

The White House gives several examples of how the Framework will address the CJEU’s focus on “surveillance” by the U.S. government, namely:

  • Signals intelligence collection may be undertaken only where necessary to advance legitimate national security objectives and must not disproportionately impact the protection of individual privacy and civil liberties;
  • EU individuals may seek redress from a new multi-layer redress mechanism that includes an independent Data Protection Review Court that would consist of individuals chosen from outside the U.S. Government who would have full authority to adjudicate claims and direct remedial measures as needed; and
  • U.S. intelligence agencies will adopt procedures to ensure effective oversight of new privacy and civil liberties standards.

The Framework’s commitments appear to be a step towards addressing issues raised in the Schrems II decision, and the additional redress mechanisms outlined by the White House provide an independent means for EU residents to raise privacy concerns. However, because details are not yet available, businesses face uncertainty as to whether there will be challenges to the new Framework. To complicate matters, the recent Supreme Court case FBI v. Fazaga granted the U.S. government greater leeway in invoking the state secrets privilege, making it more difficult for both U.S. and EU citizens to challenge surveillance intrusions by the U.S. government in American courts. The interplay between the rights described in the White House press release about the new Framework and U.S. legal precedent requires further analysis.

For the time being, businesses that transfer data between the EU and U.S. can continue using the “adequacy” method they currently employ, provided they take into account the Schrems II judgment and the European Data Protection Board’s recommendations on supplementary measures. The Danish Data Protection Agency has already stressed that the new Framework is still just an agreement in principle and current transfer justification requirements still apply.

For assistance on options to transfer data between the EU and U.S., please contact our Privacy and Data Security team.