Photo of Sheila MillarPhoto of Tracy Marshall

In 2014, with childhood obesity on the rise in the United States, tech company Kurbo, Ltd. (Kurbo) marketed a free app for kids that, according to the company, was “designed to help kids and teens ages 8-17 reach a healthier weight.” When WW International (WW) (formerly Weight Watchers) acquired Kurbo in 2018, the app was rebranded “Kurbo by WW,” and WW continued to market the app to children as young as eight. But according to the Federal Trade Commission (FTC), Kurbo’s privacy practices were not exactly child-friendly, even if its app was. The FTC’s complaint, filed by the Department of Justice (DOJ) last month, claims that WW’s notice, data collection, and data retention practices violated the Children’s Online Privacy Protection Act Rule (COPPA Rule). WW and Kurbo, under a stipulated order, agreed to pay a $1.5 million civil penalty in addition to complying with a range of injunctive provisions. These provisions include, but are not limited to, deleting all personal information of children whose parents did not provide verifiable parental consent in a specified timeframe, and deleting “Affected Work Product” (defined in the order to include any models or algorithms developed in whole or in part using children’s personal information collected through the Kurbo Program).

Complaint Background

The COPPA Rule applies to any operator of a commercial website or online service directed to children that collects, uses, and/or discloses personal information from children and to any operator of a commercial website or online service that has actual knowledge that it collects, uses, and/or discloses personal information from children. Operators must notify parents and obtain their consent before collecting, using, or disclosing personal information from children under 13.

The complaint states that children enrolled in the Kurbo app by signing up through the app or having a parent do it on their behalf. Once on Kurbo, users could enter personal information such as height, weight, and age, and the app then tracked their weight, food consumption, and exercise. However, the FTC alleges that Kurbo’s age gate was porous, requiring no verification process to establish that children who affirmed they were over 13 were the age they claimed to be or that users asserting they were parents were indeed parents. In fact, the complaint alleges that the registration area featured a “tip-off” screen that gave visitors just two choices for registration: the “I’m a parent” option or the “I’m at least 13” option. Visitors saw the legend, “Per U.S. law, a child under 13 must sign up through a parent” on the registration page featuring these choices. In fact, thousands of users who indicated that they were at least 13 were younger and were able to change their information and falsify their real age. Users who lied about their age or who falsely claimed to be parents were able to continue to use the app. In 2020, after a warning from the FTC, Kurbo implemented a registration screen that removed the legend and the “at least 13” option. However, the new process failed to provide verification measures to establish that users claiming to be parents were indeed parents.

Kurbo’s notice of data collection and data retention practices also fell short. The COPPA Rule requires an operator to “post a prominent and clearly labeled link to an online notice of its information practices with regard to children on the home or landing page or screen of its Web site or online service, and, at each area of the Web site or online service where personal information is collected from children.” But beginning in November 2019, Kurbo’s notice at registration was buried in a list of hyperlinks that parents were not required to click through, and the notice failed to list all the categories of information the app collected from children. Further, Kurbo did not comply with the COPPA Rule’s mandate to keep children’s personal information only as long as reasonably necessary for the purpose it was collected and then to delete it. Instead, the company held on to personal information indefinitely unless parents specifically requested its removal.

Stipulated Order

In addition to imposing a $1.5 million civil penalty, the order, which was approved by the court on March 3, 2022, requires WW and Kurbo to:

  • Refrain from disclosing, using, or benefitting from children’s personal information collected in violation of the COPPA Rule;
  • Delete all personal information Kurbo collected in violation of the COPPA Rule within 30 days;
  • Provide a written statement to the FTC that details Kurbo’s process for providing notice and seeking verifiable parental consent;
  • Destroy all affected work product derived from improperly collecting children’s personal information and confirm to the FTC that deletion has been carried out;
  • Delete all children’s personal information collected within one year of the user’s last activity on the app; and
  • Create and follow a retention schedule that states the purpose for which children’s personal information is collected, the specific business need for retaining such information, and criteria for deletion, including a set timeframe no longer than one year.

Implications of the Order

Following the U.S. Supreme Court’s decision in AMG Capital Management, LLC v. Federal Trade Commission, which halted the FTC’s ability to use its Section 13(b) authority to seek monetary penalties for violations of the FTC Act, the FTC has been pushing Congress to grant it greater enforcement powers. In the meantime, the FTC has used other enforcement tools, including the recent resurrection of the agency’s long-dormant Penalty Offense Authority under Section 5(m)(1)(B) of the FTC Act and a renewed willingness to use algorithmic disgorgement (which the FTC first applied in the 2019 Cambridge Analytica case).

Algorithmic disgorgement involves “requir[ing] violators to disgorge not only the ill-gotten data, but also the benefits—here, the algorithms—generated from that data,” as then-Acting FTC Chair Rebecca Kelly Slaughter stated in a speech last year. This order appears to be the first time algorithmic disgorgement was applied by the Commission in an enforcement action under COPPA.

Children’s privacy issues continue to attract the attention of the FTC and lawmakers at both federal and state levels. Companies that collect children’s personal information should be careful to ensure that their privacy policies and practices fully conform to the COPPA Rule.

Photo of Peter Craddock

“Dark patterns” – social media platform interfaces that can lead users to make unintended and potentially harmful decisions regarding the processing of their personal data – are a subject of increasing scrutiny in the EU. New guidelines of the European Data Protection Board (EDPB) on “dark patterns in social media platform interfaces” confirm the focus of EU authorities on such practices. The guidelines contain lessons for all websites and applications. The bad news for marketers: the EDPB doesn’t always like it when dry legal language is made catchier or dull interfaces more enticing.

To illustrate, in a section of the guidelines regarding the selection of an account profile photo, the EDPB considers the example of a “help/information” prompt saying “No need to go to the hairdresser’s first. Just pick a photo that says ‘this is me.’” According to the EDPB, such a practice “can impact the final decision made by users who initially decided not to share a picture for their account” and thus makes consent invalid under the General Data Protection Regulation (GDPR). In another example, the EDPB criticises a cookie banner with a humourous link to a bakery’s cookie recipe that incidentally says “we also use cookies,” stating that “users might think they just dismiss a funny message about cookies as a baked snack and not consider the technical meaning of the term ‘cookies.’” The EDPB even suggests that the data minimisation principle, and not security concerns, should ultimately guide an organisation’s choice of which two-factor authentication method to use.

Do these new guidelines reflect privacy paranoia or common sense? The answer should lie somewhere in between, but the whole document (64 pages long) in our view suggests an overly strict approach, one that we hope will move closer to common sense as a result of a newly started public consultation process.

Click here for our analysis of what useful lessons – or warnings – can be drawn from the EDPB’s new guidelines.

Photo of Sheila MillarPhoto of Jean-Cyril WalkerPhoto of Anushka R. Stein

On February 24, 2022, Keurig Green Mountain, Inc. (Keurig) agreed to pay $10 million to settle a long-running class action that alleged the coffee company deceptively advertised its K-Cups pods’ recyclability by misleadingly labeling and marketing them as “recyclable” when the pods were in fact not accepted for recycling in many areas. The settlement follows denial of a motion to dismiss in 2021.This is the second recent multimillion dollar settlement Keurig has paid out over its recyclability claims. In January, Keurig settled with Competition Bureau Canada for $2.3 million (plus an $800,000 donation pledge to the Polypropylene Recycling Coalition) due to similar complaints about the pods’ lack of recyclability after the Competition Bureau concluded that the pods were not widely accepted for recycling in Canada.

The class action complaint, filed in the Northern District of California on December 28, 2018, charges that Keurig deceptively advertised its K-Cup pods as “recyclable.” The company packaged the pods with the slogan “Have your cup and recycle it, too” in large type, and included detailed recycling instructions, including a “check locally” notice. Under California state law, Cal. Bus. & Prof. Code § 17580.5, companies can defend against charges of deceptive environmental marketing claims if they can show their ads meet the standards laid out in the Federal Trade Commission’s Guides for the Use of Environmental Marketing Claims (Green Guides). The Green Guides state that claims of recyclability should be qualified if recycling facilities are not available to a “substantial majority” of consumers, and that “if a product is rendered non-recyclable because of its size or components…then labeling the product as recyclable would constitute deceptive marketing.” Keurig argued that it met the Green Guides standard for qualified claims by putting a notice on its K-Cup packaging that alerted consumers they should “check locally” for relevant recycling facilities.

The plaintiffs countered that the qualifying language was not precise enough to avoid giving consumers the misleading impression that the pods were uniformly recyclable and failed to disclose “the extremely limited chance that the Products will ultimately be recycled.” Although polypropylene is accepted for recycling in more than half of recycling facilities in the U.S., the complaint alleges that K-Cups were not recyclable by many municipal recycling facilities for several reasons: the small size of the pods meant that many recycling facilities were unable to process them; the presence of food residue and metal contaminants in the used pods made them unsuitable for recycling; and the lack of any market to convert the pods to reusable material meant that most of the pods ended up in landfills.

In addition to the $10 million payment, the settlement bars Keurig from labeling, marketing, advertising, or otherwise claiming that its K-Cups are recyclable absent qualifiers. The settlement terms are precise about how and where Keurig must use qualifying language, specifying that packaging for K-Cup products must contain the qualifier “Check Locally – Not Recycled in Many Communities.” This language must be placed close to and be printed in a font size more than half as large as any recycling claim language. The settlement further requires that Keurig amends its other advertising and website copy to ensure that consumers understand that the company’s pods may not be recyclable in their area.

As we have discussed previously, environmental claims are increasingly subject to scrutiny. Recent state laws have been enacted that impose stringent requirements on recyclability and other claims, and new requirements for extended producer responsibility and mandated recycled content minimums are being adopted or considered. At the same time, businesses are working on sustainability programs, including evaluating both products and packaging. Consumers can benefit from understanding important environmental attributes of products and packaging, but as this settlement and other cases demonstrate, care in the claims made and use of thoughtful, appropriately placed qualifiers are key to minimizing the risk of false advertising challenges.

Photo of Tracy MarshallPhoto of Sheila Millar

You might think that paying more than $9 million to settle charges of violating the Federal Trade Commission’s (FTC) Mail Order Rule would have spurred clothing retailer Fashion Nova, LLC to review its consumer protection compliance posture. But for the second time in two years, Fashion Nova has found itself in trouble with the FTC, this time for allegedly suppressing negative product reviews on its website. This was the FTC’s first challenge of its kind.

The FTC’s complaint against Fashion Nova alleges the company used a third-party product review management interface for customers to post reviews, and for approximately four years, Fashion Nova chose to allow more positive reviews to be automatically posted to the website while suppressing more negative reviews. The absence of negative reviews gave the false impression that the company’s products garnered uniform praise.

In addition to paying $4.2 million, the proposed settlement, released on January 25, 2022, requires Fashion Nova to post all product reviews, including critical ones, on its website (except for those containing unlawful or offensive content). The company is also barred from misrepresenting customer reviews or endorsements.

This is the first time the FTC challenged a company’s suppression of negative reviews, but it may not be the last. The FTC also sent letters to ten businesses that offer review management services warning them that sidestepping or discouraging negative reviews is potentially deceptive conduct in violation of Section 5 of the FTC Act. The letters instruct the companies to review their policies and practices to ensure they are not helping clients violate the law.

Guidance to businesses, in addition to enforcement efforts, is part of the FTC’s approach. To assist businesses, the FTC published guidance documents for marketers and platforms that outline principles for publishing online reviews. Such principles include not soliciting reviews likely to be favorably biased and treating positive and negative reviews equally. Online retailers and platforms that use reviews as a marketing tool should take note.

Photo of Sheila Millar

Keller and Heckman partner Sheila Millar wrote the Inhouse Defense Quarterly article, “The Right to Repair: Implications for Consumer Product Safety and Data Security. The article examines the potential effects of President Biden’s July 9, 2021, executive order that aims to expand consumers’ “right to repair.” Advocates of the right to repair, including the Federal Trade Commission, suggest that requiring manufacturers to broadly allow consumers and others to repair products – including electronic goods – would bring prices down by fostering competition and compelling manufacturers to design products that are easier for untrained repairers to fix

But, as the authors point out, policy decisions should consider the potential impacts on consumers and businesses alike. Failing to safeguard IP could adversely affect global U.S. competitiveness at a time when counterfeiting not only affects profits but can be linked to safety concerns. And unskilled repairs themselves could result in bypassing or disabling safety features and create possible regulatory compliance problems for manufacturers. Changes could potentially create data security vulnerabilities. Compromises to safety, regulatory compliance and privacy could expose manufacturers to liability. It is critical for legislators and regulators to carefully balance consumer and business interests when analyzing whether limits on the right to repair make good sense and reflect sound public policy.

To read the full article, please click here.

Photo of Sheila MillarPhoto of Tracy Marshall

Children’s Online Privacy Protection Act (COPPA) enforcement actions closed out 2021 (see our blog post) and children’s online privacy remains a hot topic in Congress in 2022. After a series of articles by The Wall Street Journal last September uncovered Instagram’s own research on possible harms to teenagers from social media engagement, members of the Senate Commerce, Science, and Transportation Subcommittee on Consumer Protection, Product Safety, and Data Security questioned executives from Facebook (Instagram’s parent company) about children’s online safety. More recently, Representatives Kathy Castor (D-FL14) and Jan Schakowsky (D-Il09) turned their attention to COPPA Safe Harbor organizations. In a letter sent on January 7, 2022 to the Children’s Advertising Review Unit (CARU), Entertainment Software Rating Board (ESRB), iKeepSafe, kidSAFE, Privacy Vaults Online, Inc. (d/b/a PRIVO) and TRUSTe, Castor and Schakowsky requested details concerning the organizations’ compliance with the legal requirements of the COPPA Rule.

The COPPA Safe Harbor program is a statutory creation. See 15 U.S.C. § 6503. The concept is simple: it allows an operator (as defined by COPPA) to satisfy the requirements of COPPA by following a set of self-regulatory guidelines issued by representatives of the marketing or online industries or other persons and approved in accordance with the procedures set out in Section 6503(b). The title of that section – “Incentives” – conveys the objective of Congress to promote self-regulation when it comes to children’s privacy. Section 6503(b)(1) directs the Federal Trade Commission (FTC) to “provide incentives for self-regulation.” Section 6503(b)(2) establishes that one of those incentives is “Deemed Compliance.”

In short, businesses that fully adhere to an approved COPPA Safe Harbor program by demonstrating to the FTC that their program offers substantially the same or greater protections for children as those outlined in the COPPA Rule are deemed compliant with the COPPA Rule for enforcement purposes. Safe harbor organizations that fail to do an effective job can lose Safe Harbor status, which occurred last summer when one organization was dropped from the list.

Castor and Schakowsky’s letter includes a questionnaire that asks Safe Harbor organizations for a range of information, including documentation of all Safe Harbor advertising, descriptions of how each organization’s Safe Harbor program provides substantially the same or greater protections for children as those contained in the COPPA Rule, what their processes are for handling consumer complaints, and what disciplinary actions they take if member companies are found in breach of the COPPA Rule. The authors state that they “are also committed to exploring ways in which Congress can strengthen COPPA and the COPPA Rule” and ask the organizations for feedback on ways to improve the Safe Harbor program.

Representative Castor has previously weighed in on children’s privacy issues. Following policy changes made by several major tech companies in response to the UK’s stringent new children’s privacy rules that took effect last September, Castor, along with Senator Ed Markey (D-Mass.) and Representative Lori Trahan (D-MA03), cosigned a letter to the FTC in October urging the Commission to use “all its authority to ensure that these powerful companies comply with their new policies, to hold them accountable if they fail to do so, and to prioritize the protection of children’s and teen’s privacy.” That letter followed a similar request to the CEOs of Amazon, Facebook, Google, Snapchat, TikTok, and Twitter in June 2021.

It is useful to periodically benchmark progress and consider ways that self-regulation can be improved. In doing so, it is vital that legislators remain true to the intent clearly expressed by Congress to provide strong incentives for effective self-regulation of children’s privacy.

Photo of Sheila MillarPhoto of Tracy Marshall

Two important settlements involving alleged violations of the Children’s Online Privacy Protection Act (COPPA) were announced in December 2021. Actions by both federal and state regulators reinforce that COPPA remains on the regulatory radar screen, particularly when it comes to ad tech. Efforts to more broadly limit programmatic advertising are also underway.

FTC and OpenX Settle Programmatic Advertising Dispute

With over 1,200 premium publishers, some 50,000 mobile Apps, and tens of thousands of ad buyers, OpenX Technologies, Inc. (OpenX) boasts it is the biggest independent online advertising platform. The company makes assurances on its website that it takes compliance obligations seriously, claiming to have “the only traffic quality team in the industry that conducts a human review of each property to ensure compliance with OpenX’s policies and to classify accurately the subject matter of all Web sites and Apps for the benefit of its demand-side partners.” However, in a complaint filed on behalf of the Federal Trade Commission (FTC or Commission) by the Department of Justice, the FTC alleged that, contrary to its public statements, OpenX “did not have a regular practice of examining its data collection practices, assessing whether there was a justification or need for collecting various data, or checking whether it complied with Android or iOS platform policies.” The complaint, filed on December 15, 2021, charges that OpenX misrepresented its data collection practices by collecting geolocation information and persistent identifiers from users who had chosen to opt-out of tracking, and violated the Children’s Online Privacy Protection Rule (COPPA Rule) by neglecting to obtain parental consent before collecting personal information from children under 13.

The COPPA Rule mandates that operators of websites or online services that are child-directed or that knowingly collect personal information from children under 13 must obtain parental consent before collecting, using, or disclosing children’s personal information (subject to a few limited exceptions). OpenX’s own policies require human reviewers to flag apps that are directed to children. Once flagged, child-directed apps are not supposed to participate in the ad exchange. Nonetheless, according to the FTC, numerous child-directed sites and apps slipped past the reviewers – some with descriptions such as “preschool” and “for kids,” clearly indicating that the target audience was likely under 13. Those sites then participated in the ad exchange, which meant that targeted ads were sent to children in violation of the COPPA Rule. Moreover, OpenX had actual knowledge that it was collecting personal information from an online service directed to children through this review. Additionally, the complaint alleges that OpenX violated the FTC Act by misrepresenting its privacy practices, including the ability to consent to and opt-out of location tracking.

The order requires the company to comply with COPPA, bars misrepresentations about the company’s privacy practices, and requires the company to obtain opt-in consent for location tracking, delete all ad request data it collected, and institute an additional app and website review to prevent targeted advertising directed to children. The order also requires notices to customers. In addition, the company must provide annual COPPA training to ensure that child-directed apps and websites are not missed and maintain a record of child-directed apps that the company has banned or removed from the ad exchange.

The Commission voted 4-0 to authorize to approve the stipulated final order. Commissioner Noah Phillips issued a concurring statement in which he expressed support for the decision to forward the complaint to DOJ, but suggested the FTC should tread carefully on some aspects. He encouraged the Commission to be more transparent about the way it calculates penalties for privacy violations and questioned whether it was necessary to require OpenX to provide notice to its ad buyers that it had transferred location data without complying with COPPA. Commissioner Phillips also noted that the complaint asserted that OpenX failed to adequately implement the human review of the apps and websites to assess if they were child-directed. Paradoxically, however, the imperfect review opened the company to civil penalties. Commissioner Phillips suggested that to avoid an implication that companies are better off not engaging in a review, the FTC should “to be careful to weigh the instinct to penalize against the desire to foster a commercial environment where care is taken with regard to apps directed at children.”

New Mexico and Google Settle COPPA Complaint

Also of note is the resolution of the New Mexico Attorney General’s (NMAG) complaint against Google for violations of COPPA and state consumer protection laws, filed in U.S. District Court for the District of New Mexico on February 20, 2020. While a federal court granted Google’s motion to dismiss the NMAG’s complaint in September of that year, Attorney General Hector Balderas filed an appeal two months later. However, on December 13, 2021, NMAG Balderas announced a $3.8 million settlement that will establish the Google New Mexico Kids Initiative to promote education, privacy, and safety.

The NMAG’s complaint concerned Google G Suite for Education, a free web service used by 80 million educators and students that provides access to various Google applications, including Gmail, Google Drive, and Google Docs. The complaint charges Google with tracking and collecting the data of children under 13 without notice or parental consent, in violation of COPPA, and deceptively marketing its data collection practices to educators and parents, contrary to the New Mexico Fair Practices Act. The NMAG, acting in parens patriae, also alleged in the complaint that Google intruded on children’s privacy by tracking them surreptitiously, pursuant to New Mexico’s quasi-sovereign interest in protecting the health and well-being of its citizens. 

What’s Next: Spotlight on Programmatic Advertising

COPPA enforcement will likely remain a high priority for the FTC and state attorneys general in 2022. In the meantime, various bills to address teen and children’s privacy have been introduced. And with the FTC’s recent decision to request comments on a petition to ban so-called “surveillance advertising,” larger questions loom about the future role of programmatic and targeted advertising in general.

The petition and notice are available at Regulations.gov, Docket No. FTC 2021-0070. Comments are due January 26, 2022.

Photo of Sheila MillarPhoto of Tracy Marshall

In the absence of a comprehensive U.S. federal privacy law, three states – California, Virginia, and Colorado – have enacted comprehensive privacy laws as of this year. The California Consumer Privacy Act (CCPA) is in effect now, and the California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), and Colorado Privacy Act (CPA) will take effect in 2023. To help businesses plan for compliance, Keller and Heckman LLP has created a side-by-side comparison of some of the key provisions of each law, along with an overview of some of the federal privacy bills introduced in 2021. Click here to read the full article.

Photo of Sheila MillarPhoto of Tracy Marshall

“Dark patterns” – user interfaces that are designed, intentionally or unintentionally, to influence user decision making – have been increasingly on the Federal Trade Commission’s (FTC or Commission) radar. As we previously reported, the FTC held a workshop earlier this year to examine, among other things, how dark patterns affect online user behavior and whether additional rules, standards, or enforcement efforts are needed to protect consumers. Recently, negative option marketing, a common marketing method used by companies that includes automatic renewals, continuity plans, free-to-pay or fee-to-pay conversions, and prenotification plans, came under scrutiny after the FTC received thousands of complaints from consumers. In response, on October 28, 2021, the FTC announced a new Enforcement Policy Statement Regarding Negative Option Marketing (Enforcement Policy Statement or Statement) which makes clear that if negative option offers are made deceptively or misleadingly, they can expose offending businesses to enforcement actions including civil penalties.

The FTC describes negative option marketing as “an offer that contains a term or condition under which the seller may interpret a consumer’s silence or failure to take affirmative action to reject a good or service or to cancel the agreement as acceptance or continuing acceptance of the offer.” Negative option marketing schemes are commonplace and, as the FTC notes, can offer benefits to both consumers and businesses. However, the Commission warns that companies using unfair or deceptive negative option practices are “a persistent source of consumer harm, often saddling shoppers with recurring payments for products and services they did not intend to purchase or did not want to continue to purchase.” The Commission reminds businesses of their obligations under the laws that govern online sales, principally Section 5 of the FTC Act, but also the Restore Online Shoppers’ Confidence Act (ROSCA), the Telemarketing Sales Rule, the Use of Prenotification Negative Plans Rule, the Postal Reorganization Act, and the Electronic Funds Transfer Act.

To provide businesses with a roadmap for compliance with the various statutes and rules, the Enforcement Policy Statement builds on previous FTC guidance and focuses on three principal areas: disclosure; consent; and cancellation.

Disclosure: Businesses are advised to disclose, clearly and conspicuously, all material terms of an offer, including:

  • Any express or implied claims;
  • Any material terms related to the product or service that are necessary
    to prevent deception, regardless of whether those terms directly relate to the terms
    of the negative option offer;
  • Charges for the product or service, or that charges will increase after their trial period ends, and, if applicable, that charges recur unless the consumer takes appropriate steps to stop them;
  • Each deadline by which the consumer must act to stop the charges;
  • The amount or range of costs the consumer will be charged or billed and the frequency of charges;
  • The date(s) each charge will be submitted for payment; and
  • All information necessary to cancel the contract.

The Statement also offers advice on how to ensure that negative option offers meet the FTC’s expectations for “clear and conspicuous” disclosures.

Consent: Marketers must obtain a consumer’s express consent. The Statement offers the following guidance:

  • The negative option seller must obtain a consumer’s unambiguously affirmative consent to the negative option offer and must accept it separately from the rest of the transaction;
  • The seller must not include any information that interferes with, detracts from, contradicts, or otherwise undermines the ability of consumers to provide their express informed consent to the negative option feature;
  • The seller must obtain a consumer’s unambiguously affirmative consent to the entire transaction; and
  • The seller must be able to verify consent.

Cancellation: Cancellation processes should be easy for consumers. Negative option sellers must provide a simple, reasonable, and effective means for consumers to cancel their contracts. The Statement advises companies to ensure that:

  • Cancellation mechanisms are at least as easy to use as the method a
    consumer used to initiate the negative option feature;
  • Cancellation mechanisms are made available through the same medium as the negative option offer; and
  • Cancellation requests that comply with the company’s procedures will be honored, and the company will not interfere with the effectiveness of its cancellation processes.

The Commission approved the Enforcement Policy Statement by a 3-1 vote. Commissioner Christine S. Wilson voted no and issued a dissenting statement objecting to guidance being issued during an open rulemaking on the topics covered in the Enforcement Policy Statement. While expressing general support for the guidance itself, her objection was grounded in concerns that issuance of the guidance appeared to “short-circuit” the ongoing rulemaking. Commissioner Noah J. Phillips voted yes and issued a concurring statement applauding the Enforcement Policy Statement as a helpful framework to explain the FTC’s expectations of businesses engaging in negative option marketing offers. He pointed out that negative option marketing rulemaking implicates the Magnuson Moss Warranty-Federal Trade Commission Improvements Act, and that “even though the Commission has begun this process, this kind of rulemaking sensibly includes regulatory guardrails that have certain timing constraints and could require the consumption of substantial agency resources. The policy statement provides immediate guidance to industry, without the wait.”

Negative option sales and techniques are only one example of how the FTC’s larger interest in so-called “dark patterns” might come into play in practice. Businesses that advertise negative option offers should familiarize themselves with the latest Enforcement Policy Statement. If done right, negative marketing offers should provide the necessary convenience and clarity to consumers, reduce customer acquisition costs, and increase sales.

Photo of Sheila Millar

Richard Trumka, Jr., nominated by President Biden for a seat on the U.S. Consumer Product Safety Commission (CPSC), was confirmed Tuesday evening, November 16, 2021, by a unanimous voice vote in the Senate. When he takes his oath of office, which will likely be within a week or two, Trumka will take the seat of fellow Democrat and former Acting Chair Bob Adler, whose term expired October 27 (though he could have held over up to a year or until Trumka was confirmed).

Trumka, son of the late labor leader Richard Trumka, Sr., served as General Counsel & Staff Director of the Economic and Consumer Policy Subcommittee of the U.S. House of Representatives’ Committee on Oversight and Government Reform. Adler has been associated with CPSC since its creation, having served as a staffer to two Commissioners in the 1970s, and he has served two terms in that office himself, joining the Commission in 2009.

Trumka’s arrival will still leave the Commission one short of its full five-member complement and at a 2-2 party count. Mary Boyle, currently the agency’s Executive Director but nominated for the vacant seat on the body, has not yet been voted out of the Senate Commerce Committee. With less than three weeks left on the current Senate calendar, it is unclear if time remains for Boyle to clear both the committee and the Senate floor. If she does not, her nomination would be returned to the White House as the 117th Congress concludes its first session at the end of the year. At that point, President Biden may renominate her or may choose to go in a different direction.

If Boyle is ultimately confirmed, the Commissioners and their terms would be as follows through the current Biden Administration:

Biden Consumer Product Safety Commission
Commissioner Term Through
Dana Baiocco (R) 2024
Mary Boyle (D) if confirmed 2025
Peter Feldman (R) 2026
Alexander Hoehn-Saric (D, Chair) 2027
Richard Trumka, Jr. (D) 2028