Photo of Sheila MillarPhoto of Anushka N. Rahman

Joining a growing number of state and federal agencies, the U.S. Consumer Product Safety Commission (CPSC or Commission) is seeking information on uses of per- and polyfluoroalkyl substances (PFAS) in consumer products. In addition to work it began last year with ASTM International on consumer product standards related to PFAS, the CPSC released a white paper prepared by an external contractor back on July 14, 2023, and is now seeking comments on a Request for Information (RFI) on PFAS in Consumer Products. Through its RFI, the Commission is soliciting feedback on, among other things, how to define PFAS, which the report acknowledges has “no single, universally accepted definition … or authoritative list of substances.” To read the full article, click here.

Photo of Sheila MillarPhoto of Katie BondPhoto of Samuel Butler

California Governor Gavin Newsom recently signed into law AB1305, another in the line of bills that reflect California’s efforts to tackle climate change. AB1305 amends California’s Health and Safety Code to require certain disclosures from companies that affect claims such as carbon neutral, net zero, and the like, in reliance on voluntary carbon offsets (VCOs). The law applies to business entities selling VCOs in California; those operating in California and relying on California VCOs for any claims, regardless of where the claims are made; and those operating in California and making VCO claims within the state. For more details on the key disclosure requirements and potential questions arising from the new law, click here.

Photo of Sheila MillarPhoto of Katie BondPhoto of Samuel Butler

“Service fees.” “Convenience fees.” Whatever a business calls them, consumers don’t like them, and neither does President Biden. The President has repeatedly pledged to end the practice of imposing what he calls “junk fees.” The Federal Trade Commission (FTC) has now issued a new proposed rule (proposed Rule) requiring more transparency in imposition of these fees. Click here for the full article.

Photo of Sheila MillarPhoto of Liam Fulling

On September 18, 2023, the United States District Court for the Northern District of California granted a preliminary injunction to NetChoice, a tech umbrella group, against California Attorney General Rob Bonta from enforcing the California Age-Appropriate Design Code Act (CAADCA). The court found the CAADCA, which was slated to take effect on July 1, 2024, was likely to violate the First Amendment, marking a major win for online businesses in at least this initial stage of the litigation. To read more about this important development, click here.

Photo of Katie BondPhoto of Samuel Butler

The FTC recently announced an enforcement action involving generative artificial intelligence (AI). The most interesting part: it hardly involves AI at all. There is no alleged misuse of AI, and not even allegations of AI actually being used. Rather, the case is a business opportunities case. 

The FTC alleges that three individuals and several inter-related businesses claimed to be able to help consumers launch lucrative e-commerce stores on and Walmart. But, according to the FTC, promises of significant earnings proved untrue for most consumers who had paid $10,000 to $125,000 for the services. The FTC alleges that these practices constituted deceptive advertising and violated the Business Opportunity Rule, among other laws and regulations. The FTC has already obtained a temporary restraining order in the case, and is now seeking preliminary and permanent injunctions, as well as civil penalties. So what does this all have to do with AI?

The advertising for the services allegedly included claims like, “We’ve recently discovered how to use AI tools for our 1 on 1 Amazon coaching program, helping students achieve over $10,000/month in sales,” and “That is how you make $6000 net profit and that is how you find a product in 5 minutes using AI, Grabbly, Priceblink.” 

The mere mention of AI turned a fairly ordinary business opportunity case into an AI case. “AI” made it into the headline of the FTC press release and at least some mainstream media has reported on the case – which is normally uncommon except for high-profile FTC enforcement actions, like those against Meta or Amazon. 

The lesson here: all eyes (including regulators’ eyes) are on AI. Any novel use of AI in business must be carefully vetted, as does any mention of AI in advertising.

Photo of Sheila MillarPhoto of Tracy Marshall

How should companies respond to and report data security breaches nationally? What cybersecurity practices and procedures reflect current best practices? Two federal agency actions provide new rules and guidance and show that the cybersecurity landscape is changing. First, the U.S. Securities and Exchange Commission (SEC) adopted new rules earlier this month that will (among other things) require publicly-traded companies to disclose “material” cybersecurity incidents on SEC Form 8-K within four business days and make certain cybersecurity disclosures. Second, the National Institute of Standards and Technology (NIST) recently released its latest Cybersecurity Framework, which now includes a section on corporate governance. Cybersecurity issues are directly related to environmental and social governance (ESG) reporting issues and are increasingly important to businesses from a compliance and governance standpoint. The new SEC requirements have garnered industry criticism, and industry organizations are seeking a delay in the September 5, 2023, effective date. Read the full article here.

Photo of Sheila MillarPhoto of Antonia Stamenova-DanchevaPhoto of Anushka N. Rahman

On July 13, 2023, a three-judge Ninth Circuit panel denied Google’s challenge of its earlier decision in Jones v. Google, which held that state privacy law claims in a putative class action are not preempted by the federal Children’s Online Privacy Protection Act (COPPA). The December decision reversed a lower court’s dismissal of the action on the grounds that COPPA preempted identical state law claims. Google petitioned the Ninth Circuit to have the case reheard by the full court, and the panel asked the Federal Trade Commission (FTC) to weigh in on the preemption question. In May, the FTC submitted an amicus brief in support of the Ninth Circuit’s finding that COPPA does not preclude identical state law claims. The panel’s decision affirms its December opinion and amends it to note the FTC’s support. 

Click here to read more.

Photo of Sheila MillarPhoto of Tracy Marshall

The Children’s Online Privacy Protection Act Rule (COPPA Rule) requires that online sites and services directed to children under 13 obtain parental consent before collecting or using children’s personal information and lists existing methods for such consent. Now the Federal Trade Commission (FTC) is seeking comments on whether it should expand its parental consent methods to include a potential new mechanism. On July 20, 2023, the FTC published a notice in the Federal Register seeking comments on an application from the Entertainment Software Rating Board (ESRB) and tech companies Yoti and Super Awesome that proposes using facial age estimation technology that analyzes the geometry of the face to confirm a person is an adult. The deadline for comments is August 21, 2023.

To read the full article, click here.

Photo of Sheila MillarPhoto of Ales Bartl

On March 30, 2022, the European Commission (EC) unveiled a proposal for a framework eco-design regulation aimed at creating a policy framework for sustainable products. Among the tools proposed by the EC is the EU Digital Product Passport (DPP), a product-specific data set that would apply nearly to all non-food products sold in the EU and would require disclosure of a vast array of information, much of it currently deemed confidential business information. Through DPPs, both competent authorities and users across the supply chain will have access to information including origin, materials, and sustainability and recyclability, via a scannable QR code. DPPs are intended to promote circularity and economic growth, help consumers make sustainable choices, and improve enforcement. If adopted as envisaged in 2024, the DPP framework would likely enter into force in 2027. In addition to environmental and product safety considerations, intellectual property rights, usefulness of the data, privacy and security are all important issues for affected companies to consider.

To read the full article, click here.

Photo of Sheila MillarPhoto of Tracy Marshall

After an extended public comment period, the Federal Trade Commission (FTC) adopted revised Guides Concerning the Use of Endorsements and Testimonials in Advertising (Endorsement Guides) on June 29, 2023. As we previously posted, the FTC voted to publish proposed revisions for public comment in May 2022. The updated Endorsement Guides and companion FAQs, which include 40 new questions, are intended to provide more specific guidance for companies that engage third parties to promote their brands, products, and services, or which encourage consumers or their own employees or agents to do so. The revisions better reflect the ways companies advertise now, and they address issues such as online influencers, social media tools, fake reviews, virtual or fabricated endorsers, and children’s advertising.

To read the full article, click here.