Photo of Sheila Millar

The name of POM Wonderful, LLC (“POM”) will now forever be linked to some important advertising rulings that are not only of central significance to the food industry, but have broader advertising significance as well.  We are reminded of those actions today because POM’s advertising claims touting health benefits of pomegranate juice resulted in a ruling by the D.C. Circuit Court of Appeal upholding in part a January 2014 Federal Trade Commission (“FTC”) decision on POM’s health claim advertising, but rejecting one of the remedies of most concern to industry as a whole: a requirement that claims be supported by two (not one) well controlled, randomized clinical trials. 

A statement by FTC Chairwoman Edith Ramirez rejected the notion that the Commission would be precluded from requiring two clinical trials in other circumstances.  Chairwoman Ramirez explained that this court decision affirmed the January 2014 FTC decision that the marketers of POM Wonderful 100% Pomegranate Juice and POMx supplements deceptively advertised that the products could treat, prevent, or reduce the risk of heart disease, prostate cancer, and erectile dysfunction, and were clinically proven to have such benefits.  She noted that the court did not uphold the FTC order requirement for two randomized well controlled human clinical trials by POM in that case. However, she explained that the court did affirm the FTC’s order requiring POM to have at least one such study before making disease prevention or treatment claims, and held out the possibility that two might be warranted in other cases.

POM of course was not just the recipient of a claim about allegedly false advertising claims.  POM previously challenged successfully a competitor making “pomegranate” juice claims, resulting in an important 8 to 0 U.S. Supreme Court ruling in POM Wonderful LLC  v. The Coca-Cola Company, 133 S. Ct. 2224 (Jun. 12, 2014).  In that case, the Court ruled that regardless of whether a 100% juice product complies (or not) with Food and Drug Administration (“FDA”) labeling regulations under the federal Food, Drug and Cosmetic Act (“FDCA”), a competitor’s false advertising case under the federal Lanham Act could still proceed. 

Continue Reading POM-eled: POM Wonderful, The FTC and Competitor Challenges (Hint – It’s All About Consumer Deception)

Photo of Sheila Millar

In the advertising world, we know that deception lies in the eyes of the beholder.  Agencies like the Federal Trade Commission (FTC), or self-regulatory bodies like the National Advertising Division (NAD), legally stand in the shoes of the consumer, in the absence of consumer perception studies.  In private litigation, however, the question of consumer perception ‒ whether consumers are actually mislead by an advertising claim ‒ is at the heart of many false advertising cases, and the role of consumer perception studies is different.  In the case of lawsuits by individuals attacking advertising and labeling claims, a recent ruling in California’s “food court” suggests that consumer perception studies likely will be necessary to demonstrate that consumers were actually mislead by claims on food labels. 

While the proliferation of false advertising claims targeting the food industry in California makes  this decision  especially important for food companies, the notion that consumer perception studies are necessary to support a false advertising claim has broader relevance to advertisers, regardless of their industry sector. Click here for an update from the Keller and Heckman Food Litigation team.

Photo of Sheila MillarPhoto of Tracy Marshall

As we discussed in the Privacy Class Action Claims on the Rise post from December 17, 2014, the number of privacy class action claims is trending upwards, along with all things privacy-related.  Some of the breaches and other big media stories could have been avoided, while others were unavoidable for the businesses at issue.  Either way, though, businesses are now on notice that they have precious data, data that customers care about and that hackers want.  So what’s a responsible business supposed to do to protect against privacy and security claims?

  1. Prevent them.  Set up a robust privacy and data security regime.  Plan for privacy – technically and legally – from the start.  Understand what you are collecting and adopt procedures to safeguard data.  How to do this varies depending on context:
    1. Build privacy and security into your app or website, collecting only the information that you need and establishing mechanisms to protect the data appropriate to the sensitivity of that data.
    2. Train your employees on best practices.
    3. Stay up to date with developments and thinking on privacy and security.
  2. Plan for them.  Know what you’re going to do when a breach happens, whether it’s someone inside or outside your shop that causes it.  Know who you’re going to hire to investigate.  The team that’s going to meet to plan next steps?  They should already be meeting.
  3. Get real with them.  The people affected by the privacy issue, if we’re talking about a breach, need to know promptly.  Legal obligations aside, people expect to know fast, and they may need to know to prevent fraud and secure themselves in the future.  It’s difficult to balance transparency and confidentiality when you’re in the heat of the forensic evaluation, but you should realize that consumers – and the plaintiffs’ lawyers who represent them – are increasingly expecting disclosure, fast.

In this connected age, the best businesses understand the importance of privacy and security.  But companies live in a world where their databases are under attack by weekend hackers showing off their skills, cyber-criminals, and even state-sponsored terrorists, where technology changes at breakneck speed, and where budget approvals are a corporate reality.  So remember to expect the unexpected and include some fire drill planning in the mix. 

Photo of Sheila Millar

The Supreme Court heard a case earlier this month that could have a big impact on businesses in many areas regulated by federal agencies that use voluntary standards. In U.S. Department of Transportation v. Association of American Railroads, the Supreme Court is considering a D.C. Circuit decision that invalidated a law that gives Amtrak a large role in writing performance standards for passenger trains. The D.C. Circuit held that the law amounted to an unconstitutional delegation of authority. Similar standards are used by a number of federal agencies in their regular business, and by the companies regulated by those agencies.

The U.S. Consumer Product Safety Commission (CPSC), for one, relies quite heavily on voluntary standards to do its business. Under one provision of the Commission’s organic law, if the CPSC identifies a risk of injury associated with a consumer product and there is both a voluntary consensus standard that adequately addresses the risk and a likelihood of substantial compliance with the standard within the affected industry, the CPSC must defer to the voluntary standard. In some cases, however, Congress requires the CPSC to take voluntary standards and make them binding. This is the case for toys and durable nursery products under the Consumer Product Safety Improvement Act (CPSIA) § 106 and § 104, respectively. And the CPSC is just one example. Many federal agencies rely on outside groups to draft standards that govern businesses around the country, and federal agencies are generally encouraged to use such standards in lieu of creating government-designed rules.

As voluntary standards are typically created by private parties, the issue is whether such standards amount to private parties writing laws that govern the public generally (a set of concerns closely related to the non-delegation doctrine). These concerns were a hot legal topic in New Deal days, when the Supreme Court struck down key parts of FDR’s economic plans as violating the Constitution’s grant of law-writing power to the legislature.

After the argument at the high court concluded on December 8, however (listen here), it appears less likely that voluntary standards around the country will go down in flames, as the Supreme Court appears more concerned about due process concerns implicated by the performance standards at issue in the case. In response to Justice Breyer’s request to “calm me down” when he considered standards set by, for example, ICANN, being called into question as a result of a decision in this case, the attorney for the railroads assured him that no one envisioned such a broad ruling here. Instead, the question was whether Amtrak had been given “the pen” to write regulations with, to the disadvantage of competitors, and whether that was a problem. This, in the end, distinguishes this case from that of the CPSC and many other agencies. In the CPSC, some standards are deferred to (not adopted), and others are adopted with changes that the CPSC itself adds. Moreover, all of the recent standards have been written by standards-development groups that are broadly representative of regulated and other interested parties.

While it is always challenging to predict the outcome of a case based on oral argument, it seems unlikely that the Supreme Court will strike down the Department of Transportation’s rules on nondelegation grounds. And if the D.C. Circuit’s nondelegation holding is overturned, then businesses around the country – and the agencies that regulate them – will be able to breath a sigh of relief that industries won’t be turned upside down by a decision overriding voluntary standards incorporated by agencies that have binding effect on private parties. The nondelegation doctrine, then, may have to await another case to be reinvigorated.

Photo of Sheila MillarPhoto of Tracy Marshall

From the allegations of Edward Snowden about official snooping on U.S. citizens (and non-Americans worldwide) to any of the seemingly innumerable data breaches hitting retailers like Home Depot and Target or movie/television studio Sony or pick-your-favorite-example, it’s rare that a day passes without some breaking news about privacy (or its sibling, cybersecurity).

Think of the last time privacy wasn’t in the national spotlight in the last five years.  Can’t think of any time like that?  Neither can we, and an economic analysis published this past summer backs us up.

NERA Economic Consulting’s Consumer Class Action Settlements: 2010–2013; Settlements Increasing, With a Focus on Privacy, explains that privacy claim settlements appear to be heating up, even as the number of class action settlements nationally appears to be remaining steady.  Settled cases involving allegations of consumer privacy grew between 2010 and 2013, from 5 (2010), to 20 (2011), to 24 (2012), to 35 (2013).  Claims against retailers involving compromised personal information are particularly noteworthy, since retailers face the largest proportion of consumer privacy violation settlements – 24%.  Business/consumer services and banking/finance industries are not far behind retailers at 22% and 18%, respectively.

Also noteworthy is the distribution of privacy claims.  Telecommunications providers and bank/finance industry settlements were more likely to include allegations related to spam than to the misuse of personal information, while the reverse is true for the retail, business/consumer services, and entertainment/social media settlements.

This report reflects what we have been hearing from colleagues and clients here and around the privacy world.  Growing concerns about privacy and security leading to class action suits also dovetails with increased international, federal, and state enforcement activities.  (And by the way, the report tells a similar story on the growth of false advertising claims.)  No one is immune, and it shouldn’t be surprising that the number of privacy-related claims is increasing with the ever-more-connected nature of our world.  More people are using multiple devices to connect to the Internet, and not just with computers and smartphones, but through the vaunted “Internet of Things” that allows us to control our lights, save energy with our appliances, and even open and close our doors.  More information is kept about more subjects (the vaunted “Big Data”), so when information is handled poorly – read poor privacy or security practices – consumers and regulators are increasingly taking action.  What’s more, even if information is handled properly at every step, third parties (hackers) are testing the boundaries by ever more clever attacks designed to access the data you keep.

What to do?  More on that in an upcoming post.

Photo of Richard F. Mann

On November 25, 2014, the Food and Drug Administration (FDA) released final regulations implementing nutrition labeling requirements for retail food establishments.  The regulations implement Section 4205 from the Patient Protection and Affordable Care Act, which requires chain restaurants and similar retail food establishments to provide consumers with more nutrition information.  From an advertising perspective, the regulation is important, because it potentially imposes mandatory disclosures on in-restaurant communications that might be conisdered promotional in nature.  Compliance with the restaurant labeling regulation begins December 1, 2015.

Labeling Requirements for Restaurants and Similar Retail Food Establishments

  • The menu labeling regulation applies to restaurants and “similar retail food establishments” if they are: part of a chain of 20 or more locations, doing business under the same name, and offering for sale substantially the same menu items.
  • Restaurants and “similar retail food establishments” are defined as entities serving “restaurant type food” including bakeries, cafeterias, coffee shops, convenience stores, grocery stories, and food service facilities located within entertainment venues (e.g. movie theatres).  The term “restaurant type food” encompasses food typically eaten either on the retail premises, while walking away from the premises, or soon after arriving at another location.
  • Importantly, FDA decided to include most food service establishments located within other retail or entertainment venues within the scope of the rule (such as bookstores and movie theatres) after receiving a number of comments disfavoring a more complicated approach that would have only subjected such establishments to the requirements of the rule if the primary business activity of the retail or entertainment venue is to sell food.
  • Entities subject to the menu labeling regulation must list: calorie information and the statement “2,000 calories a day is used for general nutrition advice, but calorie needs vary” for standard menu items and menu boards.
  • Covered entities must make available, on request, nutrition information about total calories, total fat, calories from fat, saturated fat, trans fat, cholesterol, sodium, total carbohydrates, fiber, sugars, and protein.

FDA has defined “Menu” or Menu Board” as “the primary writing of the covered establishment from which a customer makes an order selection, including, but not limited to, breakfast, lunch, and dinner menus; dessert menus; beverage menus; children’s menus; other specialty menus; electronic menus; and menus on the Internet.”  Accordingly, items that feature signigicant promotional components, including internet promotions, may nevertheless be considered to be “menus” and therefore subject to the affirmative requirements of the regulations.

Photo of Sheila Millar

The Federal Trade Commission (FTC) applies a couple of cardinal rules for advertisers playing in the social media space: tell the truth and disclose endorsement arrangements.  Sony Computer Entertainment America LLC and its advertising agency Deutsch LA, Inc. apparently broke those rules in advertisements launching Sony’s PlayStation Vita (PS Vita) in 2012.  Each agreed to settle FTC charges that they violated the FTC Act.  The agreements bar both Sony and Deutsch from making misleading claims, require Sony to provide consumers with either a $25 cash/credit refund, or a $50 merchandise or services voucher and notify consumers about their eligibility via e-mail, and bar Deutsch from misrepresenting that an endorser is an independent user.

The PS Vita is a handheld device that was marketed as a mobile gaming platform that, among other things, enabled consumers to transfer game play from Sony’s PlayStation 3 platform to the PS Vita via “remote play” or “cross-save” features.  Around the time of the product’s launch, Deutsch encouraged its employees to post about the game on Twitter with the hashtag “#gamechanger,” but with one big omission: Deutsch failed to advise its employees to disclose their connection to Deutsch or Sony.  Encouraged by the company-wide e-mail, Deutsch employees posted tweets such as:

“One thing can be said about PlayStation Vita…it’s a #gamechanger”

“PS Vita [ruling] the world. Learn about it!
us.playstation.com/psvita/#GAMECHANGER”

“Thumbs UP #GAMECHANGER – check out the new PlayStation Vita”

“This is sick. . . .See the new PS Vita in action. The gaming #GameChanger”

“Got the chance to get my hands on a PS Vita and I’m amazed how great the graphics are. It’s definitely a #gamechanger!”

According to the FTC, absent a disclosure that the employees worked for Sony’s advertising agency, these tweets meant Deutsch “has represented, directly or indirectly, expressly or by implication, that these comments about the PS Vita were independent comments reflecting the views of ordinary consumers who had used the PS Vita,” in violation of the FTC’s Endorsement Guides.

Further, the FTC said the advertised features were extremely limited, contrary to Sony’s claims.  For example, ads indicated that PS Vita users could pause PlayStation 3 games any time and continue playing them on the PS Vita.  In reality, saving capabilities varied widely from game to game; in one baseball game, saved games could only be transferred to the PS Vita after finishing nine innings.

Playing games with the FTC’s Endorsement Guides and making unsubstantiated claims seldom ends well for advertisers and their agencies.  When it comes to social media, advertisers should consult the FTC’s March 2013 .com Disclosures guidance, the October 2009 revision to the Endorsement Guidelines, and last December’s workshop on native advertising, Blurred Lines.

Photo of Sheila Millar

Since new requirements under the updated Children’s Online Privacy and Protection Act (COPPA) entered into force in July, 2013, the Federal Trade Commission (FTC) has moved into an active enforcement phase, while also fielding requests to recognize new parental consent methods and safe harbor programs.  Those interested in children’s online activities can draw some important lessons from these activities.

  • Enforcement Actions.  In September of this year, the FTC settled with Yelp, Inc. and TinyCo. Inc., obtaining $450,000 and $300,000, respectively, for allegedly violating COPPA by collecting data on users under thirteen without parental consent.  Last month, TRUSTe, Inc., a company that provides a number of privacy “seal” programs, including a COPPA safe harbor program, incurred a $200,000 fine for failing to review its customers’ privacy policies before recertifying their seals, contrary to representations by TRUSTe that it reviewed them.

LESSONS LEARNED:  COPPA isn’t just for kids’ sites.  And, by the way, if you’re a seal program, make sure you don’t overstate the parameters of your program.

  • Parental Consent Methods.  Imperium Inc.’s application for a new parental consent method using knowledge-based questions was approved in December, 2013.  Others weren’t so fortunate.  The FTC rejected iVerify’s proposal to use Social Security Numbers and knowledge-based authentication questions in February, 2014 because the proposal was simply a variation on already-approved consent methods.  In July, 2014, the FTC received a proposal from AgeCheq, Inc. detailing two methods for obtaining parental consent under COPPA: (1) a method involving a financial transaction; and (2) a requirement that parents print, sign, and return a form providing consent to AgeCheq.  The FTC rejected the proposal, saying the company did not present a new means of obtaining parental consent under COPPA.  AgeCheq in the interim submitted a second proposal on October 1, 2014, which is pending consideration.

LESSONS LEARNED:  If you’re proposing a new parental consent method, make sure it is new.

  • Safe Harbor Programs.  An additional safe harbor program, kidSAFE, received approval in February 2014.  iKeepSafe, also known as the Internet Keep Safe Association, was also approved as a safe harbor program in August, 2014.  This brings the total number of approved COPPA safe harbor programs to seven.

LESSONS LEARNED:  More safe harbor programs offer more choices for companies that elect to take advantage of them, but due diligence is necessary.  Regardless of whether companies choose to join a safe harbor program, close internal attention to COPPA compliance is business-critical for kids’ companies.

Photo of Tracy Marshall

The end of the year is a popular time for consumer promotions.  For example, you might sponsor a contest where entrants submit an original recipe and photo of the prepared dish, sponsor a sweepstakes with text messaging as an entry mechanism, engage in charitable fundraising where a percentage of the purchase price for a product will be donated to an organization of choice, allow consumers to create wish lists or videos and share them via e-mail or text messaging, or sponsor a promotion that involves submitting entries via social media with a specific hashtag.

These are fun and creative ways to engage consumers, spread the word about new products and services, and generate goodwill.  Just don’t forget to conduct a thorough legal review early on to avoid major pitfalls and possible enforcement action.  We offer ten tips to keep in mind as you advertise and promote your company’s brands, products, services, and favorite philanthropies this holiday season.

1.  Disclosures and Rules.  Clear and conspicuous disclosures in promotional materials are essential to avoid claims of unfairness or deception.  The Federal Trade Commission (FTC) revised its.com Disclosures guidance last year specifically to address online and mobile advertising.  In addition, most states require Official Rules for contests and sweepstakes, and all promotional materials (which include websites, tweets, and Facebook posts) must display the Official Rules, or at least abbreviated rules with the material terms.  Communicating the material terms in social media and banner ads can be challenging given character and space limitations. Many states also regulate the activities of commercial co-venturers (for-profit entities who advertise that a portion of the purchase price of a product or service will be paid to a charitable organization), and require certain disclosures in their advertising.

2.  Registration and Bonding.  Determine whether the promotion will require registration and/or bonding in any states well in advance of the start date, as this can take time to secure.  Some states require sponsors of contests and sweepstakes to post bonds and/ or register the promotion, and commercial co-venturers must register in some states before engaging in cause-related marketing.

3.  Trademarks.  If you co-sponsor a promotion, engage in fundraising for another organization, or offer prizes that will be provided by a third party, make sure you have appropriate rights to use the other party’s name and trademarks.  And don’t automatically assume that you have permission to use trademarks or offer prizes owned by entities that are not affiliated with your promotion, such as referencing the Super Bowl® in advertising or offering Apple® products as a prize.

4.  Copyrights.  For promotions that involve soliciting photos, videos, recipes, ideas, or other content, consider how the company will use the content (e.g., on a website or social media pages or for product development purposes) and secure appropriate rights to use it.  It is also prudent to post submission guidelines to ensure that users own the content and/or have a right to submit it and to avoid content that is offensive or unlawful.

5.  Targeting Children.  Promotions that are open to minors pose additional considerations.  Since minors do not have the legal capacity to contract and agree to the Official Rules and other terms and conditions, it may be necessary to obtain consent from a parent or legal guardian.  Also consider whether the prizes are age-appropriate.  The Children’s Online Privacy Protection Act (COPPA) restricts the collection of personal information online from children under age 13 without express parental consent, and photos, videos, and audio files are now considered “personal information” under COPPA (in addition to names, addresses, e-mail addresses, and the like).  Also keep in mind that social media sites have different ages of eligibility for users, so promotions conducted through these sites should be tailored accordingly.

6.  Text Messaging.  Encouraging users to provide mobile numbers for friends or enter a promotion via text messaging triggers the Telephone Consumer Protection Act (TCPA).  The TCPA prohibits sending SMS messages to a wireless phone without prior consent, which must be written in some cases.  Due to the inherent consideration involved with accepting contest or sweepstakes entries via text message, consider offering a free alternative method of entry if winners will be determined by chance (as opposed to a skill contest), since legal games of chance cannot involve any type of consideration.  Accepting entries via text messaging for promotions open to children triggers COPPA to the extent that it involves the online collection of personal information through entries.

7.  Social Media.  Keep in mind that the same laws that apply to traditional forms of advertising apply to social media.  In addition, all promotions conducted through social media must comply with the policies, terms, and guidelines for the particular platform.  Those guidelines vary and are constantly changing, so you should revisit them periodically.  It is also prudent to consult each site’s brand guidelines before using trademarks owned by the platforms.

8.  Endorsements and Testimonials.  The FTC has been active in enforcing violations of its Endorsement Guidelines as unfair and descriptive practices under Section 5 of the FTC Act.  Last month, Sony and its ad agency settled FTC charges that they violated Section 5 and the Endorsement Guidelines when the agency’s employees tweeted about a new Sony product with the hashtag #gamechanger, but without disclosing their connection to Sony and the agency.  Earlier this year, the FTC issued a letter to Cole Haan concluding that Pinterest “pins” by contest entrants consisting of images of Cole Haan products constituted an endorsement that required disclosures, and the #WanderingSole hashtag that entrants were required to use did not adequately communicate the material connection with the sponsor and the fact that the pins were made in connection with a contest. 

9.  Consumer Privacy.  Promotions are a great way to collect information about the company’s fans that can potentially be used for marketing purposes.  Be mindful of consumers’ privacy expectations when collecting information from them, and make sure that the company’s information collection and use practices are consistent with its published policies (and, when collecting personal information, make sure that the company has a robust privacy policy in place!). Make it easy for consumers to find the company’s privacy policy at every point where personal information is collected, and consider what (if any) choices you will offer regarding future communications from the company, its affiliates, and/or unrelated third parties.

10.  Data Security. The string of data breaches affecting Target, Home Depot, and other retailers last holiday season and throughout this year is an important reminder about data security. When collecting information from consumers, make sure that adequate physical and administrative security measures are in place to protect the data from unauthorized access, disclosure, and use.  Consider what information is necessary to conduct the particular activity for which it is collected, and limit the amount and type of information that is collected accordingly.  Also limit access to employees and vendors who need the information to perform their jobs and contractual obligations and who have been informed about how to handle it.

This list is by no means comprehensive, but it is a good starting point for your holiday promotions that can translate into sound practices all year long.