2631388-4
Developments In Mobile
Advertising Law
Mobile Marketing Day March 12, 2015
Andrew Lustigman, Esq.
Olshan Frome Wolosky LLP
2631388-4
Mobile Advertising
.com Disclosures Guide
and
Operation Full Disclosure
2631388-4
•
New staff guidance was issued in
March 2013.
•
Not the law but the FTC’s
interpretation of the law.
•
Guidance generally explains how
to make disclosures clear and
conspicuous and avoid deception
in today’s digital advertising
environment.
FTC Revises Online Disclosure Guidelines
2631388-4
FTC: ultimate test
is whether information
to be disclosed is actually
conveyed to consumer
Clear and conspicuous
• Proximity and placement
• Prominence
• Understandable language
2631388-4
Take Into Account Expanding
Use Of Smartphones
• Consumer protection laws apply equally to marketers across
all mediums, whether delivered on a desktop computer, a
mobile device, or through more traditional media.
• Advertisers should ensure that the disclosure is clear and
conspicuous on all devices and platforms that consumers may
use to view the ad.
• If an advertisement without a disclosure would be deceptive
or unfair and the disclosure cannot be made clearly and
conspicuously on a device or platform, then that device or
platform should not be used.
2631388-4
Operation “Full Disclosure”
September 2014: FTC issued warning letters to more than 60
companies including 20 of the 100 largest advertisers in the
country. Focused on traditional advertising channels.
FTC’s position was that the disclosures were important and thus
should “stand out” in the advertising.
Warning letters asserted that the advertisements failed to
properly convey important information because, among other
reasons, they were easy to miss or were hard to read.
Challenged advertising: pricing limitations; product capability; risk
free trials, worry free trials without disclosing postage component;
overbroad performance claims without sufficient disclosure of
limitations.
2631388-4
Disclaimers Should Be In The Same Column
2631388-4
Mobile Screens
2631388-4
Have Website Optimized For Mobile Devices
2631388-4
Contacting Consumers
On Mobile Devices
2631388-4
The Telephone Consumer
Protection Act (“TCPA”)
The TCPA is “the strangest statute I have ever seen.”
-- Supreme Court Chief Justice John Roberts during oral argument in Mims v. Arrow Financial Services, Inc.
(Nov. 2011).
2631388-4
Overview Of TCPA Telephone Consumer
Protection Act, 47 U.S.C. § 227
TCPA governs calls and texts to residences and businesses. Text messages are treated just like calls to cell phones.
TCPA enforced and interpreted by the FCC. Statute is supplemental to FTC’s Telemarketing Sales Rule.
The TCPA generally prohibits all of the following UNLESS there is “prior express
consent”:
(a) text messages;
(b) autodialed OR pre-recorded voice calls to cell phones;
(c) autodialed AND pre-recorded commercial voice calls to residential land lines;
(d) unsolicited faxes;
(e) autodialed calls to a business that tie up two or more lines; and
(f) more than one Do Not Call violation to same person within a 12-month period by or “on behalf of” the same entity.
2631388-4
What Are The Requirement For
Prior Express Written Consent
Prior express written consent is obtained through a signed written
agreement that clearly and conspicuously discloses to the consumer that:
By signing the agreement, he or she authorizes the seller to deliver
marketing messages to a designated phone number; and
The consumer is not required to sign the agreement or agree to enter
into it as a condition of purchasing any property, goods or services. As part of the new requirements under the TCPA there is also no
grandfathering in of an existing business relationship. The required
signature may be obtained in any manner that complies with applicable state or federal law including via e-mail, Website form, text message, telephone key press, or voice recording.
2631388-4
Express Consent Language Example
By [checking this box, signing this agreement, sending a text to
this code] I agree to receive up to X number of marketing text
messages from [company] at the mobile number I have
provided. I understand that I am not required to provide my
consent as a condition of purchasing any goods or services.
Message & data rates may apply.
2631388-4
Obtaining Consent
• If consent is obtained online, best practice is to require the
consumer to check an unchecked box to indicate his or her
agreement.
• Whether consent is obtained online, in writing or via text message,
include language in a conspicuous location that clearly discloses
what the consumer is agreeing to.
• You must retain a copy of consent or other evidence sufficient to
prove that the consumer agreed in writing to the consent language.
• Intermediary consent may be sufficient in social media context: FCC
(March 2014) granted petition of Group Me ruling that prior
express consent could be obtained through an intermediary in
when group members gave prior express consent to the group
organizer.
2631388-4
Prior Express Written Consent?
• Lower standard for non-commercial calls and texts such as
informational and political calls and for charitable solicitations
made to cell phones.
• For these non-commercial calls to wireless devices, prior oral
consent is permitted. BUT if there is a dual purpose (i.e.,
information and solicitation), that could trigger the higher
standard.
• Caller bears the burden of showing consent existed (23 F.C.C.R.
559). Keep records of consent and institute customer service
procedures to address complaints that could turn into class action
suits.
• Extent of consent may be narrowly construed.
Satterfield v. Simon & Schuster, Inc., 569 F.3d 946 (9th Cir. 2009).
2631388-4
Private Class-Actions TCPA Settlements
Are Costing Companies Big Bucks
TCPA provides a private right of action “if otherwise permitted by the laws or rules of a court of a State” to recover $500 up to $1,500 per illegal call.
Recently:
Lifetime Fitness agrees to pay $15 million to settle allegations relating to text message blasts to current members.
AT&T Mobility entered into a $45 million TCPA settlement in D. Mont., including $15 million in attorney’s fees and costs.
UCSB (Debt collector) agrees to $2.7 million settlement in C.D. Cal. Case Dialing Services, LLC assessed by FCC $2.94 million for 184 unauthorized
autodialed or prerecorded calls to cell phones.
Best Buy agrees to pay $4.5 million in settlement of W.D. Wash. case Papa John’s Pizza agrees to $16 million settlement in W.D. Wash. case
2631388-4
Connecticut Law Increases
Penalties for TCPA Violations
• TCPA provides for statutory damages ranging
from $500 to $1,500 per violation.
• New Connecticut law provides for statutory
damages of up to $20,000 per violation.
• Connecticut Senate Bill 209 was signed by the
Governor on May 28, 2014 and has been codified
as Public Act 14-53.
• Effective October 1, 2014.
2631388-4
TCPA Applies to Political Calls
• Dialing Services, LLC (May 2014)
– FCC levies $2.944 million fine for making 4.7 million
pre-recorded campaign calls to mobile phones without
permission.
• Campbell v. Restore America’s Voice, et al. (E.D. Mich.)
– Class action for pre-recorded political voice calls to persons
who responded to survey on Obamacare.
2631388-4
Lesser Standard For
Informational Messages
Petition of Cargo Airline Association (FCC - March 2014)
• FCC applies lesser standard to informational texts, if notification
may be sent only to the telephone number for the package
recipient;
• Notifications must identify the name of the delivery company and
include contact information for the delivery company;
• Notifications must not include any telemarketing, solicitation, or
advertising content;
• Voice Calls must be 1 minute or less or 160 characters or less in
length for text messages;
• Limited number; and
• Opt-out provisions.
2631388-4
Best Practice Points:
What Can Be Done To Stop The Madness?
•
Obtain Prior Express Written Consent.
•
Use arbitration clauses and class action waivers.
•
Structure relationships to avoid vicarious / “on behalf of”
liability.
•
Use due diligence and make critical inquiries when acquiring
leads.
•
Train marketers and customer service representatives to be
sensitive to TCPA issues.
•
Recognize still risks with contacting mobile devices.
2631388-4
Arbitration Clauses And
Class Action Waivers
• AT&T Mobility LLC v. Concepcion, 131 S.Ct. 1740 (2011):
Supreme Court invalidated a law that conditioned
enforcement of arbitration clauses on the availability of class
procedure; Courts cannot require class actions to remain in
court because such proceedings would be inconsistent with
the Federal Arbitration Act, which pre-empts state law.
• American Express v. Italian Colors Restaurant, 133 S.Ct. 2304
(2013): Courts must “rigorously enforce” arbitration
agreements according to their terms. Reinforces Concepcion
holding that there is no entitlement to class proceedings in
arbitration even if available remedy is not economically
2631388-4
Structure Relationships To Avoid
Vicarious And “On Behalf Of” Liability
• Does the seller control the manner and means by which the calls/texts are sent? If marketer selects the recipients, finding of agency less likely (although marketer may be reckless for failing to verify Prior Express Consent).
• Other factors: Did the marketer have the seller’s apparent authority? Did the seller ratify (consent to be bound by) the marketer’s acts?
• The actual message sender might seek dismissal based on common carrier/mere conduit exception or lack of jurisdiction.
• Mendez v. C-Two Group, Inc. (N.D. Cal. Apr. 21, 2014) district court
dismissed claim against telecommunications dialing platform where
plaintiff failed to allege that party was not originator or controller of the content of the text message, did not have a high degree of involvement in, or have actual notice of the unlawful activity, and failed to take steps to prevent the text transmissions.
2631388-4
Telephone Consumer Protection Act:
Reassigned Number
Breslow v. Wells Fargo Bank, N.A., 2014 WL 2523091 (11th Cir. June 5, 2014)
• Wells Fargo used an autodialer to collect a debt.
• Cell phone number was reassigned to Plaintiff, who let her son use the phone exclusively.
• Wells Fargo claimed prior owner’s consent to call cell phone was valid for TCPA purposes.
• Southern District of Florida ruled consent was not valid. Wells Fargo appealed.
• Eleventh Circuit had to determine the meaning of the term “called party.” • The district court was affirmed. For purposes of consent, “called party”
means current phone subscriber or user.
• Because prior user’s consent was invalid, court did not decide whether the son could have consented to receive autodialed calls even though he was not
2631388-4
Telephone Consumer Protection Act:
Is an App an Autodialer?
Sterk v. Path, Inc., Case No. 13 C 2330 (N.D. III. May 30, 2014)
• Path is a social networking application that scans your smart phone for contact numbers and facilitates group texting.
• Sterk received text message through the Path app inviting him to join.
• Path moved for summary judgment saying its app is not an autodialer.
• Under TCPA, technology is an autodialer if it has the capacity to store or produce telephone numbers to be called using a random or sequential number generator; and to dial such numbers.
• Court creates new definition of autodialer: technology that is “able to dial numbers without human intervention.”
2631388-4
New Jersey Amends Do Not Call Law to
Permit Certain Calls to Cell Phones
• Prior law expressly prohibited all telemarketing calls to cell
phones (even those not using an automated telephone
dialing system).
• S.1382 amends the law to only prohibit “unsolicited”
telemarketing calls.
• Effective January 29, 2015.
• Allows telemarketing calls to cellular telephones if:
– They have the express written request of the customer called; or – The call is to an existing customer, which shall include the ability
to collect on accounts and follow up on contractual obligations, unless the customer has stated it no longer desires to receive the telemarketing sales calls of the telemarketer.
2631388-4
Mobile Apps
2631388-4
FTC Mobile App
Best Practices
• Build privacy considerations in from the start (“privacy by design”). • Be transparent about your data practices.
• Offer privacy settings, opt-outs, or other ways for users to control how their personal information is collected and shared.
• Honor your privacy promises. • Protect kids’ privacy.
• Collect sensitive information only with consent. • Keep user data secure:
– collect only the data you need;
– secure the data you keep by taking reasonable precautions against well-known security risks;
– limit access to a need-to-know basis; and
2631388-4
Snapchat (May 2014)
• Settled FTC Allegations that Snapchat made multiple
misrepresentations about the length of time photos and video
messages would appear before “disappearing forever”.
• FTC charged that users could take a screenshot, use a third
party app, and access unencrypted videos snaps.
• FTC also alleged that Snapchat misrepresented its privacy policy
relating to geolocation and collected Facebook friends contact
information.
• Snapchat is prohibited from misrepresenting the
extent to which it protects the privacy, security, or
confidentiality of users’ information, and is required
to implement a comprehensive privacy data privacy
program monitored by an independent privacy
professional for twenty years.
2631388-4
FTC Chair Discusses Challenges
of “Internet of Things”
• January 2015
• Chairwoman Edith Ramirez highlights 3 key challenges to consumer privacy: ubiquitous data collection, unexpected uses of consumer data that could have adverse consequences, and cybersecurity threats
• Suggestions for companies:
Minimize the data the company collects
Destroy data when its no longer needed
Consider encrypting sensitive information
Appoint a person responsible for security
Clearly explain to consumers when their data is used in ways they may not expect
2631388-4
FTC Study on Health-and-Fitness Apps
• FTC study examined 2 daily activity apps connected to
wearables, 2 exercise apps, 2 dietary and meal apps and 3
system checker apps.
• Found that apps sent users’ personal information to 76
third-parties advertisers.
• Data disclosed to advertisers included: running routes,
eating habits, sleeping patterns and even the cadence of
how they walk or run.
• Four apps sent data to one specific ad company without
anonymizing the information.
• 22 of the 76 third parties gathered data on users’ exercise
information, meal and diet information, symptoms, gender,
geo-location information and ZIP codes.
2631388-4
COPPA Applies to Apps
• Online collection, use or disclosure of personal information from children under age 13
• Personal information: – First and last name;
– Address including street name and name of a city or town; – Online contact information;
– Screen or user name that functions as online contact information; – Telephone number;
– Social security number;
– Persistent identifier that can be used to recognize a user over time and across different websites or online services;
– Photograph, video, or audio file, where such file contains a child’s image or voice;
– Geolocation information sufficient to identify street name and name of a city or town.
2631388-4
COPPA Applies to Apps
• Covered operators of commercial websites and online services (including mobile apps) must:
– Post a clear and comprehensive online privacy policy describing their information practices for personal information collected online from children;
– Provide direct notice to parents and obtain verifiable parental
consent before collecting personal information online from children; – Give parents the choice of consent unless integral to operation;
– Provide parents access to their child’s personal information to review and/or have the information deleted;
– Give parents the opportunity to prevent further use or online collection of a child’s personal information;
– Maintain the confidentiality, security, and integrity of information they collect from children; and
– Retain personal information collected online from a child for only as long as is necessary to fulfill the purpose for which it was collected.
2631388-4
Geolocation Data Subject to COPPA
• December 17, 2014 - FTC Warning Letter to
China-based Baby Bus
• Developer offered free apps geared towards children.
• Apps allegedly collect kids’ geo-location data without
parental approval or otherwise complying with
COPPA.
• Lesson: COPPA applies to domestic and foreign
companies doing commerce in the US.
• Geo-location data regarding kids is highly sensitive.
2631388-4
Dokogeo, Inc.
(NJ)
• Mobile device maker settled NJ attorney general
allegations that it violated COPPA and NJ law by collecting
personal information about children who used its
animation-based mobile app.
• Agreed to injunction barring collection of personal
information about children without consent and
mandates disclosure of collection practices.
• $25k suspended judgment.
2631388-4
Apple, Inc. (FTC Mar. 2014)
• Apple settles FTC complaint allege Apple failed to
obtain parental approval prior to allowing
children to make purchases in App Store or within
apps.
• The FTC alleged that Apple failed to tell parents
that by entering a password they were approving
a single in-app purchase and also 15 minutes of
additional unlimited purchases their children
could make without further action by the parent.
2631388-4
FTC v. Apple, Inc.
• Consent Order
– Apple to modify its billing practices to ensure that Apple
obtains consumers’ express, informed consent prior to
billing them for in-app charges
– If the company gets consumers’ consent for future
charges, consumers must have the option to withdraw
their consent at any time
– Apple to provide full refunds, totaling a minimum of
$32.5 million to consumers who were billed for in-app
charges that were incurred by children and were either
accidental or not authorized by the consumer
– If Apple refunds less than $32.5 million, the balance goes
to the FTC
2631388-4
FTC Sues Amazon Over In-App Purchases
• Alleging Amazon unlawfully billed parents for millions of dollars in unauthorized In-App charges
• Once the app was purchased on e.g. Kindle Fire, kids could run up hundreds of dollars in charges of In-App purchases, no password required
• Alleges line blurred between “virtual” charges and real $$ charges - pages where charges incurred were very similar, little distinction between virtual and $$ costs
• In March, 2012 Amazon updated system to require any charges over $20 to require a password, but not a gross limit
• Amazon says the process was continually improved over time, refunds given to parents who requested them, and the current system in place is better than the system at issue in Apple/FTC. • Motion to dismiss denied December 2014.
2631388-4
Advertising Enforcement
The Traditional Rules Still Apply….
2631388-4
State of California vs. Uber Technologies
• December 9, 2014
• Los Angeles and San Francisco allege in a civil suit that Uber misleads consumers about the service’s safety and fees.
• Alleged violations of Business & Professions Code §§ 17500 and 17200 include:
Making “untrue or misleading representations regarding the quality of the background checks
Charging customers a $1.00 “Safe Rides” fee it justified by saying the money went to pay for those checks:
Using the Uber App to calculate fares based on time and distance without obtaining approval of the technology from a California agency that can do so:
Unlawfully conducting commercial operations at California airports without obtaining authorizations from them, and fraudulently charging a $4.00
“Airport Fee Toll” to customers even when drivers weren’t paying the airport.
2631388-4
False and Deceptive SMS Campaigns
• FTC v. Acquinity Interactive, LLC, (S.D. Fla. Oct. 16, 2014)
• FTC settlements involving charges that the defendants sent “unwanted text messages to millions of consumers, many of whom later received illegal robocalls, phony “free” merchandise offers, and unauthorized charges crammed on their mobile phone bills.”
• Approximately $10 million in total settlement amount to be paid to FTC
– Charged companies violated FTC Act and Telemarketing Sales Rule by offering consumers purportedly free merchandise, such as $1,000 gift cards to large retailers, and products such as an Apple iPad.
– Companies also engaged in illegal mobile phone billing
– Defendants are also banned from various telemarketing practices, such as
misrepresenting whether a product is free through a text message or webpage; they are required to obtain consumers’ express informed consent.
• Other similar recent enforcement actions: Advert: $4.2 million judgment • Cruz: $185,000
• Flora (contempt) $150,000
2631388-4
FTC v. Tatto, Inc. and Bullroarer, Inc.
• $150 Million Settlement against companies and principal.
• Complaint filed against mobile phone cramming
operation:
– Complaint alleges that plaintiffs pitched “love tips” and celebrity gossip alerts by sending text messages to consumers but placed monthly
subscription fees for services without authorization
– Charges appear on consumer’s phone bills, typically $9.99 per month – Trying to obtain a refund was cumbersome.
• Ban on charges on consumer telephone bills.
• Required express consent for other charges for good and
services.
• Actual payment of $10 Million in assets.
2631388-4
FTC v. T-Mobile Data Settlement
• “Cramming” - placing unauthorized or deceptive
charges on a telephone bill
• Charges up to $9.99/mo., T-Mobile received
35-40% of revenue
– Services were for trivia text alerts, horoscope
information, celebrity gossip, and flirting tips
• Refund rates up to 40% in a single month, FTC
says should have been a red flag that charges
were not authorized
• $90 million in financial remedies and consumer
refunds.
2631388-4
FTC v. TracFone – False Advertising
• “Unlimited” data service plan ads advertised prepaid monthly
mobile plans for about $45 per month with “unlimited” data under various brands.
• TracFone drastically slowed or cut off consumers’ mobile data after they used more than certain fixed limits in a 30-day period. • The FTC alleges that TracFone varied its data limits, but generally
slowed data service when a customer used one to three gigabytes, and suspended data service at four to five gigabytes.
• Eventually some disclosures were made, but FTC alleged they were ineffective because they were in very small print or on the back of packages or cards where consumers were likely to miss them.
• Defendants required to pay $40 million.
2631388-4