In This Issue:

• PayPal Pays Peer-to-Peer Penalty
• Pabst Sub-Brew Accused of Using City Water
• FTC Takes Second Swing at Alleged Telemarketing Terror
• California DAs Brew Up Cup of Claims
• Digital Influencers Pose Difficult Questions for Flesh-and-Blood Regulators
• NAD & CARU West Coast Conferences

PayPal Pays Peer-to-Peer Penalty

Online payment company settles with FTC over false financial claims

Coinster

Think of Venmo as the Napster of online payments.

Back when Napster walked the earth, its peer-to-peer network was a novel take on file sharing. The central Napster service would monitor users and the files that they were willing to share. When a user requested to download a particular file, the service would draw on different pieces of the file held by other Napster patrons and assemble it on the user’s local machine.

Venmo followed a similar model: account holders could attach their account to multiple debit cards, credit cards and bank accounts. After assembling an account balance by drawing on these accounts, the user could pay out funds to other Venmo users or receive payment in turn.

By handling the funds in their own holding accounts, Venmo decentralized payment systems, opening up myriad payment opportunities.

Triple Complaint

PayPal liked the Venmo approach enough to snap up the company in 2013, only two years after it launched. But PayPal landed in hot water with the Federal Trade Commission in February 2018, when it was named in a complaint alleging several infractions.

First, Venmo users were told through several of the company’s channels, including the Venmo app itself, that funds they received from other users were available for transfer “overnight.” Despite this assurance, the FTC claimed that “Venmo [waits] until a consumer attempts to transfer funds to his or her external bank account to review the transaction for fraud, insufficient funds, or other problems.” The funds were often frozen, delayed or reversed if the service suspected fraud or questionable activity, often allegedly taking longer than overnight.

Additionally, the Commission accused Venmo of misleading its users about the privacy of their transactions. By default, the service posts a public feed of all transactions that can be read by users and non-users alike, in real time. The Commission claimed that the settings that allowed users to opt-out of this public feed, and other public postings such as on user profiles, were unnecessarily confusing and could lead to the exposure of information they would rather conceal – potentially sensitive information about how much was paid to whom, when, and because the message sent to the recipient was also publicly posted, sometimes for what. In addition, each Venmo user was given a public profile page that publicly posted their last five incoming and outgoing transactions for the world to see. In order to opt-out, users, the FTC contends, had to change two separate and hard-to-find settings, and a user’s settings could also be overridden by the other person in a transaction. Further, the FTC pointed to Venmo’s Privacy FAQs that were not consistent with how privacy defaults and setting options worked. Examples of specifics the FTC found to be explicitly deceptive, or to constitute deceptions by omission of material information, included:

• The Default Audience Setting had three options: public, friends or participants. However, selecting participants did not, in fact, have the effect of making all aspects of transactions private. Users would also need to go into Transaction Sharing Settings and change the “Everyone” default to “Only Me.” Otherwise, if the other party (User B) to a transaction had not limited their privacy settings, they would publicly publish the information unless the first party (User A) had set both settings to private mode.
• Further, User B could retroactively make a transaction public even if User A had set both settings to privatode.
• Similar issues were alleged to apply to per-transaction privacy setting tools.

These privacy problems were alleged to be not only deceptive under Section 5 of the FTC Act but to also violate the privacy obligations of financial institutions under the Gramm-Leach-Bliley Act, which, among other things, requires affirmative acknowledgement of and a compliant initial privacy notice as a necessary step of obtaining financial services. Merely posting the notice “By signing up, you agree to Venmo’s User Agreement and Privacy Policy” “in grey text on a light grey background” at the bottom of the page – when the sign-up action buttons were at the top of the page – was, the complaint alleges, insufficient.

The complaint also included allegations that Venmo’s security systems were insufficient to fulfill its obligations under the Gramm-Leach-Bliley Act or its promise of “bank grade security,” specifically by:

• Failing to have a written information security program;
• Failing to assess reasonably foreseeable internal and external risks to the security, confidentiality and integrity of customer information;
• Failing to provide security notifications to the consumer, such as notifications that their password or email address has changed, or that a new device was added to the consumer’s account; and
• Failing to maintain adequate customer support to timely investigate and respond to user’s reports concerning account compromise or unauthorized transactions.

The Takeaway

PayPal settled the suit and entered into a 20-year consent order.

The settlement and consent order binds Venmo from making misrepresentations about the three general “buckets” of allegations: restrictions on fund transfers, privacy levels and security initiatives. On the security front, the company is also bound to adhere to the Gramm-Leach-Bliley Act’s Safeguards Rule – which mandates security, confidentiality and information integrity safeguards – and the Privacy Rule, which requires privacy notices to be given to customers.

All online services should learn from the FTC allegations regarding privacy, transparency and choice. The FTC concluded that the public sharing of transaction data by default, and the cryptic and difficult to effectively use privacy settings were “directly contrary to the expectations of a reasonable consumer,” and Venmo’s “failure to disclose or disclose adequately the material information [regarding what transaction was shared under what circumstances and how it could and could not be limited] is a deceptive act or practice.” Transparency failure can constitute deception. Inadequate explanation of choice, or ineffective choice, can also be deceptive. Also, beware of other statements you make that are inaccurate. Here, Venmo’s Privacy FAQs were alleged to be inaccurate and thus explicitly deceptive. Finally, security assurances that do not live up to their promises are a deceptive practice.

Because Venmo is a financial institution, the Gramm-Leach-Bliley Act holds it to higher standards of privacy and security than apply to non-financial institutions, and the FTC used that law rather than the more general limitation on deceptive and unfair practices under Section 5 of the FTC Act to pick apart other Venmo practices. However, all companies should take note that the FTC took issue with unexpected privacy practices concerning public financial information sharing buried in a privacy policy and the lack of consent to those when the closest thing to affirmative acceptance was an inconspicuous notice on the registration page that account set-up would be deemed consent. Unexpected privacy practices should be highlighted at the point of consent or collection, and an online consent should be configured in a way that the user must take actions that unequivocally indicate an intent to accept terms that are made available for viewing. A better approach would have been “[_] By checking the box and clicking AGREE, I confirm I have read and accept the Terms and Privacy Policy. [AGREE]”

Another interesting takeaway is that although the FTC alleged actual financial harm had been incurred by users due to not completely accurate representations about “instant” funds availability (e.g., users sold event tickets based on a Venmo transaction, only to later learn it was completed after the person was gone and the event concluded), it limited its unfairness authority claims to inadequate security allegations. This shows the new FTC is shying away from the efforts by the Commission under the prior administration to expand unfairness authority into the realm of privacy and marketing and sales claims.

Pabst Sub-Brew Accused of Using City Water

Olympia Beer’s “It’s the Water” tag attacked by class action suit

H2Oh!

Water is important. We all know that. It’s essential to our health and fundamental to the existence of life. But above and beyond all, it’s the crucial ingredient in beer.

Consider the case of Brandon Peacock, a California citizen, and the lengths he went to preserve the aquatic integrity of storied beer brand Olympia beer.

Antediluvian

The story begins in 1850 (yes, 1850), when brewer Leopold Schmidt purchased property in Washington state and set up shop. Eventually, his brewing company began using nearby waterfalls to produce a product called Olympia Pale Export, which became quite popular. Around the turn of the century, the company added “It’s the Water” to the can, pitching the waterfalls near Schmidt’s original stead as the reason for the beer’s winning taste.

In 1999, after a century of “mergers, acquisitions, and consolidations,” according to a class action suit lodged by Peacock, the Olympia Brewing Company – the predecessor of Schmidt’s original brewery – was purchased by Pabst Brewing Company. Peacock alleges that sometime after the old Olympia Brewery closed in 2003, Pabst began brewing Olympia Beer in a mega-brewery located in Irwindale, California.

The Takeaway

Despite the move, Peacock alleges in a March 2018 complaint in the Eastern District of California that Pabst continues to sell Olympia Beer with the “It’s the Water” tagline, retained a picture of the original brewery and waterfalls on the packaging, and promoted the beer’s unique origin on its website. All this despite the fact that Irwindale’s water is allegedly vastly inferior to the original artesian springs. Peacock seeks damages for violations of the Consumer Legal Remedies Act; the California Sherman Food, Drug, and Cosmetic Law; and the California Unfair Competition Law.

Source, ingredient and other product claims may arise out of images, tag lines and packaging. The question is what would be the net impression of a reasonable consumer. If material consumer confusion as to the actual facts results, the marketing could be deceptive advertising. However, this case can be distinguished from cases where packaging images and tag lines were ultimately found to create an implicit false product claim. Brands will surely be watching the progress of this case, as will we.

FTC Takes Second Swing at Alleged Telemarketing Terror

Commission says security system company VMS ignored settlement agreement

Millions and Millions

Back in 2014, the Federal Trade Commission hit VMS, a seller of home security systems and home security monitoring services, with a complaint, charging that the company made phone calls to persons registered on the National Do Not Call Registry and ignored requests by call recipients to cease further calls.

The complaint outlined a series of alleged abuses, including more than one million outbound calls to numbers that were on the registry, failure to secure consent from the consumers for the calls, and some interesting and novel schemes to add sales leads to their call lists.

One such scheme allegedly included calling consumers under the pretense of executing a home safety survey. At the end of the call, as a supposed reward for finishing the survey, the consumer was offered a chance at a free home security system. According to the Commission, VMS sales people would return the call and start to pitch.

VMS settled with the Commission in 2014, promising that it would abstain from calling registered numbers and from calling consumers who asked not to be called again. The settlement also included a $3.4 million penalty, reduced to $320,700 due to inability to pay.

Bear, Poked

But in an unusual turn of events, the Commission returned to take a second bite out of VMS with another complaint, and it’s a doozy.

The FTC claims that VMS (now renamed Alliance Security Inc.) committed misrepresentation under the FTC Act, assisted abusive or deceptive telemarketing acts, misrepresented its affiliations, and failed to identify the seller in their calls – all violations of the Telemarketing Sales Rule – and obtained credit reports on possible target consumers without a permissible purpose, a violation of the Fair Credit Reporting Act. Numerous affiliated companies were drawn into the fray as co-defendants.

At the heart of the FTC’s complaint was an alleged disregard by VMS/Alliance of the 2014 settlement agreement and consent order. “Indeed, the day after this Court entered the 2014 Order,” the complaint reads, “Alliance’s own employees placed 622 outbound telephone calls to numbers listed on the DNC Registry. On the one-year anniversary of this Court entering the 2014 Order, Alliance’s own employees placed 1,729 outbound telephone calls to numbers listed on the DNC Registry.”

The Takeaway

The calls that triggered the second complaint were, according to the Commission, so incessant that some customers were agreeing to have a home security system installed – simply to have the opportunity to speak face-to-face with the installers and ask them to tell the company to desist.

The FTC also claims that VMS/Alliance was misrepresenting itself during some of those calls as ADT, a well-known security system company. And in a bizarre twist on one of the complaints – that Alliance was unnecessarily requesting credit reports on a number of consumers – the Commission accused VMS/Alliance of attempting to request the credit reports of government luminaries, including Barack Obama, Joe Biden, Bill Clinton and Donald Trump.

The new co-defendants – telemarketing companies and their principles who the FTC claims aided VMS/Alliance in a number of schemes too baroque to describe here – settled with the Commission on March 22, 2018. As of one week later, litigation against VMS/Alliance and its owner and officer, Jasjit Gotra, is ongoing in Massachusetts District Court, where both the old and the new complaints were filed.

California DAs Brew Up Cup of Claims

Say Costco and JBR touted prohibited “green” marketing claims

Who Knew?

Clearly biodegradability is a major goal of the packaging industry – the market for bio-plastic was $19 billion in 2016, and experts expect that figure to be multiplied three times over by 2022. Consumers like buying products that claim to minimize their impact on the environment.

However, the current trash disposal solutions embraced by municipalities across the country – landfills – are unable to take advantage of the natural breakdown of specially engineered plastic containers. Any piece of trash is quickly buried in a landfill, and biodegradable materials need sunlight and oxygen to successfully break down. Buried underneath tons of refuse, the bio-plastic is simply compressed into another layer of the growing landfill.

Acknowledging this, California passed legislation (CA Public Resources Code 42355-42358.5) requiring clear scientific evidence for environmental claims, noting biodegradation is a complex process dependent on physical and chemical structure, environmental conditions, and time, and banning the use of words like, “degradable,” “biodegradable,” “decomposable,” or other like terms on or related to plastic products unless the claim includes a thorough disclaimer providing necessary qualifying details, including, but not limited to, the environments and time frames in which the claimed action will take place.

Da Flood

Claims of biodegradability were central to a suit recently brought by 25 California county district attorneys against retail giant Costco and coffee company JBR, manufacturer of plastic coffee pods and other coffee products. 

Led by Alameda County District Attorney Nancy O’Malley, the case was filed in response to JBR’s sale, through Costco, of these products and related wrapping material, which were labeled “97% biodegradable” and “biodegradable,” according to O’Malley’s office. Similar claims about composting were also made, according to O’Malley, and were addressed in the same complaint.

The Takeaway

Costco and JBR settled the dispute quickly, agreeing not to sell products labeled “biodegradable.” The companies also accepted a similar bar for the use of the word “compostable” without a scientific certification to support the claim.

In addition to these promises, the companies will pay a joint $500,000 fee covering penalties and costs.

Green claims are an area of particular regulatory scrutiny and class action litigation by consumers and environmental activists. A good starting point for guidance is the FTC’s Green Guides. However, beware of specific state laws, as well as state unfair and deceptive practice acts.

Digital Influencers Pose Difficult Questions for Flesh-and-Blood Regulators

In a world where virtual celebrities make endorsements, how is advertising governed?

F for Fake

Is an Instagram post an ad? That’s the question posed by Truth In Advertising Inc. in its “Ad or Not?” series. The blog explores the application of Federal Trade Commission rules to real-life celebrity and influencer endorsements. It presents a recent Instagram or blog post and asks, “Is this merely innocent fun, or, in reality, an undisclosed ad?” Many times, it is difficult to determine whether an influencer’s post is a consumer or celebrity’s objective thoughts on a brand or product or a promotion that the advertiser has secured through payment or other consideration.

Therefore, the FTC updated guidelines requiring social media endorsers that receive anything of value from the brand, even samples and sweepstakes entries, to disclose their relationship to brands they talk about. The FTC staff has provided FAQs explaining how to comply with the guidelines, and we have explained how to apply these guidelines in a blog post here.

Metropolis

For obvious reasons, celebrity influencers toy with the knife’s-edge border between their spontaneous, “real life” preferences and product advocacy. The Commission’s rules exist to help consumers understand which side of the border they’re on when they interact with the influencer.

But even “candid” pictures of Instagram models are carefully constructed artificialities; every choice – from wardrobe to makeup to the technical qualities of the photo itself – is deliberate. Artificiality is the point. Humans are great at faking it.

Mirrored Hall

Which brings us to the burgeoning world of digital influencers: computer generated personas that are used to tout brands as much as “real” celebrities do. They have their own social media accounts and rabid fans. Shudu, “the world’s first digital supermodel,” has 80,000 followers. Despite an open declaration of her unreality, some of these followers have established a bond with her, sharing personal stories and anecdotes with her creator.

Digital influencers engage in social advocacy, launch fashion brands and make big splashes in the press. They’re chillingly effective, and why not? Flesh-and-blood human beings also undergo astounding transformations and reinventions with the aid of digital technology, all in the name of setting a trend or starting a craze.

As Shudu’s creator Cameron-James Wilson noted in a recent interview: “I think that real people are digital influencers at this point, with the amount of Facetune and manipulation that is going on. People are starting to question what reality even is, and ask ‘What is the point of reality, if a digital influencer can put out interesting content?’” says Wilson.

The Takeaway

Truth, beauty, reality. After all these airy abstractions, the words “Federal Trade Commission” yank us back down to earth. But that’s the FTC’s job: When reality is blurred by a “fake” image, or a celebrity misrepresents a paid advertisement as personal enthusiasm, the Commission is there to protect the unsuspecting consumer.

So, what does the Commission have to say about digital influencers?

Back in September 2017 we reported on the FTC’s recent FAQ on endorsement rules, which helped advertisers understand the Commission’s stance on the relationship between a company and a person who endorses its products. But are these guidelines up in the air if that person isn’t a person at all? Of course not! The Endorsement and Testimonial Guidelines are merely an application of the FTC’s 1983 Policy Statement on Deception, explaining what constitutes deception under Section 5 of the FTC Act, to social media endorsement. The 1980s’ version of the Guidelines were updated to address social media in 2009. In 2015, the FTC issued a further policy statement applying the same principles to native advertising. But don’t wait for the FTC to issue guidance on artificial influencers – the same principles apply: If an advertising message is not clearly an ad, or a speaker (real or fictional) of a promotion is not clearly materially connected to the advertiser, then that must be clearly and conspicuously disclosed in an effective way so the consumer can weigh the objectivity and veracity of the message. So sorry, Shudu, the same rules that apply to the Kardashians apply to you, or rather your publishers! Potentially even more so.

NAD & CARU West Coast Conferences

At the NAD & CARU West Coast conferences on May 1-2 in San Francisco, BakerHostetler partner Alan Friel will moderate a session titled “The State of COPPA.” Alan will engage Jonathan Adler, an Assistant Attorney General in the Bureau of Internet and Technology at the New York State Attorney General’s Office, and Stacey Schesser, Supervising Deputy Attorney General at the California Department of Justice, in a lively discussion around trends and practices relating to the online collection of personal information from children. Enacted twenty years ago, the Children’s Online Privacy Protection Act established an important regulatory framework for commercial practices on children's websites, a set of “rules of the road,” in effect, to guide the development of the children's digital marketplace. For more information, click here.