Now What? Plaintiffs Attack Popular Disclaimers in Online Terms of Use

In Short:

An old New Jersey law – the Truth-in-Consumer Contract, Warranty and Notice Act or TTCWNA – is now being used to challenge website Terms of Use in a flurry of recently filed cases. These cases have not yet produced any guidance from the courts and the nebulous nature of the law complicates compliance. However, while we wait for more guidance from the courts, any business that operates a website and offers consumers goods or services should take the opportunity to review its Terms of Use and other consumer-facing contracts and attempt to address any potential vulnerabilities implicated by this wave of lawsuits.

In Full:

If you operate a website, mobile app, or other online service that operates under a Terms of Use of similar user agreement, you should be aware of a recent group of purported class-action suits filed. The suits all make claims under New Jersey’s (perplexingly hyphenated) “Truth-in-Consumer Contract, Warranty and Notice Act,” N.J. Stat. § 56:12-14 et seq. (“TCCWNA”). The TCCWNA is a long-standing law (originally enacted in 1981), but was not heavily litigated until fairly recently. After gaining steam over the past few years, however, it has been the basis for a torrent of complaints filed in recent months that give the TCCWNA a new application: using it to challenge the various defendants’ website Terms of Use.

Continue Reading

GDPR: Getting Ready for the New EU General Data Protection Regulation

Four years in the making, the European Union’s General Data Protection Regulation (GDPR) obtained its final legislative approval on April 14, and the final text was published in the Official Journal yesterday.  It will be enforced after a two-year transition, beginning on May 25, 2018, replacing the national laws and regulations based on the venerable 1995 EU Data Protection Directive and reaching companies that target EU consumers from outside the EU.

While the GDPR largely retains the principles and terminology of the 1995 Directive, it also adds some new principles with uncertain consequences, such as a stricter concept of consent, a requirement for data portability, and a “right to be forgotten.” At the same time, if offers hope for a greater level of uniformity across Europe, which multinational enterprises may welcome, as well as relief from registration burdens that have persisted in many countries (although this is offset by a new obligation to notify security breaches).

Continue Reading

First Circuit Ruling May Extend Reach of VPPA

On April 29, 2016, the First Circuit Court of Appeals addressed the question of what data constitutes “personally identifiable information” and who is a “subscriber” under the Video Privacy Protection Act (VPPA) in Yershov v. Gannet Satellite Information Network, Inc. The plaintiff claimed that Gannett shared information identifying him and the video clips that he watched through the app with Adobe, which provided analytics services for the mobile app. As described in greater detail below, the court decided that

  • downloading and using the USA Today mobile app (without monetary payment) could make a person a subscriber and
  • sharing device identifier and precise geolocation data (along with a description of the video clips viewed) may be a disclosure of personally identifiable information.

Businesses that publish mobile apps (or websites) that show video materials and the third party service providers that may receive information about the content and those who view the content (particularly precise geolocation data) should carefully follow the case when it returns to the trial court.

Continue Reading

Math Question As Age-Gate and Invite-A-Friend Under Fire

The Children’s Advertising Review Unit of the Council of Better Business Bureaus (“CARU”) routinely monitors web sites and mobile apps for compliance with its Guidelines and the Children’s Online Privacy Protection Act (“COPPA”).  Through that routine monitoring, CARU recently discovered the information practices of the 1st through 7th grade mobile applications called Friendzy (e.g., 1st Grade Friendzy). Kids can play the games available in the apps without registering, but the games offer a registration feature to track the time spent on the app and see points earned.  In-app purchases are also available.  Registration required full name, username, password, email address, country, city, zip code and grade of the student.  Here is what happened during registration:

  • If you clicked to register, a pop-up box presented the following statements: “Ask your parents.  Parental permission is required to continue.”
  • The registration page included tabs at the top labeled STUDENT, PARENT AND TEACHER.  PARENT was set as the default tab.
  • Then, a pretty basic math question with six possible answers was presented.
  • Incorrect answers resulted in a new question and you could keep going through questions until you got it right on the first try.
  • After registration, you could invite friends via email (the native email app on the device) or via text (the native text app on the device).

Continue Reading

FTC Enters Proposed Consent Order Against Lord & Taylor for Native Advertising Campaign

The Federal Trade Commission (“FTC”) has wasted no time in bringing an action against an advertiser for allegedly deceptive native advertising. The FTC released its Enforcement Policy on Deceptively Formatted Advertisements (“Native Advertising Guidelines”) in late December 2015 (which we blogged about here) and last week the FTC concluded an enforcement action against Lord & Taylor, LLC (“Lord & Taylor”) for its native advertising campaign.

Continue Reading

The Issue of Harm in Lawsuits on Retail Price-Comparison Advertising: Massachusetts Cases to Note

While the swell of class-action lawsuits based on retail price-advertising practices continues to build daily (particularly in California), retailers should note an interesting development from last week in a case out of Massachusetts. In that case, Mulder v. Kohl’s Department Stores, Inc. [FN 1], the plaintiff alleged a number of claims that centered around Kohl’s practice of advertising comparison prices on its merchandise, including allegations that Kohl’s failure to abide Massachusetts’ regulations on price comparisons[FN2] constituted an unfair or deceptive trade practice pursuant to Mass. Gen. Law Ch. 93A.

Last week, Kohl’s was granted its motion to dismiss all claims. The dismissal of the deceptive-practices claim followed from a conclusion by the court that – while plaintiff had sufficiently plead that the “misrepresentation” and “causation” elements of her claim – she had failed to allege sufficient injury.

Continue Reading

The New “EU-US Privacy Shield”

Since the European Court of Justice invalidated the fifteen-year-old EU-US “Safe Harbor Privacy Framework” last October, thousands of US companies have been awaiting the results of negotiations between the US government and the European Commission to produce “Safe Harbor 2.0,” a set of protocols to permit the continued flow of personal data between Europe and the US in contexts as varied as ecommerce, social media posts, and the internal management of global corporate groups.  Today, the sleep-deprived negotiators announced a framework agreement for an “EU-US Privacy Shield,” two days after an informal deadline for reaching agreement.

Continue Reading

Businesses Take Heed: FTC’s Recent Report, Conference Signal Big Data’s the Big Deal in 2016

FTC Kicks Off New Year with New Report on Growing Use of Big Data Analytics Across All Industries

Without so much as a week of 2016 having lapsed, the Federal Trade Commission (“FTC” or “Commission”) released a new report with recommendations to businesses on the growing use of big data. The report, “Big Data: A Tool for Inclusion or Exclusion?  Understanding the Issues” (“Report”), is based primarily on the FTC’s synthesis of the numerous discussions and written public comments submitted in connection with FTC’s September 2014 public workshop exploring the use of big data and its impact on American consumers, as well as a prior FTC seminar on alternative scoring products.  The primary purpose of the Report is to ensure that businesses’ use of big data analytics, while producing many benefits for consumers, avoids outcomes that may be exclusionary or discriminatory, in particular with respect to low-income and underserved populations.

Continue Reading

FTC Releases Policy Statement and Business Guides on Native Advertising

Just before 2015 came to an end, the Federal Trade Commission (“FTC”) released its much anticipated Enforcement Policy Statement on Deceptively Formatted Advertisements (“Policy Statement”) along with informal, practical guidance for businesses titled “Native Advertising: A Guide for Businesses” (“Business Guides”). The FTC first began considering native advertising in a December 2013 workshop. Native advertising is digital media content that blurs the line between advertising and editorial by inserting paid content into the regular stream of media.[i] Unsurprisingly, the FTC concluded at the workshop that misrepresenting the source of content or failing to disclose that it is commercial in nature likely amounts to a violation of Section 5 of the FTC Act, but the FTC did not further elaborate. The Policy Statement reiterates this general concept and goes on to clarify the FTC’s position on native advertising by tying it to long standing FTC principles across varying spheres (from door-to-door sales to telemarketing to CAN SPAM and from infomercials to advertorials in traditional print media). The Business Guides expand on the Policy Statement and provide detailed guidance (including 17 examples) on when and how to prevent consumer deception in the digital advertising space. Generally, the position taken by the FTC is not particularly shocking as it is consistent with the established truth-in-advertising standard that the commercial nature of content must be readily apparent or accompanied by a clear and conspicuous disclosure.[ii] The specificity of the requirements set forth in the Business Guides, however, may pose significant creative and technical hurdles for advertisers. Industry groups, like IAB, have already expressed concern. Thorough discussions of the Policy Statement and the Business Guides, as well as key takeaways, follow.

Continue Reading

Privacy and Ed-tech in 2016

There was a lot of legislative movement for the educational technology (ed-tech) industry in 2015 with states placing additional privacy regulations on the industry, and the effects of those new acts should be felt this year. The states that passed this type of legislation in 2015 were following California’s lead. California’s governor signed the Student Online Personal Information Protection Act (SOPIPA) (2014 Cal SB 1177) back in 2014. Even though these states enacted legislation after SOPIPA, at least one of these acts came into effect before SOPIPA became operative (which was January 1, 2016). Continue Reading