FTC Leaves Little Doubt that Influencers are Squarely Within Its Sights

Last week was a busy one for the Federal Trade Commission.   On Thursday, the FTC gave notice that it is still very much focused on influencers and whether they are properly disclosing any material connections that they may have to a product or brand. As InfoLawGroup’s Benjamin Stein noted, the FTC issued revised FAQ’s to its Endorsement Guidelines which provide additional information and context on how and when influencer disclosures need to be made. In addition to the updated FAQ’s, the FTC also announced two other important items related to influencers.

First, the Commission noted its first law enforcement action against individual influencers for failure to disclose their connections to a product or service. Additionally, the Commission announced that it has sent follow up letters to a number of the social media influencers who it had sent initial letters to previously in its Instagram sweep earlier this year.

In its first ever influencer complaint, the FTC pursued Trevor Martin and Thomas Cassell for allegedly deceptively endorsing the online gambling site CSGOLotto.com (“CSGO”) without disclosing that they owned the company.

According to the FTC, both Martin and Cassell posted a number of videos about the site which touted how cool the site was and how easy it was to win and make money on it, without disclosing the fact the fact they owned the company. Some of their videos received more than 5 million views.

The complaint also indicted that Martin and Cassell allegedly ran their own influencer program for the site and paid gamers to post on social media about their experiences with the site. According to the FTC, the contracts with those influencers specified that they could not make statements that would reflect negatively on CSGO.

Martin and Cassell agreed to settle the matter with the FTC. The proposed settlement requires Cassell, Martin, and CSGO to make disclosures clearly and conspicuously in the future.

In the other influencer news item of the week, the FTC announced that it had sent follow up warning letters to 21 of the influencers that it had sent letters to earlier this year, asking the recipients to confirm whether they do in fact have material connections to the brands or products the identified social media posts, and if they do, to spell out the specific steps they will be taking to clearly disclose their material connections to those brands and products.   A sample of the new warning letter can be found here.

You may recall that earlier this year, the FTC announced that it had sent out what it termed as “educational letters” to approximately 90 Instagram influencers and brands, reminding them of their obligations to clearly and conspicuously disclose any material connections to any products or brands that they are posting about and providing them with examples of disclosures that the FTC did not feel were accurate.

The original round of letters canvassed a wide variety of influencers, from very well-known celebrities like Jennifer Lopez and Sean Combs to a number of “niche” personalities and reality tv stars. The list also included certain international influencers based outside of the U.S. The brands featured in the initial round of letters were diverse as well, with national retailers, quick service restaurants, specialty apparel, footwear, food and consumables and a number of health and beauty products all being included.

The initial letters provided a number of specific examples of disclosures which the FTC felt were not sufficient. The commission noted that disclosures like #sp”, #thanks” or “#partner” were inadequate and even noted that “#ad” is likely to be insufficient if it is intermixed with a number of other hashtags or if it is buried at the bottom of a long post. The newly revised Endorsement Guide FAQ’s outline many of the same disclosure examples that were outlined in the letters. If you are curious on the full list of brands and influencers who received the initial educational letters, copies can be found here.

While we do not yet know the identities of the 21 influencers who received the letters, it will be interesting to see what happens next and how (or if) the influencers respond. In any event, it is clear that the FTC is sending a clear message that influencers are an enforcement priority right now so if you are an influencer or if you do any work with influencers (someone having “Influence Over Influencers” as the FTC would phrase it) make sure that clear and conspicuous disclosure of material connections is at the forefront of your planning. Now would also be a good time to check your forms of agreement that you use when hiring an influencer to make sure that don’t have statements that prohibit the influencer from providing their honest opinions about the product or brands. We would be happy to assist you with that review or help answer any other questions you may have.

Still don’t believe the FTC is serious about influencers? Maybe this video message from acting FTC Chairman Maureen Ohlhausen about the importance of the FTC’s influencer actions will convince you.


FTC Revises Endorsement Guide FAQs

This week, the FTC released an update to its FAQs on complying with its Guides Concerning the Use of Endorsements and Testimonials in Advertising  (“Endorsement Guides”). The FAQs offer informal guidance from the FTC and were last updated in May 2015. (For highlights from the last round of changes, please see our previous post.) The newest changes are less expansive than the 2015 update and are, in part, an unremarkable given the FTC’s established guidance on this topic. However, the update does include some helpful clarifications and reminders for endorsers and advertisers, including:

Built-In Disclosures are Not (Necessarily) Enough. One particularly notable addition to the FAQ is on disclosure functionality built into certain platforms. The new FAQ applies to all social-media platforms; it indicates generally that built-in disclosures are not necessarily enough and, like any disclosure, require evaluation of how clear, conspicuous, and complete the disclosure is.

However, in its explanation, the FTC specifically (though anonymously) references disclosure functionality made available by YouTube and Instagram and suggests that those features are likely not alone sufficient to fulfill an endorsor’s disclosure obligations. Per the FTC:

A key consideration [in determining whether a disclosure is effective] is how users view the screen when using a particular platform. For example, on a photo platform, users paging through their streams will likely look at the eye-catching images. Therefore, a disclosure placed above a photo may not attract their attention. Similarly, a disclosure in the lower corner of a video could be too easy for users to overlook. Continue Reading

Join ILG for a “Cocktails and Learn” event in Chicago on September 27


Join InfoLawGroup LLP for an evening discussion

on September 27, 2017 from 5:30-7:30 PM

“Speed of Feed/Speed of People: Business and Legal Issues Surrounding

How Users Consume Content and Ads in Social Media”

Hear from InfoLawGroup attorneys and

Tyler Hattery, Creative Strategist at Facebook

Beverages and light-fare food will be served.

Hyatt Place Chicago/Downtown-The Loop in the Madison/Franklin room

28 N. Franklin Avenue, Chicago, IL, 60606, USA

Please RSVP to rsvp@infolawgroup.com by September 20, 2017



Mindy Abern Joins InfoLawGroup LLP as Counsel

InfoLawGroup is pleased to welcome Mindy Abern as Counsel to our growing team.  Mindy is a digital media lawyer with significant experience working with clients both as outside counsel and in-house at Sears Holdings Corporation, where she served as marketing counsel.  Mindy works with clients on all aspects of marketing and advertising campaigns, including regulatory compliance and the intersection with privacy issues.   Please join us in welcoming Mindy to the team!

Do You Really Need to Store That IoT Data?

Not only are companies collecting a massive amount of data generated by the Internet of Things (IoT), they are storing it too. According to a survey of 1,000 enterprises conducted by 451 Research, 71 percent of enterprises are gathering IoT data and nearly half of the data generated are being stored. What the survey doesn’t reveal is if companies are considering the legal implications of storing IoT data and preparing to deal with demands for that data from outside entities.

Some contend that the IoT is on the brink of changing life as we know it. According to Gartner, 20.8 billion objects will be connected to the internet by 2020. On their own, droves of these data-generating things will churn out an inconceivable amount of intriguing data about our patterns of behaviors. And, when they begin talking to each other, the IoT will be as prevalent as oxygen.

With the IoT’s capability to fade into the background of our lives and quietly play witness to our worlds, the data it generates will pique the interest of a parade of public and private third parties that we can only begin to imagine, but that’s exactly what general counsel need to do. Sit down with business executives who are spearheading IoT projects and talk about the near-future risks associated with storing IoT data, prepare to respond with requests for IoT data and think about the impact to consumers.

When product development and marketing executives are working on an IoT initiative, top of mind are returns on investment, storage options and product development lifecycles. The last thing they are thinking about are criminal investigations, subpoenas and expectations of privacy rights. But, in-house counsel need to engage business executives about the nature of the data—whether it needs to be stored and for how long—before the data is collected, not after when it’s much more difficult to walk back.

Without legal counsel, business executives are more likely to store IoT they might not necessarily need, laboring under the notion that they may decide to use it down the road. Business executives need to understand not just the costs but the risks associated with storing IoT data as well as consider risk mitigation options such as building in automatic data deletion when data is no longer needed.

With its ability to tell stories about who we are, what we are doing and why, IoT data will reveal information that public and private parties are willing to fight for in court and pay big money to gain access to. Most of us have heard about police requesting access to Amazon’s personal digital assistant to help solve a murder case. In a different case, police are attempting to use Fitbit data to prove a husband was involved in his wife’s death.

When data requests arise, will you institute a do-no-evil policy such as Alphabet Inc.’s Google, which vows to only turn over data if a proper search warrant is issued? Will you fight any court requests tooth and nail and make a public show of it to strengthen your privacy-protecting brand? Or, will you cooperate with any police requests? Or will you cooperate only with a court order? And how will you disclose all of this to consumers?

Similar to a breach response plan, in-house counsel should be prepared to react to any third-party request for data—be it law enforcement, government regulator or third-party litigant—in accordance with a corporate position and plan. And the plan should take into account the potential legal and public relations issues, given that these types of unanticipated issues can provoke an emotional response from the public.

The IoT is booming, devices are proliferating and IoT-generated data is already beginning to attract the attention of police. And, it’s only a matter of time before more parties come knocking on your digital door with data requests. In-house counsel need to be involved with IoT initiatives from the start, regardless of the form they take. Early intervention will minimize the risk of unnecessary collection and storage of IoT data, as well as give GCs the opportunity to promulgate policies for how the company will deal with IoT data demands.


Reprinted with permission from the August 7, 2017, edition of Corporate Counsel. ©2017 ALM Media Properties, LLC.

All rights reserved. Further duplication without permission is prohibited.


A Reasonable Security Blanket

Fear the data breach.  Companies large and small worry that a security lapse compromising personal information may hurt their customers or employees and expose the organization to costly liability and a damaged reputation.  But recent developments suggest that comfort may still be found in keeping privacy promises and keeping up with “reasonable security” best practices.

This week’s $11.2 million settlement of the Ashley Madison class action is a reminder that companies handling potentially sensitive personal information can pay a heavy price for lax security.  Of course, in that case there were allegations of “deceptive” as well as “unfair” practices under FTC Act section 5(a), since the company, for example, charged a fee for deleting data from closed accounts and then failed to do so.  See the Bloomberg Law article (in which I’m quoted).  But this follows last month’s $115 million proposed settlement of consolidated class actions against Anthem, Inc. after the first of a wave of cyberattacks against large health insurance companies in 2015 and 2016.  In such cases, liability generally comes down to a simple question of keeping up with reasonable security measures, not a failure to keep specific privacy promises.  These cases demonstrate that this effort is a real challenge even for large organizations with substantial in-house IT resources.

The Federal Trade Commission has handled more than 60 complaints and consent orders concerning data breaches exposing sensitive personal data.  Its “Start with Security” guide offers ten practical principles for businesses handling personal information.  Today, the FTC announced that it will publish a weekly blog post on Fridays over the next few months called “Stick with Security” to offer insights drawn from the FTC’s experience with data breach investigations.  The first post explains how the FTC chooses to take enforcement action in the case of some publicized breach incidents and not others.

Good summer reading for a few minutes on Fridays.  Beach blanket optional.

Are You Keeping Up with COPPA? The FTC Just Updated Its Compliance Plan for Businesses

On June 21, 2017, the FTC released its updated its 6 step COPPA Compliance Plan for Businesses (“Compliance Plan”).   The changes to the Compliance Plan are intended to help businesses keep up with changes to technology and evolving business models in connection with the Children’s Online Privacy Protection Act (“COPPA”). The FTC states in its blog post  announcing the updated Compliance Plan that the changes fall into 3 categories:

New business models/technologies: COPPA applies to websites and other “online services.” The FTC is making clear, if there was any doubt, that voice activated devices that collect information are “online services” subject to COPPA.

New products: The FTC has specifically highlighted connected toys and other IoT devices as being subject to COPPA.

New Methods for Obtaining Parental Consent: The FTC has added two recently approved methods for obtaining parental consent to its list: (1) having parents answer a series of knowledge-based questions that only a parent should be able to answer; and (2) using facial recognition technology and photographs submitted by the parent.

Key Takeaways: The FTC has not updated its rules but has clarified its position. Companies should be continuously aware of how the use of new technologies and the launch of new products could implicate COPPA — and in an IoT world many products that previously would not have been an “online service” now likely are.

Partner Heather Nolan To Be Interviewed This Wednesday, June 21, 2017 on Privacy Issues In Marketing and Broadcasting

On Wednesday, June 21, 2017, InfoLawGroup partner, Heather Nolan, will be interviewed on the Privacy Piracy radio program out of the University of California by its host Mari Frank.  Heather will be discussing privacy issues in marketing and broadcasting.  The show is scheduled to take place at 3:30pm Central Time, and will be available for listening on the show’s website after the live stream.


InfoLawGroup Thanks Clients, Attorneys and Staff for 2017 Chambers Recognition

Chambers and Partners has again recognized InfoLawGroup in its new 2017 guide.  Along with being ranked for  Media & Entertainment: Transactional in the USA guide, two of our attorneys, Justine Gottshall (privacy) and Jamie Rubin (media & entertainment) were again recognized as leaders in their field.

We are delighted to receive public acknowledgment from Chambers and to be recognized along with other great firms.  We are grateful to our clients for recommending us, and thank all of our attorneys and staff whose hard work continues to make InfoLawGroup a success.