It’s a new year, and the FTC’s sporting a new chief technology officer. Ashkan Soltani is his name, and online privacy programming is his game. A bona fide tech-head, over the past 15 years Soltani has worked on several high-profile, large-scale, Internet-related projects.
- In 2012, Soltani consulted on the FTC’s mobile forensics lab.
- He served as lead researcher for the Wall Street Journal’s ground-breaking “What Do They Know” series.
- Soltani helped develop and sell “Mobilescope,” a privacy app intended to improve “transparency” in the smartphone marketplace.
- As a grad student, Ashkan Soltani helped bring the issue of “Flash Cookie Respawning” to the fore.
Soltani’s Goals: “More Geeks and Better Tools”
A direct report to Chairwoman Edith Ramirez, Soltani says he plans “to work on expanding the agency’s tech capacity, or in other words, bringing on more geeks and better tools.”
When introducing himself to the press and public, the FTC’s new CTO also verbally felled an oft-argued criticism regarding the commission’s technological prowess, commenting:
“They’ve always addressed new markets even from the history of regulating emissions and cigarettes. While the agency may have enhanced those capabilities recently, it’s mistaken to say the FTC is just getting into tech.”
So, what issues does Soltani want to tackle during his tenure at the Federal Trade Commission? In his words:
“Algorithmic transparency. The idea is for the FTC to have better insight into how companies such as e-commerce, travel and financial services firms feed web behavior, location, demographic and other data into algorithms that determine variable prices.”
He also wants to explore issues related to “big data personalization” and:
“Create tools that would let a researcher or anyone identify how different people might see a website or service.”
In interviews, Soltani has made it clear that he’s not “setting policy.” Instead, he wants to help “the Commission…understand the way that privacy issues come into play as technology moves forward.”
Is Ashkan Soltani good for the FTC or bad?
Par for any political appointee, a schtikle of controversy surrounds Soltani’s employment. Skeptics consider his past projects and worry he may be a radical online privacy wolf in a politically neutral sheep’s clothing. But Soltani promised:
“My role at the FTC is not to set policy — the Chairwoman and the bipartisan members of the Commission do that — but I do play a role in helping I think a person with a strong track record of researching and investigating consumer privacy issues is, frankly, exactly who would be most effective in this role.”
The Weight Loss Marketing Video Game
The FTC Made a YouTube Video Game about weight loss marketing. I can’t decide if it’s corny or inventive. Regardless, if you’re in the weight loss marketing game, it’s worth a watch.
Do Not Call Registry Access Fee Hike
Telemarketers: starting on October 1, it will cost you $60, not $59, per area code, to get a list of registry numbers. Your first five area codes are still free.
Remember, all telemarketers are required to “respect” the Do Not Call Registry. If you’re caught not doing so, you will be fined – big time.
Unsubstantiated Marketing Claims Lead To FTC Censure
Dr. Robert Titzer promised that his revolutionary system had nine-month-old babies reading. Parents looking to wax poetic about their infant’s verbal skills (on Facebook, of course) bought the product, “Your Baby Can Read,” in droves. $185 million worth.
But now the FTC is forcing him to hand over $300,000 of it for using unsubstantiated marketing claims. Oh, and Titzer is no longer allowed to use the name “Your Baby Can Read,” nor make false advertising claims about “reading products.”
When asked about the case, Jessica Rich, Director of the FTC Bureau of Consumer Protection said, “Marketers and expert endorsers must have adequate substantiation for the claims they make, and the FTC will continue to pursue those who fail to abide by this basic rule.”
A little less than .2% of the profits — and a promise never to do it again — probably won’t deter other marketers from pushing the substantiation envelope. But hey, at least they’re making an effort?
(You absolutely shouldn’t, but if you’re determined to pull a Titzer, if you don’t want to end up in jail or homeless, check with a lawyer to make sure you’re not going too far over the line. Because the Federal Trade Commission CAN be nasty when they want to be.)
Unsubstantiated Scientific Claim Leads To FTC Censure
The Federal Trade Commission slapped i-Health, Inc., the makers of “BrainStrong Adult” — a dietary supplement that supposedly mitigates cognitive deterioration — with a false advertising censure. Marketing materials assured consumers that the BrainStrong team had “employed three types of laboratory tasks to test different, but interrelated, aspects of episodic memory.” But in reality, the laboratory tests touted in i-Health’s sales brochures and websites were not as comprehensive as they lead people to believe.
Interestingly (and perhaps comically), i-Health doesn’t have to hand over any dough to the FTC, but the company is forbidden from “making future unsubstantiated health claims about any of their products through August 21, 2034.” (No, you are not reading that wrong. The FTC’s punishment is a lashing to “follow the law!” — until 2034? At which point the company can go back and start making unsubstantiated marketing claims again? Oy. That’s the FTC for you.)
FTC Marketing Law Tid Bits
The FTC’s radar is on “Boss Scam” marketing schemes. If you’re doing it, the FTC may very well be monitoring you, waiting for the perfect time to pounce. http://www.bizjournals.com/triangle/blog/techflash/2014/08/ftc-warns-of-a-bossy-business-scam.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+industry_7+%28Industry+Technology%29
A new COPPA parental consent company has applied for the COPPA safe harbor program, AgeCheq, Inc. The Commission is requesting comments. http://www.jdsupra.com/legalnews/ftc-seeks-public-comment-on-agecheq-inc-46886/
The FTC held a robocalls scam defense competition. And the winners are… – http://arstechnica.com/tech-policy/2014/08/ftc-picks-winners-in-latest-robocall-defeating-contest-scammers-keep-scamming/
COS Players teamed up with The Electronic Frontier Foundation for an online privacy campaign – https://www.eff.org/press/releases/cosplayers-fight-online-anonymity-and-privacy-during-dragon-con
Remember the big “Do Not Track” push for online privacy? Yeah, you’re not the only one who has forgot. – http://nakedsecurity.sophos.com/2014/08/26/do-not-track-the-privacy-standard-thats-melting-away/
Promoting your business means bragging about your business, right? Absolutely. But, there’s a fine line between putting your best foot forward and misrepresenting the facts. We’ll cover the difference between false advertising and what the Federal Trade Commission (FTC) calls “puffery.”
What is Puffery?
So, what is puffery? Claims that can’t be universally proven.
Example: “We offer the best burgers in the world!”
The Federal Trade Commission does not censure businesses for making ambiguous statements like these because they’re obvious exaggerations.
In general, puffery is a subjective claim about a product or service designed to promote it in a more positive light. Basically, the FTC doesn’t punish businesses for making general, positive statements about their products and services.
FTC Puffery vs. False Advertising
It’s one thing to say that you offer the “best, finest, or greatest” in your business, but it’s another thing to make blatantly misleading claims. So, what is the line between puffery and outright deception? Typically, statements which are general, broad and depend on a person’s preference fall under the definition of puffery.
However, specific, physically verifiable statements qualify as fraud. For instance, suppose a startup claims to have raised $2 million, and you were persuaded to buy in because of the assurance. If it turned out that it didn’t have $2 million in the coffers, the FTC would be banging on the company’s door.
What is the Effect of Puffery?
The effect of FTC puffery depends on how the consumer thinks they know about a product or service. In a study published in the Journal of Consumer Research, Robert S. Wyer, Jr. and Alison Jing Xu studied consumers’ reactions to advertising claims. They discovered that ambiguous statements were interpreted in two different ways:
- People who thought they knew less than others about a product viewed puffery as useful information designed for folks knowledgeable on the subject.
- People who have a higher perceived level of knowledge see puffery as useless filler.
The study also showed claims are perceived differently based on the context and type of product.
Get In Touch With A Marketing Lawyer About Your Puffery Questions
It’s acceptable to flatter yourself, but it’s not okay to lie. If you’re ever in doubt, it’s best to have your materials reviewed by a marketing attorney who understands the nuances of FTC puffery issues.
The FTC has been busy this summer! In addition to releasing a few online marketing and privacy reports, the nation’s consumer watchdog also issued several updates to the current mac-daddy of U.S. online privacy laws – the Children’s Online Privacy Protection Act (COPPA). The changes are mostly cosmetic and language-oriented – out with “legalese,” in with “plain English” type of adjustments.
Nevertheless, there are a few items worth reviewing.
Bolstered Liability Language Regarding Site & App Functionality
Requested, Promoted and Encouraged
The previous version of the Children’s Online Privacy Protection Act said the law applied to website operators and app developers who “requested” identifiable information from minors. In the latest version, “requested” has been expanded to “requested, promoted or encouraged.”
Everything Digital Falls Under COPPA Now
The last COPPA version specifically mentioned chat rooms and message boards as Internet-based platforms on which children could share personal information. Now, specific mentions of various types of online websites has been replaced with the broader “in identifiable form.”
Other Small COPPA Language Changes
- Changed e-mail to email;
- Included “instant messaging user identifiers, VOIP identifiers and video chat identifiers as “an identification that permits direct contact”;
- Added geolocation as a “persistent” identifier;
- Added the word transfer to section that addresses the exchange of PII between parties, used to be only sharing, selling and renting.
Clarified The Value of Hyperlinks In Determining Which Websites Fall Under COPPA and Which Do Not
The new COPPA documents states:
A website or online service shall not be deemed directed to children solely because it refers or links to a commercial website or online service directed to children by using information location tools, including a directory, index, reference, pointer, or hypertext link.
In other words, just because you link to a website that may fall under COPPA regulations doesn’t mean you ARE a site that falls under COPPA regulations.
Clarified That Websites That Deleting Children’s Info Lowers Liability
One of the main confusions about the Children’s Online Privacy Protection Act is whether or not sites that don’t use, share or sell collected data have to comply with it. The new version of the rule clarifies:
“An operator shall not be considered to have collected personal information under this paragraph if it takes reasonable measures to delete all or virtually all personal information from a child’s postings before they are made public, and also to delete such information from its records.”
Passive Tracking Illegal According To COPPA
The new Children’s Online Privacy Protection Act rules document clearly states that passive tracking of a child online – without following COPPA protocol – is illegal.
Cleared Up What Constitutes Website Functionality
COPPA rules have always allowed for the inconsequential collection of children’s’ data related to website maintenance and functionality mechanisms, like updates and certain types of security backups. The latest version of the rules expounds on allowable “administrative and functionality” collection circumstances. Perhaps most notably, the word “analyze” was added to this section – thereby allowing for more flexibility in terms of traffic aggregator plugins and apps used for business marketing and SEO.
Plainly Stated What Factors The Commission Looks For When Deciding If A Website Must Comply With COPPA Regulations
Previously, the FTC’s explanation of the factors considered when determining a website’s COPPA status was a confusing. The new document is much clearer.
The FTC looks at the following factors when deciding if a site is “directed towards children”:
- Subject matter;
- Visual content;
- Use of animated characters or child-oriented activities and incentives;
- Music and other audio content;
- Age of models;
- Presence of child celebrities or celebrities who appeal to children;
- Language; and
- “Competent and reliable empirical evidence regarding audience.”
Actual Knowledge Is The New COPPA Standard
Also, the new Children’s Online Privacy Protection Act states that a website, plugin or app will be deemed “directed to children” when the operator has “actual knowledge” that it is collecting personally identifiable information.
Slight Change of Rules Concerning Credit Card Parental Consent Authorization
If it wasn’t clear before, the FTC has now made it so: it is not sufficient to just gather credit card information without charging it as an acceptable parental consent mechanism. However, credit card information coupled with other identifying information may be sufficient.
App Store Account Coverage & Liability
The latest version of the COPPA rules says that developers can “rely” on any disclosures a given app store has if said app store includes legal coverage in their deal / contract with developers. Moreover, software companies can develop multi-platform COPPA parental consent mechanisms without assuming liability. (#score)
Data Retention Clarification
The latest version of the Children’s Online Privacy Protection Act states that any personally identifiable data collected from people aged 13 and younger can only be used “for only as long as is reasonable necessary to fulfill the purpose for which the information was collected.”
Safe Harbor Programs
The original COPPA rules allowed for legislators to develop a “safe harbor parental consent” program in which designated products could earn a “COPPA safe harbor” designation and using any of them would ensure compliance with the law.
Welp, the FTC has developed the program and ratified several products and services. So, new language was added to the COPPA rules to reflect the new “safe harbor” program and outline the “self-regulator” standards.
Speak With A COPPA Lawyer
If you need to learn more about the Children’s Online Privacy Protection Act, check out the related blog posts (in the right sidebar if you’re at a computer; below if you’re on a mobile device).
If you need a COPPA lawyer to review your website for
Obamacare Spammers Agree To Settlement
Right before the Affordable Care Act launched, an email marketer launched a campaign that made it seem like people had to pick a new health care provider immediately or they’d be in violation of the law. The email included affiliate links to several insurance companies.
In the end, the email marketers settled with the FTC for $350,000 and a promise to never “misrepresent facts about any product or service, including health insurance.”
The Center for Digital Democracy Wants The FTC To Go After Big Business
The Center for Digital Democracy isn’t happy with the FTC. The non-profit believes the commission has been way too lenient when it comes to the U.S./E.U. online privacy safe harbor program. Specifically, the CDD thinks that data brokers and online marketers are “failing to keep its privacy promise to Europe.” The CDD’s main gripe:
“The commercial surveillance of EU consumers by U.S. companies, without consumer awareness or meaningful consent, contradicts the fundamental rights of EU citizens and European data protection laws, and also violates the intention of the Safe Harbor mechanism to adequately protect EU consumers’ personal information.”
Tldr; The standoff between folks interested in monetizing user data and people who are sticklers for Internet privacy, continues.
Canada & the U.S. Are Teaming Up For A Cross-Border Marketing Investigation
Both the U.S. Federal Trade Commission and the Competition Bureau of Canada have their sights set on Aegis Mobile. Apparently, the Canadian Wireless Telecommunications Association (CWTA) hired Aegis to do some analysis and marketing work.
The cross-border collaboration caught the eye of the Competition Bureau of Canada, which launched an investigation into whether or not Aegis’ and CWTA’s advertising efforts were “false and misleading.” As part of the inquiry, the Competition Bureau, evoking the SAFE WEB Act, enlisted the FTC to seek and gather information about Aegis’ work with CTWA.
Aegis tried to quash the case, arguing that Aegis was a “common carrier” not subject to the SAFE WEB Act. But, the judge disagreed and the U.S.-Canadian FTC online marketing investigation will move forward.
FTC Green Lights New COPPA Safe Harbor Program
The Federal Trade Commission approved another “self-regulatory safe harbor oversight” alternative — the Internet Keep Safe Coalition (iKeepSafe).
Remember, if you have an app or a website that collects information from minors, then you must adhere to the Children’s Online Privacy Protection Act.
Including a line in your terms and conditions that kids under the age of 13 can’t use your website won’t ward off an FTC censure.
Big Data Assured That Congress Will Not Pass A Marketing Online Privacy Law Anytime Soon
This week, a bunch of data bigwigs gathered in Aspen and talked about, amongst other things, Congress’ current temperature regarding a universal online privacy law. Attendee and Experian’s senior vice president for government affairs, Tony Hadley, gave a speech in which he said that only a handful of congresspeople truly wants to regulate online marketing data.
In other words, things will remain the same for the foreseeable future.
Other FTC Internet-Related Tid Bytes
- The Federal Trade Commission announced a new workshop entitled “Big Data: A Tool for Inclusion or Exclusion?” The discussion will focus on digital data collection and its impact on “low income and under-served consumers.” http://www.ftc.gov/news-events/events-calendar/2014/09/big-data-tool-inclusion-or-exclusion
- Real Estate agents DO NOT want online real estate websites Trulia and Zillow to merge. It all has to do with advertising. http://nypost.com/2014/08/15/realtors-want-ftc-to-block-zillow-trulia-merger/
- The FTC got permission to open a study on “patent trolls”. http://washingtonexaminer.com/ftcs-patent-troll-study-gets-approval/article/feed/2158146
- Fandango finally reached a settlement with the FTC for being crappy at digital security for a really long time. http://www.engadget.com/2014/08/19/fandango-and-ftc-finalize-settlement/
- A weight loss product marketer that was fined by the FTC nearly a decade ago got caught, again. Remember: the FTC does not take kindly to recidivist marketing violators. They WILL take your house eventually. http://protectingyourpocket.blog.palmbeachpost.com/2014/08/20/fat-burner-firm-kept-making-false-claims-ftc-says/
Work-At-Home Marketer Lied To FTC About Finances, Got Caught Years Later, And Now Must Pay Nearly $30 Million
Another work-at-home entrepreneur crossed the legal online marketing Rubicon. When first sanctioned, the FTC significantly reduced his fine because he swore he couldn’t pay. But the work-at-home impresario was less than truthful about his financial state, and the FTC finally figured it out. Now, he has to give all his swag to the FTC.
Original FTC Investigation Resulted In Reduced Fine Because of ‘Inability to Pay’
In 2009, the Federal Trade Commission forced Jonathan Eborn, of “Google Money Tree,” “Google Pro” and “Google Treasure Chest,” to fork over $3.5 million in cash and assets for violating Internet marketing laws by way of a credit card scam.
The original verdict was for $26.9 million, but it was cut to less than $5 million based on financial affidavits. Eborn swore he couldn’t pay the entire $26.9 million.
If Eborn had been candid with the FTC, this work-at-home tale, of credit card scam woe, may have ended there. But, the FTC recently discovered that Eborn’s sworn financial statements – on which his fine was reduced – weren’t, as Stephan Colbert might say, “truthy.” Supposedly, the online marketer hid nearly $300,000 from authorities. As a result, the FTC reinstated the full $26.9 million judgment. Ouch.
Director of the FTC’s Bureau of Consumer Protection Jessica Rich explained:
“In determining the amount of assets a defendant must provide in settlement, the FTC often relies on a defendant’s sworn financial statements and requires the defendant to agree that any misrepresentations on those statements will trigger a much larger judgment. The court’s decision to impose the full judgment should serve as a lesson to all defendants that lying to the FTC has serious consequences.”
Cramming Guy Pled Guilty; Has To Hand Over Toys & Cash To FTC
So-called “cramming scams” are an illegal – but undeniably lucrative – swindle. So tempting are the potential riches that many people cross the legal line. But remember: if you get caught, the FTC can and WILL take your stuff.
This past week, the FTC announced a recent bust of a cramming scheme, involving text messages, which deceptively charged customers $9.99 a month. The original judgment was for a whopping $97 million. Like in the majority of these types of online marketing cases, however, the fine was reduced to $1.2 million in cash and assets on account of the busted party’s “inability to pay.” The crammer did have to hand over:
- The $4,500 in his bank accounts;
- A 2012 Ferrari 458 Italia and a 2012 Mercedes G550 SUV;
- Startup Shares;
- Three Audemars watches, one Patek Phillippe watch and four Rolex watches.
FTC Busted Another False Weight Loss Website Marketer
Straight up: the commissioners do not want you promising weight loss miracle cures.
If you are an online marketer peddling weight loss products, do yourself a favor and spend the couple of hundred dollars it will cost to have a website audit done by an online marketing attorney. It could save you a whole lot of money and headaches.
FTC Busted Another Credit Card / Government Grants Operation
The FTC sniffed out another illegal credit card processing scam. Say what you will about the Federal Trade Commission, but the office is getting better at spotting and tackling operations that defy the Dot Com Disclosures and the Federal Trade Commission Act.
Again, if you are running an online business that involves marketing products or services, find an online business attorney to review your advertising materials – and internal operations – to make sure you’re walking on the correct side of the legal line and not unnecessarily exposing yourself or personal finances.
Speak With an FTC Lawyer Today
If you need a legal audit of your website or online business, contact Aaron Kelly of Kelly / Warner Law.
About Kelly / Warner Law
A boutique law firm comprised of tech-heads, gear-heads, programmers and comic book junkies — who also happen to be detail-obsessed FTC defense lawyers – Kelly / Warner is the perfect fit for pioneering people doing business in the 21st century.
Contact us today to start the conversation.
FTC Guidelines and Internet Marketing 101
Here at Kelly / Warner Law, we field a lot of questions about Federal Trade Commission Guidelines pertaining to blogging and Internet marketing. The two most common queries:
Are bloggers and marketers required to disclose certain types of information on their websites?
If so, how must the disclaimers be presented?
In this article, we’ll discuss the latest FTC guidelines and disclosure requirements.
The FTC Acai Berry Scandal: A Lesson On Weight Loss False Advertising
A couple of years back, the FTC came down hard on Acai Berry advertisers. In online ads, many weight loss marketers used headlines like: “New Diet Pill Helps you Lose 50 pounds in 4 weeks” to describe the supposed miracle product. This alluring diddy also caught the FTC’s eye:
WARNING! AcaiPure Is Fast Weight Loss That Works. It Was Not Created For Those People Who Only Want To Lose A Few Measly Pounds. AcaiPure was created to help you achieve the incredible body you have always wanted …USE WITH CAUTION! Major weight loss in short periods of time may occur.
These headlines and blurbs caught the attention of the FTC because they make bold claims — claims that sound too good to be true. And when asked for evidence to support these claims, the marketers couldn’t hand-over satisfactory studies. (No, not all white papers and studies are created equal.) The commission deemed the headlines “false advertising” and a hulk-sized fine was levied.
False advertising isn’t the only thing at issue here. though. The FTC is also concerned about “re-bills.” In the Acai crackdown, the commission reasoned that not only did the advertisement lead customers to believe they would experience dramatic weight loss, but the advertisement also indicated that there was no financial risk. Yet, Acai Berry clients were billed for the product without their knowledge – sometimes thousands of dollars – for something they were led to believe was “Risk Free.”
The FTC has and will continue to clamp down on false advertising claims as a way to curb unfair and deceptive marketing. And remember, they have to keep busting people in order to keep existing. So, watch your back and make sure you have the proper disclosures. If you do, the FTC can’t come after you.
Blogging FTC Guidelines
The FTC isn’t only concerned with false advertising (blatant or otherwise). They’re also concerned with persons who endorse products and fail to disclose that he or she is a compensated endorser.
Bloggers and affiliate marketers who are receiving payment from websites engaged in false advertising should also beware. According to FTC Guidelines, bloggers must post a disclaimer or make a disclosure regarding a “sponsored communication.” There is no such thing as a one-size-fits-all “sponsored communication” disclaimer, however, the FTC does provide a few guidelines:
- Only “material connections” must be disclosed.
- Connections are material if the reviewer received some consideration for the review (e.g., cash, merchandise, etc.).
- Guidelines impose liability on: (1) advertisers, (2) advertising agencies, and (3) endorsers (including celebrity endorsers).
- The “results may vary” safe harbor is gone – advertisers are responsible for the claims made by endorsers.
Must I Have a disclosure or disclaimer on my Blog?
If you’re a paid blogger, affiliate marketer, or any entity receiving pay for advertising you must use disclaimers on your site.
“What kind of disclaimer is needed on your website or blog?”
The answer isn’t clear cut. Different strokes for different apps. That said, as long as the disclaimer is “clearly and conspicuously” placed according to the FTC Guidelines, then your site should be in the clear. Having a link in small type — which just so happens to be the same color as the background color of your page — won’t do because the disclaimer must be “clearly and conspicuously” placed.
There’ isn’t a list of “FTC approved” methods for disclosing certain information. The guidelines simply say that the disclaimer must be “clear and conspicuous” when disclosing the material relationships between endorsers and sellers – especially when such relationships aren’t otherwise clear to people visiting the website.
For bloggers, it’s important for the disclaimer to follow every blog post. Why? Because if the disclaimer is only in one spot, there is no guarantee that a reader will see it. A good method is having a link in your footer than appears on every page.
The FTC Guidelines govern advertising done on Twitter and other social media platforms, too. So, make sure to disclose material connections with every Tweet.
How you can comply with FTC Guidelines
The revised FTC Guidelines dictate that advertisements for services and products must not be misleading or false. Advertisers must disclose when the advertisement showcases atypical results. Furthermore, marketers using word of mouth or electronic media must disclose any material relationships between themselves and the advertisers they represent so consumers aren’t misled.
When online marketing guidelines are violated, the FTC will consider the “totality of the circumstances.” That means the FTC will take a look at:
- The advertised product,
- The advertisement claims, and
- Whether or not a “reasonable consumer” would be able to determine (from the disclaimer) if there is a material connection between the advertiser and the marketer.
Be careful out there, bloggers and online affiliate marketers. Even though the truth can hurt…the truth doesn’t hurt as bad as the FTC crashing down on you.
IN THIS ARTICLE:
- Allowable COPPA parental consent methods
- The FTC approved a new consent option for the Children’s Online Privacy Protection Act
- New COPPA parental consent method is based on knowledge-based authentication
- KBA method beat out new “social-graphing” authentication method
Attention companies covered under the Children’s Online Privacy Protection Act: The FTC approved a new COPPA parental consent method. The nation’s consumer watchdog agency green lit Imperium LLC’s dynamic knowledge-based authentication system, ChildGuardOnline.
Quickly, What Is COPPA?
The Children’s Online Privacy Protection Act is one of the few Internet privacy laws in the United States. In short, it established a set of governing rules for online data collection and digital storage of people aged 13 and younger. One of the main COPPA components is parental consent. In the simplest terms, websites and apps must obtain parental consent before collecting, using or storing kid’s information. What are acceptable COPPA parental consent methods? Keep reading.
The Old (& Still Usable) COPPA Parental Consent Methods
Until now, the only FTC-approved “verifiable parental consent” options were:
- Providing a downloadable consent form that the parent could sign and return — via U.S. mail, fax, or electronic scan;
- Requiring parents to use a credit card, debit card or online payment system that notifies the cardholder of every transaction;
- Providing a toll-free number to call;
- Providing a video confirmation service;
- Checking government ID against an FTC-approved database. (This method can only be used if you immediately delete the parent’s information after verification.)
The New Rules For COPPA Parental Consent
In 2013, the FTC updated COPPA regulations. Part of the “upgrade” involved expanding the list of allowable parental consent methods. According to the new rules, companies can “apply” to get an FTC “COPPA-validation stamp of approval” for their digital authentication platforms. Here’s how it works:
- First, a company submits a proposal to the FTC explaining their digital authentication system and why it would be an effective COPPA parental consent-friendly platform.
- Then, the FTC publishes the proposal and invites the public to submit any feedback about the application.
- When the comment period ends, the FTC reviews the proposal and public feedback; then the agency decides if the applicant’s platform is an acceptable COPPA parental consent product. After review, findings and a decision are posted online.
Has The FTC Rejected Any Other COPPA Parental Consent Applications?
Imperium is not the first company to apply for COPPA parental consent status. AssertID, another authentication company, also submitted their social media verification process for FTC review. Dubbed a “social-graph verification” scheme by the FTC, AssertID is a system wherein a parent’s social media “friend” verifies a parent’s identity. Unfortunately for AssertID, the commission rejected its proposal because it could not be “reasonably calculated” that the person giving consent was an actual parent or friend of the proper parental consent holder.
[Interesting business competition side note: AssertID’s proposal garnered 6 public responses – none of which were from Imperium. AssertID, however, did submit a comment for Imperium’s COPPA parental consent proposal and argued that their competitors program failed “to establish an adequate link between parent and child.” Additionally, AssertID argued, “The only link between the child and the parent is that implied by what is presumed to be the parent’s email address — there is no verification that this is in fact true. Although this weak implied link has been overlooked in the past, we feel that any new [consent] methods should be held to the requirement.”]
What Is Knowledge-Based Authentication?
We’ve become accustomed to online verification methods, like captchas. A typical verification method is called “knowledge-based authentication,” which requires respondents to either provide or verify personal information items in order to gain access to a private part of a website or application. There are two main types of knowledge-based authentication models, static KBAs and dynamic KBAs.
- Static KBAs are based on “shared secrets”. When registering for an online service, a user will be asked to provide the answers to various security questions. In order to retrieve credentials, he or she is asked to provide answers to those questions. Oftentimes static KBA systems are used for online banking logins (i.e., what is your mother’s maiden name?).
- Dynamic KBAs don’t require the user to have previous contact with a given site. Instead, the system automatically generates questions it culls in real time from public records. (Say What!? Yep.) Typically, the questions asked are considered “out of wallet” questions, meaning they aren’t queries someone could glean from either stealing or finding your wallet. Information is gathered from credit reports, marketing data and sometimes even social media.
What Stipulations Did the FTC Make About Acceptable COPPA parental consent options?
To thwart any budding Al Capones, the FTC demands that any new COPPA parental consent systems are “dynamic, multiple-choice questions with enough options to ensure that the chances of a child guessing the correct answers are low.” In addition, the commission will only consider systems wherein “the questions used are of sufficient difficulty that it would be difficult for a child in the household to figure out the answers.” If you have a website that could be used by a child aged 13 or younger, you must comply with all COPPA consent rules.
If you have a website that could be used by a child aged 13 or younger, you must comply with all COPPA parental consent rules. It is no longer good enough to include a disclaimer like, “You must be older than 13 to use this site,” in your terms of service policy. Speak with a qualified COPPA lawyer to ensure compliance. The few hundred dollars it will cost for counsel is far better than the boat loads you may have to pay if the FTC comes a’knocking. A COPPA compliance audit is quick, painless and affordable. Get in touch today to get started on your COPPA legal compliance review.
If you’re running a “just legal” data collection operation, or if some portion of your revenue stream involves selling customer data, stop what you’re doing and pay attention for the next five minutes — it could have you a lot of hassle in the near future.
The Federal Trade Commission has made it clear that it’s tightening the reigns when it comes to the wording of end user license agreements (EULAs) and privacy policies.
How Typical Data Collection and Sale Businesses Work
Goldenshores Technologies maintained a lucrative (if not standard) Internet business operation:
- It offered a free Android app called, “Brightest Flashlight Free;”
- It collected information about everybody who downloaded the program, and then
- Goldenshores sold the data to 3rd party marketers.
The people loved the app and downloaded it millions of times over. (Not surprising when you consider that LED phone flashlights are the new “concert candle”.) To consumers, “Brightest Flashlight Free” served both a utilitarian – and perhaps aesthetic – purpose. But many users didn’t realize that every time they used it, the app gathered geolocation data, in conjunction with a device identifier, and bundled the data for third party ad networks. Cha-ching.
But the FTC felt Goldenshores was less than honest about how, when and why the information was collected.
So, consumer agency announced a consent order regarding the “Brightest Flashlight Free” application. What made the announcement noteworthy is that it didn’t focus on what Goldenshore’s policy said, but rather what it didn’t say.
The FTC’s main issues with the app:
- The company’s failure to inform customers clearly that the app collected and distributed precise geolocation info coupled with the phone’s identifier. The combination allowed third party marketers to match individuals with devices.
- The application presented users a no-share option, but before that choice was presented, the information had already been collected, rendering the opt-out useless.
Jessica Rich, Director of the FTC’s Bureau of Consumer Protection, explained the commission’s stance succinctly by stating, “But this flashlight app left them in the dark about how their information was going to be used.”
In an unusual step for the agency – and perhaps a harbinger of what to expect from the FTC under Edith Ramirez’s stewardship – the commission didn’t just delineate offer murky platitudes. Instead, the FTC outlined exactly what Goldenshore had to do to become compliant, thereby making clear the exact standard for geolocation app privacy disclosures.
So what verbiage does the FTC require for geolocation app privacy policies? Basically, the FTC now requires a clear-worded disclosure, appearing before the transfer of any information, which explains to consumers:
- How data is collected;
- How data is used;
- How data is stored;
- Who sees the data;
- Who data is shared with or sold to (if any); and
- Why data is collected.
App Developer Lawyer
Are you a developer in need of an attorney? Kelly Warner represents all kinds of tech startups and established online businesses. We’re not an old-school firm — and we don’t boast of Internet law expertise just because we know how to use Facebook. We’re a firm made up of affiliate marketers, gamers and even programmers — who also happen to be top-rated attorneys.
Get in touch today. Kelly Warner is ready to help smooth things for your digital or Internet-based business.
As of this writing, the government is still shut down, and the Federal Trade Commission has temporarily ceased all consumer watchdogging – but that hasn’t stopped a stream of FTC-related news from hitting the wires. A tidbit that caught our eye is a meeting scheduled for December 4, 2013 where participants will explore “blending advertising with news, entertainment, and other content in digital media”.
The First Time The FTC Will Formally Address Native Advertising Issues
Assuming the feds are up and running again by December, the commission will hold a workshop on content marketing, specifically, native advertising. This gathering marks the first time the Federal Trade Commission will formally address the issue of native advertising – and it got some industry folks worried that the regulation-friendly agency will start throwing their sometimes counterproductive rules around the content marketing industry.
“Don’t Worry, A Workshop Doesn’t Always Mean Impending Regulations,” Says FTC
The FTC, however, seems to want to allay any regulation fears. A spokesperson for the department, Laura Sullivan, attempted to mitigate suspicions by reminding interested parties, “it’s premature to say there will be a next step” when asked if this meeting is the first step towards native advertising regulation.
What Aspects of Native Advertising Does The FTC Care About?
It sounds like the December 4th FTC workshop on native advertising will concentrate on best practices and labeling of sponsored articles. Presumably, if the advertising agency can convince the FTC that self-regulation is the best way when it comes to the content marketing field, the FTC will leave this corner of the online advertising world alone and not take any “next steps” as Sullivan suggested.
What Do The Marketing Associations Have To Say About The FTC’s New Found Interest In Content Marketing?
As you might expect, the Online Publisher’s association and the Interactive Advertising Bureau are pushing for industry self-regulation, as opposed to federal guidelines. And who can blame them? After all, native advertising works – and it a rare bird that can’t decipher a sponsored article – especially since the law already requires publishers to clearly and conspicuously label all sponsored stories.
If you are involved in the online marketing business at all, this is something to watch.
If you are in need of a lawyer who has successfully dealt with the FTC in the past, contact Kelly Warner Law.
When the Government gets back to work, the Federal Trade Commission will begin a probe into the practices of patent assertion entities – a.k.a., patent trolls. In short, PAEs are in the business of capitalizing on registered intellectual property. Often criticized for not “actually produc[ing] anything themselves,” PAEs don’t have the best reputations. Regardless of how you feel though, many PAEs, like Intellectual Ventures, make a whole lot of money.
How Does The FTC Plan To Go About Investigating Patent Trolls & Legitimate PAEs?
Commission staff will use a formal inquiry process, known as a 6(b) study, which will involve requesting information from 25 as yet unnamed companies. The initial public comment period will take 60 days, followed by a review from the Office of Management and Budget, which may extend for a year before the requests are sent out. When the information is received, months of data analysis may be necessary before any results are announced.
In other words, this could take years.
What Issues Are The FTC Going To Focus On?
According to reports, the FTC is looking for specific answers to PAE practices. What types of patents do these companies hold? When did they acquire them? By what manner do these cases land in court and produce huge settlements?
When the study was announced, FTC chairwoman Edith Ramirez commented that the commission intended to use its full authority to get an accurate picture of PAE activity.
Patent Trolling Has Been On Politicians’ Radars For Awhile
The FTC announced their plans at a time when federal and state law makers are abuzz about patent trolling. Why? A cynic may say it’s a safe issue when it comes to public support. Moreover, it’s easy to make “troll companies” — that usually don’t get hit with a countersuits because as shell companies, they don’t have assets – look bad (and by the rule of foils, the politician look good).
As it stands, the FTC probe is a formal inquiry, not an enforcement action. However, the inquiry allows the commission access to documents and business records not readily available to the public. The FTC has also opened a similar study on companies that buy, sell, and tap consumer information in bulk — commonly known as data brokers.
Patent Related Lawsuits Are Costing SMBs Big Bucks
A report released in June 2013, claimed that PAEs were responsible for more than 60 percent of all patent lawsuits in 2012, a significantly higher figure than in previous years. Peter Detkin, co-founder of Intellectual Ventures, however, rejects that figure. Although the 25 PAE companies that will be asked to participate in the investigation is still unknown, it is assumed that Intellectual Ventures will be on the list. And they’re ready. Detkin recently stated that he and co-founder Nathan Myhrvold have no objection to the forthcoming FTC study.
Maybe it’s because there’s a new chief commissioner, but lately, the FTC is behaving like a trust fund kid seeking his absent father’s approval. The nation’s consumer watchdog is not only knocking on Google’s door, again, but they’re also trolling work-at-home biz opps, robocall operations, debt collectors and “free offer” marketers. Plans are afoot to amend the Telemarketing rules, and word on the street is that another online marketing compliance sweep, a la the Acai berry dragnet in 2011, is on the way. So, if you do business online – especially if you use any of the marketing techniques below – it’s time to ensure you’re FTC compliant.
Work-at-home businesses banned from selling biz opps
Last year, new biz opp rules went into effect. Now, the FTC is on the hunt for operations violating those rules.
Recently, the commission targeted 20 companies peddling “webdev and hosting” work-at-home opportunities. After a thorough investigation, the FTC won 7 regulatory settlements. Censured companies were found to have:
- Misrepresented material facts in promoting their biz opp;
- Collected money illegally from buyers;
- Sold customers personal information outside of allowable parameters;
- Improperly disposed of customer information;
- Promised buyers assistance and “marketing expertise” but didn’t deliver on the promise.
As is common in FTC rulings, the responsible parties are forbidden from engaging in the same types of activities in the future. Individuals cited under the action are also prohibited from ever making money off the sale of consumers’ personal information – presumably even if it’s a legal operation.
Fines were levied in this instance, but suspended because the chastised parties didn’t have the money. The FTC swore, however, that if additional funds are discovered, the FTC will collect. It’s not an idle threat, either. Just recently, the FTC moved to claim family assets of people found in violation of FTC regulations.
Expert Global Solutions, a Plano, TX, debt collection agency with 32,000 employees and a $1.2 billion bottom line, got hit with the FTC hammer this summer. The debt collection behemoth must fork over $3.2 million for “harassing consumers.” It’s the largest FTC fine against a debt collector.
What got them in trouble? Expert Global called people several times a day – early in the morning, late in the evening and at work. According to records, even after debts were paid in full, members of the Expert Global team would keep calling names on their lists to determine if the debt still existed.
If you run an online debt collection operation, be on the lookout for snoops poking around your business. But most importantly, review your procedures to ensure you’re compliant. (Of course, you can get in touch with us if you’re not sure.)
The FTC is also keen to snuff out sketchy, pre-recorded robocalls. Last year, the commission conducted a crackdown, and A+ Financial Center got hit hard. A financial services company, A+ Financial used robocalls as a marketing technique. Presumably, thousands of people received calls, generated at A+ facilities, from “Rachel” at “Cardholder Services,” who wanted to talk about interest rate reductions for credit cards. If the call recipient agreed, A+ would collect an initial fee and promise to help reduce their credit card rates. The problem was that A+ would do little to nothing to help customers land lower rates or sustain long term savings.
In addition to the usual marketing prohibitions placed on FTC violators, A+ was slapped with a $9,238,155 judgment. Though much of the fine is suspended due to insufficient funds on the part of the perpetrators, the FTC is taking possession of a 2007 Mercedes Benz and two boats as a means of partially fulfilling the monetary fine.
New Amendments to Telemarketing Rules
New Telemarketing Consumer Fraud and Abuse Prevention Act rules are on the way. Passed in 1994, the law gives the Federal Trade Commission authority to enact programs that “prohibit deceptive telemarketing acts or practices.” As such, the commission is exercising its power by tightening regulations for both inbound and outbound telemarketers.
The Telemarketing Consumer Fraud and Abuse Prevention Act rule proposal changes prohibit inbound and outbound telemarketers from:
- Accepting or requesting “remotely created checks” (draft transactions from a checking accounts; digital payments to creditors; purchasing items via phone or online; compensation for insufficient funds; debt collectors fees to establish payment plans).
- Accepting remotely created payment orders, money transfers and cash re-load mechanisms as payment.
The draft amendments specifically mention curtailing “novel payment methods” — like using bank routing numbers to withdraw funds without authorization. Judging from available information, it also appears that the proposed new rules will address the use of VoIP technology to disguise a caller’s location.
“Free iPad” Schemes
Henry Nolan Kelly, an Internet marketer, was also hit by the FTC this month. Over time, Kelly sent out about 20 million text messages indicating the recipient was eligible for a free iPhone or iPad. However, Kelly never actually gave anybody a free anything. As such, the Federal Trade Commission fined the Apple product promiser a cool $60,950 “for running a large text message based scam.”
Since Henry doesn’t have the funds to pay the penalty, he is being forced to cooperate with the FTC in an effort to identify and catch other internet marketers using the same techniques as himself.
As you can see, the FTC is busy this summer – and the trend is expected to continue into the fall and winter. So, if you engage in online marketing of any kind, get in touch with an Internet advertising attorney and get a compliance audit. The amount it will cost to ensure you’re operating on the right side of the law is peanuts compared to what you could lose if you wind up in the FTC’s crosshairs.