Stay ADvised: What's New This Week, April 6
- DOJ Files Complaint and TRO Shutting Down COVID-19 “Vaccine Kit” Fraud Site
- FTC Announces COVID-19 Action Plan, Follows Up With Warning Letter to VoIP Telemarketers
- Lawmakers Express Privacy Concerns Over Google COVID-19 Screening Site
- Federal Judge Finds Manufacturers’ Alleged Representations as to Sugar Content Not Misleading When Nutritional Facts Panel Provides Adequate Disclosure
- NARB Reverses Key NAD Finding on Molekule Air Filtration, Upholds Other Recommendations
- Seventh Circuit Quietly Effects Potentially Significant Change in Federal Do-Not-Call Laws' "Established Business Relationship" Exception
DOJ Files Complaint and TRO Shutting Down COVID-19 "Vaccine Kit" Fraud Site
The Department of Justice (DOJ) filed a complaint in Austin, Texas against operators of a website fraudulently claiming to offer vaccines for COVID-19, in what the department announced would be its first enforcement action targeting the rash of scams looking to capitalize on the “fear and uncertainty” created by the coronavirus pandemic.
The complaint alleges that the operators of “coronavirusmedicalkit.com” claimed to offer “free” World Health Organization (WHO) “vaccine kits” in exchange for a $4.95 shipping fee charged to the purchaser’s credit card. The trouble is, no such vaccine for coronavirus currently exists, nor is the WHO distributing any such kit, notes the DOJ.
Making use of fake testimonials, the website features allegedly deceptive claims from these fabricated users about the virus and an explanation of how the bogus product works. Defendants also used a picture of Dr. Anthony Fauci, the director of the National Institute of Allergy and Infectious Diseases at the National Institutes of Health, to give the site the appearance of legitimacy.
The complaint alleges that the operators of the website are engaging in a “predatory wire fraud scheme” in violation of 18 U.S.C. § 1343. It also alleges that the John Doe defendants’ actual intent is either to obtain and keep the shipping charges or to collect the credit card and personal information of consumers for illegal use, by profiting “from the confusion and widespread fear surrounding COVID-19.”
Together with the complaint, the DOJ also sought a temporary restraining order, pursuant to 18 U.S.C. § 1345, to compel the website's host to shut it down and block access while the DOJ pursues the case, a request granted by U.S. District Judge Robert Pitman.
The DOJ also announced it is prioritizing enforcement actions to combat coronavirus-related fraud. It noted that the fraudsters were not only reprehensible but also posed a threat “by spreading misinformation and creating confusion.”
“The Department of Justice will not tolerate criminal exploitation of this national emergency for personal gain,” said Assistant Attorney General Jody Hunt of the Department of Justice’s Civil Division.
“We hope in the future that responsible web domain registrars will quickly and effectively shut down websites designed to facilitate these scams. My office will continue to be aggressive in targeting these sorts of despicable frauds for the duration of this emergency,” added U.S. Attorney John F. Bash of the Western District of Texas, where the complaint was filed.
The DOJ is prioritizing enforcement actions against those committing coronavirus-related fraud, seeking to quickly and efficiently shut down any affiliated websites. In shutting down the website in question, the DOJ relied on 18 U.S.C. § 1345, which permits the issuance of injunctions in cases involving specific types of fraud, including federal health care offenses, without the need for the heightened showings typically required for the issuance of injunctions, including: a finding of specific harm, “a showing of the inadequacy of other remedies at law, [or] a balancing of the parties’ interests….”
FTC Announces COVID-19 Action Plan, Follows Up With Warning Letter to VoIP Telemarketers
Also acting in response to the COVID-19 pandemic, the Federal Trade Commission (FTC) issued a statement outlining its operational approach during the pandemic, saying it would, in some cases, ease compliance restrictions for companies providing vital goods and services.
In a statement, FTC Chairman Joe Simons wrote that the agency would ease these restrictions in light of the current hardships faced by consumers and businesses. Simons said the FTC would take into account the “enormous” challenges faced by businesses and consumers, “remain flexible and reasonable in enforcing compliance requirements” that might make it tougher for “important” goods and services to reach consumers, and consider good faith efforts to do so in making enforcement decisions.
“To be clear, by being flexible and reasonable, I am not suggesting that we will tolerate companies deceiving consumers, using tactics that violate well-established consumer protections, or taking unfair advantage of these uniquely challenging times,” wrote Simons.
Simons emphasized that FTC staff at the Bureau of Consumer Protection are continuing to pursue action against deceptive practices, highlighting the agency’s efforts to educate consumers about coronavirus-related scams and encouraging consumers to help by reporting such scams.
As if to make its point, the agency sent warning letters shortly thereafter threatening enforcement action against several VoIP companies for allegedly facilitating illegal coronavirus telemarketing and robocalls peddling wares related to the COVID-19 pandemic.
“We will not tolerate businesses seeking to take advantage of consumers’ concerns and fears regarding coronavirus disease, exigent circumstances, or financial distress,” noted the FTC.
The letters warn the companies to cease assisting telemarketers they know, or should know, are violating the Telemarketing Sales Rule (TSR).
“Combatting illegal telemarketing is a top priority of the Commission, with a special emphasis on stopping illegal robocalls,” warned the FTC.
The types of conduct the FTC warned could result in legal action include facilitating misleading statements to induce consumers to make purchases or charitable contributions; misrepresenting an affiliation with a government agency; initiating unauthorized robocalls; and transmitting fake caller ID numbers. The letters asked the companies to send the FTC a correspondence describing specific actions they will take to address the accusations.
The FTC’s eased-up compliance restrictions, while surely welcome in these times, appear to apply only to companies providing “important goods and services to consumers.” The FTC’s letter was clear on what types of action the agency will not tolerate, but vague on the exact outline of these “flexible” compliance obligations. Companies to whom this may be applicable should proceed with caution and consider reaching out to the FTC or counsel for further guidance.
Lawmakers Express Privacy Concerns Over Google COVID-19 Screening Site
Five senior Democratic senators sent correspondence to Google and the White House raising privacy concerns about a coronavirus screening website piloted by Verily, a Google subsidiary. The lawmakers questioned the site’s privacy policies and cybersecurity protections.
In letters sent to the Trump administration and to Google CEO Sundar Pichai, Senators Bob Menendez, Sherrod Brown, Cory Booker, Kamala Harris, and Richard Blumenthal expressed concerns with Verily’s privacy practices and in its letter to the White House, questioned whether the administration had adequately considered the privacy and security risks associated with Verily’s initiative.
The website, dubbed Project Baseline, launched as a pilot program in limited California locations. Users can see if they qualify for a free screening for COVID-19 in two California counties. To sign up, users must enter their Google email address or sign up for a Google email if they do not have one, and agree to share certain data with Google and potentially with third parties under certain circumstances.
Although the Senators noted that they “appreciated” efforts to help consumers understand whether they qualify for a test, they queried first whether the site contains sufficient protections governing the collection and sharing of user data, and second, whether it builds in proper cybersecurity protections against potential hackers. Among the privacy concerns cited by the Senators were the ambiguity around whether users waive privacy and data rights; whether Google will be able to use the data for commercial purposes; and whether Google would be able to sell the data to third parties.
“We are concerned that neither the [Trump] administration nor Google has fully contemplated the range of threats to Americans’ personally identifiable information,” wrote the Senators.
Other privacy advocates have also questioned why the company is conditioning access to the site on the sharing of personal information.
“COVID-19 testing is a vital public necessity right now—a core imperative for slowing this disease,” said Jake Snow, a technology and civil rights attorney with the American Civil Liberties Union of Northern California. “Access to critical testing should not depend on creating an account and sharing information with what is, essentially, an advertising company.”
Further, the company is not subject to HIPAA privacy requirements as it is not a healthcare provider, but rather a private company providing health services with an existing relationship to the consumer.
With respect to the cybersecurity issues, the lawmakers noted that lack of clear security provisions could lead to “identity theft, negative credit decisions, and employment discrimination.” The Senators said they were particularly wary of cybersecurity issues given Google’s past history of appetite for health data, and the history of hacks of other major health companies such as Quest Diagnostics.
Without directly addressing the correspondence, Verily responded via a blog post emphasizing that it is separate company from Google. Verily also stated that it stores data in “advanced systems with security and privacy protocols” and is only asking users to sign up for the site using their Google email to authenticate them, but will not use that information to contact users during screening.
The FAQs on the program’s website also stress that the company prioritizes privacy and fully complies with applicable privacy law, and that the data will only be used for a limited number of enumerated reasons.
The lawmakers asked Google CEO Pichai and the office of Vice President Mike Pence to respond to a provided list of questions by March 30.
As the Senators seek more information about their privacy and cybersecurity concerns, it is worth noting that one legal issue here is the concept of “forced consent”—forcing users to authorize access to all data on a “take it or leave it” basis in order to use a website— which in Europe is barred by the GDPR. At this point, neither U.S. federal law nor California’s new Consumer Privacy Act addresses the issue.
Federal Judge Finds Manufacturers' Alleged Representations as to Sugar Content Not Misleading When Nutritional Facts Panel Provides Adequate Disclosure
A New York federal judge has dismissed a putative class action alleging that protein bar manufacturer ONE Bars deceptively advertised the sugar content of its products, finding that FDA mandatory labeling disclosures on the back panel of the bars’ packaging serves to clarify any potential ambiguity on the front label.
Plaintiff Jose Melendez alleged that ONE Bars was falsely advertising its ONE Bars and ONE Basix protein bars as a “guilt-free indulgence” with just “ONE” gram of sugar and twenty grams of protein. According to the plaintiff, laboratory testing showed that the bars actually contain 5.1 grams of sugar per serving.
Melendez asserted claims under New York General Business Law (GBL) §§ 349 and 350 and related common law counts, alleging that the claims were either false or, if not false, misleading in that reasonable consumers would believe the bars to be healthier and lower in calories and carbohydrates than competing brands.
However, U.S. District Judge Carol Bagley Amon rejected both arguments, summarily dismissing each of Melendez’s claims with prejudice and without leave to amend.
As to Melendez’s falsity claim, Judge Amon found that the claim was preempted by federal law. In order to escape preemption, Judge Amon found that Melendez would need to show that the testing on which he relied complied with the methodology outlined by the Food and Drug Administration (FDA), which Melendez failed to do.
The Court also found that the “one gram sugar” statement on the front of ONE Bars’ packaging was not likely to mislead a consumer acting reasonably into believing that the bars are lower in carbohydrates and calories than they actually are, because the back panel of the bars’ packaging serves to clarify any potential ambiguity on the front label. Because the products’ carbohydrate and caloric contents are contained in the mandatory nutrition facts panel—which, the court reasoned, is “exactly the spot consumers are trained to look” for such information—the court found that plaintiff failed to sufficiently plead the misleading claim under New York GBL §§ 349 and 350.
Judge Amon’s decision is notable in that it breaks rank with similar lawsuits in other jurisdictions, where some plaintiffs have withstood motions to dismiss on preemption grounds, even though their analytical testing did not follow FDA methodology. It also declines to follow other federal district courts, particularly in the Ninth Circuit, which have rejected the “look at the nutrition label” defense where the plaintiff’s claims are grounded in allegedly misleading and contradictory statements on the front of pack, at least on upfront motions.
Ingredient-based claims for foods and supplements remain a target for the class action bar. Although an accurate nutrition label cannot cure a false or misleading claim appearing elsewhere on the package, it may—in certain jurisdictions—help to support an argument that the packaging is not misleading to reasonable consumers, even at the motion to dismiss stage.
NARB Reverses Key NAD Finding on Molekule Air Filtration, Upholds Other Recommendations
The National Advertising Review Board (NARB) has reversed, on appeal, a key decision of the National Advertising Division (NAD) with respect to claims made by Molekule about its air filtration system, while upholding other NAD recommendations.
Competing air filtration systems manufacturer Dyson had originally challenged a number of Molekule’s advertising claims made about its air filtration system, the MH1 Air Purifier (MH1). NAD sided with Dyson and recommended that Molekule discontinue a number of the challenged claims. Molekule agreed to comply with NAD’s recommendations on most claims, but it appealed two of NAD’s findings to the NARB, the appellate unit of the ad industry’s system of self-regulation.
Molekule’s challenged ads discuss the benefits of the PECO filter used in the MH1 and compare those benefits to the HEPA filter used by Dyson. Of relevance to the appeal, Dyson challenged Molekule’s claim that MH1’s PECO filter could address bioaerosol and volatile organic carbon (VOC) pollution.
NAD found that Molekule had not shown a reasonable basis for its claims, for two reasons: (1) the bioaerosol testing it submitted tested a prototype—not the MH1; and (2) the testing method (described as “single pass”) introduced a challenge directly to the filter, as opposed to a more consumer-relevant test of a filter’s effectiveness against a challenge that is present in a room-sized chamber. NAD likened the single pass testing to a torture test that had not been shown to have real-world relevance. With respect to the various VOC tests, NAD again raised concerns about the specific device tested and test conditions, including the size of the chamber. Other tests showed a reduction in VOCs, but failed to show they had been eliminated.
To the extent that NAD’s findings relate to claims by the advertiser that its MH1 device removes or destroys all pollutants in a room or completely eliminates such pollutants, the panel agreed with NAD’s conclusions. To support such “complete elimination” claims the advertiser would have to have conducted pollution reduction studies on the device in a room sized chamber (not single-pass tests), which the advertiser admittedly had not done.
However, the NARB panel disagreed with NAD to the extent it sought to preclude the advertiser from making claims that its PECO technology filter can address bioaerosol and VOC pollution, on several grounds. First, the panel did not agree that the advertiser’s data generated by evaluating prototypes in a variety of tests should be rejected in its entirety. Second, while agreeing that “torture” tests have to be carefully scrutinized, the panel found the results added to the support for the advertiser’s position.
Third, NARB noted that NAD, and the challenger, “place[d] heavy emphasis on the fact that most of the advertiser’s tests were single-pass tests which evaluate the filter and were not conducted in room-size chambers.” NARB noted that “the advertiser point[ed] out that on a number of prior occasions NAD relied on the results in single-pass filter testing to uphold performance claims for air purifier units with HEPA filters. This is not only not disputed, it is represented to be a well-accepted industry standard.” As such, the panel found no reason why PECO technology should not be assessed using the same standard.
Taken together, the panel found the advertiser’s data, cumulatively, provided a reasonable basis for the claim that the PECO filter is effective at addressing air pollution. NARB also noted that the advertiser had argued that it never intended to claim that its filters completely eliminated pollutants. Accordingly, NARB reviewed each of the 17 pollution claims NAD recommended be discontinued to determine whether they communicated messages that “go beyond the valid support that the advertiser ha[d] presented.”
In doing so, NARB explained that the companies’ products use different filtration systems, and that those filtration systems also differ with respect to whether they trap VOC particles (in addition to bioaerosol particles): “The parties explained that VOCs are gases, not particles, and that HEPA filters are not designed to, and do not, trap VOCs. Rather, air filtration systems using HEPA filters also employ a carbon filter to address VOCs.”
NARB also found that “HEPA filters trap impurities as they pass through the filter, while filters based on PECO technology were asserted to destroy, rather than trap, the impurities.” That assessment also led the NARB to conclude that Molekule’s “general efficacy” claim that “Molekule’s revolutionary nanotechnology destroys pollutants at the molecular level” was supported, overturning NAD’s recommendation that the company discontinue this claim as well.
Although NARB overturned only some of the claims Molekule appealed, its explanation of the workings of the PECO versus HEPA filter went to the heart of what Molekule said it was attempting to show and wanted its customers to know: that its PECO technology destroys pollutants where HEPA does not destroy but traps impurities. For advertisers—and particularly advertisers aiming to show that testing, while not perfect, meets the “reasonable basis” standard—NARB has continued its recent trend as a more receptive forum than NAD.
Seventh Circuit Quietly Effects Potentially Significant Change in Federal Do-Not-Call Laws' "Established Business Relationship" Exception
In Remanding DISH Telemarketing Damage Award, Appeals Court Decides Collateral Issue That Could Have Far-Reaching Operational Implications
On March 26, 2020, the U.S. Court of Appeals for the Seventh Circuit issued its decision in U.S. v. DISH Network, affirming liability but remanding the trial court’s award of $280 million in civil penalties and statutory damages. The trial judge found more than 65 million violations on behalf of DISH of theTelemarketing Sales Rule (TSR) maintained by the Federal Trade Commission (FTC), the Telephone Consumer Protection Act (TCPA) and its rules administered by the Federal Communications Commission (FCC), and analogous state laws. Most observers have focused on affirmance of DISH’s liability and/or on vacation and remand of the monetary awards.
There is, however, another less-noted portion of the opinion that upsets a long-accepted understanding of how the underlying federal telemarketing rules operate, involving a widely used exception to the do-not-call framework. That holding might well warrant operational changes at companies that telemarket, especially those that are paid in advance for goods or services delivered thereafter over an extended period.
Background and Review of Judgment
U.S. v. DISH was an enforcement action by the federal government and the states of California, North Carolina, Illinois, and Ohio, alleging violations of federal and state telemarketing laws. The Seventh Circuit’s decision largely affirmed DISH’s liability for approximately 66 million marketing calls made by third-parties selling its satellite TV service. However, the court vacated and remanded the $280 million award on grounds the trial court based that penalty entirely on DISH’s ability to pay (using 20 percent of a year of the company’s profits).
This was improper, the Seventh Circuit held, because ability to pay is but one of several factors for setting penalties under the FTC’s enabling statute, only one of the state statutes includes it as a factor, and the remaining state laws and TCPA do not mention it at all. Thus, “two of the statutes underlying this penalty permit consideration of wealth—though none permits it to be the sole factor,” which the Seventh Circuit said, made it “hard for us to see a justification … for starting from the defendant’s wealth rather than harm.” The trial court will revisit the award on remand.
Ruling on the EBR Exemption
Meanwhile, in assessing DISH’s liability, the court was called upon to interpret and apply the underlying telemarketing rules, one of which involved an exception to the federal do-not-call regime the company was accused of violating. Under essentially identical provisions of the TSR and TCPA rules, it is unlawful to telemarket to phone numbers on the National Do-Not-Call Registry.
The only exceptions are where a called party gives prior express invitation or permission to phone solicitations from a company or has an established business relationship (EBR) with it. Under both the TSR and TCPA rules, an EBR exists based on a consumer having inquired about a company’s goods or services within three months before the telephone solicitation, or a purchase or other transaction with the company within 18 months prior to the call.
For purposes of the purchase/transaction-based EBR, it has long been understood that 18 months is calculated from the later of the last purchase of, payment for, or delivery of the goods or services in the transaction. The FTC articulated as much when it adopted the rule, and it is reflected in the FTC’s TSR FAQs to this day. Both the FTC and the FCC acknowledged such calls are expected from companies with whom a consumer has already done business, including renewal and/or “winback” efforts, and both cited in particular the examples of subscriptions and/or memberships for which consumers may pay upfront for an extended period of service.
The Seventh Circuit, in fact, quoted the FTC’s articulation that EBRs can be measured from the last shipment or delivery in construing the exception but ultimately held the 18-month period after a purchase/transaction must be measured from the consumer’s last payment. It rejected post-payment delivery date(s) as a proper starting point for the 18-month EBR, based on the text of the rule mentioning only “purchase, rental or lease” and entry into a “financial transaction.” The FTC’s commentary (and FAQ) that incorporates delivery, if it post-dates payment, did not warrant deference, the court held, given the clarity of the rule’s text.
Impact of Ruling on the EBR Exception
The court’s ruling on this point is a potentially major change in interpretation of how the transaction-based EBR exception operates under the do-not-call rules. For nearly two decades, companies have relied on the FTC commentary (and FAQ), and the FCC’s adoption and ratification of a parallel EBR in its rules, to begin counting the 18 months for the EBR period from the later of the last purchase of, payment for, or delivery of the goods or services involved in the transaction. Ratcheting back to date of last payment could be operationally disruptive.
It is easy to envision companies like newspaper or magazine publishers, or health club or other membership services—which may be paid in advance—finding the duration of paid-for goods/services extending far into or even beyond the 18-month EBR, thus greatly limiting the ability to make renewal or winback calls to former customers whose numbers are on the National Do-Not-Call Registry.
Companies for whom such outreach to former customers forms an important part of their telemarketing should review their procedures to ensure they properly account for the Seventh Circuit’s reinterpretation of the transaction-based EBR under its DISH decision.