According to court documents unsealed this week, Uber is suing five mobile ad-tech companies—along with roughly 100 unnamed third parties that they worked with—in addition to its agency partner.This update alleges that the additional companies were collectively paid $70 million to buy out ad space for Uber that turned out, upon review, to be inventory that was “nonexistent, non-viewable, or fraudulent” and purchased deliberately.
According to the document, Uber was deliberately kept out of the loop regarding the true nature of where its ads were running.
These John Does are “presently unknown to Uber,” according to the suit, “and Uber will seek leave of court to amend this complaint to allege such names and capacities as soon as they are ascertained.”
The new suit alleges the defendants engaged in a number of fraudulent practices including “deceptive naming,” “missing device IDs,” “SDK outliers,” and “non-mobile optimized sites” that contributed to inflated click estimates vs. actual app users.
Citing an example generated by YouAppi, the suit illustrates how the “number of daily reported clicks on Uber advertisements” exceeded the “number of daily active users (DAU) of those apps.”
What transpired, according to the latest documents, was that Fetch passed the media-buying duties onto these five companies, who took credit for hundreds of thousands—possibly millions—of installs that they didn’t deserve, by faking clicks, faking app installations or both.
The Federal Trade Commission and its law enforcement partners have announced a crackdown on illegal robocalls, including 94 actions targeting operations around the country that are responsible for more than one billion calls pitching a variety of products and services including credit card interest rate reduction services, money-making opportunities and medical alert systems.
Dubbed “Operation Call it Quits,” the initiative is part of FTC attorneys’ ongoing efforts to help stem the tide of pre-recorded telemarketing calls. The announcement brings the number of cases the FTC has brought against illegal robocallers and Do Not Call violators to 145.
The sweep includes four new cases and three new settlements from the FTC alone.
The U.S. Department of Justice filed two of the new cases on the FTC’s behalf.
Collectively, the defendants in these cases were allegedly responsible for making more than a billion illegal robocalls to consumers nationwide.
“We’re all fed up with the tens of billions of illegal robocalls we get every year,” said Andrew Smith, Director of the FTC’s Bureau of Consumer Protection. “Today’s joint effort shows that combatting this scourge remains a top priority for law enforcement agencies around the nation.”
State partners announcing enforcement actions include the Attorneys General Offices for Alabama, Arizona, Colorado, Florida, Illinois, Indiana, Michigan, Missouri, North Carolina, North Dakota, Ohio, Oregon, Pennsylvania, Texas, and Virginia; the Consumer Protection Divisions of the District Attorneys for the Counties of Los Angeles, San Diego, Riverside, and Santa Clara, California; the Florida Department of Agriculture and Consumer Services; and the Los Angeles City Attorney. In addition, the United States Attorneys’ Offices for the Northern District of Georgia, Middle District of Florida, and Southern District of Texas, with support from the Treasury Inspector General for Tax Administration, have contributed five criminal actions.
According to the complaint, the defendants deceptively told consumers that, for a fee, the defendants could lower their credit card interest rates to zero for the life of the debt, thereby saving the consumers thousands of dollars on their credit card debt.
The complaint alleges that the defendants robocalled consumers, including many whose phone numbers were on the DNC Registry. Under the guise of confirming consumers’ identities, the defendants allegedly tricked them into providing their personal financial information, including their Social Security and credit card numbers.
The FTC also alleges the defendants did not disclose to consumers that they would have to pay substantial additional bank or transaction fees. Finally, the FTC alleges that in many instances, consumers who did not buy the services later found out that the defendants had applied for one or more credit cards without their knowledge or consent.
The case was filed in the U.S. District Court for the Middle District of Florida, Orlando Division, on June 3, 2019. On June 4, 2019, the court granted the FTC’s request for a temporary restraining order against the defendants, including an asset freeze and the appointment of a receiver.
8 Figure Dream Lifestyle
According to the FTC’s complaint against five corporate and four individual defendants, since at least 2017 the defendants have used a combination of illegal telemarketing robocalls, live telephone calls, text messaging, internet ads, emails, social media, and live events to market and sell consumers fraudulent money-making opportunities. The defendants operated under the names 8 Figure Dream Lifestyle and Online Entrepreneur Academy.
Throughout their marketing, according to FTC attorneys, the defendants made false or unsubstantiated claims about how much consumers can earn through their programs, often claiming that a typical consumer with no prior skills can make $5,000 to $10,000 in 10 to 14 days and $10,000 or more within 60 to 90 days of buying the program. In reality, the complaint states, consumers who bought the 8 Figure Dream Lifestyle program for between $2,395 and $22,495 rarely earned substantial income, typically lost their entire investment, and often incurred significant loans and credit card debt.
The complaint further states that in marketing the Online Entrepreneur Academy—a spin-off of 8 Figure Dream Lifestyle—defendants Alex Dee, Brian M. Kaplan, and Jerrold S. Maurer deceptively promoted the program in the same way and claimed without substantiation that consumers who joined would make tens of thousands of dollars in 60 to 90 days.
The Commission’s complaint charges the defendants, who operate from California, Colorado, New York, and Tennessee, with violating the FTC Act, the Telemarketing Sales Rule (TSR), or both, by making deceptive earnings claims through robocalls and other marketing techniques.
The case was filed in U.S. District Court for the Central District of California on June 12, 2019. On June 13, 2019, the court granted the FTC’s request for a temporary restraining order against the defendants, including an asset freeze. The full list of defendants is included in the FTC’s complaint.
Derek Jason Bartoli
According to the FTC’s complaint against Derek Jason Bartoli, the Florida-based defendant has been an active participant in the illegal telemarketing industry for several years, serving as the “dialer,” “information technology (IT) guy,” and at times the seller for various telemarketing companies, including companies that the FTC and other law enforcement agencies have sued. He allegedly provided services in his own name and in the names of Phoenix Innovative Solutions LLC, Marketing Consultation Solutions LLC, and KimRain Marketing LLC.
The FTC alleges that Bartoli is the developer, operator, and provider of a computer-based telephone dialing platform, also known as an autodialer. He allegedly used the autodialer to blast out millions of illegal robocalls and calls to phone numbers listed on the DNC Registry. In the last six months of 2017 alone, the complaint alleges that Bartoli sent more than 57 million calls to registered phone numbers. In addition, the complaint alleges that he initiated millions of calls using fake or “spoofed” caller ID information.
The order also prohibits Bartoli from a range of deceptive and abusive telemarketing practices, including interfering with a person’s right to be placed on a do not call registry, calling consumers who have previously said they do not want to be called, violating the FTC’s TSR and failing to pay for access to DNC Registry information. Finally, the order imposes a $2.1 million civil penalty against Bartoli, which will be suspended due to his inability to pay.
The DOJ filed the complaint and order on the FTC’s behalf in the U.S. District Court for the Middle District of Florida. The defendants in this case include Derek Jason Bartoli, individually and doing business as Phoenix Innovative Solutions LLC, Marketing Consultation Solutions LLC, and KimRain Marketing LLC. The FTC acknowledges the assistance of USTelecom and the Florida Department of Agriculture and Consumer Services.
Media Mix 365, LLC
According to the FTC’s complaint against Media Mix 365, also doing business as Solar Research Group and Solar Nation, and its owners Nicholas J. Long and Nicole J. Long, a/k/a Nicole Leonard and Nicole Leonard-Long, the defendants made illegal calls to develop leads for home solar energy companies.
The FTC alleges that since at least 2015, Media Mix has called millions of phone numbers on the DNC Registry and has repeatedly or continuously called consumers with the intent of annoying, abusing, or harassing them. The defendants allegedly called one number more than 1,000 times in a single year. The FTC alleges the California-based defendants were named in at least three other lawsuits, including two class action cases charging them with DNC Registry violations.
The order bars Media Mix from robocalling unless the recipient has provided an express written agreement to be robocalled. The order further prohibits the defendants from repeatedly or continuously calling with the intent to annoy, abuse, or harass the call recipients and from violating any provisions of the TSR. Finally, the order imposes a $7.6 million civil penalty, which will be suspended upon payment of $264,000.
The DOJ filed the complaint and order on the FTC’s behalf in the U.S. District Court for the Central District of California.
Other FTC Actions
In addition to the new cases announced today, the Commission has also settled several cases brought previously.
According to the FTC’s July 2015 complaint, filed jointly with the Florida Attorney General’s Office, since 2012 the defendants bombarded primarily elderly consumers with at least a billion unsolicited robocalls to pitch supposedly “free” medical alert systems. The defendants often called consumers whose numbers were on the DNC Registry and typically “spoofed” caller ID information.
The defendants used pre-recorded messages, including one supposedly from “John from the shipping department,” which were meant to sound like a live person that falsely told consumers that a medical alert system had been purchased for them, and they could receive it “at no cost whatsoever.” The complaint alleges that the pre-recorded messages frequently falsely claimed that their medical alert system had been endorsed or recommended by reputable organizations like the American Heart Association, American Diabetes Association, National Institute on Aging, or the AARP.
Consumers who eventually spoke with a live operator allegedly were told that even though the system cost over $400, they would get it for free. However, the complaint alleges the telemarketers refused to answer questions about who bought the system for them. The telemarketers also allegedly told consumers they would not be charged any monitoring fee until they received and “activated” the system, even though the consumers’ credit or debit cards were charged immediately. According to the complaint and some staff FTC CID attorneys, the telemarketers also often falsely reassured consumers that they could cancel their service at any time without any further financial obligation.
The court order contains provisions related to two sets of defendants: 1) the Lifewatch defendants, which includes Lifewatch, Inc., Evan Sirlin, and Mitchel May; and 2) the Roman defendants, which includes Safe Home Security, MedGuard Alert, Inc., and David Roman. The order permanently bans the Lifewatch defendants from telemarketing and prohibits them from misrepresenting the terms associated with the sale of any product or service. It also imposes a financial judgment of $25.3 million against Lifewatch and Sirlin.
The order permanently bans the Roman defendants from robocalling, calling consumers whose phone numbers are on the DNC Registry, and calling anyone who is on an entity-specific do not call list. It also bans the Roman defendants from “spoofing” caller ID information and prohibits them from abusive telemarketing practices, including failing to identify themselves to consumers they call, violating the TSR, and misrepresenting the terms associated with the sale of any product or service. Finally, it imposes financial judgments of $8.9 million against the Roman defendants. The financial judgments will be partially suspended after the Lifewatch and Roman defendants pay $2 million.
The order also requires that the defendants notify all current customers about the false claims and illegal robocalls made on their behalf, and give those customers the opportunity to cancel their service.
The FTC filed the order in the U.S. District Court for the Northern District of Illinois, Eastern Division.
The FTC’s October 2018 complaint against Redwood Scientific charged the defendants with a scheme that used illegal robocalls to deceptively market dissolvable oral film strips as effective smoking cessation, weight-loss, and sexual-performance aids. The FTC’s complaint alleges that in addition to making misleading claims about the strips, the company enrolled customers in auto-ship continuity plans without their consent, and did not honor the advertised money-back guarantees.
The court-approved settlement resolves the FTC’s charges against one defendant in the case, Danielle Cadiz. The order permanently bans Cadiz from all robocall activities, including ringless voicemails. The order prohibits her from making a wide range of misleading or deceptive health-related claims. It also prohibits deceptive claims related to third-party endorsements and testimonials, and the U.S. origin of a product. The order requires Cadiz to get consumers’ express consent before enrolling them in auto-ship continuity plans and to enable consumers to easily cancel their enrollment.
The order imposes a judgment of $18.2 million against Cadiz, which will be suspended based on her inability to pay. The order was entered by the U.S. District Court for the Central District of California. Litigation continues against the remaining defendants.
Life Management Services
According to the FTC’s June 2016 complaint, brought jointly with the Florida Attorney General’s Office, the Life Management defendants bombarded consumers with illegal robocalls in attempts to sell them bogus credit card interest rate reduction services. According to the complaint, the defendants guaranteed that they could substantially and permanently lower consumers’ credit card interest rates and save them thousands of dollars in interest payments. Consumers allegedly made up-front payments but rarely, if ever, got the promised services. The complaint also alleges that the defendants used illegal robocalls to pitch a bogus credit card debt elimination service.
One of the last remaining super affiliate networks where an “expert” claimed to have the secrets of affiliate marketing, has come to an end. These networks, promising huge payouts with “famous affiliate marketers” running the show seemingly came and went, but Eli Aloisi’s network lasted a little longer than most, because his personality seemed to keep most affiliates on his side during public legal and ethical battles that often overwhelmed networks.
He told me in an interview that he “started when I was 15 (1995). I found a chatroom with a bunch of colocation and server providers who did internet marketing. I thought it was awesome and stuck around.” You can read the full interview here.
While they claim they will pay their affiliates, at the same time they also poised blame on bad advertisers, saying that “there are unfortunately always a small percentage of advertisers who ditch out on their affiliate bills leaving the affiliate networks high and dry” and that things have been really hard for almost a year and a half.
The company was very much free of legal troubles in an industry full of lawsuits — we however show that Eli Aloisi was sued in 2017 under laws commonly used against mafia defendants. USA Dietary Supplements, Inc brought a cause against him, claiming that he was conspiring to defraud them with other companies and created possibly illegal charges on credit cards to inflate sales.
Remember when marijuana ads showed up in your social media feeds? That was so 2016. Today the major platforms—Facebook, Instagram, Twitter—impose strict rules around cannabis advertising, legal CBD products included. Even ancillary companies that don’t sell the plant face stiff restrictions. So what’s a cannabis company to do? Get creative. Here are real-world examples of killer marketing placements that work.
1. Find an Ad Network That’s Weed-Friendly
Far from conducting “digital raids” like Facebook and Google have, there are a few advertising networks that actually want your cannabis company display ads. Veritad.com has burst on the scene with an online control panel that’s easy to use, and it will get your ads to the audience you specify. While your ads may not run on big mainstream sites yet, that should change soon and broaden the opportunity immensely. Another cannabis-friendly ad network called Mantis lets you target your campaign by state, region, or zip code.
2. Buy a Billboard
With a good location and some creative juice, billboard advertising can be a bold and visible home run. And there are plenty of advertising agencies and media companies that can help you achieve this. Placing your brand high above the trees and chimney tops can run you from $2K per month in Spokane to $100K per month over Hollywood’s Sunset Strip. But before letting your imagination run wild, be warned: Even in legal cannabis states like California, there are strict limitations on what you can show.
3. Get Media Coverage
Marketing can be costly, and startups of all kinds may have to choose between advertising and PR. Which is best? Even as a former ad guy, I’d go with PR every time. An article about your company on a news or industry site is much more valuable than an ad in terms of building credibility and gaining search engine optimization. If you hire a PR firm, look for one that focuses on cannabis. You can also save money and do the heavy lifting yourself by reaching out to media outlets with story ideas. How do you think this story happened?
4. Create Walking Logos
During the first Trump and Kim Jong Un summit in Singapore, Dennis Rodman wore a Potcoin T-shirt in every interview he did. If you don’t remember a thing he said, you probably do remember that shirt. Message to cannabis brands: Steal this idea. Real-life humans sporting your brand colors can be effective. Just beware of swag rule #1: Put your graphics on only the best-quality merch—that means buying half the number and twice the quality.
5. Sponsor Something or Somebody
A conference. A film festival. A team. An athlete. Let everyone see your name in really big letters as the brand that makes things happen. Becoming a sponsor at a trade show like the Cannabis World Congress and Business Expo (CWCBE) or MJBizCon is easy and effective. Hooking up with celebs and sports stars is also a great way to get your message out there. Black Rock sponsors skier Tanner Hall and HempMeds sponsors MMA fighter Liz Carmouche.
It’s real! Grasshopper Kiosks and Green Box make digital vending machines for dispensaries that carry anything from pre-rolls to beverages. You can place your company in their hi-res video touchscreens, or even wrap the entire machine in branding. Now imagine all the other sponsor-friendly things inside dispensaries.
7. Throw a Party
At last year’s MJBizCon in Las Vegas, Treez, a cannabis software company, threw an epic after-party at the Palms Casino. It was a hefty investment and a big gamble—off the Strip and competing with big brands that threw buckets of ducats at Champagne events. But guess what? The Treez epic after-party raged until the wee hours with no drama, great food, and amazing DJs. Other savvy brands sponsored the gig and showed off their graphics and goodies to thousands of very happy cannabis customers.
8. Vlog and Blog Your Branded Brains Out
A well-crafted blog lets you share your passion and intelligence within a branded environment you completely control. Plus, search engines key in on your words, not pictures. So write thought-leader articles with tons of takeaway advice. And augment that with video. For efficient impact, a well-crafted five-second spot can’t be beat. Where does that live now that Vine is dead? Answer: Everywhere there’s a screen. Any creative person with an iPhone-or-better can make a five-second commercial and save it as a .gif or an mp4. (Follow your local advertising rules about content.) When edited to its minimalist best, this little gem can be shared via text, Vimeo, or Giphy, and posted on your website, on a digital ad network, and, of course, on your (ever more popular) blog.
9. Go Rogue!
If you have a great product, it’s your duty to let people know. Get out and hustle. Hand out flyers/stickers/T-shirts at MJBizCon or CWCBE or any of the 40-something cannabis trade shows. Write your tagline on the sidewalk in chalk. Sure, security might chase you away, but who cares—wear your running shoes.
Judge Merrick Garland, wrote the opinion for the three-judge panel.
The plaintiffs had claimed that the Communications Decency Act didn’t apply because the search engines enhanced the third-party content by creating map pinpoints.
The 14 plaintiffs, who described themselves as “ ‘legitimate’ locksmiths,” had claimed that the search engines conspired to flood the market of online search results with information from websites of scam locksmiths to get ad revenue from businesses wanting to distinguish themselves.
The plaintiffs said consumers typically search for locksmiths who are closest to them. The scam locksmiths lead consumers to think they are brick-and-mortar operations by creating websites that appear to be local, using call centers with local numbers, and using fictitious addresses or not listing an exact address.
The plaintiffs’ suit against the search engines had alleged false advertising, abuse of monopoly power, restraint of trade, fraud, interference with economic advantage, unfair competition, conspiracy and breach of contract.
A federal judge had tossed all but the contract claim, and the D.C. Circuit affirmed.
Translating address information from the scam locksmiths’ webpages into map pinpoints does not take the defendants beyond the immunity provided by the Communications Decency Act, Garland said. That holds true even when websites do not provide exact addresses, he wrote.
The search engines use a neutral algorithm when converting website information into pictorial form, Garland said.
“Because the defendants employ a ‘neutral means’ and an ‘automated editorial act’ to convert third-party location and area-code information into map pinpoints, those pinpoints come within the protection” of Section 230, Garland said.
Garland cautioned that Section 230 immunity “is not limitless. In this vein, we reject the defendants’ remarkable suggestion at oral argument that they would enjoy immunity even if they did in fact entirely fabricate locksmith addresses.”
Garland’s opinion was joined by Judges Patricia Millett and Harry Edwards.
The New York Attorney General’s Office is perhaps the most aggressive state regulatory agency in the nation when it comes to regulating ad tech. From data privacy and COPPA to FinTech and consumer fraud, the NY OAG seemingly announces investigations and enforcement actions into the digital marketing industry on a regular basis.
The New York OAG is showing no signs of slowing down in 2019. Advertisers, networks, publishers, lead generators, telemarketers and ad agencies are all on the agency’s radar.
Investigative Powers and Subpoenas
The New York Attorney General has expansive prosecutorial and investigative powers, including, but not limited, the ability to pursued civil and criminal enforcement actions under provisions of New York’s Executive Law and General Business Law.
The OAG can issue investigative subpoenas for documents and witness testimony. It can also enjoin deceptive consumer practices or initiate enforcement actions anyone that engages in deceptive acts or practices, or false advertising.
Responding to New York Attorney General Subpoenas
The information sought with an investigative subpoena must bear a reasonable relation to the subject matter under investigation and to the public purpose to be achieved. The OAG must be able to show some basis for inquisitorial action.
Even if there is a colorable factual basis for a New York Attorney General subpoena, the inquiry cannot be tantamount to an unlimited fishing expedition. In appropriate circumstances, experienced defense counsel may be able to challenge the scope of the subpoena.
If you are a digital marketer and you have received a subpoena from the OAG, you should immediately implement a hold on potentially responsive documentation. Do not attempt to liaise with the OAG on your own.
Contact an experienced state attorney general subpoena lawyer that possesses knowledge of NY OAG policy and staff in order to learn about the investigation, seek appropriate extensions of time, seek to limit or even quash an overreaching request, preserve appropriate objections, and deliberately prepare a cost-effective and strategic response plan.
Investigations Into Ad Tech Are Continuing
The New York OAG’s investigations – some confidential, some not – are continuing.
Lest there be any doubt, consider the spate of recent privacy actions or a recent report by The New York Times that the OAG planned to open an investigation into Facebook’s alleged unauthorized collection of more than 1.5 million users’ email address books. According to the report, the inquiry concerns a practice unearthed in April in which Facebook purportedly harvested the email contact lists of a portion of new users who signed up for the network after 2016. Allegedly, those lists were used to improve Facebook’s ad-targeting algorithms and other friend connections across the network.
What Does the Subpoena Mean?
Attorneys general, including the NY OAG, commence investigations for any number of reasons. Just because you received one does not necessarily mean that you are a target. For example, the OAG might be interested in a third-party marketing partner, or in the digital marketing niche in general.
Experienced counsel can provide specific information and advice, including, but not limited to, determining the actual targets of the attorney general investigation, while seeking to prevent the matter from evolving into a lawsuit.
An Internet marketing lawyer that is knowledgeable about attorney general subpoenas and the resolution of regulatory investigations may give you the best possible chances of minimizing disruption of business operations and successfully resolving such inquiries.
If you have received an attorney general subpoena from the New York Attorney General’s Office, another state attorney general or a federal regulatory agency, email the author at email@example.com.
Richard B. Newman is an Internet marketing compliance and regulatory defense attorney at Hinch Newman LLP. Follow in on LinkedIn at FTC defense lawyer.
Attorney advertising. Informational purposes only. Not legal advice.
Even though cannabis has gained mainstream acceptance in recent years, but it’s still federally banned in the U.S. Thus Facebook decided this week it will maintain its stance against marijuana advertising on its social media platforms.
According to MarketWatch, Facebook held a special product policy meeting this week to discuss potential changes to its stance on cannabis. The company opted to maintain its current policies toward cannabis — that it’s completely banned.
“[Facebook] sort of has a blanket over cannabis, and is unable to really differentiate between hemp, which is legal federally, and marijuana,” says Hemp Industry Associations executive director Colleen Lanier. “We feel that it’s really unfortunate that Facebook is promoting this artificial intelligence to tell things apart, and they can not seem to get it right for cannabis, especially hemp. We can put a billboard up in Times Square, but we can’t pay for a boost on Facebook.”
Currently: Facebook doesn’t allow any attempts to buy, sell or trade cannabis on its platforms, including Instagram. Facebook does allow advertising of products derived from cannabidiol (CBD) , a compound derived from cannabis that is devoid of psychoactive activity including. Facebook also allows content related to the sale of cannabis seeds or other cannabis-related paraphernalia, including bongs, rolling papers and vaporizers. Part may because the FTC and FDA have taken a strict stance about this.
“We’re dealing with a regulator that’s trying to fix that plane while they’re flying it,” Michael Elkin, vice president of partnerships and sales at High 12 Brands, said late Tuesday over the phone to MarketWatch. “Health Canada has not come out with a specific regulation — we are still waiting for proper direction. Nothing [would have] changed.”
ALSO: According to Forbes, media veteran and medical CBD consumer Felicia Palmer, who founded the longest running hip-hop website in the world, SOHH.com, is suing Facebook for rejecting ads for an educational cannabis summit, and for temporarily suspending the page for a new company she founded to put on the summit. The executive director of the New York chapter of NORML, the national marijuana advocacy organization, litigation attorney David C. Holland, Esq., is handling the case pro-bono.
Facebook deleted Palmer’s account after she paid for sponsored ads to promote her upcoming Cannaramic Online Summit, which is a series of educational classes dedicated to teaching people the safest and most effective ways to utilize cannabis. Palmer claims that Facebook “induced her buy into the network’s paid-for-advertisements program,” most likely by offering to place her ad for a heavily discounted rate, which is something they often do.
The U.S. Department of Justice’s Criminal Division recently released an update to the guidance document “Evaluation of Corporate Compliance Programs.”
Immediately thereafter, the Department of the Treasury’s Office of Foreign Assets Control published “A Framework for OFAC Compliance Commitments,” which provides guidance on effective sanctions compliance programs. The OFAC is the primary federal agency that enforces economic and trade sanctions.
Updated DOJ Guidance
The updated DOJ guidance covers various compliance program expectations and threshold questions that prosecutors ask while evaluating whether to initiate criminal charges against an offending corporation. In many respects, the new guidance mirrors factors considered by many a Federal Trade Commission (FTC) attorney when investigating violation of consumer protection laws and considering enforcement against Internet marketers and data-driven businesses.
First, whether the corporations compliance program is well designed.
The “critical factors in evaluating any program are whether the program is adequately designed for maximum effectiveness in preventing and detecting wrongdoing by employees and whether corporate management is enforcing the program or is tacitly encouraging or pressuring employees to engage in misconduct.”
Accordingly, prosecutors examine “the comprehensiveness of the compliance program,” ensuring that there is not only a clear message that misconduct is not tolerated, but also policies and procedures – from appropriate assignments of responsibility, to training programs, to systems of incentives and discipline – that ensure the compliance program is well-integrated into the company’s operations and workforce.
The starting point for a prosecutor’s evaluation of whether a company has a well-designed compliance program is to understand the company’s business from a commercial perspective, how the company has identified, assessed, and defined its risk profile, and the degree to which the program devotes appropriate scrutiny and resources to the spectrum of risks.
Prosecutors consider whether the program is appropriately “designed to detect the particular types of misconduct most likely to occur in a particular corporation’s line of business” and “complex regulatory environment.” For example, prosecutors consider whether the company has analyzed and addressed the varying risks presented by, among other factors, the location of its operations, the industry sector, the competitiveness of the market, the regulatory landscape, potential clients and business partners, transactions with foreign governments, payments to foreign officials, use of third parties, gifts, travel, and entertainment expenses, and charitable and political donations.
Prosecutors also consider “the effectiveness of the company’s risk assessment and the manner in which the company’s compliance program has been tailored based on that risk assessment” and whether its criteria are “periodically updated.”
Prosecutors may credit the quality and effectiveness of a risk-based compliance program that devotes appropriate attention and resources to high-risk transactions, even if it fails to prevent an infraction in a low-risk area. Prosecutors therefore consider, as an indicator of risk-tailoring, “revisions to corporate compliance programs in light of lessons learned.”
Organizations should address risks in written compliance policies and procedures with an experienced FTC attorney, ensuring clearly communication to employees and relevant third parties. Periodic compliance training and an investigation process are crucial to mitigate exposure.
Second, whether the compliance program is implemented effectively.
It is the DOJ’s perspective that effective compliance begins with a culture of compliance established by management. DOJ tends to review efforts taken by company leaders to encourage legal compliance, punish wrongdoing and document corporate compliance.
Third, whether the compliance program works in practice.
Prosecutors evaluate how a corporate compliance program works while deciding whether criminal charges are warranted. Companies are expected to employ compliance audits and update risk assessments. Investigations and remedial structures should be effective and the results well documented.
OFAC Compliance Framework
The OFAC’s framework encourages companies to implement tailored risk-based sanctions compliance programs. At OFAC’s discretion, those with such programs may be eligible for reduced monetary penalties.
The framework identifies five key components, including management commitment, risk assessment, internal controls, testing and auditing, training.
Takeaway: Both the updated DOJ guidance and the OFAC framework provide meaningful insight into how companies should design and implement compliance programs. The DOJ and OFAC also recognize that compliance will vary from company to company, and industry-to-industry. Performance marketers should take notes as the considerations outlined by the DOJ and OFAC are strikingly similar to issues considered by the FTC and state attorneys general when evaluating wrongdoing and potential civil liability..
Contact the author at firstname.lastname@example.org in order to discuss recent trends in advertising compliance enforcement policy, or if you are the subject of an FTC investigation (CID) or enforcement action. You can also follow FTC lawyer on National Law Review.
Passed in 2018, the California Consumer Privacy Act (the “Act”) has been the subject of consistent controversy, criticism from tech lobbyists and support from privacy advocates.
It grants “consumers” various rights with regard to personal information held by a covered “business,” including the rights of notice, access, deletion, portability and reasonable security. It also requires a business that “sells” “personal information” to “third-parties” to provide a clear and conspicuous link on the business’s internet homepage – “Do Not Sell My Personal Information” – to an online webpage that enables a consumer or a person authorized by the consumer to opt-out of the sale of the consumer’s personal information, among other requirements.
The Act also includes an expansive definition of “personal information.” It captures bits of information that digital marketers had not previously treated as personal information, and, as a result, can reach broadly across vendors (below).
Many believe that privacy issues in ad tech are at the core of what the Act is intended to “fix.” The ability of consumers to opt-out of the sale of their personal information is arguably the most significant provision in the Act for digital marketers.
Implications for Data-Driven Businesses
The Act applies if doing business in California and collecting the personal information of California residents. The statute applies to for-profit entities that (i) have greater than $25 million in gross annual revenues; (ii) annually handle personal information of 50,000 or more consumers, households, or devices; or (iii) derive 50% or more of annual revenue from “selling” personal information.
It can apply to businesses even if they do not have offices or employees in California, and can reach activities conducted outside of California.
It is important to note that the Act encompasses much of the data relied on and used by ad agencies, website publishers, ad networks, exchanges, lead generators and auction platforms.
Expansive Definition of “Personal Information”
The collection of data via cookies may fall within the Act’s sweeping definition of “personal information.” The definition also covers a number of data sets that are not tied to actual identifying information. For example, “personal information” also encompasses data that “relates to … is capable of being associated with or could reasonably be linked directly or indirectly, with a particular consumer or household.”
These data sets can include, without limitation, geolocation information, biometric information, IP address, and other online identifiers; browsing history; search history; information about how consumers’ interact with websites, applications, or advertisements; and inferences drawn from these or other types of personal information that may be used to create a profile about a consumer.
De-identified and Aggregated Data
The Act exempts data that is “deidentified or in the aggregate.” However, what constitutes “deidentified” or “aggregate consumer information” should be critically assessed by consulting with an experienced FTC attorney.
For example, today, information is deidentified when it relates to an unidentified individual. Pursuant to the Act, however, data that is “capable of being associated with” a particular person only by sharing it with a third-party is considered personal information before it is even shared.
Right to Opt-Out of “Sale” of Personal Information
The Act’s provisions relating to the right to opt-out of the “sale” of personal information and related restrictions on the dissemination thereof have the potential to drastically significantly disrupt digital marketing, lead generation and data-drive business models.
The Act provides the right to opt-out of the dissemination of personal information to third-parties. Additionally, “sale” is defined to include both: (i) the disclosure of personal information; and (ii) making personal information available to another business or third-party for monetary or other consideration. The breadth of this definition is potentially game-changing when one considers that third-parties often provide services for publishers based on the receipt of such information.
In some contexts, absent express notice and the opportunity to opt-out, intermediary entities (e.g., data aggregators, brokers and ad tech companies that provide behavioral marketing services) will be restricted from re-selling personal information. Never mind that such entities do not even possess a direct relationship with consumers.
Importantly, the Act provides for a limited service provider business purpose exception to the foregoing (below). Consistent with the FTC’s perspective on lead generation, notice is required, the data use must be reasonable and legitimate, and a contract with the service provider that obligates the latter use the data for the legitimate business purposes only must be utilized.
The proper implementation of proper protocols and marketing agreements is of paramount importance under the Act.
Enhanced Notice Requirements
The Act’s notice obligations require covered entities to inform consumers of the categories of personal information collected and the purposes for which that information will be used.
“Collection” is also defined broadly. As with the aforementioned re-sale restrictions, depending upon what type of noticed is actually required and whether publishers will do so no their behalf, entities that do not maintain direction relationships with consumers may find complying with this notice requirement to be somewhat difficult.
Other Consumer Rights
The Act also provides consumers with the right to request and access their personal information two times per year, the right to seek disclosure of the specific types of personal information being held, the right to take possession of their personal information in a readily usable form and the right to request deletion of their personal information (nine exceptions apply). Minors under sixteen (16) are required to provide affirmative opt-in consent before their personal information is “sold” by companies with and without a first-party relationship with consumers -parties – of course, do not forget about COPPA’s verifiable consent requirement for consumers under thirteen (13). Consumers cannot be discriminated against for asserting their rights under the Act.
Properly designed and implemented age verification, data sale, deletion, storage and access policies will be critical, especially when considering that identifying information is often removed from consumer data.
Any entity the processes personal information of California consumers on behalf of a data-driven business (e.g., vendors and services providers) are required to have a written contract in place with specified language in order to be compliant with the Act.
Companies may have to update their contracts if the Act applies to them, and if they use or share personal information of California consumers with vendors or service providers. Without limitation, responsible performance marketing data privacy contract drafting should include, without limitation, prohibiting vendors and service providers from retaining, using or disclosing personal information for any purpose other than legitimate and reasonably anticipated purposes specified in the contract, including for a vendor or service provider’s own benefit.
Experienced data privacy counsel can assist your company to avoid potential Act-related landmines. For example, the Act requires that certain actions be taken in order to avoid such sharing of personal information being classified as “selling.” Vendor and services provider contracts – in addition to privacy policies – should also contain express provisions that clearly and unequivocally set forth the legitimate business purposes for which data may be used.
Adjustments Needed Even If GDPR Compliant
Simply stated, the Act has particular compliance requirements that are not necessarily satisfied by GDPR compliance. For example, California’s requirement of a “Do Not Sell My Personal Information” link. Additionally and without limitation, the definition of “personal information” under the Act is extremely broad. As are the consumer rights, associated business requirements and required contractual terms the Act sets forth.
Proposed Amendments to the Act
A number of proposed amendments have recently been advanced, including a limited exemption for employees from the definition of “consumer,” a bill that narrows the expansive scope of “personal information,” a bill that clarifies the definition of “deidentification,” and a bill that creates a public-record exemption for the definition of “personal information.”
Federal Privacy Law Could Assist Ad Tech
Not only could a federal privacy law solve the issue of how digital marketers can comply with a patchwork of state data privacy laws, such legislation could potential have the added benefit of preempting the onerous Act in a positive way.
Come 2020, the Act will significantly impact the data practices of digital businesses that handle personal information of California consumers for advertising lead generation and other monetization purposes. Proactively consult with an experienced Federal Trade Commission data privacy law firm to map and inventory data, interpret various provisions and definitions of the Act, assess data collection and use practices, implement policies and protocols, and tend to vendor contracts.
Contact the author at email@example.com in order to discuss recent trends in data privacy law and how data-driven business can comply. You can also follow FTC defense lawyer on LinkedIn.
Richard B. Newman is a digital marketing attorney at Hinch Newman LLP. He is a member of the International Association of Privacy Professionals.
Attorney advertising. Informational purposes only. Not legal advice. Always consult with a data privacy legal professional and consider the Act’s requirements, in their entirety.
The pressure for standardization has introduced a new solution: programmatic influencer marketing. By developing a clear set of measures to evaluate influencers and their performance via analytics, this marketing method provides a layer of transparency.
There are platforms on the market that assume the intermediary position between a brand and an influencer. Many offer technological tools that enable the whole process, from influencer selection up to result assessment, while monitoring each stage of the process. Bringing a systematic approach to addressing chaos has various advantages for both influencers and brands.
Automatizing influencer marketing allows for mass scaling and better outreach. Brands can engage effortlessly with any number of influencers to reach their goals and know exactly how much they are paying to do it. This is because programmatic platforms enable tracking and prediction of influencer performance, allowing users to calculate the exact costs of their influencer ads (per view, click or conversion).
This is great news for experts who have been campaigning for clarity and fairness in influencer marketing in the past. Also, it presents a significant step toward securing ROI, because even if a collaboration with one influencer fails, the platform redirects the strategy to another one, avoiding financial loss.
Ensuring security is another key aspect. As the platforms operate a pool of influencers, any particular influencer who becomes discredited due to dubious practices — such as collecting fake followers, for example — can be eliminated from collaborations. This brings an unprecedented level of fairness to the whole industry.
The benefits for brands are straightforward, but why should influencers subject their activities to scrutiny? Actually, signing up for a programmatic platform can provide them with many long-term benefits as well — undeniably, access to new opportunities. This is particularly important for micro-influencers. As many marketers agree, influencers with “only” tens of thousands of followers may be a better fit to subtly but effectively increase brand awareness. These personas often have niche audiences and are particularly passionate about choosing the branded content that fits their overall image. For them, these platforms represent an important networking space.
Apart from securing more contracts, the intermediary can simplify the communication with brands. As many influencers are adolescents, they may not be aware of their market value, or of the ways to reach out and launch a collaboration. In a way, the intermediary can substitute for the role of an agency. Perhaps more importantly, if the industry develops in the right direction, working with a platform could become a certificate of an influencer’s quality in the future.
Technology as the Enabler
How do programmatic platforms secure these benefits to both sides? The answer is simple: through a complex interplay of various emerging technologies.
For example, the smart matching between a brand and a social influencer is enabled via artificial intelligence that assesses both parties, based on the type of industry, target audience, content type and performance. The tool then scans hundreds of thousands of influencers to pick the perfect fit. When it comes to analytics, sophisticated machine learning algorithms come into play. These engines predict an influencer’s performance based on past endeavors in order to calculate the market price.
In upcoming years, programmatic platforms likely will adopt practices that are common in other branches of marketing, such as bidding on an advertising opportunity — or an influencer, in this case. From a marketing point of view, each YouTube channel can be seen as a television: If you want to get your message on a particular channel, you may need to pay more than another brand.
However, the application of technology in influencer marketing isn’t limitless. The content published by the influencer still has to be reviewed manually, and there always will need to be a human element to ensure that every piece of video and every photograph follows specific content and brand guidelines, is not explicit, and does not violate the rules of the specific social media network.
Programmatic influencer marketing still may be in its infancy, but it has a bright future. Brands can abandon estimates and guesses and fully embrace a data-driven approach, helping them to optimize their marketing strategy and aim their focus exactly where it is needed.