On December 14, 2016, operators of online extramarital dating and social networking website AshleyMadison.com came to an agreement with the Federal Trade Commission, and several States, to settle FTC and related state charges that the website deceived consumers and failed to protect 36 million users’ account and profile information. As we discussed immediately following the July 2015 breach (and in several later posts) the data of some 36 million AshleyMadison.com accounts was posted online. It was reported by KrebsOnSecurity that the breach included the theft of user databases, financial records (including salary information), and other records from AshleyMadison, Cougar Life, and Established Men, three social networking web sites operated by the Toronto, Canada-based firm Avid Life Media, now known as Ruby Corp.
It seems like managing data breaches has become a part of doing business these days. From the October denial of service attack on Dyn (a company that provides core internet services to companies like Twitter, Spotify and Netflix) to the recent hacks of the Clinton campaign’s emails, data breaches are increasing in frequency, scope and cost. The average cost of a data breach increased to $4 million in 2015, and the 2016 Cost of Data Breach Study: Global Analysis published by IBM and the Ponemon Institute places the likelihood of a company having a material data breach involving 10,000 lost or stolen records in the next 24 months at 26 percent.
Earlier this year, the Federal Trade Commission (FTC) went after Warner Bros. Home Entertainment Inc. for not clearly representing that several digital influencers were paid as part of a marketing campaign for the video game Middle Earth: Shadow of Mordor. (See our prior posts on FTC enforcement of its disclosure requirements.) According to the complaint, these influencers were paid amounts ranging from hundreds of dollars to tens of thousands of dollars and received advance-release copies of the game with instructions on how to promote the game. The sponsored videos were viewed more than 5.5 million times. One very popular influencer, Felix Kjellberg, known as “PewDiePie” on YouTube, created a video that has been viewed over 3.7 million times by itself.
The Federal Trade Commission recognizes that many people benefit from companies’ online tracking by getting advertising that is more targeted to their preferences. However, as the technologies and techniques used by companies and advertisers to uniquely identify and track individuals’ online behavior advances, the FTC warns that companies’ privacy disclosures and practices must be updated. Failure to do so could be considered deceptive under the FTC Act.
We’ve written previously on the rise in FTC scrutiny and enforcement regarding the use by companies of paid digital influencers without the proper disclosures. Recently, retailer Lord & Taylor found itself in the FTC’s crosshairs when it employed bloggers and Nylon magazine as part of a very successful campaign to promote a clothing collection online and on social media. Unfortunately, the campaign was less successful in its compliance with the FTC Act.
Along with colleagues Lori Levine and Lauren Lynch Flick, we’ve taken a closer look at the case in Lord & Taylor Case Shows the Importance of Transparency in Advertising, itself just the latest example of how companies can run into trouble when they fail to fully disclose a promotion or advertisement.
As we saw in a prior post regarding Kim Kardashian and Instagram, the FDA pays attention to how brand companies use paid celebrities to endorse their products. Likewise, the FTC closely scrutinizes how brand companies use paid or sponsored endorsers. Be it digital influencers or bloggers, brand companies must be mindful of the disclosures required to be made in connection with any advertisement or promotion disseminated by an endorser for the brand company. If the brand company provides compensation of any kind to the endorser in exchange for the promotion, FTC regulations require disclosure of this fact. Per the FTC’s 2013 .com Disclosures guidelines, the disclosure must be “clear and conspicuous.” If the brand company uses an advertising agency, the company must ensure that the agency is complying with the FTC’s regulations. Ultimately, the brand company can be held liable for FTC violations by its advertising agency.