On June 18, 2024, Louisiana enacted HB 577, prohibiting “social media platforms” with more than 1 million users globally from displaying targeted advertising to Louisiana users that the platform has actual knowledge are under 18 years of age and from selling the sensitive personal data of such users. The law amends the effective date of the state social media law, the Louisiana Secure Online Child Interaction and Age Limitation Act (“the SOCIAL Act”), to July 1, 2025. HB 577 also will take effect on July 1, 2025. This post summarizes the law’s key provisions.Continue Reading Louisiana Bans Targeted Advertising to Minors on Social Media Platforms
Advertising
UK ICO Launches a Consultation on “Consent or Pay” Business Models
On 6 March 2024, the ICO issued a call for views on so-called “Consent or pay” models, where a user of a service has the option to consent to processing of their data for one or more purposes (typically targeted advertising), or pay a (higher) fee to access the service without their data being processed for those purposes. This is sometimes referred to as “pay or okay”.
The ICO has provided an “initial view” of these models, stating that UK data protection law does not outright prohibit them. It also sets out factors to consider when implementing these models and welcomes the views of publishers, advertisers, intermediaries, civil society, academia and other interested stakeholders. The consultation is open until 17 April 2024.Continue Reading UK ICO Launches a Consultation on “Consent or Pay” Business Models
Belgian Supervisory Authority Sanctions Data Broker
On January 16, 2024, the Belgian Supervisory Authority sanctioned a data broker for violating several provisions of the GDPR. In particular, the data broker processed personal data without an appropriate legal basis and in violation of its transparency obligation.
The more than 100-page decision explains that until July 2021 the data broker collected personal data from different sources and sold the data to interested third parties (“data delivery services”). The company also provided “data quality services” aimed at improving the quality and relevance of the personal data held by its clients. The relevant data were mainly used for advertising by postal mail.Continue Reading Belgian Supervisory Authority Sanctions Data Broker
German Supervisory Authorities Publish Opinion on (Paid) Subscription Websites
On March 22, 2023, the German Conference of Independent Supervisory Authorities (“SAs”) adopted an opinion on websites that offer users a choice between (i) a free version that tracks users’ behavior or (ii) a (usually paid) version that does not track users’ behavior.Continue Reading German Supervisory Authorities Publish Opinion on (Paid) Subscription Websites
FTC Relies on ROSCA and Notices of Penalty Offenses to Police Deceptive Conduct in Settlement with WealthPress
On January 13, the FTC announced a settlement with WealthPress, an online service provider that recommends trades in financial markets. The settlement resolved allegations that WealthPress violated both the Restore Online Shoppers’ Confidence Act (ROSCA) and Section 5 by making false and misleading claims about how much consumers could earn with the company’s trading recommendation services. The action is noteworthy for two reasons. First, building upon the FTC’s prior MoviePass settlement, the FTC’s ROSCA allegations focus not on the terms of the subscription service offered, but rather on the failure to clearly disclose material information about the company’s services. Second, this is the FTC’s first settlement imposing civil penalties for alleged earnings claims violations predicated upon a Notice of Penalty Offenses issued in October 2021. The settlement provides for $1.3 million in consumer redress, $500,000 in civil penalties, and injunctive relief.Continue Reading FTC Relies on ROSCA and Notices of Penalty Offenses to Police Deceptive Conduct in Settlement with WealthPress
Google and iHeartMedia Reach Settlements with FTC and States for Deceptive Endorsements
On November 28, 2022, the Federal Trade Commission (“FTC”) and seven state attorneys general announced that they reached settlements with Google LLC and iHeartMedia, Inc., to resolve claims that the companies aired deceptive advertisements promoting Google’s Pixel 4 phone by arranging for iHeartMedia radio personalities who never actually used the phone to personally endorse it. The companies agreed to pay a combined $9.4 million to the states to settle these allegations.Continue Reading Google and iHeartMedia Reach Settlements with FTC and States for Deceptive Endorsements
EU Consumer Protection and Data Privacy Authorities Adopt 5 Key Principles for Fair Advertising to Children
On June 14, 2022, representatives of the EU’s Consumer Protection Cooperation (CPC) Network, together with several national data protection authorities in the EU and the secretariat of the European Data Protection Board (“EDPB”), endorsed five key principles for fair advertising to children (see press release here). These recommendations…
Continue Reading EU Consumer Protection and Data Privacy Authorities Adopt 5 Key Principles for Fair Advertising to ChildrenCourt of Justice of the EU Finds that Advertising Shown in Email Inbox is Subject to Rules on Direct Marketing
On November 26, 2021, the Court of Justice of the EU (“CJEU”) held in Case C-102/20 that the display of advertising messages in an electronic inbox in a form similar to that of an actual email constitutes direct marketing, and therefore is subject to EU Member States’ rules on direct…
Continue Reading Court of Justice of the EU Finds that Advertising Shown in Email Inbox is Subject to Rules on Direct Marketing
The Spanish Supervisory Authority Approves a GDPR Code of Conduct on Advertising
On September 16, 2020, the Spanish Supervisory Authority (“AEPD”) approved a “Code of Conduct for Data Processing in Advertising” (“Code”) (see the decision approving the code here). This is the first GDPR approved Code of Conduct with an accredited monitoring body in the European Union. The Code enters into effect on November 17, 2020, two months after its approval.
Below we provide a brief FAQ about the Code.Continue Reading The Spanish Supervisory Authority Approves a GDPR Code of Conduct on Advertising
FTC Sends Warning Letters to Teami Tea Influencers
Cardi B might like it, but the Federal Trade Commission (“FTC”) did not. On March 5, 2020, the agency sent Cardi B and other high-profile influencers warning letters alleging that the influencers made inadequate disclosures in their endorsements of Teami tea. The letters followed on the heels of the FTC’s proposed order against Teami, LLC for allegedly making deceptive claims about weight loss and other health benefits in their advertisements and failing to adequately instruct influencers about how to comply with the law when endorsing Teami products.
Continue Reading FTC Sends Warning Letters to Teami Tea Influencers