Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FTC alleges subscription service failed to provide access to paid-for services or secure personal data
On June 7, the FTC announced a complaint and proposed consent order against the operators of a movie subscription service to settle allegations that the respondents denied subscribers access to paid-for services and failed to secure subscribers’ personal information. The FTC alleges in its complaint that the respondents violated the FTC Act by employing multiple tactics to prevent subscribers from using the advertised services, including by (i) invalidating subscribers’ passwords while deceptively claiming to have “detected suspicious activity or potential fraud” on the subscribers’ accounts; (ii) imposing a deceptive ticket verification program, which required subscribers to submit photos of physical movie ticket stubs within a certain timeframe in order to view future movies or risk having their subscriptions cancelled; and (iii) using undisclosed financial thresholds known as “trip wires” to block certain subscribers after they reached certain viewing thresholds based on their monthly cost to the company. The FTC also alleged the respondents violated the Restore Online Shoppers’ Confidence Act, by failing to (i) disclose all material terms before obtaining consumers’ billing information; or (ii) obtain consumers’ express informed consent before charging them. Furthermore, the respondents allegedly failed to take reasonable measures to protect subscribers’ personal information, including storing personal data such as financial information and email addresses in unencrypted form and failing to restrict who could access the data, which lead to a data breach in 2019.
An analysis of the FTC’s proposed consent order notes that the respondents are prohibited from misrepresenting their services and must establish a comprehensive information security program that requires them—and any businesses controlled by the respondents —to implement and annually test and monitor safeguards and take steps to address security risks. The respondents must also obtain biennial third-party assessments of its information security program, notify the FTC of any future data breaches, and annually certify that it is complying with the order’s data security requirements. The FTC noted that because certain respondents have filed for bankruptcy, the order does not include monetary relief.
On September 22, the FTC announced a $1.04 million settlement with a supplement marketer and its two officers (collectively, “defendants”), resolving allegations that the defendants engaged in deceptive sales and billing practices, in violation of the Restore Online Shoppers’ Confidence Act (ROSCA), the Telemarketing Sales Rule (TSR), and a previous court order. Previously, in 2016, the marketer entered into a settlement with the FTC covering allegations that the company engaged in negative option marketing by enrolling consumers in a membership program that billed up to $79.99 monthly unless the consumers canceled within an 18-day trial period. The 2016 settlement barred the company from, among other things, (i) obtaining consumers’ billing information without first disclosing they would be charged, that the charge would increase after a certain period, or that the charge would be reoccurring; (ii) obtaining payment from consumers without express written authorization; and (iii) failing to provide a simple way for consumers to cancel.
According to the FTC’s new complaint, from 2016 to 2019, the defendants violated the previous consent order, ROSCA, and TSR by failing to clearly and conspicuously disclose that in order to cancel, consumers must contact the company “at least one day before the end of the advertised Free Trial Period to avoid being charged for the monthly membership program.” The agreed-upon proposed contempt order requires the defendants to pay nearly $1.04 million to be used for equitable relief, including consumer redress.
On September 2, the FTC announced a proposed $10 million settlement with an online education company, resolving allegations the company engaged in negative option marketing and deceptive billing practices in violation of the FTC Act and the Restore Online Shoppers’ Confidence Act. According to the complaint, filed by the FTC in the U.S. District Court for the Central District of California, from 2015 through at least 2018, the company “failed to adequately disclose key terms of memberships to access online education content for children.” Specifically, the company failed to disclose that memberships automatically renewed indefinitely and kept the “ongoing nature of these term memberships only in separately hyperlinked terms and conditions,” with the automatic renewal “buried” in “dense text, in small font and in single-spaced type.” Moreover, the company allegedly created a difficult cancelation process, notwithstanding the promise of “easy cancellation” written in “bold, red text.”
Under the proposed settlement, the FTC is seeking $10 million in monetary relief and seeks to ban the company from making negative option misrepresentations. Additionally, the proposal would require the company to, among other things, clearly disclose terms of membership and obtain consumers’ informed consent before enrolling them in an automatic billing program.
On July 27, the FTC announced the DOJ, on behalf of the FTC, filed a complaint in the U.S. District Court for the Central District of California alleging a background report company used misleading billing and marketing practices in violation of several consumer protection laws. According to the complaint, the background report company’s marketing practices included suggesting that individuals’ reports contained arrest, criminal, sexual offender, bankruptcy, and other records that the reports did not actually include. The complaint alleges the company used these practices to induce users to purchase subscriptions to access background reports. The complaint asserts the company’s practices violated the FTC Act by making false or misleading representations about the criminal records of searched individuals, and that the company violated the Telemarketing Sales Rule and the Restore Online Shoppers’ Confidence Act by materially misrepresenting the benefits of a company subscription; the refund and cancelation policies; and the negative-option features of the subscription.
Moreover, the complaint asserts the company qualifies as a consumer reporting agency under the FCRA, as it “regularly assembles and evaluates information on consumers into consumer reports that, for a fee, it then provides to customers online through interstate commerce.” The complaint argues the company violated the FCRA by failing to maintain reasonable procedures to (i) verify how its reports would be used; (ii) ensure the information was accurate; and (iii) make sure that the information it sold would be used only for legally permissible purposes.
The FTC is seeking a permanent injunction, restitution, and civil money penalties.