Alex Kantchelian, Dhawal Mujumdar & Sean Carey
FTC Policies on Deception and Unfairness
These two papers outline the FTC’s policies on cracking down on consumer unfairness and deception. The FTC policies are defined from several court cases that influenced consumer protection. However, no single statement on consumer unfairness and deception had been issued up to that point by the FTC.
The FTC policy statement on Unfairness
The FTC is responding to a letter by Senators Danforth and Ford, concerning one aspect of the FTC’s jurisdiction over “unfair or deceptive acts or practices.” The senate subcommittee is planning to hold hearings on the concept of “unfairness” as applied to consumer transactions
The FTC states that the concept of consumer unfairness is not immediately obvious and this uncertainty is troublesome for some business and members of the legal profession. They attempt to delineate a concrete framework for future application of the FTC’s unfairness authority. However, from court rulings, the FTC has boiled down unfair acts or practices in affecting commerce into three categories: consumer injury, violating established public policy, or it is unethical or unscrupulous.
Consumer Injury
The commission is concerned with substantive harms, such as monetary harm and unwarranted health and safety risks. Emotional effects tend to not ‘make the cut’ as evidence of injury. The injury must not be outweighed by any offsetting of the consumer or competitive benefits that the sales practices also produces, i.e. the item producer can justify not informing the consumer if it saves the consumer money. However, if sellers adopt a number of practices that unjustifiably hinder free market decisions, it can be considered unfair. This includes over coercion, or exercising undue influence over highly susceptible purchasers.
Violation of public policy
Violation of public policy is used by the FTC as a means of providing additional evidence on the degree of consumer injury caused by specific practices. The S&H court considered it as a separate consideration. The FTC thinks its important to examine outside statutory policies and established judicial principles for assistance in helping the agency
Unethical or unscrupulous conduct
Unethical or unscrupulous conduct is used for certainty in reaching all the purposes of the underlying statue that forbids “Unfair” acts or practices. The FTC has decided that though this is largely duplicative, because truly unethical or unscrupulous conduct will almost always injure customers or violate public policy as well.
Summary of FTC policy statement on deception
Section 5 of the FTC act declares unfair or deceptive acts or practices unlawful. Section 12 specifically prohibits false ads. There is no single definitive statement of the Commission’s authority on deceptive acts.
Summary:
The FTC does not have any single, definitive statement of their authority on deceptive acts. However, they have an outline for the basis of a deception case: It must have misrepresentation, omission or practice that is likely to mislead the customer, false oral or written representations, misleading price claims, sales of hazardous or systematically defective products or services without adequate disclosers or similar issues. Second, the FTC examines the practice from the perspective of a consumer acting reasonably in the circumstances and third, the FTC looks if the representation, omission or practice is a material one. Most deception involves written or oral misrepresentations, or omission of material information and generally occurs in other forms of conduct associated with a sales transaction. Advertisements will also be considered when dealing with a case of deception. The commission has also found deception where a sales representative misrepresented the purpose of the initial contact with customers.
Part 2, There Must be a Representation, Omission or Practice that is likely to mislead the consumer.
Most deception involves written or oral misrepresentation, or omissions of material information. The Commission looks for both expressed and implied claims, the latter determined through an examination of the representation itself. In some cases, consumers can be presumed to reach false beliefs about products or services because of omissions. The commission can sometimes reach these claims, but other times may require evidence of a consumers’ expectations.
Part 3, The act or practice must be considered from the perspective of the reasonable consumer.
Marketing and point-of-sales practices such as bait and switch cases that can mislead consumers are also deceptive. When a product is sold, there is an implied representation that the product is fit for the purpose for which it is sold, if not then it is considered deceptive. Additionally, the FTC will take special consideration to the needs of specific audiences, for example: vulnerable audiences such as the terminally ill, the elderly and young children. The FTC takes into consideration how the consumer will interpret claims by advertisements and written material. They will avoid cases with ‘obviously exaggerated or puffing representations’ that consumers would not take seriously. Also, the Commission notes that it sees little incentive to deceive consumers for products that are inexpensive or easy to evaluate such as consumables (toilet paper, soap, etc). The commission will look at the practice closely before issuing a complaint based on deception. The FTC takes into account the entire advertisement, transaction or course of dealing and how the consumer is likely to respond. The FTC considers the entire “mosaic” in addition to materiality
Part 4, the representation, omission or practice must be material
The third major element that the FTC considers is the materiality of the representation. The FTC considers a “material” as information that affects the consumer’s choice or conduct. This “material” can be concern purpose, safety, efficacy, or cost. If the commission cannot find material evidence that there is deception, the commission will seek evidence that the omission of material is important to consumers.
Conclusion:
The Commission works to find acts or practices that it considers deceptive if there is a misrepresentation, omission or other such practices that could harm consumers. Although the commission does not require extrinsic material evidence, but in certain situations such evidence might be necessary.
Sears Holdings Management Corporation Case
Sometimes you wonder whether all these commissions like Federal Trade Commission are there for namesake only. But when you look at the recent case involving Sears Holdings Management Corporation, then you realize their importance. The principle mission of Federal Trade Commission (FTC) is “consumer protection” and prevention of “anti-competitive” business practices. And in this case they precisely stick to their core mission and once again prove their worth.
Sears Holding Management Corporation (“respondent” or “SHMC”), a subsidiary of Sears Holding Corporation. SHMC handles marketing operations for the Sears Roebuck and Kmart retail stores, and operates the sears.com and kmart.com retail internet websites.
From on or about April 2007 through January 2008, SHMC disseminated via the internet a software application for consumers to download and install onto their computers, This application was created, developed, and managed for SHMC by a third party in connection with SHMC’s “My SHC Community” market research program. The application, when installed, runs in background at all times on consumers’ computers and transmits tracked information, including nearly all of the internet behavior that occurs on those computers, to servers maintained on behalf of SHMC. Information collected and transmitted included all the web browsing, secure sessions, checking online accounts, and use of web-based email and instant messaging services.
If you are angered and aghast with the level of encroachment into the privacy of consumers then hold on to your seat, its just the beginning. SHMC didn’t mention all the details about their application and what it was going to collect in their “click-wrap” license or their privacy policies. Fifteen out of hundred visitors to sears.com and kmart.com websites presented with a “My SHC Community” pop-up box. This pop-up box mentioned the purpose and benefits joining of “My SHC Community”. But it made no mention of the software application (“the application”). Likewise, general “Privacy Policy” statement accessed via the hyperlink in the pop-up box did not mention the application. Furthermore, the pop-up box message invited consumers to enter their email address to receive a follow-up email from SHMC with more information. Subsequently, invitation messages were emailed to those consumers who supplied their email address. These invitation messages described what consumers would receive in exchange for becoming member of the “My SHC Community”. Consumers who wished to proceed were asked to click the “Join Today” button at the bottom of the message.
After clicking “Join Today” button in the email, consumers were directed to a landing page that restated many of the representations about the potential interactions between members and the “community”. However, landing page did not mention anything about the application. There was one more “Join Today” button on the landing page. Consumers who clicked on this button were directed to registration page. To complete the registration, consumers needed to enter their name, address, age, and email address. Below the fields of entering information, the registration page presented a “Privacy Statement and User License Agreement” (PSULA) in a scroll box that displayed ten lines of multi-page document at a time.
A description of the software application (that was going to get installed) begins on approximately the 75th line down in the scroll box. That means consumer had to navigate through seven pages to read this information. This description involved the information about internet usage. It also mentioned about various activities of it was going to monitor. Even though the PSULA had information about the activities it was going to monitor, it was still ambiguous about what this application was actually going to do. For example, it was mentioned that this application will monitor the collected information for better understanding of their consumers and their household but it didn’t mention what SMHC meant by monitoring. Was this monitoring done by automatic programs or someone manually? The PSULA did not mention about any specific information that was monitored. They also mentioned that their application might examine the header information of the instant/e-mail messages of their consumers. PSULA also described how the information that application would collect was transmitted to SHMC’s servers, how it might be used and how it was maintained. Lastly it clearly stated that PSULA reserved the right to continue to use information collected. At the end, it asked consumers to accept these terms and conditions and those who accepted these terms and conditions were directed to an installation page that explained downloading and installation instructions for the application. Installation page didn’t give any information about the application. When installed, the application worked and transmitted information substantially as described in PSULA.
The tracked information included not only information about websites consumers visited and links that they clicked but also text of secure pages, such as online banking statements, online drug prescription records, select header files that could show the sender, recipient, subject and size of web-based email messages etc.
We believe the level of encroachment into the privacy of consumers was not only blatant but also shocking. It failed to disclose adequately that the software application when installed would nearly monitor all the internet behavior and activities on the consumers computers. Thus, this failure to disclose various facts and information was nothing but deceptive practice as discussed in FTC’s policy about deception.
Understanding privacy under FTC and OECD consumer protection policies
Precisely and exhaustively defining the concept of privacy is a challenging problem. For starters, the Merriam-Webster defines one’s right to privacy as the “freedom from unauthorized intrusion”. How inclusive is this definition?
As suggested, we often contrast privacy with being spied on – someone collecting and possibly disclosing data about us, without our knowledge or consent. The FTC policy on unfairness would a priori seem naturally suited to the task. To be unfair, the privacy breach has to be a practice that injuries the consumer. Can we establish injury in a general privacy breach case? Unfortunately, the requirements do not look extremely promising. First, privacy breach must have substantial effect, namely lead to monetary or physical harm for the consumer: “more subjective types of harm are excluded” [FTC on unfairness]. There is usually no directly observable monetary or physical harm when a privacy breach occurs, with the exception of a few cases which tend to receive massive media-coverage, such as the murder of Rebecca Schaeffer, where a stalker obtained the actress home address through the California DMV records. Second, the net value of the privacy breach has to be considered: possibly good outcomes balance the gravity of the injury. So, trading privacy in exchange of cash has good chances to actually play in your favor before the FTC committee (and your department store fidelity card does just that). Third, the privacy breach has to be unavoidable to the consumer. This obviously happens with an information hiding manufacturer [Sony BMG rootkit incident], but it does not need to be the case [Sears Holdings case] in order to result in a huge privacy disaster.
The FTC statement on unfairness is thus not so well suited for privacy protection purposes. What about the statement on deception? Oddly, it turns out that one can take the problem by a somewhat idiosyncratic angle: alleging misleading privacy expectations regarding a given product[Sears Holdings case]. What is surprising is the fact that privacy is treated as any other product feature, so that we are never really talking that much about privacy rather than misrepresenting and deceptive practices. Moreover, in the analysis of the likelihood of deception, one implicitly relies on unstated privacy expectations of reasonable consumers. The problem is that even reasonable consumers may not have enough technical knowledge to understand privacy issues in today’s highly complex world of softwares, so that the very foundations of reasonable expectations and the analysis of effects on the targeted audience are deeply weakened.
Privacy, understand as the right to be left alone is, at most, moderately well served by the FTC consumer protection policies. Unfortunately, in the information-intensive world, it also seems that a lot of “non-intrusive” data processing naturally falls into our understanding of privacy. For example, one’s ability to inspect her stored personal data on relevant systems, or one’s right to have her personal information data well secured from malevolent outsiders are pretty basic privacy requirements, which are not covered by our leading definition.
Interestingly, the OECD has pointed to some of those issues in its Guidelines on Protection of Privacy and Transborder Flows of Personal Data. In a tussle between free-flow of information which is economically benefic and privacy for the protection of the consumer, the OECD suggests 7 principles to be enforced by its members. Data collecting limitation, data quality for restraining data collection to only the relevant to the purpose it is been collected, purpose specification before the time of collection, security safeguards for protecting collected data, openness which is readily available purposes and nature of the collected data, individual participation for avoiding the tyranny of a blind administration, and finally accountability.
In France for instance, the CNIL (the National Commission of Computerized Systems and Liberties) implements these recommendations since 1978 (thus, ahead of OECD’s guidelines), albeit not without several criticisms, ranging from the quality of the decisions reached, decisions being often in favor of governmental actions, to its painfully long processes because of the overwhelming number of submitted requests and cases before this relatively small administrative organ.