On March 7, 2013, a federal court in Manhattan ruled, in Federal Trade Commission v. PCCare247 Inc., that service via Facebook is an acceptable alternative means of serving court documents on foreign defendants. Although this is a watershed ruling in many respects, in other ways, it is a natural extension of current authority in a factual situation where such a ruling posed little risk.

In this case, the FTC brought suit against nine parties, including five India-based defendants—two entities and three individuals. The FTC alleged that the defendants violated a provision of the FTC Act by operating a scheme, run largely out of call centers in India, that tricked American consumers into spending money to fix non-existent computer problems. At the time of the decision, the FTC had already secured a temporary restraining order enjoining the defendants’ business practices and freezing various assets.

In addition, following procedures outlined in Rule 4(f)(1) of the Federal Rules of Civil Procedure and the Hague Convention on the Service Abroad of Judicial and Extrajudicial Documents in Civil or Commercial Matters, the FTC had provided the summons, complaint and related court documents to the Indian Central Authority for service on the defendants and had also sent these documents by three alternative means: by email to the defendants’ last known addresses, by Federal Express and by personal service through an Indian process server. The process server had successfully delivered the documents to all five defendants and FedEx had confirmed delivery for most, but the Indian Central Authority had still not confirmed delivery nor responded to the FTC’s inquiries more than four months later. Nevertheless, defendants, on notice of the action, hired counsel to represent them at a preliminary injunction hearing, only to have counsel withdraw two months later due to nonpayment.

In the motion decided by this ruling, the FTC sought the court’s permission to serve documents other than the summons and complaint by alternative means on the five defendants located in India. In particular, the FTC sought to serve the defendants by email and Facebook. Analyzing Rule 4(f)(3) of the Federal Rules of Civil Procedure, concerning service of an individual in a foreign country by alternative means, the court first concluded that service by email and Facebook was not prohibited by international agreement and that India had not specifically objected to such service.

The court next turned to a due process analysis, considering whether the proposed means of service was reasonably calculated to notify defendants of future filings in the case. The court found that it was. Reasoning that the defendants used email frequently to run their Internet-based business and that the FTC had identified email addresses—some used for scheme-related tasks—for each of the individuals (who served as directors of the defendant corporations), the court concluded that it was highly likely that defendants would actually receive and respond to emails sent to these addresses. Thus, the court found that service by email alone would satisfy due process.

For the sake of “thoroughness,” according to the court, the FTC had proposed service by personal message via Facebook, attaching the relevant documents in addition to service by email. The court found that the FTC had also demonstrated a high likelihood that Facebook messages would reach the defendants, given that two of the defendants had registered their Facebook accounts with the known email addresses, two had listed their job titles at the defendant companies on their profiles, and two were Facebook friends with the third individual defendant.

Although the court recognized that Facebook service was a “relatively novel concept” and might not actually reach the defendants, it drew comfort from the fact that such service was a “backstop” to email service. In addition, the defendants were already on notice of the lawsuit. Where the defendants had embraced new technology in operating their scheme, it was only fitting that service by both email and Facebook should satisfy due process: “Where defendants run an online business, communicated with customers via email, and advertise their business on their Facebook pages, service by email and Facebook together presents a means highly likely to reach defendants.”

As reported in June 2012 by Socially Aware, the PCCare247 court is not the first court in the Southern District of New York to consider whether service by Facebook is an acceptable means of alternative service. In fact, in the June 7, 2012 decision of Fortunato v. Chase Bank USA, N.A., another judge in the Southern District of New York considered the issue and concluded that service of a third party complaint by Facebook message and email to an address listed on an individual’s Facebook profile (in addition to service on the woman’s estranged mother) would not satisfy due process.

As the PCCare247 court noted in distinguishing the earlier decision, the facts in Fortunato were much different. In Fortunato, the plaintiff had failed to show that the Facebook profile was authentic—that the account in fact belonged to or was maintained by the individual in question, who had a history of providing fictional or out-of-date addresses to state and private parties—or that the email address listed on the Facebook profile was operational or regularly used by the individual. By contrast, in PCCare247, the court had multiple indicia that the Facebook profiles actually belonged to the defendants and that the defendants regularly used both their Facebook accounts and their email addresses.

Even while concluding that Facebook service was an acceptable alternative means of service, the PCCare247 court struck a cautionary note about its ruling: “To be sure, if the FTC were proposing to serve defendants only by means of Facebook, as opposed to using Facebook as a supplemental means of service, a substantial question would arise whether that service comports with due process.” Other courts have not been so bothered by Facebook service alone. For example, in a May 10, 2011 ruling, a Minnesota state court concluded that it would be considered sufficient service for a woman who had unsuccessfully been seeking to serve divorce papers on her husband to serve them by publication on the Internet, in whatever format she believed it most likely that he would receive such notice, including by “[c]ontact via Facebook, Myspace, or other social networking site.” In addition, beginning with an Australian ruling in December 2008, courts in Australia, Canada, New Zealand and the United Kingdom have permitted service via Facebook. And a bill has recently been introduced in Texas that would permit service of process through social media sites.

The PCCare247 decision is indeed an important moment—the first time a federal court has endorsed service via Facebook as an alternative means of service. But it was also a safe decision in many ways. The service was of documents other than the summons and complaint after the foreign defendants had already appeared through counsel and proved themselves to be on notice of the case. By their online behavior, defendants had shown themselves to be highly likely to access Facebook messages. Most crucial, Facebook service was permitted only as a backstop to email service, which itself was highly likely to reach the defendants; the court took pains to note that Facebook service alone might not satisfy due process. And the permitted method of service was private Facebook message—quite similar to email service—not by a wall post or other means arguably more similar to traditional publication.

Nonetheless, the PCCare247 decision will likely serve as a springboard for more decisions endorsing service by social media because, as the court explained, “history teaches that, as technology advances and modes of communication progress, courts must be open to considering requests to authorize service via technological means of then-recent vintage, rather than dismissing them out of hand as novel.”

On March 12, 2013, the Federal Trade Commission (FTC) issued an important update to its “Dot Com Disclosures” guide to advertisers on making effective online disclosures. In doing so, the FTC has driven home the points that:

  • The consumer protection laws apply to all advertisers, regardless of the medium used—and including social media, even where there is limited space;
  • Disclosures required to avoid deception or to otherwise comply with the law must be presented in a clear and conspicuous manner;
  • Advertisers need to understand how their ads—including any disclosures required to avoid deception or to otherwise comply with the law—will actually display in the medium or media in which they appear; and
  • If an advertiser cannot make a required disclosure effectively in a particular medium, then it should not run the ad in that medium.

The FTC issued the original Dot Com Disclosures in 2000, and the recent revision provides guidance with respect to technologies that have emerged since then. Although the fundamental rules have not changed, the guidance provides useful information on how the FTC believes advertisers should comply with the law when making claims in various media.

Continue Reading FTC Updates Its “Dot Com Disclosures” With a Focus on Social Media Advertising

In the latest issue of Socially Aware, our Burton Award-winning guide to the law and business of social media, we look at recent First Amendment, intellectual property, labor and privacy law developments affecting corporate users of social media and the Internet. We also recap major events from 2012 that have had a substantial impact on social media law, and we take a look at some of the big numbers racked up by social media companies over the past year.

To read the latest issue of our newsletter, click here.

For an archive of previous issues of Socially Aware, click here.

On September 5, 2012, the Federal Trade Commission (FTC) published a brief guide to assist developers of mobile applications, both large and small, in complying with truth-in-advertising, privacy, and data security principles. In publishing this advice, the FTC makes clear that its Section 5 enforcement powers against unfair or deceptive acts or practices apply in the mobile app arena, and with equal force to large and small developers.

The FTC’s guidance briefly lays out the practices developers should follow in order to avoid such enforcement, thereby suggesting that more enforcement is on the horizon. Indeed, it has already started: last August the FTC reached a settlement with W3 Innovations, LLC for alleged violations of the COPPA rule in its apps directed at children.

The guide, called “Marketing Your Mobile App: Get it Right from the Start,” explains general consumer protection principles, and applies them to the context of mobile applications. Although the title of the guide suggests that the advice is primarily about marketing the apps, the FTC also gives advice about the design and implementation of apps.

WHAT IS THIS GUIDE?

This is NOT a new FTC trade regulation carrying the force of law. This is guidance issued by the Commission for how it may apply its Section 5 authority to police deceptive and unfair practices in the app environment. The FTC expects that the industry will review this guidance and take it into account in developing and advertising their apps.

This guidance is also specifically directed at mobile app developers; it does not relate to the “In Short” Dot-Com Disclosures workshop held on May 30, 2012, which relates to proper disclosure techniques in all online commerce. Guidance arising from that workshop, which is expected to be far more fulsome, may be released as early as this fall.

WHAT COMPLIANCE STEPS IS THE FTC LOOKING FOR?

Substantiate Your Claims

The FTC advises that app developers advertise their apps truthfully, and explains that “pretty much anything” a company tells a prospective user about what the app can do, expressly or by implication, no matter the context, is an “advertisement” requiring substantiation for claims as they would be interpreted by the average user.

If Disclosures are Necessary, Make them Clearly and Conspicuously

If developers need to make disclosures to users in order to make their advertising claims accurate, the FTC notes, then those disclosures must be clear and conspicuous. Although this does not require specific type or font sizes, the disclosures must be large enough and clear enough that users both see and understand them. This means, according to the FTC, that disclosures cannot be buried behind vague links or in blocks of dense legal prose.

Incorporate Principles of “Privacy by Design” In Developing Apps

The FTC also gives advice to developers on how to avoid enforcement for violations of user privacy. First, it notes that developers should implement “privacy by design,” meaning that they should consider privacy implications from the beginning of the development process. This entails several elements:

  • Incorporate privacy protections into your practices;
  • Limit information collection;
  • Securely store held information;
  • Dispose of information that is no longer needed;
  • Make default privacy settings consistent with user expectations; and
  • Obtain express user agreement for information collection and sharing that is not apparent.

Incorporate Transparency and Choice into Apps and Honor Users’ Choices

The FTC urges that developers be transparent about their data collection practices, informing users about what information the app collects and with whom that information is shared. Developers should also, according to the FTC, give users choices about what data the app collects, via opt-outs or privacy settings, and give users tools that are easy to locate and use to implement the choices they make.

Importantly, the FTC emphasizes that developers must honor the choices they offer consumers. This includes following through on privacy promises made. This also includes getting affirmative permission from users for material changes to privacy practices—simply editing the privacy policy is not enough, according to the FTC guide.

Apply COPPA Protections Where Appropriate

The FTC notes that there are special rules for dealing with kids’ information. Developers who aim their apps at children under 13, or know that children under 13 are using the app, must clearly explain their information practices and obtain verifiable parental consent before collecting personal information from children. The guide links to further advice for compliance with the Children’s Online Privacy Protection Act (COPPA).

Special Protections for Sensitive Information

Even for adults, the FTC urges developers to get affirmative consent before collecting “sensitive” information, such as medical, financial, or precise location information. For sensitive information, the FTC states that developers must take reasonable steps to ensure that it remains secure. The FTC suggests that developers:

  • Collect only the information needed;
  • Take reasonable precautions against well-known security risks;
  • Limit access to the data to a need-to-know basis; and
  • Dispose of data safely when it is no longer needed.

The FTC notes that these principles apply to all information the app collects, whether actively from the user, or passively in the background. In addition, any contractors that work with the developers should observe the same high security standards.

In a recent case of first impression, the National Advertising Division of the Council of Better Business Bureaus (“NAD”) – an industry forum for resolving disputes among advertisers – addressed an advertiser’s use of Facebook’s “like” feature in connection with an online promotion.  Such promotions – referred to as “like-gated” promotions, typically ask a Facebook user to “like” the advertiser’s Facebook page in order to receive a discount, rebate or other deal.  If the user chooses to “like” such page or content, this information will appear on such user’s Facebook wall and possibly his or her Facebook news feed, where it can be viewed by the user’s Facebook friends.  Moreover, the user’s name and image may be displayed in connection with the “liked” page or content.  As a result, Facebook’s “like” feature can generate invaluable exposure for an advertiser, transforming a user’s interest in the advertiser into a public endorsement of such advertiser’s products and services. 

In the NAD case, Coastal Contacts, Inc., offered a free pair of glasses to each person who “liked” its Facebook page.  A competitor, 1-800 Contacts, Inc., challenged the offer, alleging that Coastal Contacts had failed to adequately disclose the offer’s material terms.  1-800 Contacts also charged that, on account of that failure, the “likes” that Coastal Contacts received were not legitimate, and the company’s use and promotion of such “likes” on the Facebook platform and in press releases were therefore fraudulent.  1-800 Contacts urged the NAD to recommend that Coastal Contacts remove and stop promoting the “likes” that it received via the allegedly misleading promotion, in order to remedy its allegedly unfair social gain.

The NAD agreed with the challenger that Coastal Contacts had failed to clearly and conspicuously disclose the terms of its free offer; however, the NAD did not agree that such failure rendered the resulting “likes” invalid, and it therefore declined to recommend that Coastal Contacts remove or stop promoting those “likes.”  The NAD explained that, although Coastal Contacts’ promotion required modification, there was no evidence showing that participants were denied free pairs of glasses because they failed to understand the offer terms.  In the NAD’s view, because actual consumers “liked” Coastal Contacts’ Facebook page and the consumers who participated in the offer received the benefit of such offer, Coastal Contacts did, in fact, have the general social endorsement that the “likes” conveyed. 

What About the Endorsement Guides?

The case raises an issue that the NAD did not address:  Should an advertiser be required to disclose that the Facebook “likes” received through a like-gated promotion were received in exchange for consideration?  Under the Federal Trade Commission’s (“FTC”) Endorsement Guides, an advertiser is required to disclose any material connection between itself and a consumer who endorses its business.  So, should a “like” given in exchange for a discount or other deal be accompanied by a disclosure of the connection?  Is such a disclosure even possible? 

To our knowledge, the FTC has not publicly addressed this issue, but we think that it could challenge an advertiser’s failure to disclose the consideration received in exchange for an endorsement conveyed by a “like.”  Any disclosure that the FTC would seek to prescribe in connection with “likes” displayed within the Facebook platform would most likely have to be built into Facebook’s “like” feature itself – something that is not within advertisers’ direct control.  This does not rule out an FTC action, as the FTC could take the position that advertisers should not use like-gated promotions if they are unable to make the disclosures required under the Endorsement Guides.  The FTC may also assert that corporate Facebook users have the power to impress upon Facebook the need to modify the “like” feature to allow for necessary disclosures. 

An advertiser considering a like-gated Facebook promotion should keep these issues in mind (and keep an eye out for further developments).  It should also ensure compliance with the FTC’s Endorsement Guides to the extent possible (i.e., where it can make required disclosures), such as on its own Facebook page and in other online and offline media in which it promotes the “likes” that it has received as a result of any promotion.

Don’t Forget the Facebook Promotions Guidelines.

When structuring a contest, sweepstakes or similar promotion using Facebook, an advertiser must also comply with the Facebook Promotions Guidelines, which Facebook revises from time to time.  Among other things, the Guidelines set limits on a promotion sponsor’s use of Facebook’s “like” feature.  For instance, while “liking” a sponsor’s own Facebook page is a permissible requirement under the Guidelines for a user’s participation in a promotion, the act of “liking” such a page cannot function to automatically register the user for the promotion.  Further, if a sponsor does condition participation on “liking” the sponsor’s Facebook page, the sponsor must extend eligibility for the promotion to users who previously “liked” the page, as well as to users who “like” the page from the first time in connection with the promotion. 

Sponsors of promotions are also prohibited under Facebook’s Guidelines from requiring prospective participants to take any action using any Facebook features or functionality other than either “liking” the sponsor’s own Facebook page, checking into a particular location or connecting to the sponsor’s Facebook app.  Nor may a sponsor require prospective participants to “like” any content other than the sponsor’s own Facebook page – for example, a sponsor may not condition a user’s participation on “liking” a specific wall post or any other particular piece of content.  The Guidelines do not explain the reason for this distinction; however, it may be that the “News Feed” and other posts that result when a user “likes” particular content (as opposed to a Facebook page generally) may often constitute “unauthorized commercial communications,” which are prohibited by Facebook’s Statement of Rights and Responsibilities

All this serves as an important reminder that running a successful and legally compliant promotion requires the promotion’s sponsor to be familiar with applicable laws, the social media platform provider’s various guidelines and contractual terms, and emerging best practices.