Photo of Adam Fleisher

In the last few years, as advertising has followed consumers from legacy media such as television to online video and social media platforms, the Federal Trade Commission has been attempting to ensure that participants in this new advertising ecosystem understand the importance of complying with the FTC’s “Guides Concerning the Use of Endorsements and Testimonials in Advertising,” or the endorsement guides. The endorsement guides require advertisers and endorsers (also referred to as influencers) to, among other things, clearly and conspicuously disclose when the advertiser has provided an endorser with any type of compensation in exchange for an endorsement.

A failure to make appropriate disclosures may be a violation of Section 5 of the Federal Trade Commission Act, which prohibits unfair or deceptive acts or practices. In recent enforcement actions, press releases, guidance, closing letters and letters sent directly to endorsers (including prominent public figures), the FTC has made clear its belief that: (1) appropriate disclosures by influencers are essential to protecting consumers; and (2) in too many instances, such disclosures are absent from celebrity or other influencer endorsements. Continue Reading The FTC’s Quest for Better Influencer Disclosures

With much fanfare, the Federal Trade Commission (FTC) continues to take actions relating to so-called “social media influencers” who allegedly fail to disclose material connections to the products or brands they endorse. Recurring enforcement actions and guidance—and the FTC’s ongoing promotion of its own efforts, such as through Twitter chats—make it clear that the FTC believes that its message has still not been heard by all of the players in this advertising ecosystem, including influencers themselves.

In short, any endorsements in any medium where the endorser has a material connection of any kind to the endorsed advertiser must be disclosed.

The most recent developments include an enforcement action against a company—and two of its officers—in connection with endorsements of the company made by the officers in YouTube videos and in social media.  Before turning to this case, however, we provide a brief overview of how the FTC has gotten here. Continue Reading Brands Beware: FTC Continues Campaign on Social Media Influencer Disclosures

Recent challenges to the Federal Trade Commission’s (FTC) authority to police data security practices have criticized the agency’s failure to provide adequate guidance to companies.

In other words, the criticism goes, businesses do not know what they need to do to avoid a charge that their data security programs fall short of the law’s requirements.

A series of blog posts that the FTC began on July 21, 2017, titled “Stick with Security,” follows promises from acting Chair Maureen Ohlhausen to provide more transparency about practices that contribute to reasonable data security. Some of the posts provide insight into specific data security practices that businesses should take, while others merely suggest what, in general, the FTC sees as essential to a comprehensive data security program. Continue Reading More Insight From the FTC on Data Security—or More of the Same?

GettyImages-538899668-600pxWith corporate data security breaches on the rise, the New York State Department of Financial Services (NYDFS) has adopted rules requiring financial institutions to take certain measures to safeguard their data and inform state regulators about cybersecurity incidents. Intended to thwart future cyberattacks and protect consumers, those “Cybersecurity Requirements for Financial Services Companies” (the “Cybersecurity Rule” or “Rule”) finally took effect on March 1, 2017. The NYDFS has released guidance on how to follow the Rule, it comes in the form of frequently asked questions (FAQs) and a summary of key compliance dates. Although the guidance is apparently intended to assist covered financial institutions as the clock ticks towards the first of the Rule’s phased compliance deadlines less than six months away, the guidance is unlikely to make the implementation challenges many financial institutions will face any less daunting.

The Cybersecurity Rule requires that covered financial institutions, among other things, adopt detailed programs, policies and procedures to protect Information Systems (which are defined to include essentially any computer or networked electronic system) and certain sensitive business and consumer information (“Nonpublic Information”) from cybersecurity threats.

The Rule is narrower and less prescriptive than the original proposal from September 2016 (and largely the same as the second proposal from December 2016). Nonetheless, covered financial institutions now have less than six months to establish compliance with the first of the Cybersecurity Rule’s requirements. This means covered financial institutions will quickly need to: (1) assess the current state of their information security programs and what modifications may be required based on the specific policies and controls required by the Rule; and (2) consider the new processes that may need to be created to meet the Rule’s reporting, recordkeeping and certification requirements. Continue Reading N.Y.’s New Cybersecurity Regulations: What Financial Services Companies Need to Know

BigBrotherEye-GettyImages-149355675-600pxIf your company collects information regarding consumers though Internet-connected devices, you will want to take note of the Federal Trade Commission’s (FTC) recent privacy-related settlement (brought in conjunction with the New Jersey Attorney General) with smart TV manufacturer Vizio, Inc. The settlement is significant for four reasons:

  • The FTC reinforces the position it has taken in other actions that the collection and use of information in a way that would surprise the consumer requires just-in-time notice and choice in order to avoid a charge of deception and/or unfairness under Section 5 of the FTC Act.
  • The FTC takes the position that television viewing activity constitutes sensitive data. This marks a departure from its approach of limiting sensitive data to information that, for example, can facilitate identity theft, precisely locate an individual, is collected online from young children or relates to matters generally considered delicate (such as health information).
  • The settlement includes a payment of $1.5 million to the FTC (as well as payment of civil penalties to New Jersey), but the legal basis for the FTC payment is not stated. This could suggest that the FTC will more aggressively seek to obtain injunctive monetary relief in Section 5 cases.
  • Acting Chairwoman Maureen Ohlhausen explicitly noted in a concurring statement her skepticism regarding both the allegation that TV viewing data is “sensitive” and that the FTC’s complaint adequately established that the practices at issue constitute “substantial injury” under the unfairness prong of Section 5.

Leaving aside what the chairwoman’s concurrence may portend for future enforcement efforts, the FTC again seems to be using allegedly bad facts about privacy practices to push the envelope of its authority. Accordingly, with the Internet of Things boom fueling a dramatic increase in the number of Internet-connected devices, companies that either collect information via such devices or make use of such collected information should consider the implications of this enforcement action.

Continue Reading Watch Out: The Federal Trade Commission Continues to Watch the (Alleged) Watchers

Devices_482856241Well over a year after holding a workshop addressing privacy issues associated with cross-device tracking, Federal Trade Commission (FTC) staff have issued a report. The report sets the stage by describing how cross-device tracking works, noting its “benefits and challenges,” and reviewing (and largely commending) current industry self-regulatory efforts.

The report also makes recommendations, which—while building upon the staff’s traditional themes of transparency and choice—do not introduce any materially new suggestions for compliance.

The staff’s recommendations do not have the force of law, but they do indicate the steps that the staff believes a company should take in order to avoid a charge of unfairness or deception under Section 5 of the FTC Act.

A Quick Review of Cross-Device Tracking

As more consumers utilize multiple devices in their daily lives, more and more companies are using new technologies to attempt to ascertain that multiple devices are connected to the same person. This is generally done through the use of either deterministic information (e.g., by recognizing a user through the log-in credentials he or she uses across different devices) or probabilistic information (i.e., by inferring that multiple devices are used by the same person based on information about the devices, such as IP address, location, and activities on the devices).

Continue Reading FTC Report Reinforces the Rules for Cross-Device Tracking

Abstract futuristic blurred background with envelope symbols (fast mail and modern communication concept)

As a result of the Second Circuit’s recent opinion in Microsoft v. United States, the U.S. government likely can no longer use warrants issued pursuant to the Stored Communications Act (“SCA”) to compel U.S.-based companies to produce communications, such as emails, that are stored in a physical location outside of the United States—at least for now. Instead, the government will likely need to rely on Mutual Legal Assistance Treaties, which provide a framework for states to, among other things, provide assistance to one another to obtain and execute search warrants in their respective jurisdictions.

Nevertheless, it is likely that the U.S. government will seek an alternative, which could include appealing the case to the Second Circuit en banc or pursuing legislation in Congress to amend and update the SCA in light of new digital realities.

Background on the SCA and the Microsoft Dispute

The SCA, which limits service providers’ disclosure of the user data they store, provides that a service provider may disclose to the government certain information, such as the stored contents of a customer’s emails, only if the government first obtains a warrant requiring the disclosure. Microsoft v. United States arose out of Microsoft’s dispute over the scope of one such warrant, which sought information about an email account that Microsoft determined was hosted in Dublin.

Microsoft moved to quash the warrant with respect to the actual emails in the account on the grounds that the SCA does not authorize a search and seizure outside of the territory of the United States, which is where the emails were stored.

Continue Reading Second Circuit: Email Stored Outside the U.S. Might Be Beyond Government’s Reach

Recent enforcement decisions within the digital advertising industry indicate a shift in—and a clarification of—the required disclosures for companies engaged in interest-based advertising (IBA).

In particular, these decisions, taken together, indicate that an app developer’s link to its privacy policy at the point of app download may be deemed insufficient, unless the link points directly to the IBA disclosure section of the policy, or there is a clear link at the top of the policy that directs the user to that section.

Further, these decisions suggest that companies that comply with the digital advertising industry’s IBA self-regulatory principles should expressly affirm such compliance in their privacy policies.

Background

Some quick background: IBA is the collection of information about users’ online activities across different websites or mobile applications, over time, for the purpose of delivering online advertising to those users based on those activities. Although IBA is an important part of the online eco-system, if not done right, it can raise privacy concerns among consumers, who may feel that they are being spied upon by advertisers.

The Digital Advertising Alliance (DAA) has worked to ensure that IBA is done right. The DAA is a consortium of media and marketing associations that, in an effort to ward off legislation, has designed and implemented a self-regulatory compliance regime that seeks to address the Federal Trade Commission’s (FTC) IBA notice and choice expectations. The principles underlying this compliance regime are set out in the DAA’s Self-Regulatory Principles (“DAA Principles”). The DAA enforces these principles through the IBA accountability program, run by the Council of Better Business Bureaus and the Direct Marketing Association.

The DAA self-regulatory program is, at its heart, a notice-and-choice regime. In short, to facilitate such notice and choice, the DAA provides an advertising option icon to be placed in or near an online interest-based ad. By clicking on the icon, a consumer is sent to a landing page that describes the data collection practices associated with the ad and provides an opt-out mechanism.

Importantly, however, the DAA Principles have also been interpreted by the IBA accountability program to require “enhanced” notice on any website where information is collected for IBA purposes. In response to this interpretation, website publishers typically provide such notice in the form of an “Our Ads” or similarly named link in the site footer, separate from the privacy policy link, that clicks through to the same landing page as the advertising option icon, or to similar notice and choice information.

The Recent Decisions

In its recent enforcement actions, the IBA accountability program appears to have exported this manifestation of the enhanced notice requirement to mobile applications, notwithstanding the provisions of the DAA’s guidance on the Application of Self-Regulatory Principles to the Mobile Environment, first published in 2013.

That guidance expressly provides that app publishers (i.e., “first parties”) that permit third parties to collect information for IBA purposes must “provide a clear, meaningful, and prominent link to a disclosure that either points to a choice mechanism or setting that meets Digital Advertising Alliance specifications or individually lists such Third Parties.” This notice must be provided in two separate locations:

  • Either prior to download (e.g., in the app store on the application’s page), during download, on first opening of the app, or at the time cross-app data is first collected; and
  • In the application’s settings or any privacy policy.

The IBA accountability program appears, however, to be taking the position that a link to the privacy policy from the app store (or any other location) is not enough to meet this first prong.  That is, a “clear, meaningful, and prominent link” to the IBA disclosure must be a link directly to the IBA section of the privacy policy, in the same way that the “Our Ads” or similarly named link in the site footer clicks through to the IBA section of the privacy policy.

The IBA accountability program’s Spinrilla decision, for example, states that the accountability program could not find an “enhanced link notice separate from the privacy policy link” in the applicable app stores and affirmed that if only one privacy policy link will be used in the app store (where it is typically not possible to provide two separate links), “the link to the privacy policy must either go directly to the pertinent discussion of IBA or direct the user to that place through a clear link at the top of the privacy policy.”

The other accountability program decisions, Bearbit Studios and Top Free Games, reaffirm this interpretation. In light of these decisions, app publishers may want to revisit how they provide “enhanced notice” of their IBA practices.

Finally, the Mobile Guidance states that first parties should “indicate adherence” to the DAA Principles in their privacy policies. The accountability program decisions noted the absence of this language in the companies’ privacy policies, and the companies appear to have added language to their disclosures to comply with this obligation. Whether a company would want to affirmatively make this representation of its own accord is something that may warrant additional consideration, as the company’s failure to fully comply with such a representation could give rise to a charge of deception under Section 5 of the FTC Act or a similar state law.

The Upshot

In light of these developments, a company engaged in IBA should:

  • If engaged in IBA with respect to one or more of its apps, review how it discloses its IBA practices at the point of app download; and
  • Discuss with counsel the advisability of expressly stating adherence to the DAA Principles in its privacy policy.

 

*                      *                     *

 

For background information on the DAA program and its applicability to the mobile environment, please see our earlier Socially Aware blog post, Digital Advertising Alliance Focuses on Mobile Ads. For more on consumer privacy issues generally, please see the following posts: A Warning for Websites Allowing Data Collection for Online Behavioral Advertising; FTC’s Privacy Report Suggests Tightening of Privacy Regime, Provides Guidance to Business; and Tracking the Trackers: Social Media Companies Face Pressure for Tracking Users’ Browsing Habits.

iStock_000042592376_IllustrationIn May 2014, in a decision attracting worldwide attention, the European Court of Justice (ECJ) held that a European individual’s privacy rights include the “right to be forgotten,” requiring Internet search engine providers to honor an individual’s request to remove certain search results relating to him or her. Specifically, individuals may request deletion of links to information that is “inadequate, irrelevant or no longer relevant, or excessive in relation to the purposes for which they were processed and in the light of the time that has elapsed.”

Since the ECJ’s 2014 decision, initiatives to curtail the Internet’s long memory about individuals’ histories have arisen in other continents. In Asia, South Korea has recently embraced a limited form of the right to be forgotten, while a court in China struggled with whether to recognize the right.

South Korea’s Guidelines on Requests for Access Restrictions on Internet Self-Postings

As of June 2016, website operators and Internet search engine providers in South Korea are expected to voluntarily cooperate with guidelines issued by the Korea Communications Commission (KCC) on a form of the right to be forgotten. The KCC released the non-binding “Guidelines on Requests for Access Restrictions on Internet Self-Postings” on April 29, 2016, in response to intense interest in the matter within the country following the ECJ ruling. Operators of websites with user-contributed content and operators of web search engines may receive requests to remove or exclude information relating to individuals.

The KCC indicated its intent to strike a balance in the guidelines between protecting an individual’s privacy rights and protecting freedom of expression. The guidelines are meant to address a gap that is not covered by existing remedies (e.g., under copyright law for unlawful reproduction of information, the Press Arbitration Law for erroneous reporting or the Information Network Act for posts infringing a third party’s rights). The specific concern that the guidelines seek to address is the situation where an individual has “lost control” over content that he or she posted to an Internet site (“self-postings”), such as when a user of a service has cancelled his or her membership to the service but the content remains available on the service.

Under the guidelines, an individual who would like to remove online self-postings should first attempt to delete the content. If he or she is unable to delete the content, the individual may request that the site administrator restrict access to the materials. The request to remove or exclude content should include the URL of the material to be removed, proof that the requestor posted the content and the reason for removing the content. The site operator may request additional information if the request contains insufficient proof to determine that the requestor posted the content, and the site operator may thereafter deny the request if the additional information provided is still insufficient.

Upon removal of the content, the site operator should inform third parties of the removal by publishing a note in place of the removed content that access to the content has been restricted. A third party may appeal the removal of content by providing the website operator with both evidence that he or she authored the content and a reason for reinstating it. Additionally, a requestor who misrepresents another person’s post as his or her own in order to have it removed may be subject to civil and criminal penalties.

The individual may also request Internet search engine operators to exclude the content from search results, although it is unclear whether the individual must have originally published the content to be excluded. As a result, the rights afforded to individuals under the KCC guidelines appear to be more limited in scope than the broad rights recognized under the ECJ’s decision.

The KCC’s press release and a copy of the guidelines are available (in Korean) can be found here.

China Rejects the Right to Be Forgotten, at Least for Now

In contrast to the formal—albeit voluntary—regime that has just taken effect in South Korea, the right to be forgotten does not yet appear to be recognized in China. This is so notwithstanding the recent efforts of a plaintiff seeking to convince a Chinese court to import the right from Europe into China. Indeed, a summary of the case posted by the Haidian District People’s Court in Beijing expressly acknowledges the ECJ’s May 2014 ruling.

The case involved a plaintiff seeking to compel a search engine to remove results that related to him. In its ruling, the court concluded the plaintiff had no right to be forgotten. The plaintiff, Ren Jiayu, sued the search engine Baidu after a search on his name pulled—in the “related searches” section on the bottom of the results page—various references to Ren and Taoshi Education Company. Ren was apparently associated with this company in the past, but the company was in ill repute (“many people believed that Taoshi Education was a dishonest company, with some going so far as to claim it was an evil cult,” explained the Beijing court of first instance in its ruling, according to a recent report on these developments). Ren’s employment with Beijing Daoyaxuan Commercial Trading Company Limited was terminated as a result of the association, and he then sued Baidu seeking lost wages and the elimination of a number of keywords from search results for “Ren Jiayu,” including “Taoshi Education Ren Jiayu.”

In other words, Ren sought a ruling that a Chinese individual’s privacy rights include a right to be forgotten, similar to that of European individuals, which would require Baidu to honor his request to remove search results information relating to him.

Ren argued that the “related searches” terms should be removed in part because he had no prior relationship with the offending company. The court, however, found that he did, and thus concluded that there was no infringement of Ren’s right to his reputation. The court also rejected any claim that Baidu had infringed on Ren’s right to his name. Then, the court turned to whether there could be a new right to be forgotten within the framework of the “general right of personhood” under Chinese law.

The court first noted that, even though there was a right to be forgotten in other countries, including countries of the European Union, that jurisprudence would not inform the court’s decision.

The court then identified three criteria for the right to be forgotten under Chinese law: the personal interest at issue must (1) encompass a right not already categorized; (2) be legitimate; and (3) require the protection of law.

The court acknowledged that Ren had an interest in having the information “forgotten”—it had an adverse impact on his employment prospects—but this interest was not “legitimate and requiring the protection of law.” As the court put it, the search results “relat[e] to very recent events, and [Ren] continues to work in the business administration education profession. This information happens to form a portion of his professional history, and his current individual professional credibility is both of directly relevant and of ongoing concern.”

In short, while the Chinese court appears to have concluded that there is no such thing as a right to be forgotten, the case could also be read to suggest that there was no such right based on the facts of this case but that it is plausible that some other individual’s interest in having search results removed could be found to be legitimate and require the protection of the law.

An article (in English) describing the case and providing links to the rulings (in Chinese) can be found here.

Although the right to be forgotten has not yet taken force in any way in China, the door remains open for further efforts to establish the right. And although the right currently exists only in nonbinding guidance in South Korea, this guidance highlights the growing interest in Asia in what could ultimately become one of Europe’s hottest exports.

 

*          *        *

For other Socially Aware blog posts regarding the right to be forgotten, please see the following:

A Right to Be Forgotten Update

European Court of Justice Strengthens Right to Be Forgotten

 

Social media is all about innovation, so it is no surprise that social media marketers are always looking for innovative ways—such as courting social media “influencers” and using native advertising—to promote products and services to customers and potential customers. But, as the retailer Lord & Taylor recently learned, the legal rules that govern traditional marketing also apply to social media marketing.

 

Earlier this year, the Federal Trade Commission (FTC) reached a settlement with Lord & Taylor in a dispute involving its online advertising practices. According to the FTC’s Complaint, Lord & Taylor allegedly:

  • gifted a dress to 50 “fashion influencers” and paid them to post on their Instagram accounts photos of themselves in the dress during a specified timeframe; and
  • paid for, reviewed and preapproved Instagram posts and an article in an online magazine, Nylon.

In neither case, according to the FTC, was Lord & Taylor’s role in the promotional effort appropriately disclosed.

On these alleged facts, the FTC brought three counts alleging the following violations of Section 5 of the FTC Act’s prohibition on deceptive practices:

  • the failure to disclose that the influencers’ Instagram posts did not reflect their independent and impartial statements, but rather were specifically created as part of an advertising campaign;
  • the failure to disclose or adequately disclose that the influencers were paid endorsers; and
  • the failure to disclose that the Nylon materials were not independent statements and opinions of the magazine, but rather “paid commercial advertising.”

As has been widely remarked, this is not the first time the FTC has brought a case relating to social media advertising. The settlement, however, is noteworthy because it brings together issues relating to both native advertisements and endorsements. The FTC has been focusing on these issues since late 2014; its activities have included:

  • Settling with the advertising firm Deutsch LA, Inc. in late 2014 in connection with its allegedly deceptive activities relating to the promotion, on behalf of its client Sony, of the PlayStation Vita handheld gaming console through Twitter (we wrote about the Deutsch LA case on Socially Aware).
  • Settling in September 2015 with Machinima, Inc., an online entertainment network that allegedly paid video bloggers to promote the Microsoft Xbox One system (we also wrote about the Xbox One settlement on Socially Aware).
  • Issuing a closing letter, at the same time as the Machinima settlement, indicating that the FTC had investigated Microsoft and Microsoft’s advertising agency, Starcom, in relation to the influencer videos at issue in Machinima. The closing letter was significant because it suggested that the FTC was primed to take the position that a company whose products are promoted bears responsibility for the actions of its ad agencies—as well as the actions of those engaged by its ad agencies.
  • Releasing a policy statement and guidance on native advertising in late 2015, which warned companies—again—that it is deceptive, in violation of Section 5, if reasonable consumers are misled as to the true nature or source of an advertisement. (Our Client Alert on these materials can be read here.)

The compliance issue with native advertising is that content that does not appear to be advertising—such as an advertisement or promotional article in an online or print publication formatted to look like the non-advertising materials in the same publication—must be clearly and conspicuously disclosed as advertising. The relevant compliance issue with endorsements is that any payment or other compensation received by the endorser from the promoter must be appropriately disclosed.

The concept underlying native advertisements and endorsements is the same: Consumers must be aware that they are reviewing promotional material, not “native” or “organic” content, whether it is on a social media platform, a website or in a print publication.

The Lord & Taylor settlement is yet another clear signal that paid promotions of any kind, in any medium, must be disclosed. Given the FTC’s focus on these issues and the repeated enforcement actions, especially with respect to social media endorsements, it is likely that the FTC will continue to enforce in this area until it is convinced that the market understands the disclosure rules.

In light of the risk in this area, the Lord & Taylor Consent Order is noteworthy, as it provides valuable insight into how the FTC expects companies to avoid running afoul of the endorsement and native advertising rules.

For example, the Order requires Lord & Taylor to provide any endorser “with a clear statement of his or her responsibility to disclose, clearly and conspicuously,” the material connection between the retailer and the endorser in any advertisement and communication, and to obtain a signed and dated acknowledgment of receipt of this statement from the endorser. In addition, the Order requires Lord & Taylor to maintain a system to monitor and review its endorsers’ representations and disclosures. Taken together, these requirements essentially lay out components of a compliance program that any company using social media for advertising should consider.

Of course, any such program requires time and resources, and no company has those in infinite supply. But, moving beyond the FTC’s Complaint and Order, there are other noteworthy aspects of the social media endorsement issue that appear to have been overlooked.

According to news reports and comments from Lord & Taylor, it appears that the company (and commentators) recognized the potential FTC compliance issue right after the ad campaign launched. The company reportedly stated, after the settlement, that “it came to our attention [a year ago] that there were potential issues with how the influencers posted about a dress in this campaign, [and] we took immediate action with the social media agencies that were supporting us on it to ensure that clear disclosures were made.” And, indeed, articles from the time of the advertising campaign noted, for example, that “the [endorsing] bloggers left out an important piece of information in their Instagram posts: a disclosure that they had been paid to post by Lord & Taylor.” Another website commented at the time that the bloggers “failed to mention they were paid,” and suggested that the company was getting away with violating the FTC Act (though it did note that many bloggers had gone back to add “#sponsored or #ad to their posts).” The immediate aftermath of the Lord & Taylor campaign that ultimately formed the FTC’s case suggests that awareness of the issues is rising among the public, and that even a quick fix can be too late.

In light of this awareness, the failure to disclose obvious ties between the endorser and the promoter can undermine a campaign. And, even though the FTC does not have the authority to impose civil money penalties for these types of violations of the FTC Act, state Attorneys General appear to be getting in on the act. Machinima, Inc., for example, settled allegations with the FTC regarding its use of influencers in promoting the Xbox One (as we noted above). A few months later, however, the company entered into a settlement with the New York Attorney General that included a penalty of $50,000 for its alleged failure to disclose payments to the influencers.

These events strongly suggest that ensuring appropriate disclosures is more than just an FTC compliance issue. While the FTC is actively enforcing in this space, the margin of error is shrinking not only because of the FTC, but also because of the increasing awareness of the public, and the new risk of enforcement (including financial penalties) by state Attorneys General.

 

*    *    *

For more information on potential legal hurdles for companies engaged in social media marketing, please see these related blog posts:

An FTC Warning on Native Advertising

FTC Continues Enforcing Ad Disclosure Obligations in New Media and Issues a Warning to Advertisers

FTC Enforcement Action Confirms That Ad Disclosure Obligations Extend to Endorsements Made in Social Media