The Prinz Law Office

If your company has either pursued Privacy Shield certification, or publicly claimed to be in pursuit of Privacy Shield certification,  recent enforcement action by the Federal Trade Commission (“FTC”) should put your company on notice that failure to maintain your certification may render you subject to FTC enforcement activity if you continue to make representations on the Internet or in advertising materials related to Privacy Shield.

The FTC has just announced settlements with four companies, IDmission, LLC, mResource LLC (doing business as Loop Works LLC), SmartStart Employment Screening, Inc., and VenPath, Inc. on allegations related to EU-U.S. Privacy Shield compliance.

The FTC’s complaint against IDmission, LLC, which is a cloud-based technology platform, focuses on the company’s website representations of compliance with the EU-U.S. Privacy Shield framework despite the company’s failure to actually complete the certification process.  In contrast, FTC’s complaints against mResource, SmartStart, and VenPath, which are companies providing talent management and recruiting services, employment and background screening services, and data analytics services respectively, all focus on the companies’ website representations of Privacy Shield certification despite failing to maintain the certification.

The settlements now render these four companies subject to direct FTC oversight and monitoring with respect to their advertising and compliance activities going forward.

From this enforcement action, it is clear that the FTC is on the lookout for companies who are making claims about the EU-U.S. Privacy Shield that they are not actually meeting, and that the FTC is prepared to exercise its enforcement authority against any company that fails to meet its representations as they pertain to Privacy Shield.

So, software companies, the FTC is putting you on notice: you need to self-monitor your Privacy Shield certification and ensure that you maintain the certification at all times, and to ensure that you are compliant with certification requirements, particularly if you are making advertising-related representations related to Privacy Shield.  The FTC is watching.

Tech Crunch and Forbes recently reported on a problem plaguing the App Store: unethical subscription practices.

According to Tech Crunch, commonly utilized unethical practices include as follows:

• that the apps are too aggressive in obtaining subscriptions;
• that the apps offer little functionality without upgrading;
• the apps provide no transparency around how free trials work;
• and the apps make it difficult to stop subscription payments.

Both Tech Crunch and Forbes note that the App Store has established published Guidelines for App Store Review, which specifically includes a Developer Code of Conduct that states:

Customer trust is the cornerstone of the App Store’s success. Apps should never prey on users or attempt to rip-off customers, trick them into making unwanted purchases, force them to share unnecessary data, raise prices in a tricky manner, charge for features or content that are not delivered, or engage in any other manipulative practices within or outside of the app.

So, if Apple requires adherence to a code of conduct, why is it alleged that unethical subscription practices are still so rampant on the App Store?  And why hasn’t the Federal Trade Commission (“FTC”)  stepped in, or more state attorney general offices intervened?   It is unclear, since as Forbes argues, the more these practices are allowed to continue, the more the practices are likely to detrimentally affect the entire App Store market.  As both Tech Crunch and Forbes have pointed out, the App Store is full of reviewer complaints about the specific practices of various apps, so at least Apple has definitely been on notice that there was a problem.  Presumably the FTC and at least one or two state attorney general’s offices have been made aware of these issues as well.

As a Silicon Valley SaaS and software licensing attorney, however, I would encourage App developers profiting off practices that seem questionable or are the targets of a significant number of annual complaints to consider modifying those practices as quickly as possible, as you and your business run the risk of not only attracting a lawsuit by the FTC or an attorney general’s office but you also run the risk of attracting a class action suit on behalf of subscribers who were allegedly harmed by your App.  This type of suit is not without precedent, and could come with a significant damage award.   Your subscription terms do matter and they need to be viewed as fair and reasonable to your subscribers.  You are on notice: these practices are being brought under scrutiny by the press and scrutiny by regulators, states, and class action attorneys is likely to soon follow.