In February, 2020, Kilpatrick Townsend hosted two BBB National Programs events on Hot Topics in Advertising and Privacy Law, first in its San Francisco on February 11 and then in its Atlanta office on February 26. Barry Benjamin led the conversations, in San Francisco with Lee Peeler, Executive Vice President of Policy and Program Development, and then in Atlanta with Dona Fraser, Vice President of Children’s Advertising Review Unit (CARU), both from BBB National Programs. The speakers and attendees discussed the latest pressing issues in advertising and privacy at the FTC, National Advertising Division (NAD), and CARU, lessons learned by advertisers regarding Children’s Online Privacy Protection Act (COPPA), the FTC’s settlement with YouTube, as well as interest-based digital advertising post-California Consumer Privacy Act (CCPA) and the Federal legislative outlook.
Takeaways from the programs include:
1. In June 2019, the Council of Better Business Bureaus (CBBB) restructured into two separate non-profit organizations – BBB National Programs, Inc., and the International Association of Better Business Bureaus (IABBB) – operating separately, each with its own independent board of directors and staff. The BBB National Programs provides the umbrella organization for a number of industry self-regulatory programs, where companies, industry experts and trade associations work together to foster industry best practices in truth-in-advertising, child-directed marketing, data privacy, and dispute resolution.
2. In the realm of advertising, included among the various self-regulatory programs are NAD and CARU. NAD has a staff of experienced advertising lawyers that reviews national advertising in all media, and its decisions set standards for truth in advertising across a variety of industries. Cases may be initiated by third-party or competitor challenges, or through the NAD’s self-monitoring initiative, and participation is entirely voluntary. However, the only remedy that NAD can provide is a recommendation that the advertiser modify its advertisement if NAD finds unsubstantiated claims or that the advertising is otherwise not true or accurate. Non-compliance, however, will bring a referral by NAD to the Federal Trade Commission. No discovery takes place, and the parties provide their arguments through briefs and one in-person meeting. The entire process from initiation to written decision can vary, but usually takes between three-six months. The written decision is accompanied by a public press release, with written decisions available by paid subscription. NAD keeps confidential all data it receives in reviewing a case. The NAD as a voluntary forum for adjudicating competitor disputes can be far more cost-effective than bringing a court action.
3. NAD decisions are very important sources of compliance guidance for advertisers looking to stay within appropriate legal standards. Recent decisions have discussed how to work with social media influencers to ensure compliance with the FTC Endorsement Guides; avoiding claims of fraudulent ‘never-ending’ sales by establishing regular prices; and the parameters of advertising “up to” savings claim in connection with the sale of home solar panels.
4. CARU was established to promote responsible children’s advertising and acts through its Guidelines, promulgated to set forth its positions on responsible advertising to children. CARU’s Academic Advisory Board, composed of leading experts in education, communication, child development, child mental health and nutrition, consults on individual issues and cases, and assists in the review of the Guidelines. CARU’s basic activities are the review and evaluation of child-directed advertising in all media, and online privacy practices as they affect children. When these are found to be misleading, inaccurate or inconsistent with the Guidelines, CARU seeks changes through voluntary cooperation.
5. BBB also oversees EU-US Privacy Shield compliance assistance, helping companies of all sizes comply with Privacy Shield requirements for transfers of personal data from the EU and Switzerland to the United States. The Privacy Shield Frameworks are a mechanism for legally transferring personal data from the European Union (EU) and Switzerland to the United States. The Privacy Shield promotes greater transparency around international data processing and enables U.S. companies to demonstrate that their privacy practices meet EU and Swiss data protection requirements. U.S. businesses participating in Privacy Shield are required to select an independent dispute resolution service (known as an Independent Recourse Mechanism or IRM). This ensures that EU and/or Swiss individuals whose personal data the business transfers to the United States have someone to turn to if the business fails to uphold its Privacy Shield promises. BBB EU Privacy Shield was created to help businesses of all sizes meet this requirement.