FTC International Monthly - September

FTC International Monthly: U.S. Competition, Consumer Protection and Privacy News


Consumer Protection and Privacy

FTC Signs Memorandum of Understanding with Nigerian Civil and Criminal Enforcement Authorities

The Federal Trade Commission signed a memorandum of understanding (MOU) with two Nigerian agencies,  the Consumer Protection Council (CPC) and the Economic and Financial Crimes Commission (EFCC), to increase cooperation and communication in their joint efforts to stamp out cross-border fraud.  The CPC addresses consumer complaints through investigations and enforcement; the EFCC is a criminal enforcement agency with authority to address consumer fraud and other financial crimes.

The MOU is a framework for voluntary cooperation and will not change existing laws in either country. It provides for a Joint Implementation Committee to identify concrete areas of collaboration, establish joint training programs and workshops, and provide assistance regarding specific cases and investigations.    Notably, it is the first FTC MOU of this kind to include a foreign criminal enforcement authority.  

"Cross-border scammers use fraudulent e-mails and other scams to bilk consumers all over the world, while undermining confidence in legitimate businesses,” said FTC Chairwoman Ramirez.  “This MOU will help our agencies better protect consumers in both the U.S. and Nigeria.”

The FTC has already worked with the two Nigerian agencies on policy and enforcement matters in various organizations, including the African Consumer Protection Dialogue, the International Mass Marketing Fraud Working Group, the London Action Plan (LAP, an anti-spam network), and the International  Consumer Protection and Enforcement Network.   

FTC  Co-Hosts Fifth Annual African Consumer Protection Dialogue Conference

The Federal Trade Commission is co-hosting the fifth annual conference of the African Consumer Protection Dialogue with the Zambian Competition and Consumer Protection Commission on September 10- 12.  The event  features sessions focused on “Moving Cross Border Collaboration Forward.”  In addition to the United States, officials  from approximately 21 countries are participating in the conference including: Angola, Botswana, Cape Verde, Chad, Egypt, Gabon, Gambia, Ghana, Kenya, Malawi, Namibia, Nigeria, Rwanda, Seychelles, South Africa, Swaziland, Tanzania, Togo, Uganda, Zambia, and Zimbabwe.  Representatives from COMESA (Common Market for Eastern and Southern Africa), Consumers International, INTERPOL, and UNCTAD (United Nations Conference on Trade and Development) are also attending.  The conference focuses on a wide range of consumer protection issues including mobile technologies and cyber-threats facing consumers, health-related issues and financial and credit issues. The conference also includes sessions on building cooperation between civil and criminal authorities in consumer fraud matters and law enforcement techniques and cross-border collaboration.

FTC Feature: FTC Chairwoman Edith Ramirez Addresses Privacy Challenges of Big Data

FTC Chairwoman Edith Ramirez recently gave a keynote address on The Privacy Challenges of Big Data: A View from the Lifeguard’s Chair. Speaking before the Technology Policy Institute Aspen Forum,  Chairwoman Ramirez stated, “There is little doubt that the skyrocketing ability of business to store and analyze vast quantities of data will bring about seismic changes in ways that may be unimaginable today.” 

Chairwoman Ramirez recognized the potential benefits of big data to deliver better products and services to consumers at lower costs but also identified the possible privacy risks  for consumers. These include indiscriminate data collection, data breaches, behind-the-scenes profiling and “data determinism,” which the Chairwoman described as “the risk that big data will be used to make determinations about individuals, not based on concrete facts, but on inferences or correlations that may be unwarranted.”   

The Chairwoman likened the FTC’s role in the emergence of big data as akin to a lifeguard on a beach –  “not to spoil anyone’s fun, but to make sure no one gets hurt.”  She explained, “With big data, the FTC’s job is to get out of the way of innovation while

making sure that consumer privacy is respected.” She discussed the “critical role” the FTC can play in addressing the privacy challenges posed by big data.  Chairwoman Ramirez identified the tools that the FTC has used, and will continue to use, to protect consumer privacy including the FTC’s  statutory authority over deceptive claims, including those touching on privacy and data security, and over unfair practices, including failure to provide reasonable data security.  She also described sector-specific enforcement that Congress has charged the FTC with enforcing, including under the Fair Credit Reporting Act and the Children’s Online Privacy Protection Act (COPPA). 

Chairwoman Ramirez also emphasized that  “Addressing the privacy challenges of big data is first and foremost the responsibility of those collecting and using consumer information.She identified three steps, drawn from the FTC’s Privacy Report, that businesses can take to harness the power of big data while safeguarding consumer privacy: privacy-by-design, simplified choice, and greater transparency.    

FTC Acts Against Medical Testing Lab and Internet-Connected Home Security Video Camera Provider  for Failures to Provide Reasonable  Consumer Privacy Protections

The FTC has filed a complaint against a medical testing lab and settled charges against an internet-connected video camera provider for failing to provide reasonable protections for consumer privacy. These cases are part of an ongoing effort by the Commission to ensure that companies take reasonable and appropriate measures to protect consumers’ personal data.

In the first matter, LabMD, Inc.  the FTC filed a complaint against a medical testing laboratory, alleging that the company failed to reasonably protect the security of consumers’ personal data, including medical information.  The complaint alleges that in two separate incidents LabMD exposed the personal information of approximately 10,000 consumers.  The bulk of these exposures involved billing information found on a peer-to-peer (P2P) file-sharing network, while documents containing sensitive personal information of at least 500 consumers were found in the hands of identity thieves.   Among other things, the complaint alleges that LabMD failed to take reasonable and appropriate measures to prevent unauthorized disclosure of sensitive consumer data – including health information – by failing to implement or maintain a comprehensive data security program. LabMD also allegedly failed to use readily available measures to identify commonly known or reasonably foreseeable security risks and vulnerabilities, failed to use adequate measures to prevent employees from accessing personal information or to adequately train employees on basic security practices, and failed to use readily available measures to prevent and detect unauthorized access to personal information.

The FTC also filed a complaint and proposed consent agreement settling its charges against TRENDnet, a company that markets video cameras designed to allow consumers to monitor their homes remotely, alleging that its lax security practices exposed the private lives of hundreds of consumers to public viewing on the Internet.  This is the agency’s first action against a marketer of an everyday product with interconnectivity to the Internet and other mobile devices – commonly referred to as the “Internet of Things.”

The FTC’s complaint alleges that TRENDnet marketed its SecurView cameras for purposes ranging from home security to baby monitoring, and claimed in numerous product descriptions that they were “secure.”  In fact, the cameras had faulty software that left them open to online viewing, and in some instances listening, by anyone with the cameras’ Internet address.   The complaint details,  in particular, TRENDnet’s failure to use reasonable security to design and test its software, including a setting for the cameras’ password requirement.  As a result of this failure, hundreds of consumers’ private camera feeds were made public on the Internet, including live feeds of babies asleep in their cribs, young children playing, and adults going about their daily lives.

The FTC’s proposed settlement with TRENDnet prohibits it, among other things, from misrepresenting the security of its cameras or the security, privacy, confidentiality, or integrity of the information that its cameras or other devices transmit.  TRENDnet also is required to establish a comprehensive information security program and obtain third-party assessments of its security programs every two years for the next 20 years. In announcing the proposed settlement, Chairwoman Ramirez stated,  “The Internet of Things holds great promise for innovative consumer products and services.  But consumer privacy and security must remain a priority as companies develop more devices that connect to the Internet.  


FTC Submits Proposed Amicus Curiae Brief  Concerning “No-Authorized-Generic” Commitments in Drug Companies’ Patent Settlements

The FTC has asked the U.S. District Court for the District of New Jersey to accept an amicus curiae brief  that addresses the application of the U.S. Supreme Court’s recent ruling in FTC v. Actavis to a patent settlement containing a “no-authorized-generic” commitment.  A no-authorized-generic commitment obligates a brand-name drug firm, as part of a patent settlement, not to launch its own authorized-generic alternative when the company that makes the first generic product begins to compete.  The FTC submitted the brief in the case of In re Effexor XR Antitrust Litigation.

The FTC’s brief states that the Effexor XR case presents “an issue with significant implications for American consumers” -- whether pharmaceutical patent settlements are “immune from antitrust scrutiny so long as the brand-name drug manufacturer pays for delayed entry with something other than cash.” The brief explains why “[t]he allegations here raise the same type of antitrust concern that the Supreme Court identified in Actavis,” and thus should be treated in the same fashion. The Supreme Court’s opinion speaks in terms of “payments” and “money,” not because cash has a unique economic effect, but because Actavis involved allegations of cash payments. But, the brief points out, “accepting the defendants’ claim of immunity whenever patentees use vehicles other than cash to share the profits from an agreement to avoid competition elevates form over substance, and it would allow drug companies to easily circumvent the ruling in Actavis, at great cost to consumers.”

The filing was submitted to the court on August 14, 2013, and a ruling on the FTC’s request to participate as amicus curiae is expected by mid-September.

FTC Requires Pinnacle to Sell Two Casino Properties as Condition for Acquiring Rival Ameristar

Pinnacle Entertainment, Inc. and Ameristar Casinos, Inc. have agreed to sell casino properties in St. Louis, Missouri and Lake Charles, Louisiana, to settle FTC charges that Pinnacle’s $2.8 billion merger with Ameristar would be anticompetitive.

The Commission initiated administrative litigation in May, alleging that the merger would reduce competition and lead to higher prices and lower quality for casino customers in St. Louis, where the two companies are direct competitors, and in the Lake Charles area, where they will compete beginning in 2014 after the opening of Ameristar’s new casino.  (See June 2013 newsletter for further detail)

Under the terms of the order, Pinnacle will sell its Lumiere Place Casino and all associated assets in St. Louis to a buyer approved by the Commission within six months. If the Lumiere Place Casino is not divested to an approved buyer within six months, the proposed order allows the Commission to require instead that Pinnacle divest the Ameristar Casino Resort Spa St. Charles. In addition, the company will sell its interest in the casino and resort property that Ameristar is developing and had planned to open in Lake Charles in 2014, to a Commission-approved buyer within six months. If that casino property is not divested to an approved buyer within six months, the proposed order allows the Commission to require instead that Pinnacle divest Pinnacle’s L’Auberge Casino Resort in Lake Charles. Each sale also is to include all of the assets required to operate each divested casino as a separate business.

The proposed consent order also contains a hold separate order to preserve assets, which is designed to maintain the two casino properties being sold as viable, competitive, and ongoing businesses.

The FTC has published a description of the consent agreement package in the Federal Register.  The agreement is subject to public comment for 30 days, through Sept. 11, 2013, after which the Commission will decide whether to make the proposed consent order final.

Hospital Authority and Phoebe Putney Health System Settle FTC Charges That Acquisition of Palmyra Park Hospital Violated U.S. Antitrust Laws

The Hospital Authority of Albany-Dougherty County and Phoebe Putney Health System, Inc. have agreed to settle Federal Trade Commission charges that the acquisition of Palmyra Park Hospital harmed hospital competition in six Georgia counties.  The proposed consent order includes provisions to aid competition in these local health care markets, but due to the unique circumstances of the Certificate of Need (CON) laws in Georgia, the Commission is unable to require that the hospitals become independent competitors. Under the proposed consent order, the Hospital Authority and Phoebe Putney will be required to give the FTC prior notice of future transactions, and will be barred from opposing certain applications by potential competitors seeking state certification to enter local health care markets. 

“The FTC’s efforts in this case produced a tremendous victory for consumers when the Supreme Court unanimously reined in overbroad application of state action immunity and allowed federal antitrust review of this merger,” said Deborah Feinstein, Director of the FTC’s Bureau of Competition.  “Regrettably, that legal victory will not undo the acquisition’s clear harm to competition.  Because divestiture is unavailable in light of Georgia’s strict certificate of need legislation, this proposed order is the most effective and efficient resolution that can be achieved at this time.”

In Other News

FTC Chairwoman Edith Ramirez Names New Bureau of Economics Director and Two Other Senior Staff

Federal Trade Commission Chairwoman Edith Ramirez recently announced three appointments to leadership positions in the agency: Martin Gaynor as Director of the Bureau of Economics, David B. Robbins as Executive Director, and Thomas N. Dadouh as Director of the FTC’s Western Region offices.  Gaynor, who will serve as Director of the Bureau of Economics starting October 1, joins the agency from Heinz College at Carnegie Mellon University, where he is a professor of economics and public policy and holds the E.J. Barone Chair in Health Systems Management.  Gaynor has an extensive teaching background and has received numerous awards for research in health care economics.  He earned doctoral  and master’s degrees in economics from Northwestern University, and an honors degree in economics from the University of California, San Diego.

FTC to Host Workshop on Internet of Things

The Federal Trade Commission will hold a public workshop on Tuesday, November 19, 2013 in Washington, DC, to explore consumer privacy and security issues posed by the growing connectivity of everyday devices, often referred to as “The Internet of Things.”  The workshop will bring together academics, business and industry representatives, and consumer advocacy groups to explore the security and privacy issues of the Internet of Things, both in the home (including home automation, smart home appliances and connected devices), and when consumers are on the move (including health and fitness devices, personal devices, and cars).  The workshop will inform the Commission about the developments in this area. The FTC will publish a more detailed agenda at a later date.

FTC to Host Roundtable on Care Labels

The FTC will host a public roundtable to analyze proposed changes to its Care Labeling Rule. The Rule requires manufacturers and importers to attach labels with instructions for how to dryclean, wash, bleach, dry, and iron clothes. The event will be held October 1 in the FTC’s Conference Center, 601 New Jersey Avenue, NW, Washington, DC.   The FTC will publish a more detailed agenda at a later date.  The FTC  will accept comments from the public on the care labeling rule until October 15, 2013.

FTC Advises Consumers on Preventing, Identifying, and Dealing With Hacked Email or Social Networking Accounts

The FTC  has new tips to help people deal with email and social networking hacks, which can help lessen the chances of being hacked or recovering from a hack.  Hacked Email, new guidance from the FTC, identifies signs that an account may have been hacked such as friends and family members receiving messages the user didn’t send, a sent folder emptied, social media posts the user didn’t create, or email or other accounts the user can’t open.