The plaintiff alleges that Abbott’s claims that the product is “Clinically Proven to Help Kids Grow” misled consumers into thinking the product was clinically proven to help typical children grow taller, when that’s not the case. Among other things, she pointed to a giraffe image accompanied by ruler-like marks on the label and to commercials showing parents lifting kids up so that they’re taller as support for her interpretation of the claim. 

Abbott argued that the phrase “Clinically Proven to Help Kids Grow” was not misleading because “grow” does not necessarily mean grow taller—instead, it could also refer to weight, body composition, or other forms of child growth. Abbott also argued that its disclaimer made clear that the studies supporting the claim involved children at risk for malnutrition or undernutrition, rather than all children generally.   

A New York federal court recently denied Abbott’s motion for summary judgment, holding that a jury could reasonably find that Abbott’s packages and ads communicated a message that the product could help typical children grow taller. The court also held that the disclaimer didn’t change the analysis, holding that a reasonable jury could find it ineffective because it isn’t prominent and the language doesn’t clearly explain how it limits the claim.

This case serves as a reminder that courts will generally look at the whole context of an ad (including images) to figure out what claims reasonable consumers are likely to take away from that ad. Ads can be literally true, but still misleading, if consumers take away a message that an advertiser can’t support. Even a disclaimer may not help, especially if that disclaimer appears in “small print” and is difficult to understand. 

We’ll keep reporting about these cases to help you Grow & Gain a better understanding of advertising law.

According to the FTC’s complaint, the enterprise continually launched new product offerings, registered new Delaware shell companies, and opened fresh merchant accounts to hide its true identity from consumers and evade fraud-monitoring programs.

The FTC’s allegations highlight three core tactics that serve as a textbook list of what not to do if you offer recurring subscriptions:

• Failure to Disclose Material Terms: The FTC alleges that the defendants advertised apps and services as free or available for a low, one-time cost, frequently touting a money-back guarantee. However, the companies buried information about automatic renewals and recurring charges in fine print.
• Unauthorized Billing: Beyond the undisclosed recurring fees, the complaint alleges that the companies double-charged consumers for the same product or added unauthorized add-on items to transactions without consumer knowledge or affirmative consent.
• Difficult Cancellation: The FTC alleges that the companies made it difficult to cancel. Many of their websites and apps allegedly omitted online cancellation mechanisms, forced consumers to navigate lengthy exit-interview questionnaires, or simply continued to charge credit cards even after confirming cancellation.

The FTC alleges these practices violate both Section 5 of the FTC Act and the Restore Online Shoppers’ Confidence Act.

While this case involves an extreme example of an alleged multi-layered fraud scheme, the core tenets of the FTC’s enforcement strategy apply to all legitimate companies utilizing automatic renewals. Companies need to clearly and conspicuously disclose all material terms, get affirmative consent from consumers, and make cancellation simple.

We’ll continue to track these subscription cases. In the meantime, now is a good time to audit your signup flows, disclosure placement, and cancellation paths to ensure they match current legal requirements.

This week, the woman filed a class action lawsuit against Gymshark alleging that the company has enlisted “an army of fitness influencers” to promote its products and instructed them to post content “without disclosing to consumers that such posts are paid advertisements.” The complaint alleges that most of the soldiers in the influencer army didn’t disclose their connection to the company, and those that did used small print or text that viewers couldn’t see without clicking a link.

As with similar lawsuits, this complaint leans on the FTC’s Endorsement Guides to argue that it’s misleading for an influencer to promote a product without clearly disclosing her connection to the brand. (The complaint also points to this NAD case for the same principle.) The Florida woman alleges that she wouldn’t have purchased the leggings if it weren’t for the misleading posts and she seeks damages for herself and other people who purchased Gymshark products after seeing similar posts.

There are at least two lessons to learn here. First, if you are a consumer purchasing products based on an influencer’s recommendation, you may want to err on the side of assuming that the influencer is being paid. Second, if you are a company using influencers to promote your products, make sure your influencers disclose their connection to you in a way that complies with the FTC’s Endorsement Guides. If you don’t, you may find yourself doing some heavy lifting in court.

With the Antitrust Division's launch of its first-ever whistleblower rewards program, revisions to corporate self-disclosure policies, and a renewed emphasis on cooperation credit across all white-collar enforcement areas, companies that handle consumer data, make advertising claims, or engage in competitive marketing practices face heightened exposure. A complaint that begins as an advertising or privacy matter can quickly escalate into a federal investigation involving allegations of fraud, anticompetitive conduct, or obstruction — particularly where self-regulatory missteps compound underlying compliance failures.

Why This Matters for the Ad Law and Privacy Community

Advertising and privacy professionals are no strangers to multi-agency enforcement. The same conduct that draws an FTC inquiry can attract DOJ attention when it involves deceptive practices at scale, data-sharing arrangements with anticompetitive dimensions, or misleading claims that cross the line into criminal fraud. The DOJ's updated policies now create powerful new incentives for insiders to blow the whistle — and powerful new risks for companies that delay self-disclosure when problems surface.

For in-house counsel and compliance officers managing advertising review processes, privacy programs, or internal investigations triggered by consumer complaints, understanding how the DOJ evaluates corporate cooperation and exercises prosecutorial discretion is no longer optional — it's essential.

Join Us for a Webinar

Kelley Drye Partners Sean M. Farrell and Thomas F. Rybarczyk — both former senior federal prosecutors — will offer an inside look at how the DOJ evaluates corporate conduct and determines cooperation credit in a webinar titled "Inside the DOJ Playbook: New Guidance on Whistleblowers, Leniency, and Self-Disclosure." The discussion will be moderated by White Collar Partner Sandra L. Musumeci.

Sean served as Chief of the Antitrust Division's New York Office and helped shape its whistleblower and compliance programs. Tom served as Chief of the Public Corruption and Civil Rights Section in the U.S. Attorney's Office in Los Angeles, focused on prosecuting public corruption and fraud. Together, they will draw on firsthand experience to provide practical guidance for companies navigating internal investigations and high-stakes enforcement matters.

Topics will include:

• How the DOJ evaluates self-disclosure and corporate cooperation
• Practical implications of the Antitrust Division's whistleblower and leniency programs
• Strategies for navigating multi-agency and multi-jurisdictional investigations
• What current DOJ enforcement priorities mean for compliance programs and risk management

Who Should Attend

This program is designed for in-house counsel, chief compliance officers, litigation and regulatory practitioners, and anyone advising organizations on government investigations, enforcement risk, and corporate compliance — including those managing advertising and privacy compliance programs where enforcement risk increasingly intersects with DOJ priorities.

Register here.

The AGs also addressed personalized pricing (also referred to as “surveillance” pricing) and suggested that the use of consumer information to offer individualized pricing and offers (including promotions and discounts) may further complicate transparency and could create harms by, for example, generating higher prices at restaurants consumers visit more often. The AGs claimed that providing customers different discounts based on their personal data is no different than charging different base prices, since the end goal (i.e., increasing revenue) is the same. This could also lead to outcomes, the AGs said, where customers more dependent on delivery may be charged more based on their circumstances. The AGs further stated that customers “cannot meaningfully avoid personalized pricing that they don’t know about.” 

The AGs suggested that online food delivery services should be added to the existing Rule on Unfair and Deceptive Fees, with some additional inclusions:

• Clearly and conspicuously displaying the total price including fees at each stage of item selection;
• Accurately describing the purpose of each fee and how it is calculated, including who the fees go to; and
• Disclosing any markup or variation from in-store pricing for menu items and to separately itemize the total markups. 

The AGs further suggested that this Rule “may not be appropriate” for addressing personalized pricing, and instead recommended issuing a new rule on that issue for food delivery platforms. Such a rule, they suggested, should include clear and conspicuous disclosure of:

• The use of pricing technology to set personalized pricing based on individual data;
• Any specific price set using personalized pricing;
• Any variation in price between a fixed reference price (such as in-store or public), and
• The factors that result in price differentials.

Discounts and promotions, the AGs said, should specifically be included in such a rule and not exempted, and further disclosures are merited when personalized pricing is used as part of a loyalty program. Further, the platforms should be required to disclose the specific customer data used.

While these comments pertain specifically to online food platforms, AGs have voiced similar concerns with other industries (and in some cases, states have already enacted relevant laws). For example, earlier this year 27 state AGs submitted a comment letter pertaining to Rental Housing Fees. The AGs encouraged the FTC to continue its “efforts to address unfair and deceptive pricing practices across the economy.” The AGs continue to stress that any such rules that the FTC adopts should be a floor not a ceiling, allowing states to enact further protections. 

Businesses should continue to consider how they are disclosing their fees and the purpose for those fees. Further, they should consider reviewing how any “personalized pricing” is being disclosed to customers, including in the context of any loyalty programs. We anticipate further AG scrutiny in this space, and many of these topics will be discussed at the upcoming NAAG Presidential Summit. We will be in attendance and report on further developments. 

• What data practices are more likely to drive scrutiny when it comes to surveillance pricing concerns
• Common themes in pending federal and state legislation that warrant consideration
• Discussion of common use cases, and how to issue spot and address material risk with practical considerations
• Efforts to ban electronic shelf labels, and the tension with pricing transparency practices

Register here.

CLE
Kelley Drye is an accredited provider of CA, IL, NY, and TX CLE. This continuing legal education program has been approved for 1.0 New York non-transitional Professional Practice credit and 1.0 General credit for California, Illinois, and Texas. New York credit can be applied reciprocally to New Jersey requirements and Connecticut requirements. We will apply for CLE credit in other jurisdictions, upon request, but cannot guarantee approval.

The comment highlights how modern FTC orders can impose substantial and enduring compliance burdens that extend well beyond their remedial purpose. These obligations often require companies to maintain extensive internal governance structures, third-party audits, and detailed reporting systems long after they have demonstrated compliance. In addition, the comment observes that the FTC’s approach to order duration is increasingly out of step with other federal agencies, such as the Federal Communications Commission (FCC) and the Consumer Financial Protection Bureau (CFPB), which typically impose shorter, more tailored order terms. Lengthy orders also risk locking companies into outdated compliance frameworks that may hinder innovation in rapidly evolving areas. The comment further notes that consent orders may divert resources away from emerging technologies, including artificial intelligence, toward ongoing compliance efforts.

In light of these concerns, the comment encourages the Commission to adopt a more flexible and modern approach to order duration, including a default ten-year limit with tailored, provision-specific sunset periods where appropriate. You can read the full comment to the FTC here.

Summer Associate Bariela Capollari contributed to this post.

Kalshi declined to participate in the process, so NAD announced they would refer the matter “to the appropriate regulatory authorities, including relevant state Attorneys General, and to the platforms on which the advertising appeared and with which NAD has reporting relationships….”

What’s most notable about the press release is what it doesn’t say. Typically, NAD would refer this type of issue to the FTC (especially given that the issue relates to compliance with the FTC’s own Endorsement Guides). It’s interesting to note, then, that NAD didn’t say that it would refer this matter to the FTC.

Any bets as to how this will turn out?

The term “synthetic performer” generally refers to an asset that was created using generative AI or a software algorithm and is intended to emulate an actual (but not identifiable) human. Here are some common questions advertisers have been asking themselves about that term:

• Does the law apply if the synthetic performer only appears in the background of an ad, such as in a crowd? The law doesn’t seem to draw a distinction between “principal performers” and “extras.”
• Does the law apply if an ad includes only part of a performer, such as just a hand and wrist modeling a watch? Again, the law doesn’t seem to draw a distinction.

In the absence of any guidance, many companies plan to take a conservative approach and include disclosures for “extras” and parts of performers that were created by AI. Note, though, that the statute also encompasses creation by a “software algorithm”—a term that isn’t defined—so it could also encompass assets created by other technologies.

There are also questions about how to make the required disclosures. For example:

• What words does an advertiser have to use? The law doesn’t seem to mandate any specific words.
• What constitutes a conspicuous disclosure? Again, the law doesn’t elaborate on this.

Although some advertisers plan to use the term “synthetic performer” in their disclosures, others plan to use more commonly understood terms, such as “AI-generated image.” As for the “conspicuous” requirement, there are other laws and cases that illustrate what that could mean but it remains to be seen what NY regulators will expect in this context. 

The law includes some exceptions. For example, it generally doesn’t apply to ads or promotional materials for expressive works, audio ads, or instances in which the use of AI “solely involves the language translation of a human performer.” Most other ads are covered, though.

Advertisers will want to work with their agencies to understand when ads include synthetic performers so that they can add the necessary disclosures to their ads. A violation of the law may result in a civil penalty of $1,000 for a first violation and $5,000 for any subsequent violation. Fortunately, there is no private right of action. 

CMG and two of its agencies—MindSift and 1010 Digital Works—advertised a service that could use a special algorithm to listen in on and detect pertinent conversations from smart devices in order to target ads to consumers within a specific geographic region. According to CMG’s ads: “We can identify buyers based on casual conversations in real time. It may seem like black magic, but it’s not—it’s AI.”

According to the FTC, though, it was neither black magic nor AI. In fact, the FTC alleged that the service did not listen in on consumers’ conversations or use voice data at all. Moreover, the service did not accurately place ads in customers’ desired locations. Instead, the FTC alleged that the service consisted of CMG reselling—at a significant markup—email lists obtained from other data brokers.

The companies also claimed that consumers had opted in to the (non-existent) listening by agreeing to terms of service for certain apps. According to the FTC, accepting an app’s terms does not constitute consent for an “invasive service” of this type. In fact, in its press release, the FTC notes that if the “service had functioned as advertised, this collection and use of consumers’ voice data without adequate consent would itself violate Section 5 of the FTC Act.” 

The FTC charged all three companies with violating the FTC Act. The FTC also charged MindSift and 1010 Digital Works with a second count of violating the FTC Act by providing CMG with the “means and instrumentalities” to deceive customers through marketing materials, sales pitches, and responses to questions that misled potential customers about the service. 

Under the proposed settlement orders, CMG must pay $880,000 while MindSift and 1010 Digital Works will each pay $25,000, which will be used to provide redress to customers impacted by the companies’ practices. In addition, each company agreed not to make certain misrepresentations about its services. 

In 2023, the FTC provided some helpful guidance to companies making AI claims. Among other things, the FTC warned against claiming that something is powered by AI if it isn’t. ​“FTC technologists and others can look under the hood and analyze other materials to see if what’s inside matches up with your claims.” Although the current administration seems to have taken that guidance down, you can read our summary here.

• Aaron Frey, Maine Attorney General
• Christina Moylan, Division Chief, Consumer Protection Division

They will be joined by Kelley Drye State Attorneys General Practice Chair Paul Singer, Special Counsel Abby Stempson, Special Counsel Beth Chun, and Senior Associate Andrea deLorimier. Guest speakers will address consumer protection in Maine. They will also discuss how the Maine Constitution allows for the direct initiation of legislation by citizens. General Frey will examine the impact of this process on government, business, and individuals in Maine, with specific reference to a recent automotive right to repair law and the use of the process to address concerns with utility companies operating in the state. In addition, he will discuss the increasing role of private equity in various sectors of the consumer economy and recent Maine efforts to address this trend.

Register here.

1. Surveillance Pricing

Few concepts are receiving more attention than “surveillance pricing,” a term without a single definition but that is generally used to describe the use of personal data to set individualized prices for consumers. 

At the outset, it is important to distinguish “surveillance pricing” from more familiar and widely accepted practices, such as loyalty programs and targeted promotions. Companies have long relied on personal data to deliver discounts, coupons, and tailored offers that may result in lower prices for certain consumers. These approaches typically operate by layering personalized incentives on top of a generally applicable base price, rather than altering the base price itself for a specific individual. While loyalty discounts and surveillance pricing are arguably distinct concepts, some legislators and enforcers are lumping them together. 

For example, roughly half of U.S. states have introduced legislation addressing surveillance pricing, varying significantly in scope and highlighting an ongoing lack of consensus about what conduct is actually at issue. New York, for instance, has enacted a law requiring affirmative disclosures when a company engages in what it characterizes as “algorithmic” or “dynamic” pricing. That requirement is notably broad and, depending on how it is interpreted, could extend beyond individualized base pricing to capture practices such as loyalty programs. By contrast, Maryland’s recently enacted law takes a narrower approach, expressly excluding loyalty programs from its definition of surveillance pricing.

Notwithstanding this legislative momentum, much of the concern appears to remain largely hypothetical. That point is underscored by the FTC’s recent Section 6(b) study. While the study sought concrete information from intermediaries about their data-driven pricing practices, the resulting 2025 report nonetheless focused on theoretical scenarios and potential risks rather than documented instances of widespread “surveillance pricing.” 

Our next installment of our Pricing 101 webinar series on June 24 will focus specifically on surveillance pricing. You can register here. In the interim, for more on surveillance pricing, see our blog here.

2. Pricing Accuracy

Pricing accuracy remains an enforcement priority. At its core is a straightforward question: does the price a consumer sees match the price they ultimately pay at checkout? While this issue has traditionally arisen in brick-and-mortar retail settings, it continues to be highly relevant as retailers adopt new technologies such as electronic shelf labels (ESLs).

ESLs can improve pricing accuracy by syncing shelf prices directly with point-of-sale systems, thereby avoiding the need for employees to manually update price tags. Manual processes are prone to error, and mistakes in changing tags are a common source of mismatches that can trigger regulatory scrutiny. By enabling real-time updates, ESLs offer a solution to that compliance challenge.

At the same time, the rollout of ESL technology has generated new questions from regulators and lawmakers. Some have raised concerns that ESL could be used to manipulate pricing in ways that resemble “surveillance pricing.” For example, policymakers have speculated about scenarios in which prices could change dynamically within a store environment, or even vary between consumers. Although there is no evidence that such practices are occurring in the marketplace, the possibility has attracted attention.

As a result, some states considering surveillance pricing legislation have proposed restrictions on, or even moratoria of, ESL use. These proposals highlight a growing tension in the policy debate: efforts to guard against perceived future risks may inadvertently undermine technologies that enhance pricing accuracy. 

3. Subscriptions and Auto-Renewals

Subscription models continue to generate enforcement activity, with the FTC alone having brought nearly a dozen subscription-related enforcement actions (see, e.g., here) over the past year. Regulators are focused on whether companies clearly disclose material terms such as cancellation fees, obtain affirmative consent, and provide easy cancellation mechanisms. The rise of subscription-based offerings has been accompanied by increased consumer complaints, particularly where consumers forget to cancel or encounter friction in doing so. Federal and state laws, including ROSCA and numerous state auto-renewal statutes, impose detailed requirements, and regulators often evaluate the entire user experience, from sign-up through cancellation.

4. Price Gouging

Price gouging laws come sharply into focus during emergencies, such as natural disasters or public health crises. These laws vary widely across states in terms of what triggers them, which goods or services are covered, and how terms such as “excessive” pricing are defined. Importantly, many are activated automatically upon a declared emergency and can remain in effect for extended periods. This means that companies that rely on dynamic or automated pricing systems could accidentally run afoul of these laws if they do not have controls to ensure that prices do not spike during these periods.

5. Line-Item Fees

The use of line-item fees continues to attract both regulatory scrutiny and private litigation. While separating charges such as shipping or service fees from base prices is not inherently problematic, issues arise when fees are inadequately disclosed, misleadingly described, or only revealed late in the purchasing process. Recent enforcement trends highlight concerns about fees labeled as “recovery” or “surcharge” fees, particularly where their rationale or calculation is unclear. 

6. Pricing Disclosures

Closely related to line-item fees is the broader issue of pricing disclosures. Any statements about price, including the purpose of fees or how costs are allocated, must be accurate and not misleading. For example, regulators have scrutinized representations about “tips” for delivery services and whether consumers understand for what purposes those amounts are actually used. Clear and conspicuous disclosures of pricing terms, particularly those presented early in the consumer journey, remain a material focus.

7. Junk Fees 

The concept of “junk fees” has become a major policy focus, with regulators emphasizing the importance of all-in pricing. Whether through rulemaking or legislation, the goal is to ensure that consumers understand the total price they will pay without being surprised by mandatory add-ons. Companies should evaluate when and how fees are disclosed in light of a growing body of state fee disclosure laws and UDAP enforcement, and consider whether their pricing presentation allows consumers to make meaningful comparisons at the outset of a transaction.

8. Free Trials

Free trials, and similar introductory offers, present recurring compliance challenges. While these promotions remain popular, they are subject to heightened scrutiny when they convert into paid subscriptions. Regulators expect clear disclosures about the duration of the trial, the charges that will follow, the steps required to cancel, and sometimes notice before the end of the trial. The use of the term “free” itself can trigger additional requirements, including specific disclosure obligations in certain jurisdictions.

9. Material Changes

Changes to pricing or other key terms during the lifecycle of a consumer relationship can create significant risk if not handled properly. Many state laws require advance notice (and, in some cases, renewed consent) before material changes take effect. Beyond pricing, regulators are also examining related practices such as “shrinkflation,” where product size or composition changes without clear disclosure. 

10. Promotional Pricing and Savings Claims

Promotional pricing, including rebate programs, buy-one-get-one offers, and savings claims, remains a staple of enforcement actions. Regulators are focused on whether these promotions accurately reflect the value being offered. Misleading promotions can take many forms, from unclear rebate terms to inflated base prices used to support discount claims. 

Looking Ahead

Taken together, these ten issues reflect a broader trend: pricing is not just a business decision, it is a regulatory and reputational risk area that intersects with privacy, advertising, and competition law. As enforcement activity continues to expand and legislative proposals evolve, companies should take a fresh look at their pricing practices, disclosures, and data use. Proactive review and alignment with core consumer protection principles will be essential to navigating this increasingly complex landscape.

• The first AI-powered camera with Fall Detect, offering full-body detection, 24/7 monitoring, real-time alerts, and direct links to first responders for unmatched home safety and peace of mind.
• With AI technology, Kami Fall Detect ensures 99% accuracy, meaning no more false alerts.
• Fall Detect is available through the Kami Home app and leverages proprietary Vision AI algorithms that detect falls with 99.5% accuracy. Fall Detect can help caregivers understand why someone fell, helping to prevent future falls.

After NAD started the inquiry, Kami Vision informed NAD that it’s no longer marketing the Kami Home Fall Detect System and that it had permanently stopped making the challenged claims. Because of that, NAD’s decision doesn’t include an analysis of the claims.

If there’s no analysis, why is this case worth noting? 

This is the fourth NAD-initiated challenge involving AI claims in the past 12 months. (We’ve covered two of those here and here.) These cases demonstrate that NAD is paying close attention to AI claims and proactively checking whether companies can substantiate them.

A Rose by Any Other Name: Dynamic, Differential, Surveillance, and Algorithmic Pricing

This panel echoed many of the same themes as a pricing panel at the NAAG Annual Conference earlier this year. Panelists compared variations in pricing to buying a car or discounts for students, seniors, and military members – practices generally considered acceptable. But where does greater granularity step over the line, particularly as new tools like AI enable increasingly customized offerings? 

Critics of surveillance pricing included a representative from the Electronic Privacy Information Center (EPIC), who theorized that surveillance pricing targets willingness to pay rather than ability to pay. A Consumer Reports’ representative added that surveillance pricing can cause consumers to lose comparison shopping tools which could result in an individualized pricing experience, similar to car-buying (which she used as an example of a hated consumer experience). 

Panelists also highlighted benefits of personalized pricing, including understanding inventory management – for example, bringing in more drivers when there is high demand, and saving customers time by providing personalized offers. According to an economist from the International Center for Law & Economics, on average, data-driven pricing provides more discounts to lower income families, though others disputed this conclusion.   

Consumer Reports further observed that beyond specific algorithmic pricing and UDAP laws, states can also use reference pricing laws, where differential pricing may be evidence of fake discounts. Minnesota’s Deputy Attorney General Jessica Whitney noted that unfairness may be a better tool than deception in some instances, similar to how states have relied on unfairness in the absence of specific price gouging laws. 

Panelists warned not to throw the baby out with the bathwater and ensure any legislation preserves consumer benefits. Whitney agreed, saying this new frontier is really old in some ways, and regulation should include experts and consumers to find the right way to stand the test of time.

Making CID “Meet and Confers” Work

Panelists from both sides of AG Civil Investigative Demand (CID) meet-and-confer discussions participated in this panel, including Jared Libet, Assistant Deputy Attorney General, South Carolina Attorney General’s Office; Jeff Hill, Special Counsel to Consumer Protection, Tennessee Attorney General’s Office; Deputy Attorney General Whitney (Minnesota, discussed above); and Paul Singer of Kelley Drye.  

Regarding CID authority, Whitney explained pre-lawsuit investigative power is taken seriously; staff do not want to abuse such authority and risk losing it. Nor do they want to unnecessarily review a burdensome amount of documents. Some AG offices have the ability to issue CIDs at the staff level, while others require multiple levels of approval that include specific justifications. Libet explained that in his office, due to the formalities of the CID process, typically if a CID is issued, the office will eventually expect a formal resolution to the investigation. 

Singer shared the business perspective that CIDs often result in massive burden and shock. While some companies respond in an adversarial manner, he recommended that it is often better to engage with the office to minimize burden. If the business better understands what is most important to the state, it can offer the most helpful information instead of a document dump. Whitney agreed that early engagement by the business could be helpful to both sides and encouraged reaching out well in advance of any deadlines. Singer noted that as more consumer cases are front office driven, discussions at that level may occasionally be appropriate. However, all panelists agreed that if elevating a matter to the front office is necessary, providing notice to staff is generally best practice.

Age Assurance Verification: The Technology, the Tradeoff, and the Path Forward

The panel kicked off with Amy Winecoff, Senior Technologist at the Knight-Georgetown Institute, providing the age assurance landscape. About half of states now have age assurance laws. She outlined three types of age assurance: age verification (such as using ID), age estimation (such as using picture/video), and age inference (using records). Winecoff recommended systems should be measured on a balance of accuracy, privacy, accessibility, and circumvention resistance, including through public reporting on methods and results and independent validation by third parties. She further suggested accountability should lie with the service provider as best positioned to act. 

Annie Chiang, Acting Deputy Director for Litigation and Enforcement Strategy, Federal Trade Commission, shared the FTC’s perspective on age assurance. The FTC leans on tech experts for guidance in this space. She noted privacy and age verification must go hand in hand. COPPA enforcement is a huge priority for both the FTC Chair and the President. The agency has had to take a step back to consider a lurking question: age verification itself may involve collecting children's data, which implicates COPPA. Following an FTC workshop, the FTC issued a policy statement indicating it would not enforce COPPA when entities collect children's personal information for age verification purposes, provided certain circumstances are met. When Chiang was asked what the FTC considers “reasonable accuracy” for age verification, she stated that the FTC is trying to understand what industry and experts are doing. While she could not offer a concrete standard, she said the agency wants to empower parents, protect kids, and promote innovation. She encouraged stakeholders to stay tuned.

***

Consumer protection has long been, and will undoubtedly remain, a key focus for state attorneys general. Reflecting that priority, NAAG hosts two consumer protection conferences each year, with the public portion of its Fall Consumer Protection Conference scheduled for October 27 in Washington, D.C. Kelley Drye will continue to report on developments in this space, including through its coverage of AG conferences.

SharkNinja explained that the “100%” reading indicates that particle levels are below the sensor’s measurable threshold—not that the air is completely free of contaminants. The company also pointed to a disclosure stating that the percentage corresponds to particle concentration, with higher percentages reflecting lower levels of particles.

NAD found that explanation incomplete. While the disclosure described the function of the display, it did not clearly communicate the key limitation—that “100%” does not mean the absence of all pollutants. In NAD’s view, reasonable consumers could still take away an unsupported message of complete air purification. 

Ultimately, NAD recommended that when ads feature a “Clean Air 100%” message—even if just on the product display—SharkNinja should include a clear and conspicuous disclosure explaining what the claim actually means and, importantly, what it does not mean. If the product display is obscured, a disclosure may not be necessary.

The decision is a useful reminder that absolute claims may be taken literally unless they are clearly qualified. Even when a claim originates from a product feature, advertisers should expect NAD to evaluate the net impression—and require disclosures that directly address the takeaway message consumers are likely to draw.

Background

In April 2021, the Supreme Court’s decision in AMG Capital Management, LLC v. FTC significantly curtailed the FTC’s enforcement authority, holding that Section 13(b) of the FTC Act does not permit the agency to obtain equitable monetary relief. The decision eliminated what had been one of the FTC’s most potent tools for consumer redress, leaving a substantial gap in the agency’s remedial toolkit. In response, the FTC has pivoted to alternative statutory authorities that independently support equitable monetary relief. Chief among these are GLBA and the Restore Online Shoppers’ Confidence Act (ROSCA). 

GLBA’s pretexting provisions make it unlawful for “any person” to obtain customer financial information through false, fictitious, or fraudulent statements. In 2023, the Southern District of New York validated the FTC’s expanded interpretation of this provision in FTC v. RCG Advances, LLC, holding that any misrepresentation, even about underlying products or services, coupled with the collection of financial information may constitute a pretexting violation. The court rejected arguments that the statute was limited to impersonation-style fraud, finding that “the plain text of the statutory provision controls.” The FTC has since invoked GLBA pretexting to obtain consumer redress in diverse cases, including challenges to cryptocurrency platforms, rental housing practices, and debt relief schemes. 

That reading, however, may face durability questions when measured against Congress’s apparent target. Section 521 appears to trace to House legislation aimed at the then-emerging information-broker industry, where brokers obtained account information by impersonating consumers or using other ruses to induce unwitting disclosures. The accompanying reports described the provision as a specific response to that “gray area” brokering model, not as a general redress mechanism for any Section 5 deception claim that happens to involve payment information. That history gives defendants a ready limiting principle: GLBA pretexting may be strongest where the alleged deception resembles broker-style access to financial information, and less stable as a broad substitute for Section 13(b) monetary relief in ordinary Section 5 cases. 

Under ROSCA, the FTC has also targeted negative-option marketing practices (i.e., automatic renewals, free-to-paid trial conversions, and subscription traps) to seek redress in cases involving inadequate disclosure, unauthorized charges, and difficult cancellation mechanisms. 

Mufarrige’s Workshop Comments 

At the Workshop, Director Mufarrige offered a spirited defense of the FTC’s use of GLBA and ROSCA as penalty‑bearing enforcement tools. The plain‑text argument is direct, he said. Section 521’s prohibition on obtaining financial information through “false, fictitious, or fraudulent” statements is not limited to obtaining customer data under false pretenses; rather, FTC believes, any misrepresentation combined with the collection of customer financial data is actionable under the statute. According to Mufarrige, the same reasoning applies to ROSCA’s requirements for express informed consent and clear disclosures in negative‑option transactions. Mufarrige framed this enforcement posture as a natural fit for an agency that sees itself as a law enforcer focused on “reinforcing markets, not replacing them”—a theme he returned to repeatedly. 

Mufarrige’s broader remarks emphasized these themes. He stressed that competition remains the “first line of defense” for consumer protection—a framing aligned with Chairman Ferguson’s stated priorities and recent public remarks. On emerging issues, he identified impersonation cases as the agency’s most pressing concern, referencing the Impersonation Rule and the Take It Down Act as key tools. He also noted the agency’s continued focus on junk fees and price transparency. His comments largely echoed statements we’ve heard in recent months from the Commission, although Mufarrige’s defense of GLBA pretexting and ROSCA as redress tools was notably direct. 

AI as a Vehicle for Fraud

Director Mufarrige’s comments on AI were brief but pointed. He emphasized that the FTC’s focus remains on enforcing existing laws and pursuing conduct where AI is used as a vehicle for fraud. This approach aligns with Chairman Ferguson’s stated priorities: the agency sees its role as targeting bad actors who weaponize new technology, not as a regulator of AI development itself. AI-enabled fraud schemes (i.e., synthetic identities and deepfake impersonations) remain squarely within the FTC’s enforcement crosshairs. 

Workshop panelists highlighted how fraud has evolved into a sophisticated, industrialized enterprise. Synthetic identities, which blend fabricated data with real personal information, can slip past traditional verification systems. Account takeover schemes weave together phishing, automated bot attacks, and credentials harvested from data breaches to create what amounts to a criminal supply chain.

First-party fraud has also grown as dispute channels expand. Unlike traditional fraud, where a third party misuses stolen credentials, first-party fraud occurs when the customer who authorized or benefited from a transaction later disputes it. Institutions must then classify the case accordingly, which complicates both liability allocation and dispute resolution. Kelvin Chen, Head of Policy at the Consumer Bankers Association, cautioned that dispute and chargeback volumes could spike as new payment rails emerge and authorization boundaries blur, especially where consumer protections lag behind the established norms of card networks and ACH systems. 

Conclusion

Post-AMG, the FTC has made its enforcement strategy plain. The agency will continue pairing Section 5 deception claims with redress-capable statutory hooks, where available. Although this workshop focused on the financial services sector, the FTC’s position on GLBA pretexting’s reach extends well beyond traditional financial institutions. Section 521’s pretexting prohibition applies to “any person” who makes a false statement to obtain customer financial information. Under the FTC’s expansive interpretation, any misrepresentation coupled with the collection of payment credentials could trigger an ostensible pretexting violation. The impact is significant: most consumer transactions involve obtaining financial information to complete a purchase or service. Companies outside the financial services industry that are not actively thinking about GLBA compliance may nonetheless find themselves subject to GLBA-pretexting claims if their challenged practices involve alleged misrepresentations and consumer payment information.

According to the AG’s complaint, Homeaglow advertised a three-hour cleaning for $19 without clearly disclosing that consumers who took advantage of the offer were signing up for a $59-per-month ForeverClean membership (that did not actually include the cost of cleanings themselves) or that each cleaning was subject to a transaction fee of between 5% and 15%.

Homeaglow also advertised that consumers could “cancel at any time” and that their purchase was “fully refundable.” However, cancellation was subject to an early termination fee over $100. Although this information was disclosed in “fine print” and later in a pop-up tooltip on the website, Washington alleged the disclosures weren’t clear or conspicuous, required the consumer to do a calculation, and didn’t include all material terms. The signup process also included a countdown timer, alleged to rush consumers into avoiding disclosures altogether.

The AG also alleged that Homeaglow suppressed negative reviews on its site to maintain a 4.8-star average, soliciting reviews after all cleanings but only publishing positive reviews.  Moreover, it advertised a five-star rating on Trustpilot based on 6,406 reviews, even though Trustpilot’s data showed a 1.3-star average from approximately 2,000 reviews. Homeaglow continued running the ratings ad even after Trustpilot sent the company a letter claiming to have detected numerous fabricated reviews.

Washington alleged this conduct violated its general Consumer Protection Act.

The settlement terms are familiar, but interesting given the context that Washington does not have specific state automatic renewal or “hidden fees” laws. (Washington alleged this conduct violated its general Consumer Protection Act.) Among other things, Homeaglow must:

• Clearly and conspicuously disclose subscription terms including the existence of the early termination fee “immediately adjacent” to the mechanism they use to obtain consent, 
• Include language in the “call to action” button that references membership such as “Purchase and Join”
• Ensure that cancelling is “at least as easy to use as the method consumers used to enroll” And immediately effective.
• Communicate any limitations on refundability near any refund claims. 

This case and the one we posted about last week serve as two more in a series of reminders that federal and state regulators are paying close attention to automatic renewals, fees, and how companies advertise consumer reviews – even if they don’t have specific laws addressing the conduct.

One Feed, Multiple Formats 
Privacy Perspectives episodes appear on the same Ad Law Access feed hosted by Simone Roach, so if you’re already subscribed, you’ll get these automatically. If not, subscribe now on your preferred podcast platform.

We’ve got more podcast conversations and formats planned for 2026—one subscription gets you everything. Find the episode and more here.

This week, the FTC announced a $35 million settlement with Shutterstock over alleged violations involving auto‑renewals, disclosures, and cancellation. The complaint reflects the Commission’s continued focus on “negative option” features and the ways in which companies present—and obtain consent for—recurring charges. 

According to the FTC, Shutterstock failed to clearly and conspicuously disclose key material terms, including that certain products would automatically renew and that consumers could incur cancellation fees. The Commission alleges that these terms were often buried in fine print or otherwise presented in a way that consumers were unlikely to notice before being charged. 

The FTC also focused on Shutterstock’s marketing of certain “on‑demand packs” as being suitable for a “one‑time project” with “no commitment,” while allegedly failing to adequately disclose that these products could trigger automatic renewals. As in other recent cases, the agency is scrutinizing the disconnect between headline claims and the underlying billing structure. 

In addition, the complaint alleges that Shutterstock failed to obtain consumers’ express informed consent before charging their payment methods and made it difficult to cancel subscriptions. Consumers were allegedly required to navigate time‑consuming customer support channels rather than using simple online cancellation methods. 

Under the proposed order, Shutterstock will pay $35 million and will be required to clearly disclose material terms, obtain express informed consent, and provide straightforward cancellation mechanisms. These requirements mirror the FTC’s now‑familiar framework for negative option cases. 

If you’re reading this post, wondering whether your company will be next and whether you can get away with it, the answer is maybe. But getting it wrong can be very expensive.

Consumer Protection in Kansas: Organization and Priorities

Kansas’s Public Protection Division houses the office’s largest section, consumer protection, while also focusing on antitrust, charities, financial scams, open records and meetings, and sexually violent predators. Priorities are set through a combination of consumer complaint screening—where patterns of conduct trigger escalation—and monitoring regional and national trends through multistate AG meetings and collaborative investigations. Chief Deputy Sciarrotta noted that under Kris Kobach, the current Attorney General, Kansas is “a national player when it comes to investigating and holding large companies to account” while also investigating and civilly prosecuting local businesses for misleading consumers. The Division’s approach is to first make consumers whole, escalating penalties and investigative fees as patterns emerge, and joining multistate efforts where scale warrants. Despite its relatively small size, the office reported over $180 million in consumer recoveries and judgments since January 2023, more than $3 million in settlements for state funds in FY 2025, and roughly 4,000 consumer complaints received and resolved each year.

Consumer Protection Authorities in Practice

Kansas’s primary consumer protection statute is the Kansas Consumer Protection Act (K.S.A. 50-623 et seq.), which provides broad UDAP-style authority and has incorporated additional statutes over time—including, as Smith noted, requirements related to “age verification of website content that’s harmful to minors.” The guest speakers indicated that existing law generally provides a sufficient basis to address emerging technologies like AI, though it may be more challenging without legislative updates, and emphasized that consumer protection authority remains broad as to misleading products and services. At the same time, the office expressed support for more targeted legislation to provide clearer priorities and refine existing authority as applied to AI.

Kansas conducts pre-suit investigations using its subpoena authority (functionally equivalent to a civil investigative demand). The office stressed using that authority with due process and a problem-solving posture, which facilitates pre-litigation dialogue, preserves confidentiality, and, where nothing is found, allows matters to close without public filings.

The Kansas AGO resolves consumer protection matters primarily through consent judgments; assurances of voluntary compliance are disfavored because they lack express statutory grounding and are harder to enforce over time. Per court precedent, there is no statute of limitations on AG consumer protection actions, and pre-suit notice is not required by statute—though businesses will likely hear from the office multiple times before any suit is filed. Civil penalties under the KCPA are up to $10,000 per violation, with the possibility of a per-day cadence for ongoing conduct, plus an additional $10,000 enhancement where the consumer is part of a protected class which includes military, a veteran or military spouse, elderly (over 60), disabled, or non-English-speaking.

Restitution is the central focus of consumer protection matters. Injunctive relief is tailored to the case; for example, in appropriate local matters with egregious conduct, permanent injunctions barring future operations may be the decisive remedy, while larger national matters may employ prescriptive behavioral terms similar to those in opioid and tobacco settlements aimed at reshaping business models going forward.

Artificial Intelligence and Protecting Children

The guest speakers discussed artificial intelligence as it relates to youth, including SB 405, a proposed bill regarding AI chatbots in which Attorney General Kobach testified to the Kansas Legislature (video of testimony played during the webinar). Kobach cited a growing body of incidents in which AI chatbots have “encouraged teen suicide,” generated child sexual abuse material, created sexualized conversations with minors, and “pretended to be a licensed therapist.” He described a fact pattern in which a 13-year-old girl begins by asking a chatbot for fashion advice, then for relationship advice, and ultimately relies on it for mental health guidance with potentially catastrophic consequences.

SB 405 would have made it unlawful to train an AI chatbot to simulate human relationships or develop emotional bonds with users; pose as a healthcare provider, physical or mental; encourage or support suicide; or encourage isolation. The office characterized the bill as an enhancement of already broad UDAP authority, sharpening penalties and adding tools tailored to AI risks that were not contemplated when most consumer protection statutes were enacted. Although the bill did not advance beyond a February 2026 committee hearing, its framework signals the categories of conduct Kansas is likely to target under existing authority or in a future session.

Beyond legislation, General Kobach sent letters to AI companies—separate from a contemporaneous multistate effort—citing reports of chatbots impacting young Kansas children. The office reiterated that AI development cannot get ahead of guardrails against deception and child-targeted risks, and that pre- and post-litigation discovery will probe what companies knew and when.

Practical Guidance for Engaging with the Office

The office encouraged proactive, transparent engagement—beginning with introductions when there is no live issue and continuing through timely, fulsome responses if a letter or subpoena is issued, with rolling productions honored and explained. Sciarrotta cautioned that ignoring inquiries, minimizing them, or adopting a scorched-earth approach sets a poor tone, prolongs matters, and increases the likelihood of more aggressive remedies later.

Kansas welcomes substantive meetings, but high-level claims of good conduct untethered to documents or data will not move the needle if state findings or media reports point the other way. Smith added that cooperation in good faith is the surest route to the best possible outcome, particularly where matters are technically complex or involve proprietary systems in which the office could benefit from explanatory walkthroughs with the business. Conversely, dumping unmanageable volumes of information without context or impeding reasonable requests reduces the office’s flexibility as investigations advance.