One of the key questions in the case is how consumers understand the “manufactured” claim. Bigelow argued that the claim refers only to the tea bags – not to the tea itself – and that the claim was truthful because the bags are, indeed, made in this country. In contrast, plaintiffs argued that consumers understand the claim to mean that the tea itself is processed in the USA, and they presented a consumer perception survey to support their argument. In 2023, the court allowed that survey, over Bigelow’s objections.

This week, the court granted partial summary judgment to the plaintiffs, rejecting Bigelow’s argument that the “manufactured” claim refers only to the tea bags. The court wrote that “the tea leaves inside are vital to the tea bags as consumers purchase tea bags for the tea itself. In fact, the tea leaves are not only a component part of the tea bag; they are the very essence of the tea bag.” Because the tea leaves are grown and processed abroad, the court found the “Manufactured in the USA” statement to be literally false.

Although the decision only mentions the FTC in passing, the analysis mirrors how the FTC would read Bigelow’s claims. In fact, the court notes that the FTC has determined that “consumers are likely to understand an unqualified U.S. origin claim to mean that the advertised product is ‘all or virtually all’ made in the United States.” For more details on how the FTC approaches these claims, see this week’s post about the FTC’s newly updated version of its Complying with the Made in USA Standard business guide.

Feeling betrayed, Mario and Alin filed a lawsuit against 21st Century Spirits (the makers of Blue Ice Vodka) alleging – among many other things we won’t cover in this post – that 21st Century Spirits and its influencers had made misleading health claims about the vodka and that the influencers hadn’t disclosed that they were being paid by the company to promote the vodka, as they are required to do under the FTC’s Endorsement Guides.

21st Century Spirits argued that they hadn’t made any health claims. An Illinois federal court rejected that argument, citing a post in which an influencer stated: “I make fit-friendly cocktails that have fewer calories than an apple.” The court noted that some consumers would surely interpret this to mean that the vodka is healthy, but that whether that interpretation is reasonable shouldn’t be decided by a judge at the motion to dismiss stage.

With respect to the plaintiffs’ arguments that the influencers didn’t comply with the Endorsement Guides, 21st Century Spirits countered that the Guides are “not law” but merely “advisory in nature.” The court noted that although the Guides are not the source of per se violations of statutes like Florida’s false advertising law, even “interpretations” under the FTC Act are entitled to “due consideration and great weight” when analyzing whether something is deceptive under the law.

21st Century Spirits argued that the influencer posts weren’t “endorsements” under the Endorsement Guides because the influencers merely mentioned the vodka. The court rejected that argument, noting that many influencers overtly promoted the vodka. For example, one influencer posted that “there’s nothing better than relaxing with a smooth @blueicevodkausa cocktail in hand after a long day,” that the vodka “can definitely help you stay fit during quarantine,” and that consumers should have some delivered.

21st Century Spirits also argued that, even if the posts were endorsements, a disclosure wasn’t necessary because a “reasonable consumer” wouldn’t interpret the posts as “honest consumer advice.” The court reframed the argument in a better way, suggesting the company meant that because consumers would reasonably expect that the influencers were paid, a disclosure wasn’t necessary. The court still rejected that argument because it’s not clear whether consumers would have that expectation.

This case isn’t over yet, but there are still some lessons you can learn at this stage. First, to save you the time Mario and Alin spent researching the issue, we’ll tell you that although it’s fine to enjoy vodka periodically, vodka probably shouldn’t form the foundation of your health and fitness plans. (If you remember this post from 2016, you may recall that gin shouldn’t either.) But we’re not just here to give you health tips – we’re here to give you some legal tips, too.

To save you the time that 21st Century Spirits has spent fighting this issue, you need to pay close attention to your influencer campaigns. You need to ensure that your influencers don’t make claims about your products that you can’t support. And you need to ensure that your influencers clearly disclose their connections to your company. Although courts may not interpret the Endorsement Guides as strictly as the FTC will, they’ll likely give some weight to the FTC’s interpretations.

Under the Magnuson-Moss Warranty Act, companies that offer warranties for consumer products that cost more than $5 generally can’t condition their warranties on a consumer’s use of any part or service identified by brand name, unless the warranty states that the part or service will be provided for free (or they have a waiver from the FTC). Under the FTC Act, it’s also deceptive for companies to create the misleading impression that a consumer will void their warranty by using unauthorized parts or service.

Letters to four air purifier sellers and one treadmill manufacturer raise concerns about the companies’ statements that consumers must use specified parts or service providers to keep their warranties valid. And letters to three companies that sell computer equipment raise concerns about stickers stating that a warranty will be void if the sticker is removed, when the inability to remove the sticker would prevent consumers from performing routine maintenance and repairs.

The letters include this warning: “This letter places you on notice that violations of the Warranty and FTC Acts may result in legal action. FTC investigators have copied and preserved the online pages in question, and we plan to review your company’s written warranty and promotional materials after 30 days.” Recipients of the letters should certainly review their warranty practices to ensure they comply with the law. And if you haven’t checked your practices recently, maybe you should, too.

• the product’s final assembly or processing must occur in the USA;

• all significant processing that goes into the product must occur in the USA; and

• all or virtually all ingredients or components of the product must be made and sourced in the USA.

Here are a few things that are new in the guidance:

• The FTC made updates to incorporate the Made in USA Labeling Rule, which codified the “all or virtually all” standard for product labels in 2021. Marketers may now be subject to civil penalties if they make unqualified “Made in the USA” claims on labels for a product that is not “all or virtually all” made in the USA, including online or in catalogs.

• The FTC adds that companies have an ongoing obligation to review their substantiation to make sure the claims remain accurate. If something changes and a company can no longer support a “Made in the USA” claim, the company must update its marketing materials. (Both this post and this post illustrate that principle.)

• The FTC notes that when companies make qualified claims that a product includes both foreign and domestic parts, the companies must be able to substantiate that the parts that designated as being domestic are “all or virtually all” made in the USA.

The FTC also updated some of its examples to better illustrate how the “all or virtually all” principles apply in different circumstances and made some of the examples more current. For example, an example that currently refers to a microchip used to refer to a “floppy drive.” (Younger readers may need look up that term.)

A blog post announcing the new guidance reminds readers that the FTC means business when it comes to “Made in the USA” claims. “That’s why we keep suing companies that don’t play by the rules, assessing penalties where appropriate, and returning money to consumers when we can.” If you haven’t reviewed your claims recently, now may be a good time to do that.

The California legislature swiftly took action to override this part of the guidance in passing an amendment that adopts a modified standard for a restaurant, bar, food concession, grocery store, or grocery delivery service. Specifically, SB1524 rushed through both chambers in California on an urgency clause and was signed by the Governor on June 29 – two days before the now effective fee law took effect. The bill that provides that the requirement to include all mandatory fees as part of product price does not apply to “a mandatory fee or charge for individual food or beverage items sold directly to a customer by a restaurant, bar, food concession, grocery store, or grocery delivery service” or for catering services. However, the bill does not carve-out such establishments altogether and instead requires that these businesses clearly and conspicuously display a mandatory fee or charge “with an explanation of its purpose, on any advertisement, menu, or other display that contains the price of the food or beverage item.” The sponsor of the bill noted in the Senate Floor Analyses that the bill “strikes the right balance between strengthening transparency for consumers and providing restaurants with clarity and flexibility in how they cover their costs.”

While the general “hidden fee” law under SB 478 is now fully enforceable as of July 1, 2024, this exception’s requirement for clear and conspicuous disclosure is not effective until July 1, 2025. We expect to see an uptick in litigation and regulatory enforcement in light of the now effective legislation, though SB 1524 should offer some reprieve to the restaurant industry.

Federal Efforts

American Privacy Rights Act

Last week, the House Energy and Commerce Committee abruptly canceled a scheduled markup of the latest American Privacy Rights Act (APRA) discussion draft, Congress’s most recent comprehensive privacy proposal. Some privacy advocates welcomed the cancellation, strongly opposing the removal of AI and civil rights protections in the latest draft. These protections included prohibitions against algorithmic discrimination and requirements for transparency and impact assessments for AI systems.

At present, it seems APRA may not advance as far as the 2022 American Data Privacy and Protection Act, which was passed out of the Energy and Commerce Committee but ultimately never received a floor vote. With the August recess and October break ahead of the November elections approaching, the likelihood of any comprehensive privacy legislation reaching the House floor this year seems dim. However, we will continue to monitor these federal legislative efforts and their potential impact on AI providers.

White House Executive Order

Last year, the White House released the federal government’s first comprehensive guidelines regarding AI. Although the Executive Order focuses almost entirely on the government’s own use of AI, the ultimate effects of the order will be significant for private sector businesses engaging with federal agencies.

Pursuant to the Executive Order, on April 29, 2024, NIST released a draft risk management profile specifically addressing generative AI. The Generative AI Profile—which is intended as a companion resource to NIST’s AI Risk Management Framework—offers voluntary best practice guidance regarding the design, deployment, and operation of generative AI systems. As states continue to draft AI legislation, the NIST AI Risk Management Framework will likely continue to serve as an instructive reference point for legislators across the country.

State Legislation

Colorado AI Act

The Colorado AI Act, SB 205, is now set to take effect February 1, 2026, although the freshly-signed law is already slated for revisions: in a recent letter, Gov. Jared Polis, AG Phil Weiser and Senate Majority Leader Robert Rodriguez acknowledged that “a state by state patchwork of regulation” on AI poses “challenges to the cultivation of a strong technology sector” and promised to engage in a process to revise the new law to “minimize unintended consequences associated with its implementation.”

As drafted, the law introduces new obligations and reporting requirements for both developers and deployers of AI systems. Key requirements include:

• Transparency. Moving forward, any businesses that use AI systems to interact with consumers must disclose this fact during consumer interactions.

• Algorithmic Discrimination in High-Risk AI Systems. The new law seeks to combat “algorithmic discrimination,” where the use of AI results in outcomes that disfavor consumers based on several personal and sensitive data categories. High-risk AI systems are defined as systems used to make decisions about individuals in the areas of education, employment, finance or lending, government services, healthcare, housing, insurance, and legal. Developers and deployers of such systems have a duty to use reasonable care to protect consumers from known or reasonably foreseeable risks of algorithmic discrimination, and the law identifies specific obligations such entities must undertake.

• Consumer Notice, Correction, and Opt-Out Rights. Consumers must be notified when high-risk AI systems are used to make any decisions about them in the areas outlined above (e.g., education, employment, etc.), and must have the right to correct inaccurate data and appeal the decision to a human reviewer.

• Existing Obligations Under the Colorado Privacy Act (CPA). Deployers must also respect the existing rights of consumers under the CPA, including the right to opt-out of the processing of personal information for profiling with legal or similarly significant effects concerning the consumer, including decisions made using AI. In April, Colorado amended the CPA’s definition of sensitive data to include both biological and neural data used either in insolation or in combination with other personal data elements for identification purposes. The CPA additionally creates AI-related disclosure obligations, requiring businesses to provide privacy policy language that details the personal data categories used for profiling, a plain-language explanation regarding the AI logic in use, explanations describing its benefits and potential consequences, and text explaining whether the system has been evaluated for accuracy, fairness or bias.

• Enforcement. The Colorado attorney general has sole authority to enforce the Colorado AI Act, and the law includes no private right of action. Violations are considered breaches of Colorado's general consumer protection laws, which can result in a maximum civil penalty of $20,000 per violation. Notably, each violation is counted individually for every affected consumer or transaction. Consequently, just 50 impacted consumers could result in a maximum civil penalty of $1 million. Actions must be brought within three years of the violation occurring, or from the time when the violation was discovered.

We’ll keep an eye on whether all these requirements survive the revision process suggested above.

Utah Artificial Intelligence Policy Act

On May 1, 2024, Utah’s Artificial Intelligence Policy Act, SB 149, became effective. Generally, Utah’s legislature has pursued a far lighter touch to AI regulation than Colorado. Key takeaways include:

• Disclosure Upon Request. Most businesses and individuals will only be required to disclose the use of AI when prompted by a consumer.

• Disclosing the Use of AI in Regulated Professions. Businesses and individuals operating within regulated professions (e.g., healthcare professionals) must prominently disclose the use of AI before its use with customers.

• Responsibility for Generative AI Outputs. Companies are responsible for the outputs of their generative AI tools and cannot pass on blame if those tools violate Utah consumer protection laws.

Comprehensive State Privacy Laws

Twenty states have now passed comprehensive state privacy laws: California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia. These states, with the exceptions of Utah and Iowa, impose additional requirements on companies engaging in “profiling,” which is defined as the automated processing of personal data to analyze or predict something personal about an individual, such as one’s economic situation, behavior, health, or personal preferences. Under these laws, consumers must be able to opt-out of being profiled in a manner that could lead to a “legal effect” on that consumer or another “similarly significant effect.” Although a few of these laws are currently effective, the majority come into effect over the next few years. Here are the key dates to keep mind:

• Currently Effective. The comprehensive privacy laws in California, Colorado, Connecticut, Utah, and Virginia are currently effective.

• Effective in 2024. Florida, Montana, Oregon, and Texas have comprehensive privacy laws coming into effect in the next several months.

• Effective in 2025. Delaware, Iowa, Maryland, Minnesota, Nebraska, New Hampshire, New Jersey, and Tennessee have enacted comprehensive data privacy laws that will become effective in 2025.

• Effective in 2026. Kentucky and Indiana have enacted comprehensive data privacy laws that will become effective on Jan. 1, 2026. The Rhode Island legislature also passed the Rhode Island Data Transparency and Privacy Protection Act, SB 2500 / HB 7787, on June 13, 2024. If signed, the law will also become effective on Jan. 1, 2026.

California Privacy Protection Agency Initiatives

The California Privacy Protection Agency is currently considering rules and engaging in pre-formal rulemaking stakeholder sessions regarding the use of automated decision making technology (ADMT). California defines ADMT as technology that collects, uses, retains or discloses personal information and either replaces or substantially facilitates human decision making. Algorithmic “profiling,” discussed above, is encompassed within this definition. Examples include resume-screening tools used by businesses to decide whether to interview applicants and analytics tools that place consumers into audience groups to further target them with advertising.

Businesses subject to the California Consumer Privacy Act (CCPA) and that use ADMT for “extensive profiling,” to make “significant decisions” regarding consumers, or that use personal information to train ADMT would be subject to new transparency and opt-out requirements. Behavioral advertising, the practice of tracking users’ online activities to deliver ads tailored to their interests, is included within the definition of “extensive profiling.” Further discussion regarding the terms “extensive profiling” and “significant decisions” can be found here. Businesses would be required to offer a pre-use notice informing consumers of how the company uses ADMT and of the individual’s CCPA opt-out rights.

Ongoing Legislative Efforts

Currently, a multitude of states, including New York, California, and Massachusetts, are working on proposed AI governance bills. In addition, new legislation in Illinois addressing AI usage currently awaits the Governor’s signature.

• California. The Assembly recently advanced multiple bills addressing AI usage. These bills include provisions prohibiting algorithmic discrimination and would establish new compliance and reporting requirements for AI providers. Additionally, these bills would require businesses to implement watermarking systems identifying AI-generated content and to publicize information regarding the methods used to train AI models.

• Illinois. On May 24, 2024, the Illinois legislature passed HB 3773, amending the Illinois Human Rights Act by adding new provisions regarding the use of predictive data analytics for employment and credit decisions.

Europe

The EU AI Act

On May 21, 2024, the EU Council unanimously passed the EU AI Act (AIA). Businesses, whether EU-based or not, should pay close attention to the upcoming changes for two reasons. First, the AIA applies to all providers of AI systems placed on the EU market, regardless of where the provider is located. Second, the penalties for non-compliance are some of the toughest in the world, allowing for fines up to €35 million EUR or 7% of a company’s annual revenue.

Broadly, the AIA creates a risk classification scheme, which places AI systems into one of several categories. The categories are:

• Unacceptable Risk. AI systems constituting an unacceptable risk are prohibited entirely. These include systems used to manipulate or exploit individuals, classify or evaluate individuals based upon their personal traits, and emotion-recognition systems used in workplace and educational contexts.

• High Risk. The AIA defines high risk systems as those presenting a significant risk to health, safety, or fundamental rights. Examples of AI systems falling under this category include those used in education, employment, healthcare, and banking settings. Providers of high-risk systems are subject to a number of strict regulations, including required registration in a public EU database. Additionally, providers of these systems must perform regular impact assessments and implement procedures that ensure transparency, security, and human oversight of their systems.

• Limited Risk. For systems posing limited risks, such as chatbots interacting with humans and AI-generated content, the AIA imposes transparency obligations to ensure humans are informed that an AI system was involved. Providers of AI-generated content must ensure it is identifiable as such.

• Minimal or No Risk. Minimal-risk AI uses, which present little to no risk to the rights or safety of individuals, can be freely used under the AIA. Examples include AI-enabled video games and spam filters. Most AI systems currently deployed are likely to fall under this category.

• General Purpose AI (GPAI). GPAI refers to AI systems trained on broad datasets capable of serving a variety of purposes. Popular examples include OpenAI’s ChatGPT and DALL-E programs. Providers of GPAI models are required to produce technical documentation and release detailed summaries of their training data. For GPAI models that present systemic risks, providers must also implement cybersecurity measures, mitigate potential risks, and perform evaluations that include adversarial testing.

We will continue to monitor these ongoing state, federal, and international AI legislative efforts and provide you with the latest updates to help you prepare for what lies ahead.

Summer Associate Joe Cahill contributed to this post

• The States Contend Concurrent Enforcement by the FTC and State Governments is a Common, Widely Accepted Practice that Does Not Undermine the Validity of the FTC Order. State AGs contend that the FTC’s order is not duplicative of the previous multistate settlement. For example, the FTC order prohibits Intuit from engaging in a wide range of misleading practices beyond the previous settlement’s specific and enumerated prohibitions. Further, the FTC order requires Intuit to use specific language in advertisements claimed to ensure consumers are adequately informed that free service is available only for a limited group of taxpayers, going beyond the states’ settlement. In terms of compliance duration, the FTC order requires 20 years, whereas the previous settlement required 10 years. Even if similarities are present with the previous settlement, state AGs argue that concurrent enforcement by the federal and state governments is a longstanding practice that is well-supported by principles of dual sovereignty that have complementary enforcement mechanisms.
• The States Support FTC’s Application of Net Impression Standard. According to the state AGs’ own enforcement experience, the FTC’s order is consistent with longstanding principles of both state and federal consumer protection law. As explained by the FTC, assessing what claim is conveyed by an advertisement requires discerning the overall net impression of the advertisement for the reasonable consumer-viewer. The states explain that federal and some state consumer protection laws specifically require as part of a context-driven analysis for deception claims, that advertisements claiming a product is “free” clearly identify any conditions or disclaimers associated with that offer to ensure consumers properly understand the terms.
• The States Argue the Alleged Conduct Was Deceptive and Harmful. According to the brief, the states claim Intuit’s advertisements consistently conveyed to consumers that they could file a tax return for free using a TurboTax product, even though that message was false for most taxpayers. They also argued that Intuit conducted search engine manipulation to promote its commercial TurboTax products, while steering consumers away from a different TurboTax product that was entirely free for many consumers at or below a certain income threshold. As a result, state AGs argue that millions of consumers were harmed through lost time or money (or both).

State AGs and the FTC have a long history of working together in their missions to protect consumers, whether it be through support by way of an amicus brief, coordinating on enforcement actions, or providing consumer education. Businesses should be aware of this relationship and recognize that action by one may not preclude other investigation or enforcement activity by others. This productive collaboration extends even where the states have already obtained relief against a defendant (e.g., Intuit), indicative of the states’ willingness to opine and support additional FTC enforcement even after they've already settled their claims.

Arkansas brought the action pursuant to the Arkansas Deceptive Trade Practices Act (ADTPA), which prohibits deceptive and unconscionable business practices, and the Arkansas Personal Information Protection Act (PIPA), which requires businesses protect data concerning Arkansas residents with reasonable security practices. Numerous allegations by the state against Temu regarding app user personal information include that it is:

• Using the inducement of low-cost Chinese-made goods to lure users into unknowingly providing near-limitless access to their PII,
• Misleading users regarding how it uses their data,
• Not allowing users to avoid being tracked on the internet,
• Collecting virtually limitless amounts of data, and in addition to Bluetooth and Wi-Fi access, gaining full access to user contacts, calendars, and photo albums, plus all social media accounts, chats, and texts,
• Gaining permission from user devices upon app installation to subsequently install any further program it wishes without user knowledge or control,
• Obtaining personal information in a way that is purposely secretive and intentionally designed to avoid detection,
• Providing or selling user data to unauthorized third parties or using user data in a way that users did not authorize,
• Potentially harvesting data of non-users who have communicated with users, and
• Subjecting user data to misappropriation by Chinese authorities.

The state cites reports and third-party research throughout its complaint to support its claims against Temu. Temu, in response, said the company was “surprised and disappointed” by General Griffin filing the lawsuit without what the company called “any independent fact finding.”

In addition to the allegations regarding privacy harms of the app, the state claims defendants make deceptive representations about the quality of the goods sold, which it says are frequently counterfeit, and that users experience undelivered packages and poor customer service. The state further claims Temu uses “false-reference pricing,” in which a retailer represents to a prospective customer that a product is on sale at a steep discount when the “discounted price” is the product’s regular market price. The state’s allegations against Temu also include the use of fake and deceptive reviews, a concern to many AGs, and the claim that Temu failed to take adequate measures to protect minors, among others.

The state requests the court preliminarily and permanently enjoin defendants from treating Arkansas consumers unlawfully, unconscionably, and deceptively as described in the complaint, plus requests civil penalties and other monetary and equitable relief. Temu said, “We categorically deny the allegations and will vigorously defend ourselves.”

Arkansas is not the only state concerned about Temu’s practices. In 2023, Montana banned the download of the Temu app (and a handful of other apps) on devices issued by the state or connected to the state network based on its affiliation with foreign adversaries. The state also banned third-party firms conducting business for or on behalf of the state of Montana from using Temu and the other apps in question.

This action demonstrates the breadth of authority provided to state AGs, especially related to consumer protection. AGs routinely use UDAP laws to bring expansive matters, which can evolve from looking at one issue into many. Here, while there is much attention to the allegations related to Temu’s data collection and security practices, the other general UDAP violations on the quality of products and fake reviews show how multiple areas of misconduct claims will be addressed by AGs. All of these areas continue to be a hot topic for state AGs, as are companies with foreign affiliations thought of as problematic. As we have discussed many times before, the AGs often work together in their missions to protect consumers; only time will tell if more AGs follow with complaints against the popular shopping app.

SC Johnson argued that consumers will understand “simple” in the tagline to mean that the ingredients in the products are not complex and that they are minimally processed. Native countered that the word just conveys the message that Native products use fewer ingredients. NAD sided with Native and determined that because the tagline is visually separate from the ingredient list, reasonable consumers would understand that “simple,” in this context, refers to the product as a whole and not to the individual ingredients.

Native provided evidence that minimalist formulations for skincare products use 10 or fewer ingredients, as opposed to other formulations which can have more than 30 ingredients. The Native products fall on the lower side of that range with somewhere between 9 to 11 ingredients. Accordingly, NAD found that Native could support the reasonable interpretation of “simple” that appeared in the tagline. The decision is simple enough, so far, but things get more complicated when it comes to the ingredients.

Native argued that the term “simple ingredients” was meant to convey a message about the basic function performed by the highlighted ingredients and that the message is reinforced by a plain-language description of that function. SC Johnson and NAD both disagreed. NAD concluded that that one reasonable message that consumers may take away from the term “simple ingredients” in the context in which the term appeared is that the ingredients are not complex and that they are minimally processed.

NAD relied on the opinion of an SC Johnson expert who explained that some of the ingredients in the Native products “go through complex manufacturing and processing to refine them so that they no longer resemble the original simple ingredient at the start of the manufacturing process, or the simple ingredient stated on the label.” Native did not disagree with the explanation of the process. Accordingly, NAD determined that Native could not support the description of certain ingredients as “simple.”

Companies that make personal care products may be drawn to using words like “simple” to appeal to customers looking for minimalist products, but those words can be difficult to substantiate, in part, because they don’t have clear meanings. (The same goes for “clean” claims, which we discussed here and here.) It’s important to take a close look at the context in which you use those words to figure out how consumers (or NAD) may interpret them and to make sure you have the evidence to support that interpretation.

Loper Bright Enterprises v. Raimondo

Loper Bright overrules Chevron, eliminating the deference given to agencies’ interpretations of ambiguous statutes. Since 1984, courts have employed a two-step framework when reviewing an agency’s statutory interpretations. First, courts determined “whether Congress has directly spoken to the precise question at issue.”[1] If it had not and there was any ambiguity, courts moved on to the second step, deferring to the agency’s interpretation if it was a “permissible construction of the statute.”[2] Under Chevron, courts were obliged to cede their independent judgment to an agency’s reasonable interpretation.

In Loper Bright, the Supreme Court held that this deference “defies the command of the [Administrative Procedure Act] that ‘the reviewing court’—not the agency whose action it reviews—is to ‘decide all relevant questions of law’ and ‘interpret . . . statutory provisions.’”[3] Agencies, according to the Court, “have no special competence at resolving statutory ambiguities. Courts do.”[4] Going forward, courts must do what they do best and “use every tool at their disposal to determine the best reading of the statute and resolve the ambiguity.”[5]

For forty years, Chevron has given agencies an advantage in disputes over the statutes they administer. It has required courts to defer to agency interpretations, even when the agency’s interpretation has evolved (sometimes dramatically) over time. In his concurring opinion, Justice Gorsuch points to the FCC’s changing rules regarding the classification of broadband internet across four administrations as an example of the “regulatory whiplash that Chevron invites.”[6]

The death of Chevron deference will be felt across administrative agencies, including at the Federal Trade Commission (“FTC” or “Commission”). Most immediately, the decision may impact the Commission in legal challenges it faces to two rules: the Non-Competes Clause Rule and the Combating Auto Retail Scams (CARS) Rule. Previously, if there was a dispute about the meaning of the statute at issue, the FTC could simply point to Chevron and expect to prevail. For example, in National Automobile Dealers Association v. Federal Trade Commission, the court applied Chevron to determine that the FTC’s interpretation of “uses” under the Fair and Accurate Credit Transactions Act of 2003 was reasonable and entitled to deference.[7] [Full disclosure: the author worked on this case on behalf of the FTC.] Going forward, a reviewing court will now use its own judgment to resolve any ambiguity.

Beyond rulemaking, Loper Bright could also potentially impact any FTC efforts to expand its authority under Section 5 of the FTC Act. Section 5 is famously broad (and, some might even say, ambiguous). Entities and individuals that find themselves in a dispute with the agency over statutory questions, such as what constitutes an unfair method of competition, may now press their case before a “neutral party ‘to interpret and apply’ the law without fear or favor … .”[8]

Jarkesy v. S.E.C.

In Jarkesy v. S.E.C., the Court ruled that the Seventh Amendment right to a jury trial requires that the SEC seek civil penalties for securities fraud in district court. The Court found that, where an agency’s claims are legal in nature, they must be tried before a district court. In determining whether claims are legal (and not, for example, equitable or admiralty), courts must consider both the remedy and cause of action. When a monetary remedy is meant to punish rather than “restore the status quo,” it is legal rather than equitable, and implicates the Seventh Amendment.[9] In addition, the Court found that the “public rights” exception (Congress’s ability to assign certain matters to an agency without a jury) did not apply, because fraud is in the nature of an action at common law. Suits akin to those brought in common law “presumptively concern private rights, and adjudication by an Article III court is mandatory.”[10]

While this decision will affect administrative agencies beyond the SEC, its immediate impact on the FTC is likely to be limited. The Commission is already required to go to district court to obtain civil penalties. It is an open question whether there might be other remedies sought by the FTC in administrative litigation that are likewise legal in nature and implicate private rights, which may no longer be obtained in-house. For example, the FTC has sometimes issued cease and desist orders in deception cases which ban Respondents from doing business in a particular industry.[11] If this remedy is viewed as punitive and implicates a core private right, it could only be imposed by an Article III court. Other novel remedies the Commission has obtained in settlements, such as so-called algorithmic disgorgement, may also be off-limits in an agency cease and desist order.

Because the Seventh Amendment jury trial requirement resolved the case, the Court did not reach two other questions that could have affected the FTC. First, the Court did not determine whether the ability of an administrative agency to determine whether to bring an action administratively or in federal court violates the non-delegation doctrine. Second, the Court did not consider whether an ALJ’s two layers of for-cause removal protections violates separation of powers. These and other issues, such as whether the FTC’s role as both prosecutor and judge in administrative proceedings constitutes a due process violation, will continue to be the subject of litigation. If these questions ultimately find their way back to the Court, at least two Justices have signaled that Article III and the Due Process Clause of the Fifth Amendment also limit agencies’ ability to handle certain matters administratively. In a concurrence, Justice Gorsuch, joined by Justice Thomas, writes that, because the SEC would deprive Jarkesy of property, “due process demands ‘nothing less than the process and proceedings of the common law… .’”[12] This means use of an Article III court and “not the use of ad hoc adjudication procedures before the same agency responsible for prosecuting the law, subject only to hands-off judicial review.”[13]

The fight against the so-called administrative state seems destined to continue for a bit longer. We will keep you posted.

Notes

[1] Chevron U.S.A., Inc. v. Nat. Res. Def. Council, Inc., 467 U.S. 837, 842 (1984).

[2] Id. at 843.

[3] Loper Bright Enterprises v. Raimondo, 603 U.S. __(2024) (slip op., at 21).

[4] Id. (slip op., at 23).

[5] Id.

[6] Gorsuch, J., concurring at 24.

[7] Nat’l Auto. Dealers Ass’n, v. FTC, 864 F. Supp. 2d 65 (D.D.C. May 22, 2012).

[8] Id. at 6.

[9] SEC v. Jarkesy, 603 U.S. ___(2024) (slip op., at 9).

[10] Id. at 14.

[11] See, e.g., In the Matter of Traffic Jam Events, Docket No. 93-95 (Oct. 25, 2021), https://www.ftc.gov/legal-library/browse/cases-proceedings/x200041-202-3127-traffic-jam-events-llc-matter (cease and desist order bans Traffic Jam and David J. Jeansonne II from participating in any business relating to the advertising, marketing, promotion, distribution, or sale or leasing of motor vehicles).

[12] Gorsuch, J., concurring at 12. See also, Axon Enterprise, Inc. v. FTC, 598 U.S. 175, 204 (2023) (Thomas, J., concurring).

[13] Id.

Background

Since the original Rule was issued in 2009, the use of health-related apps and other direct-to-consumer technologies collecting health information (e.g., fitness trackers and wearable blood pressure monitors) has proliferated. In September 2021, the FTC issued a “Policy Statement” reinterpreting the scope of the HBNR and signaling the FTC’s intent to treat these new products and technologies as covered by the Rule. The updated HBNR, finalized on April 24, 2024, formalizes this expansion of the HBNR as envisioned in the Policy Statement.

Who Is Subject to the HBNR?

The HBNR applies to entities offering or maintaining personal health records not covered by HIPAA. It covers vendors of PHRs, PHR-related entities, and third parties providing services to these entities. However, distinguishing among these categories can be challenging. Here are a few examples:

• Vendors of PHR. Companies providing online platforms or mobile apps that allow consumers to create comprehensive health records by storing and managing their health information from multiple sources are likely vendors of PHR. Examples include fitness tracking apps, diet and nutrition apps, and mental health apps that integrate data from the user and other sources, such as wearable devices or purchase histories stored with retailers.
• PHR-Related Entities. Businesses offering devices like remote blood pressure cuffs or internet-connected glucose monitors may qualify as PHR-related entities when users sync this health information with another health app.
• Third Party Service Providers. Third party service providers are roughly equivalent to processors or service providers. Businesses offering data security, advertising, or analytics services, for example, to a PHR vendor or a PHR-related entity with access to unsecured PHR data are considered third party service providers under the HBNR.

Businesses should be aware that where they fall under these categories depends heavily on the specific practices at hand, and they may move from one category to another. For instance, a third party may be considered a PHR-related entity if it offers services to a health app for its own purposes, such as research and development or product improvement. Similarly, a device manufacturer may be a PHR-related entity if it syncs health information with a third-party health app, but a vendor of PHR if it syncs health information with its own app (while integrating data from multiple sources).

What’s New

• Covered Health Care Providers. “Covered health care providers” constitute one category of the sources of PHR individually identifiable information (other categories of sources are employers and HIPAA-covered entities). The Rule expansively defines covered health care providers to include “any online service such as a website, mobile application, or internet-connected device” that supports the tracking of consumer health indicators, like fitness, sleep, mental health, and vital signs. Under the revised Rule, mobile apps are now considered covered PHR-related entities when they integrate with other devices or services, such as geolocation functions, calendars, or third party data, linking them to the user’s PHR. Crucially, the Rule only applies to services with the capacity to draw information from multiple sources. For example, businesses that integrate fitness data into third-party sleep apps could now be considered PHR-related entities under the Rule.
• “Breaches” Subject to the Rule. The revised Rule expands the scope of a “breach of security” to include any disclosures, including sharing or selling, of unsecured PHR that are not authorized by the individual. Covered providers should be mindful that this updated definition goes well beyond a traditional cybersecurity incident. For example, businesses that collect PHR for a legitimate purpose and subsequently share or use that information in a way not expressly authorized by the individual may have committed a “breach” under the new definition.
• Timing of Notice to the FTC. Businesses covered by the HBNR that experience a breach involving the unsecured data of more than 500 individuals now have sixty days to notify individuals and the FTC of the incident. This change will be helpful to businesses, particularly larger entities, as the previous Rule required notifications to be sent within ten days, regardless of the size of the data breach.
• Expanded Use of Electronic Notice. PHR vendors and related entities that discover a breach of security must provide written notice to individuals. Updates to the Rule now allow for the use of email and other electronic means to notify consumers of a breach, including text messages, in-app messages, and website banner messages. Additionally, breach notices must now include a brief description of the measures businesses are taking to protect affected individuals.

Why It’s Important

App developers and other companies providing health, wellness, fitness, and related apps should consider these updates to the HBNR, assess its applicability to their business, and comprehensively review their notification obligations in the event of an unauthorized disclosure. Firms offering data security, cloud computing, advertising, or analytics services to health apps should also review their potential obligations as third party service providers.

Summer Associate Joe Cahill contributed to this post.

A child posted a photo on his Instagram account of himself and a cousin wearing 1 Hotel branded robes at one of their hotels. 1 Hotel commented on the post stating: “We love this photo! Reply to this comment with #sharemy1pic if you’re happy with us sharing your photo on our social channels.” The child’s account responded: “@1hotels thank you! #sharemy1pic.” 1 Hotel then used the photo on its Instagram account. It later also posted the photo on its website to sell the robes in the photo.

Two years after the photo was posted, the plaintiffs obtained a copyright registration for the photo. The plaintiff later filed a lawsuit against 1 Hotel in the Central District of California, alleging (among other things) that the hotel’s use of the photo constituted copyright infringement and unauthorized use of the child’s likeness. The hotel then filed a motion to dismiss.

All causes of action were dismissed for different reasons, but some will likely be revived because the plaintiffs were given the opportunity to amend a few of them so that they were passable under the applicable pleading standards. Importantly though, the court substantively determined that the exchange between the plaintiff and hotel on Instagram created an “implied license” to use the photo on the hotel’s “social channels.” (It’s not clear why the license was implied, rather than express.) However, the court found that the hotel may have exceeded the scope of that license by using the photo to sell robes on its website since the exchange never mentioned that. Accordingly, the court denied the hotel’s motion to dismiss the copyright claim on substantive grounds, because there is a material issue of fact as to whether the implied license extended to the sale of robes on a website.

The hotel sought to dismiss the misappropriation claim related to use of the minors’ likenesses by arguing (1) that the plaintiffs consented to the use of the photo, (2) the use was incidental, and (3) the children are not readily identifiable. The court rejected the first argument for the reasons mentioned above. Although the hotel may have had consent to post the photo on its social channels, it may not have had consent to post it on its website. The court also easily found that the use was not incidental and that the children were readily identifiable.

The causes of action referenced above may be litigated further if the Plaintiffs submit an Amended Complaint, but this present decision still includes some helpful lessons for companies that want to use content they find on social media. First, although getting a signed release is likely always the safest approach, companies can likely get consent in a less formal matter, such as the one illustrated above. However, when getting consent, it’s important to be clear about the scope of that consent. Make sure you’re clear about how and where you want to use content to help avoid any surprises (and lawsuits).

Attorney General Formella of New Hampshire kicked off the conference with a fireside chat on AI, where platforms promoted open access principles, more STEM graduates to compete internationally in AI, and combatting CSAM. Panelists discussed how just because an AI service is built on the same model does not mean that it works in the same way. South Carolina Attorney General Wilson followed up with a panel on the ethics of using AI as attorneys, where panelists noted that it may actually be a violation of ethical obligations to underutilize AI. Arizona Attorney General Miyares led another fireside chat touching on AI, asking his panelist about responsible AI and whether AI regulation will actually solve problems in the space.

Kansas Attorney General Kobach led a discussion regarding preemption, noting that it cuts both ways politically. While conservatives may view preemption as positive because unified federal norms make regulation easier for businesses, he noted progressives want preemption in areas such as immigration. Panelists then discussed the value of ERISA preemption and pointed to alternatives to addressing potential issues with pharmacy benefit managers such as using UDAP laws or regulating medical practitioners in that space instead.

Attorney General Ken Paxton of Texas spoke with small business owners in different industries and a professor to learn how tech platforms may both help and harm businesses. Small businesses noted that review platforms and targeted advertising have made positive impacts on their businesses by providing access and feedback on customers’ needs, while the professor countered that big tech also carries some additional downsides. General Paxton elaborated on the risks to small businesses including a constantly changing dynamic environment, government taxes, and a lack of “bailouts”.

Members of the conference applauded Oregon Attorney General Rosenblum as she commemorates her last year as Attorney General. She led a panel related to her National Association of Attorneys General initiative on America’s Youth. General Rosenblum began her panel noting that she believed her initiative was something all AGs could come together on -- the health, well-being, and success of young people. The panel focused on preventing computer generated CSAM and sexploitation of children, then turned to the effectiveness of COPPA and promoting safety by design. Panelists remarked that even a tracking cookie question where you can’t find the “no” button may be a dark pattern, especially when it comes to children online. Others noted that privacy torts can be used creatively, as the New Mexico AG’s office did, to bring lawsuits affecting children’s privacy.

The conference concluded with breakout sessions including an update on the Organized Retail Crime enforcement space. There we learned about new legislation, including amendments to state INFORM laws and the creation of new task forces, from our own Paul Singer. Other panelists provided updates on the new scams criminals are using to evade detection including sophisticated skimmer rings.

Stay tuned, as the National Association of Attorneys General Presidential Initiative conference will take place in early September to focus more on AGs protecting America’s youth.

• 1:1 Consent – At the end of 2023, the FCC adopted an amendment to the definition of “prior express written consent” under its TCPA rules to require that a consumer give specific consent to be contacted by a particular seller for marketing purposes, and that such consent must be “logically and topically related” to the context in which it was obtained. This rule will officially go into effect on January 27, 2025, but we have seen a trend among service providers in the industry (particularly calling and texting platforms) requiring that their customers implement 1:1 consent well ahead of that deadline (and make corresponding changes to their privacy policy about sharing consent data with third parties). It would be prudent for affected businesses to take this time to carefully review their opt-in processes and privacy policies to assess what changes are necessary from both a commercial and legal compliance perspective.

• AI and the TCPA – On February 8, 2024, the FCC voted unanimously in favor of a Declaratory Ruling that classifies AI-generated voices on robocalls as ​“an artificial or pre-recorded voice” under the TCPA. This means that calls using AI technology to generate a simulated or pre-recorded human voice must satisfy the TCPA’s consent requirements (including prior express written consent for marketing calls using AI). While the FCC focused the ruling on the common use and accessibility of AI-generated voices by bad actors to perpetrate fraud and spread misinformation, the development underscores the heightened regulatory scrutiny on a business’s use of AI to mimic human behavior for marketing purposes. The FTC also outlined in a recent blog post some of the potential consumer protection and privacy concerns that can arise from the use of AI chatbots to interact with consumers.

• Expanded Opt-Out Rules – On February 15, 2024, the FCC adopted a Report and Order and Further Notice of Proposed Rulemaking to amend its TCPA rules and clarify the ways in which consumers can revoke consent to receive calls and texts. Among the changes were the adoption of various “per se” reasonable methods for revoking consent, including by texting the words ​“stop,” ​“quit,” ​“end,” ​“revoke,” ​“opt out,” ​“cancel,” or ​“unsubscribe.” The FCC also made clear that businesses cannot prescribe a particular method for revoking consent, and must honor reasonable opt-out requests within 10 business days. Importantly, while businesses are permitted to send a one-time text to clarify the scope of a consumer’s opt-out request if that consumer has previously consented to receive multiple types of messages, if the consumer does not respond to that message, they are presumed to revoke consent for all further non-emergency communications. The effective date for the amended revocation of consent rule is still uncertain, as it is undergoing a review by the Office of Management and Budget. Once that review is complete, the FCC will issue a notice, and the rule will be effective six months thereafter. Businesses can prepare for this change by evaluating and testing their technology and processes to confirm they can honor opt-outs in accordance with the new requirements.

• Telemarketing Sales Rule Changes – Looking beyond regulatory changes at the FCC, the FTC announced in March a significant update to the Telemarketing Sales Rule, most notably by expanding parts of the rule to business-to-business calls, and expanding the scope and timeline of recordkeeping obligations for telemarketers. These amendments generally became effective on May 16, 2024, except for the “call detail” records subsection, for which the FTC had previously announced a 180-day grace period to give affected businesses time implement systems, software, or procedures necessary to comply. As such, businesses will have until October 15, 2024 to adhere to that particular provision of the rule.

• New and Updated State Telemarketing Laws. A number of recently-enacted state laws related to telemarketing have taken effect (or will take effect) in 2024, including:

• Maryland – The “Stop the Spam Calls Act of 2023” became effective on January 1, 2024. Key provisions of the new law include a requirement for “prior express written consent” for telephone solicitations that involve “an automated system for the selection or dialing of telephone numbers,” as well as call time and frequency restrictions similar to those adopted in other states, and a private right of action for alleged violations. To date, we are not aware of any private litigant bringing forward an action in court under the new law.

• Maine – Earlier this year, Maine adopted a first-of-its-kind amendment to its telephone solicitation law that requires solicitors to scrub against the FCC’s reassigned number database prior to initiating a call. While limited in scope due to underlying exemptions in the statute, the requirement will become effective on July 16, 2024.

• Georgia – Several changes to an existing telemarketing law in Georgia were recently enacted, including: (1) eliminating the requirement for a “knowing” violation of the law to pursue enforcement; (2) extending liability for calls made “on behalf of any person or entity” in violation of the law; (3) allowing private plaintiffs to pursue claims for violations as part of a class action with no limitation on damages; and (4) creating a safe harbor defense for solicitations made to a consumer “whose telephone number was provided in error by another subscriber” if the caller “did not know, or have reason to know, that the telephone number was provided in error.” These amendments will become effective on July 1, 2024.

• Mississippi – By a series of amendments to its existing telephone solicitation law, Mississippi severely restricted the ability of businesses to contact consumers by phone about Medicare Advantage plans (unless a consumer first initiates a call to the business about such plans), and effectively banned telemarketing for Medicare supplement plans. These restrictions are unique among state telemarketing regulations because they are narrowly focused on calls about certain Medicare plans, and may be challenged on First Amendment grounds. In the interim, however, the restrictions will take effect on July 1, 2024.

If you have any questions about how these developments may affect your business, please contact Alysa Hutnik or Jenny Wainwright. For more telemarketing updates, subscribe to our blog.

The plaintiffs argued that reasonable consumers would understand the claim to mean “that Energizer AA MAX batteries last up to 50% longer than most, if not all, alkaline batteries in most, if not all, devices.” In a short unpublished opinion, a three-judge panel with the Ninth Circuit upheld a lower court’s order dismissing the proposed class action, holding that the plaintiffs’ interpretations of the claims were unreasonable and contradicted what was on the package.

The court noted that Energizer “promises only an upper limit of performance (a ceiling of 50%) compared to a certain category of competitors (basic alkaline batteries) in a subset of applications (demanding devices).” It rejected the plaintiffs’ allegations that the disclosure was too small and that it was too vague. On the first point, the court noted that disclosures were not unreasonably small and that they appeared immediately next to the representations they qualified.

Although the court agreed that the disclosure may have been a little vague, it held that “these words are not particularly technical or difficult to understand, and though not exact, they cabin the scope of Energizer’s claim in a way that renders Plaintiffs’ reading of the advertising unreasonable.” In other words, reasonable consumers would not understand the claim to mean that the AA MAX batteries last 50% longer than all competing batteries in all circumstances.

The decision is persuasive authority but, as an unpublished opinion, it isn’t binding on district courts. It’s important to remember that what messages may be conveyed by an “up to” claim – and what substantiation is required for those messages – will depend on the context. It’s also important to remember that both the FTC and NAD have read “up to” claims more broadly in some circumstances and have concluded that consumers expect to achieve the advertised results in “almost all” cases.

The FTC alleges that Adobe and two of its executives did resort to trickery to make their subscription plans look more attractive. Specifically, the FTC alleges that Adobe pushed consumers towards an “annual paid monthly” subscription without adequately disclosing that cancelling the plan in the first year could cost hundreds of dollars. Consumers would only learn about the early termination fee (or “ETF”) if they discovered it in the fine print or hovered over small icons to find the disclosures.

In addition to failing to clearly disclose the ETF in the sign-up flow, the complaint alleges that Adobe made it difficult for consumers to cancel their subscriptions. For example, consumers had to deal with dropped calls, multiple transfers, and resistance from customer service representatives. Some people who thought they had cancelled continued to see charges on their credit card statements. The FTC said that a large volume of consumer complaints should have led the company to know something was wrong.

The complaint alleges that the defendants failed to comply with the Restore Online Shoppers’ Confidence Act (or “ROSCA”) and the FTC Act by failing to clearly and conspicuously disclose material terms of the transaction – including details of the ETF – before getting a consumer’s billing information. The complaint also alleges that Adobe violated ROSCA and the FTC Act by failing to provide “simple mechanisms” for consumers to stop recurring charges.

It’s too early to predict how this case will turn out, but we can still learn some important lessons at this stage. Federal and state regulators continue to focus on subscription plans, so you should make sure that your sign-up flows clearly present all material terms and that your cancellation process works smoothly. You should also monitor consumer complaints so that you can identify and fix problems before regulators become aware of them.

We all have our blemishes, but if you try too hard to hide them, that could lead to unpleasant surprises for everyone when they are finally discovered.

AT&T argued that the term “Price Lock” is misleading because T-Mobile isn’t locking the price of its service for any amount of time. T-Mobile countered that “Price Lock” isn’t a claim about locking its price, but rather the name of a policy that allows customers to cancel their service and receive their last month for free, if they cancel within 60 days of a price increase. In fact, an on-screen disclosure reads: “Get your last month of service on us if we ever raise your internet rate.”

NAD noted that the term “price lock,” without qualification, “conveys the message that the price is locked for monthly service as long as the consumer wants the service.” In this case, T-Mobile argued that term is clearly qualified by its on-screen disclosure. Even though NAD acknowledged that the disclosure in the commercial was fairly prominent – which is not something we frequently hear from NAD – it found that the disclosure wasn’t enough to prevent the claim from being misleading. Why?

Although companies can use a disclosure to clarify a claim, NAD wrote that “a disclosure cannot contradict the claim it qualifies.” More specifically: “A disclosure that ‘Price Lock’ does not lock the price but gives consumers one month of free service if certain conditions are met contradicts the main message communicated by the ‘Price Lock’ claim.” Accordingly, NAD recommended that T-Mobile either stop making the claim or better explain the details of its policy “as part of the main claim.”

A good song and dance can brighten a neighbor’s day, but it takes talent to pull that off. Drift off key or miss a few steps on the porch and your neighbors will show that Ring camera footage to their friends and laugh at you every chance they get. A good disclosure can save a claim, but it also takes talent to pull that off. If your disclosures aren’t clear or they clash with your claim, your competitors will show that footage to NAD and laugh at you, too.

Riviana Foods objected to Planting Hope’s continued use of the symbol and filed a challenge in an unusual venue – the National Advertising Division (“NAD”). Although NAD focuses on advertising disputes, Riviana argued that Planting Hope’s use of the registered trademark symbol conveys the misleading advertising message that the RIGHTRICE trademark is registered with the USPTO.

This is far from a typical advertising case, and it’s not clear whether Planting Hope disputed NAD’s jurisdiction over the matter, but in March 2024, NAD issued a decision in which it recommended that the company stop using the registered trademark symbol in ads unless there is a final determination reinstating the RIGHTRICE trademark on the federal register. Planting Hope agreed to comply.

In May 2024, Riviana initiated a compliance proceeding questioning whether Planting Hope had sufficiently complied. Planting Hope explained that it had made changes to digital materials, but not physical materials, and that its motion to set aside the default judgment had been fully briefed and was awaiting a decision from the Trademark Trial and Appeal Board (“TTAB”). A successful motion would moot NAD’s decision.

NAD determined that just because Planting Hope was waiting for the TTAB decision, that didn’t mean it could wait to comply with NAD’s decision. NAD asked the company to take down images on its social media pages that included the registered trademark symbol. NAD didn’t ask Planting Hope to remove existing inventory with that symbol from stores, but cautioned the company not to produce new inventory with that symbol at this time.

Although NAD has previously determined that trademarks can convey advertising claims, this is the first time NAD has explicitly determined that an advertiser’s use of a trademark symbol can itself constitute a claim. NAD isn’t going to turn into a venue for broader trademark disputes, but if you find yourself in this narrow fact pattern, NAD may present a good venue for a challenge.

But now, some states may soon have new tools to combat potential unfair and deceptive practices throughout a variety of industries. With the legislative season coming to a close, we have your rundown of the spread of “hidden fees” regulation including California and beyond. So, if a vacation from hidden resort fees is all you ever wanted – and a trip to see Carhenge or the Alamo (attractions in states where attorneys general have been active in enforcement) has already been checked off your bucket list – here are your ideal places to get away:

California: The Golden State’s newly minted Consumers Legal Remedies Act (SB 478) amendment will take effect on July 1, 2024, specifically making it unlawful for companies across virtually all industries to advertise or display a price without including all mandatory fees and charges, save taxes and fees imposed by the government (though the bill states that “drip pricing” is already prohibited). Click here and here for more details. California is such a lovely place, and if you are traveling on a dark desert highway looking for somewhere to rest your head, you should be aware the California Resort Fee Bill (AB 537) contains similar measures even more specific to the short-term lodging industry (effective July 1, 2024).

When all of this raises your appetite, you can dig into the legal back-and-forth between lawmakers and California’s food and beverage industry. In response to questions about how SB 478 would apply to bars and restaurants, lawmakers recently introduced an urgency measure (SB 1542) that would make clear that restaurants may still display mandatory gratuities, services charges, and other fees separately so long as they are clearly displayed on the menu and don’t come as a post-dessert surprise. Interestingly, the legislature specifically noted that this is intended as a clarification, not a change in existing law. As of today, this hasn’t passed yet, but we will be sure to provide updates.

Massachusetts: If the Cape is more your style, you may want to pay attention to Massachusetts AG Andrea Campbell’s proposal of a new slate of regulations that would require businesses to “clearly disclose” the total price of goods and services. Like in California, this would apply across industries. If enacted, non-compliance would constitute an unfair and deceptive trade practice. Read our full coverage here.

Minnesota: If you have the land of 10,000 lakes in mind, the state recently passed HF3438 requiring that an advertised or displayed price include all mandatory fees and surcharges (not including taxes), including additional clarity on “mandatory fees” compared to California’s statute. The bill provides exemptions or specifications for several industries, including specifically requiring that hotels (among other food or beverage establishments) must clearly and conspicuously disclose the percentage of any automatic or mandatory gratuities that consumers will be charged. The law will take effect January 1, 2025.

The Near Hits: As state lawmakers leave for their own summer vacations, some notable legislation got left on the drawing board. For instance, in the Land of Lincoln, the state’s proposed Junk Fee Ban Act gained momentum when it easily passed the Illinois House in a 71-35 vote but then never made it to the Senate floor. We saw similar attempts in Connecticut and New York. While these bills didn’t cross the finish line this year, we expect many states will take on this issue in the next legislative season.

Against this backdrop of state activity, the FTC is in the midst of rulemaking process that would ban hidden fees and further regulate the types of fees companies can charge. Revisit our coverage on that here and here. Also in Washington, the House of Representatives just passed the No Hidden Fees Act. If made law, the Act would require hotels and other short-term rentals to clearly display mandatory fees.

Clearly, multiple levels of government are “checking out” hidden fees. Even President Biden denounced “surprise” fees in his 2023 State of the Union Address.

Of Importance…

• Updates to regulation are occurring but general state consumer laws still apply. While some states may be setting specific standards in this area, remember state consumer laws, which outlaw deceptive acts and practices (and in many states, unfair acts and practices), still apply. Therefore, just because a state doesn’t specifically spell-out fees requirements in its statutes or regulations, it does not mean fees disclosures comply with states’ interpretations of the law. (For example, the AG’s office in Washington DC issued guidance on the types of restaurant fees that may violate existing law.)
• Some fees face greater scrutiny than others. AGs have sought out so-called “bogus” fees they feel offer consumers little value. Companies should be mindful of what the fees actually deliver for consumers and convey the value accurately and clearly.
• Messaging and disclosures are critical. The crux of the states’ take on drip pricing is a failure to disclose certain fees in a timely manner (if at all), and AGs have taken issue with tactics that do not clearly describe when a fee is mandatory or not.

We expect to see more on “junk fees” in the weeks and months ahead. Subscribe to our monthly newsletter AG Chronicles and Ad Law Access blog to stay up-to-date.

MLE’s beef with Chestnut stems from Chestnut’s reported sponsorship deal with Impossible Foods, a company that makes plant-based hot dogs. An MLE spokesperson said that Chestnut’s deal would be like Michael Jordan telling Nike that he was going to represent Adidas, too. Impossible Foods responded by saying they support Chestnut “in any contest he chooses” and that “meat eaters shouldn’t have to be exclusive to just one wiener.”

Should a meat eater be exclusive to just one wiener? If you’re just an amateur eater, you can probably eat whatever hot dog you want. But if you’re a professional eater, the analysis may change. MLE claims they have worked with Chestnut for years “under the same basic hot dog exclusivity provisions.” Chestnut, however, said he doesn’t have a contract with MLE or Nathan’s, and “they are looking to change the rules from past years as it related to other partners I can work with.”

Although we work on sponsorship agreements across a broad range of industries and events, we’ve not worked in the man-eat-dog world of competitive eating, so we don’t know what’s standard here. In most sponsorship agreements, though, it’s common to see an exclusivity clause that prevents a person from endorsing competing products (and how that’s defined can be highly-negotiated). In some cases, these agreements may also prevent a person from using a competing product in public.

If this post caught your attention because you’re looking to achieve fame for your company by partnering with a celebrity, you should probably work with a legal professional to help make sure you have the exclusivity rights you need for a successful campaign. But if this post caught your attention because you’re looking to achieve personal fame by eating massive quantities of food in a short amount of time, you should probably work with a medical professional to help make sure that’s really a good idea.