FTC Enforcement

June 5, 2023

Microsoft Corp. will pay $20 million in civil penalties for violating the Children’s Online Privacy Protection Act for allowing children under 13 to provide personal information—first and last name, email address, and their date of birth—when creating a user account for Microsoft’s Xbox system, without parental consent. Microsoft retained this data even when the account was not finalized, allowing Microsoft to send promotional messages and to share user data with advertisers. Microsoft failed to comply with COPPA’s notice provisions and will be required under the proposed order to clearly communicate with parents about their child’s data and follow set procedures to monitor Microsoft’s compliance with federal statutes regarding children’s online privacy. DOJ, FTC

June 2, 2023

Cycra and its officer, Chad James, will pay $221,385.66 and stop making deceptive claims about products being “Made in USA.” The company is prohibited from making unqualified U.S.-origin claims for any product, unless it can show the final assembly or processing, as well as all significant processing, occurs in the US. On qualified claims, the company must provide a clear and conspicuous disclosure about the extent to which the product contains foreign parts, ingredients or components, or processing. And for assembly claims, Cycra must ensure that the product is last substantially transformed in the U.S. FTC

May 31, 2023

For compromising its customers’ privacy, Ring will pay $5.8 million in customer refunds and implement a mandated privacy and security program under a proposed order secured by the FTC. Rather than providing the security promised to its customers, Ring deceived customers by failing to restrict access to its customers’ videos, without consent, using them to train algorithms, and failing to implement security safeguards. Ring’s extensive failures enabled hacking, harassment, spying, and, in at least one case, a Ring employee viewed thousands of video recordings belonging to female users of Ring cameras that surveilled intimate spaces in their home. Ring took no steps until January 2018 to adequately notify customers of its security failures. FTC

March 24, 2023

Tony and Charles Gonzalez, two brothers behind a telemarketing scam operating under the companies American Vehicle Protection Corp. (“AVP”), CG3 Solutions, Inc., and Tony Gonzalez Consulting Group, have been banned for life from participating in the extended automobile warranty industry and all outbound telemarketing, and ordered to pay a suspended $6.6 million in monetary judgment.  An order found the companies violated the FTC Act and Telemarketing Sales Rule by making unsolicited calls to hundreds of thousands of customers on the FTC’s Do Not Call List, then tricking them into paying thousands of dollars for “bumper to bumper” warranty protection.  FTC

March 15, 2023

Ohio-based LCA-Vision, doing business as LasikPlus and Joffe MediCenter, have been ordered to pay $1.25 million for using deceptive bait-and-switch advertising to lure customers into getting laser eye surgery.  LCA-Vision allegedly ran ads that led customers to believe they could get both eyes corrected for less than $300, when in fact, only 6.5% were eligible for that price, and for many, the price was for one eye only.  Once customers came in for their consultation, LCA-Vision would then quote them rates of between $1,800 and $2,295.  FTC

March 14, 2023

The maker of the popular Fortnite video game, Epic Games, has been ordered to pay $245 million to settle charges of employing dark patterns to manipulate players, including children, into making unwanted or unauthorized purchases.  The design tricks included counterintuitive and inconsistent button configurations as well as the ability to make purchases using a single click.  When customers disputed the charges, Epic allegedly prevented them from accessing their accounts.  FTC

March 2, 2023

Online counseling service BetterHelp, Inc. has been ordered to pay $7.8 million for selling its clients’ confidential information to Facebook, Snapchat, and other third parties for targeted advertising, despite repeatedly representing to clients that it would not, and despite denying news reports in 2020 that it was doing so.  In order to be matched with a counselor, BetterHelp required potential clients to answer questionnaires about sensitive mental health information, including whether they had suicidal ideations or used medications.  The company then sold that information, along with client email and IP addresses, without informing clients and without placing limits on how other companies used that information.  Under the proposed order, clients who signed up between 2017 and 2020 will be provided partial refunds, and BetterHelp must take corrective action to better protect client privacy.  FTC

February 22, 2023

In the FTC and DOJ’s first enforcement action under the Health Breach Notification Rule, online prescription drug discount provider GoodRx Holdings Inc.—which does business as GoodRx Gold, GoodRx Care, and Hey Doctor—has been ordered to pay $1.5 million in civil penalties and take corrective action, after it was found to have disclosed the personal health information of millions of its users without their knowledge or consent, despite assuring users it would not.  The disclosure involved personally identifying information, including health conditions and medications used, which were shared with Facebook, Google, and other third parties for advertising purposes.  FTC, DOJ

January 23, 2023

HomeAdvisor, Inc.—which also does business as Angi Leads and HomeAdvisor Powered by Angi, and is affiliated with the company formerly known as Angie’s List—has been ordered to pay $7.2 million for using deceptive and misleading tactics to sell home improvement project leads to service providers.  The service providers, including small businesses, are required to pay fees amounting to hundreds of dollars in order to access project leads, which many did based on HomeAdvisor’s claims about the quality, source, and rates of those leads.  FTC

January 23, 2023

Credit Karma has been ordered to pay $3 million after the FTC found that it “deployed dark patterns” to lead consumers to believe they were pre-approved for credit cards and apply for offers.  In many instances however, the consumers did not actually qualify.  According to the FTC, proceeds from the settlement will be sent to affected consumers who wasted time applying.  FTC