The Essential Guide to FTC Compliance, Investigations, and Enforcement

The Essential Guide to FTC Compliance, Investigations, and Enforcement

By Kronenberger Rosenfeld, LLP

High Risk Advertising Methods

The advertising practices discussed in the preceding section deal with advertising content. By contrast, advertising methods involve the means by which the advertising content is delivered. Advertising methods include paid search, display advertising, email advertising, and so forth. The following are some of the advertising methods that are heavily regulated and/or frequently targeted by the FTC, meaning they come with increased risk.

Affiliate Advertising

Not every business has the time or resources to master the complex ins and outs of advertising on the internet. The affiliate advertising industry was created as a solution to this problem—businesses who sought to promote their products (often called “Advertisers”) could engage others with high-trafficked websites or specific advertising skills (interchangeably referred to as “Affiliates” or “Publishers,” but we will use the term “Affiliate” here) to help them do so. However, the need to engage and manage a stable of Affiliates presented its own problem—while large companies such as Target and Amazon have the staff to oversee in-house Affiliate programs, other businesses do not. Thus, Affiliate “Networks” grew in popularity as a means of connecting Advertisers with a stable of anonymous Affiliates who drive traffic to Advertiser’s offers through various means.

The risks inherent in Affiliate advertising are an issue of scale. It is impossible for every Advertiser, or every Network for that matter, to oversee the advertising actions of each Affiliate. This problem is compounded by Affiliates who intentionally conceal their websites and other advertising methods from Networks and Advertisers so as to prevent their methods from being stolen—the “secret sauce” of advertising, if you will. Moreover, the competitive nature of internet advertising provides ample incentive for Affiliates to go rogue—that is, to engage in risky and non-compliant advertising practices and methods to obtain a competitive edge over other affiliates promoting the same offer. The Rogue Affiliate willfully violates the FTC Act and other regulations even though he or she has often signed an affiliate agreement attesting to their legal compliance.

The FTC takes the position that the Advertiser and Network are responsible for the actions of the Rogue Affiliate, even if the Advertiser and Network did not know of the misconduct, did not authorize the misconduct (or even prevented it in their agreements), or did not know or have a direct relationship with the Rogue Affiliate. According to the FTC, if the Advertiser benefitted from the Rogue Affiliate’s misconduct, it should be responsible for reimbursing the affected consumers for the sales or other income the Advertiser generated as a result of the Rogue Affiliate. In our experience, the FTC has seldom initiates enforcement actions against Rogue Affiliates. Accordingly, there is little perceived downside to the Rogue Affiliate in engaging in non-compliant advertising practices and methods.

If you are an Advertiser, in addition to reviewing your own content for compliance, you need to stay informed about the advertising activities of those working for you. Often, this can be accomplished through simple internet searches for your own offer. This responsibility includes a need to review Affiliate conversion rates for any aberrations. If one Affiliate is able to drive unlimited traffic to your offer while others struggle to do so, you owe it to yourself and your customers to investigate whether that Affiliate is padding its conversion rate through unauthorized content and methods. By engaging in Affiliate advertising, you are assuming a certain amount of risk, but this risk can be mitigated by careful and consistent review of all your campaigns.


The FTC has taken an interest in cases involving online sweepstakes, prizes, promotions, and gaming, which are subject to FTC consumer protection statutes and a multitude of state laws. In particular, the FTC regulates sweepstakes as potential deceptive practices under the FTC Act. The FTC will view a sweepstakes as deceptive unless it includes the name and address of the sponsor, duration of the sweepstakes, the prizes given away, the retail value of the prizes, and the odds of winning. The rules must also disclose eligibility requirements, entrance conditions, and any other limitations. Furthermore, the FTC has taken expansive views of what constitutes requisite prizes and “chance” for the purpose of sweepstakes. Companies creating any type of online sweepstakes, prize, promotion, or lottery-type offer should carefully review the offers for compliance, including under the FTC Act and related state laws and cases.


The United States has multiple laws governing the sending of unsolicited commercial email, otherwise known as spam. Most notably, the U.S. federal government has enacted the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, 15 U.S.C. §§7701 et seq. (“CAN-SPAM”). CAN-SPAM applies to all commercial emails that are sent to any computer used in or affecting interstate or foreign commerce, including computers outside of the U.S. The FTC has been charged with the enforcement of CAN-SPAM, even though private ISPs also have standing to sue under the statute.

CAN-SPAM prohibits a person or business from sending an email or having another person send an email with: (1) false or misleading header information, such as the use of domain names or “friendly from” lines that pretend the email is from someone other than the sender (e.g., from “Oprah Winfrey”); or (2) deceptive subject lines that mislead the recipient about the content of the email (e.g., “Your $1M Prize is Waiting for You!”). CAN-SPAM also regulates the registration of sending domains and sending email accounts using false contact information, or false or unauthorized use of IP addresses.

Additionally, to comply with CAN-SPAM, a person or business sending an email, or having another person (such as an Affiliate) send an email, must comply with the following:

  • Identification as Advertisement—the body of the email must conspicuously identify the email as an advertisement.
  • Postal Address—the body of an email must identify a valid physical postal address for the advertiser or for both the advertiser and the sender.
  • Unsubscribe Link—the sender must provide a conspicuous unsubscribe link in the body of the email and must honor opt-out requests within 10 days of receipt.

When it comes to FTC enforcement, the FTC is particularly prone to investigating so-called “aggravated violations” of CAN-SPAM. These violations include circumstances where emails are obtained through harvesting websites, the email list is generated through automatic means, or the emails “spoof” the known contacts or friends of the recipient (where the contact information of recipients is often obtained through criminal hacking). Aggravated violations can greatly increase the amount of damages recoverable in an enforcement action.

(Note: In addition to CAN-SPAM, several states and foreign entities have enacted anti-spam legislation. This article speaks only to the compliance requirements of CAN-SPAM and not any other regulation, such as California’s Anti-Spam Act, which may differ.)


Various laws and regulations govern telemarketing, most significantly, the Federal Telephone Consumer Protection Act, 47 U.S.C. §227 (“TCPA”) and the rules under the Telemarketing and Consumer Fraud and Abuse Prevention Act (“TCFPA”), 15 U.S.C. §87, and specifically the Telemarketing Sales Rule, 16 C.F.R. §310 (“TSR”). Additionally, many states have adopted their own telemarketing laws, which may impose additional restrictions on telemarketing. In order to avoid exposure to the risk of lawsuits, civil penalties, and possibly even criminal charges, telemarketers must familiarize themselves with these laws.

Text / SMS & Robocalls

The TCPA contains several restrictions on making commercial phone calls, the most important of which are summarized below.

  • The TCPA prohibits using an automatic telephone dialing system (“ATDS”) to call any mobile phone number without the prior written consent of the called party.
  • The TCPA prohibits using an ATDS to send text messages without the prior written consent of the texted party.
  • The TCPA prohibits calling a residential or mobile phone number using an artificial or prerecorded voice to deliver a message without the prior written consent of the called party.
  • The TCPA prohibits sending unsolicited fax advertisements.

The TCPA allows a person who has received calls or text messages in violation of the TCPA to bring a lawsuit to recover up to $500 in statutory damages per call (or up to $1,500 in statutory damages per call if the defendant acted willfully or knowingly). Additionally, the TCPA authorized the FTC to create the Do Not Call Registry, which is discussed below. The TCPA allows a person who has received more than one call in 12 months in violation of the Do Not Call Registry provisions to recover up $500 in statutory damages per call (or up to $1,500 in statutory damages per call if the defendant acted willfully or knowingly). Finally, an aggrieved person can seek to represent both him/herself and other similarly affected call recipients in a civil class action, and seek to recover up to $1,500 for each call to each affected person.

Entities such as lead generators, which do not actually place phone calls, may still come within the scope of the TCPA if they broker consumer leads generated by, or resulting in, phone calls. Such liability may arise in several ways. As an example, if an affiliate of a lead generator places a call promoting the lead generator’s own goods or services, the lead generator may face TCPA liability under traditional agency principles. As another example, even when a lead generator acts as a pass-through to a third party advertiser, the lead generator may face an indemnification claim by the advertiser if the advertiser places a violative call based on misinformation regarding consent.

Given this risk of significant TCPA liability at all levels of the lead generation and call center business models, any entity operating in this space (e.g., call centers, lead generators, and advertisers) should develop a set of thorough written compliance policies, which they should require all business partners and affiliates to review and to acknowledge compliance. Most businesses facing TCPA issues benefit greatly from the advice of experienced FTC defense attorneys on these issues.

Telemarketing with Live Telemarketers

Under the Telemarketing Sales Rule (“TSR”), “telemarketing” is a plan, program, or campaign to induce the purchase of goods or services or a charitable contribution through interstate phone calls. Subject to certain exceptions, any business that takes part in telemarketing activities must comply with the TSR and other applicable laws. This is true whether a telemarketer initiates phone calls to consumers or receives phone calls from consumers. Moreover, the TSR applies whether the telemarketer places calls from within the United States or from outside of the country. Finally, to the extent a telemarketing call is placed on behalf of a lead generator or to develop a lead to be brokered by a lead generator, that lead generator arguably falls within the scope of the TSR.

The TSR applies not only to telemarketers, but also to “sellers,” i.e., businesses that provide, offer to provide, or arrange to provide goods or services to consumers in exchange for payment. And contrary to popular belief, charitable solicitations made by for-profit telemarketers are covered by the TSR. Such businesses are referred to as “telefunders,” and they are subject to various regulations. Despite the general breadth of the TSR, some entities are wholly exempt, like non-profit organizations, banks, and common carriers. Please note that even when an exempt entity is involved, a business that contracts with that exempt entity to telemarket its services will still be subject to the TSR.

The TSR sets forth numerous requirements for placing telemarketing calls. Moreover, and not surprisingly, the TSR prohibits sellers and telemarketers from making false or misleading statements to induce sales or donations. First, the TSR requires sellers and telemarketers to provide material information before the consumer pays for the goods or services in a clear and conspicuous manner (for example, cost, quantity, restrictions). The information that must be provided is significant and detailed, and often depends on the type of offer involved or the marketing technique used (for example, negative options, sweepstakes, debt relief offers, and credit card loss prevention offers, all have unique requirements). In addition to the above-described disclosures, before any sales pitch is delivered, a telemarketer must provide prompt oral disclosure in sales calls of the following four items of information clearly and conspicuously: identity of the seller, purpose of the call, nature of the goods, and any prize promotion details.

The disclosure requirements for telefunders soliciting contributions to charities are less severe than with sales calls. Even so, telefunders must still make two clear and conspicuous oral disclosures before soliciting a donation to a charity: (1) the telefunder must identify the charitable organization; and (2) the telefunder must explain that the purpose of the call is to solicit a charitable contribution.

The TSR also prohibits: a) calls to any person who has asked not to receive calls from a particular seller; and b) calls to any number on the National Do Not Call Registry. When a consumer has asked not be called again, sellers must not call that person again. To accomplish this, sellers and telemarketers are responsible for maintaining their own individual Do Not Call lists, which are also called entity-specific Do Not Call lists. The TSR also contains calling time restrictions and restrictions on call abandonment, as well as several exceptions to the Do Not Call requirements, like the established business relationship exception and the written permission exception.

“Muzzling” Reviewers

The FTC is charged with enforcing the Consumer Review Fairness Act (the “CRFA”), 15 U.S.C. §45b. The CRFA was enacted in 2016 to address “muzzling”—that is, a growing practice of companies contractually preventing their customers from posting bad reviews, such as with a ban on negative reviews in their terms and conditions. Under the CRFA, it is now illegal to include any provision in your customer terms that:

  • prohibits or restricts the ability of the customer to review your business;
  • imposes a penalty or fee against the customer for posting a negative review; or
  • purports to require your customer to transfer the copyright in all of their reviews about your business to you, so that you can demand they be removed from review sites on the grounds of copyright infringement.

Violations of the CRFA are treated as violations of the FTC Act and are punishable with the same remedies. In addition, if the FTC is not interested in prosecuting you, a state attorney general is provided with the ability to do so in the FTC’s stead.

So what can you do to address false reviews without violating the CRFA? Unlike other FTC-enforced legislation, the CRFA addresses this issue, and says it’s OK to prohibit or remove a review that:

  • contains confidential or private information – for example, a person’s financial, medical, or personnel file information or a company’s trade secrets;
  • is libelous, harassing, abusive, obscene, vulgar, sexually explicit, or is inappropriate with respect to race, gender, sexuality, ethnicity, or other intrinsic characteristic;
  • is unrelated to the company’s products or services; or
  • is clearly false or misleading (however, it’s unlikely that a consumer’s assessment or opinion with which you disagree meets the “clearly false or misleading” standard).

While it may seem like a surefire way to protect your reputation, muzzling reviews only causes more trouble than it is worth. Most FTC investigations are initiated by consumer complaints. When you prevent your customers from expressing their honest opinion about your goods and services on your website or consumer review sites, you leave them with little choice but to take their complaints to the FTC, thereby increasing your risk of an FTC investigation.

Want to Reference This Later?
Download the Entire Guide Here:

Next chapter: High Risk Billing Practices

Keep Reading

You are reading the High Risk Advertising Methods chapter from The Essential Guide to FTC Compliance, Investigations, and Enforcement by Kronenberger Rosenfeld