• 2014 Predictions: Healthcare, Data Privacy and Bitcoin

    Video 1 of 2

  • Hot Trends in Federal Enforcement on the Web in 2013 from Ifrah Law Partners

    Video 2 of 2

Ifrah Law represents businesses and individuals in legal matters and disputes involving Internet advertising and marketing, direct and indirect online sales, electronic-payment processing and interactive gaming.

Collectively, the lawyers on our team have litigated a wide array of e-commerce cases, from defending affiliate advertisers from unscrupulous marketing agencies to preventing the government seizure of an e-payment processing company’s bank accounts. We have handled a number of high-profile FTC and CFTC investigations and enforcement actions involving Internet marketing campaigns and related issues such as the scientific substantiation of advertising claims. We also represent companies targeted by state attorneys general for matters relating to allegedly false or deceptive advertising.

Legal and compliance partnerAdditionally, as the igaming industry has grown, our attorneys have developed alongside it, representing both companies and individuals in igaming related litigation and counseling. In late 2013, we were selected to serve as igaming legal advisors to the Delaware State Lottery.

Data Privacy

Companies face many challenges regarding privacy matters, and Ifrah Law has extensive experience in this area, including drafting privacy policies, counseling on information rights and storage retrieval and litigating related issues.

Read More – Data Privacy


Ifrah Law has represented igaming companies in both criminal defense and civil litigation, Our experience with companies in the igaming space is unparalleled.

Read More – iGaming

Internet Advertising

We help clients navigate issues related to Internet advertising and marketing, direct and indirect online sales, electronic-payment processing and interactive gaming.

Read More – Internet Advertising

Mobile and Telephone Marketing

Ifrah Law’s telemarketing and Internet marketing law practice is aimed at avoiding and defending private lawsuits filed under the TCPA.

Read More – Mobile and Telephone Marketing

Online Fraud and Abuse

We understand the many risks that people and companies face as a result of the Internet and we represent clients in issues related to online piracy, online defamation, and domain name infringement.

Read More – Online Fraud and Abuse

TCPA Trouble Continues: FCC Slams Lyft and First National Bank for Terms of Service Requiring Consent

Profile shot of male exhausted trader with head in hands leaning at computer desk in office

Most of the attention involving the Telephone Consumer Protection Act (“TCPA”) has centered on the stream of class actions around the country. It is important to remember that the Federal Communications Commission (“FCC”) and state attorney generals can, and do, enforce the TCPA. In fact, the FCC recently issued citations to Lyft, the ride-sharing service, and First National Bank (“FNB”). Under the Communications Act, before the FCC may issue monetary penalties against a company or person that does not hold an FCC license or authorization, it must first issue a citation warning the company or person.

The TCPA requires prior express written consent for telemarketing calls/texts to mobile phones utilizing an autodialer or prerecorded call and for prerecorded telemarketing calls to residential lines. FCC rules mandate that the “prior written consent” contain certain key features. Among these requirements is the disclosure informing the consenting person that “the person is not required to sign the agreement – directly or indirectly – or agree to enter into an agreement as a condition of purchasing any property, goods, or services.”

For years, the FCC focused on actual consumer complaints of having received telemarketing calls/texts without the required prior express written consent. Interestingly, here, the FCC did not allege that either Lyft or FNB sent texts/robocalls without the required consent. The FCC’s accompanying press release indicates that its Enforcement Bureau initiated the two investigations after becoming aware of “violative provisions in those companies’ service agreements.” The citations issued to Lyft and FNB, along with recent correspondence by the FCC to Paypal concerning similar issues, represent new FCC attention on terms/conditions of service in the TCPA context, particularly on “blanket take it or leave it” agreements. The FCC Enforcement Bureau Chief, Travis LeBlanc, put all companies on notice, urging “any company that unlawfully conditions its service on consent to unwanted marketing calls and texts to act swiftly to change its policies.” The FCC directed Lyft and FNB to take “immediate steps” to comply with FCC rules and the TCPA – presumably meaning that the companies should immediately revise their terms and practices.

Lyft Citation

According to the FCC, Lyft’s terms require customers to expressly consent to receive communications from Lyft to customer’s mobile numbers, including text messages, calls, and push notifications. The messages could include Lyft-provided promotions and those of third party partners. The terms advise customers that they can opt-out by following the “unsubscribe” option, and that customers are not required to consent to receive promotional messages as a condition of using the Lyft platform or the services.

However, the FCC found that contrary to Lyft’s terms of service, Lyft does not actually provide “unsubscribe options” for consumers. If a consumer independently searches and gets to Lyft’s “help center,” the only option to opt-out subsequently prevents consumers from using Lyft’s service. Thus, per the FCC, “Lyft effectively requires all consumers to agree to receive marketing text messages and calls on their mobile phones in order to use services.”

The FCC concluded that while Lyft’s terms of service stated that consumers were not required to consent as a condition to using Lyft, in actuality, consumers could not refuse consent and remain Lyft users. Thus, the FCC cited Lyft, warning that it would be liable for any advertising text messages for which it did not collect proper, prior express written consent. The agency further stated that it would continue to monitor Lyft’s practices.

FNB Citation

In FNB’s investigation, the FCC noted that consumers wishing to use FNB’s online banking services are required to agree to receive text messages and emails for marketing purposes at consumer-provided phone numbers. FNB customers wishing to enroll in the Apply Pay service are similarly required to consent to receive marketing-related text messages and emails. The FCC objected to FNB requiring consumers to agree to receive marketing text messages in order to use the online banking and Apple Pay services, and failing to inform consumers that they have the option to refuse consent. The agency reiterated that under FCC rules, prior express written consent to receive telemarketing messages requires that, among other things, consumers receive a clear and conspicuous disclosure informing the consumer of his or her right to refuse to provide consent.

Our Recommendations

When it comes to autodialed/prerecorded telemarketing calls and texts to mobile phones and prerecorded telemarketing calls to residential lines, companies need to be diligent in ensuring they have proper, defensible prior express written consent. The FCC’s citations to Lyft and FNB make clear that organizations may not rely on blanket mandatory opt-in agreements. While it may be acceptable to seek consent in terms of service, consumers must be informed of their opt-out abilities, and must be able to access the opt-out and still use the service or make the purchase.

Companies should review their service agreements and the operational mechanisms to make sure consumers have information on opting-out. Further, any opt-out mechanisms must work as promised. A user’s opt-out should not block services/purchases. Of course, the best way to obtain consent is to seek a separate, prior express written consent in an agreement that contains all the required elements, as follows:

  • Is in writing (can be electronic);
  • Has the signature (can be electronic) of the person who will receive the advertisement/telemarketing calls or texts;
  • Authorizes the caller to deliver advertisements or telemarketing messages via autodialed calls, texts, or robocalls;
  • Includes the telephone number to which the person signing authorizes advertisements or telemarketing messages to be delivered;
  • Contains a clear and conspicuous disclosure informing the person signing that:
    • By executing the agreement, the person signing authorizes the caller to deliver ads or telemarketing messages via autodialed calls, texts or robocalls; and
    • The person signing the agreement is not required to sign the agreement (directly or indirectly) or agree to enter into such an agreement as a condition of purchasing any property, goods, or services.

As a reminder, the FCC repeatedly takes the position that the company claiming prior express written consent will bear the burden of providing that consent.

Read More

Copyright & Trademark Protections- Is Metadata Included?


A Canadian federal court recently released an opinion holding that meta tags, at least in some circumstances, are not entitled to copyright protection.  Although the precedent is not binding in American courts, the well-reasoned opinion provides an excellent logical analysis on why meta tags may or may not be afforded copyright protection.

In Red Label Vacations Inc. v. 411 Travel Buys Limited, the plaintiff travel business implemented meta tags including its registered trademarks: “,” “ vacations,” and “Shop.  Compare.  Payless!! Guaranteed.”  The defendant is a competing travel business in the Canadian market. In 2009, Red Tag experienced a drop in sales and noticed that search engine results for its company were returning results for its competitor, 411 Travel Buys.  Upon further inspection, Red Label found that 411 had apparently copied its metadata including content, ordering, and misspellings.  Red Label informed 411 of the violation and 411, being Canadian, immediately removed the content.  Nevertheless, Red Label brought suit for lost profits during the period it was active.

In analyzing the duplicated meta tags, the court concluded that the tags were substantially derived from a list of Google keywords which were incorporated into phrases describing travel.  The court held that there was little evidence of any degree of skill, judgment, or creativity in creating the meta tags at issue in the case.  The court noted that there may be circumstances in which meta tags are so creative and original so as to qualify for copyright protection, but they were not present here.

The court further found that there was not substantial copying when viewing the website as a whole.  Defendant 411 copied 48 pages out of approximately 180,000 on Red Tag’s website.  The court considered substantial similarity between the original work and the allegedly infringing work when viewed as a whole, and did not find that a substantial reproduction had occurred.

Even though 411 used Red Tag’s trademarks in its meta tags, the court held that no trademark violation had occurred because the meta tags were not visible to the site’s visitors, but were rather used by search engines. The court found that even if a patron had reached the 411 site by searching for Red Tag terms, once visitors arrived at the website they would have no doubt that they were at the site of 411.  Notably, the Canadian court identified a substantial difference between its law and trademark law in the US.  In the US, a court may find a trademark violation occurred where trademark use causes “initial interest confusion” where a patron searching for one company diverts their business to what the patron realizes is a different company offering a similar product or service.  Regardless, the Canadian court indicated that it wouldn’t find a trademark violation even under the initial interest confusion test, because when search engines use meta tags they return a list of links that customers may choose from at will, rather than directing the viewer to a particular competitor.

Despite the Canadian court’s thoughtful and in-depth analysis, in the six years since the events of the case meta tags have increasingly become a relic of the past as search engines increasingly use their own algorithms to determine search results.   However this is still a claim that many plaintiffs include when throwing in the kitchen sink in a trademark case, and it would not be surprising to see US courts cite to the reasoning of our neighbors to the north in future decisions.

The post Copyright & Trademark Protections- Is Metadata Included? appeared first on Crime In The Suites.

Read More

Keeping Your Privacy Promises: Retail Tracking and Opt-Out Choices

No time for talking. Cropped image of beautiful young woman in pink dress holding shopping bags and mobile phone

As children, many of us were taught how important it is to “keep your word.” Similarly, it is black letter privacy law that if a company commits (for instance, in a privacy policy or in website statements) to certain actions or practices, such as maintaining certain security features or implementing consumers’ choices on opt-outs, the organization must abide by those practices. Many companies have faced the Federal Trade Commission’s (“FTC”) ire when the agency found the organizations’ practices failed to comport with their privacy promises. Recently, the FTC settled the first action against a retail tracking company, Nomi Technologies, Inc. (“Nomi”). The FTC alleged that Nomi mislead consumers with promises that it would provide an in-store mechanism for consumers to opt-out of tracking and that consumers would be informed when locations were utilizing Nomi’s tracking services. In fact, according to the FTC, Nomi did not provide an in-store opt-out and did not inform consumers of locations where the tracking services were used. This action signals that the FTC will continue to exert its jurisdiction over privacy practices it deems false or deceptive, including those occurring in emerging technologies like retail tracking.

The FTC’s complaint stated that Nomi’s technology (called its “Listen” service) allows retailers to track consumers’ movements through stores. The company places sensors in its clients’ stores, which collect the MAC addresses of consumers’ mobile devices as the devices search for WiFi networks. While Nomi “hashes” the MAC addresses prior to storage in order to hide the specific MAC addresses, the process results in identifiers unique to consumers’ mobile devices which can be tracked over time. Nomi provided its retail clients with aggregated information, such as how long consumers stayed in the store, the types of devices used by consumers, and how many customers had visited a different location in a chain of stores. Between January and September 2013, Nomi collected information on approximately 9 million mobile devices, according to the FTC’s complaint.

What Nomi did wrong, according to the FTC, was fail to honor its privacy policy which “pledged to…always allow consumers to opt out of Nomi’s service on its website as well as at any retailer using Nomi’s technology.” Nomi presented an opt-out on its website, but (per the complaint), no option was available at retailers using Nomi’s service. The FTC also asserted that consumers were not informed of the tracking (contrary to the privacy policy promises). Thus, the FTC alleged that Nomi’s privacy promises were false because no in-store opt-out mechanism was available, nor were consumers informed when the tracking occurred.

Nomi’s settlement does not require any monetary payment but prohibits Nomi from misrepresenting the options through which consumers can exercise control over the collection, use, disclosure or sharing of information collected from or about them or their devices. The settlement also bars Nomi from misrepresenting the extent to which consumers will be provided notice about how data from or about a particular consumer or device is collected, used, disclosed or shared. Nomi is required to maintain certain supporting records for five years. As is typical with FTC consent orders, this agreement remains in force for 20 years.

What can companies learn from Nomi’s settlement, even those not in the retail tracking business?

  • While this is the first FTC action against a retail tracking company, the FTC has repeatedly stated that it will enforce the FTC Act and other laws under its jurisdiction against emerging as well as traditional technologies.
  • Consumers could opt-out on Nomi’s website by providing a MAC address in an online form. The FTC did not seem to have a problem with this part of Nomi’s practices. If Nomi had not promised that consumers could also opt-out at the retail locations, and that they would be notified of tracking, there would not have been an FTC action. In other words, it was Nomi’s words (in its privacy policy) that got it in hot water with the FTC. All companies should review their privacy policies regularly to make sure the language comports with their practices.  If you don’t do it, don’t say it.
  • The FTC noted that Nomi had about 45 clients. Most of those clients did not post a disclosure or notify consumers regarding their use of the Listen service, and Nomi did not mandate such disclosures by its clients. The FTC did not address what, if any, obligation, these businesses may have to make such disclosures. Will it become common/mandated to see a sign in a retail location warning that retail tracking via mobile phones is occurring (similar to signs about video surveillance)? One industry group’s self-regulatory policy requires retail analytics firms to take “reasonable steps to require that companies using their technology display, in a conspicuous location, signage that informs consumers about the collection and use of MLA [mobile location analytics] Data at that location.” This issue will become more prevalent as more retailers and other businesses use tracking technology.
  • Interestingly, the FTC brought this action even though traditional “personal information” was not collected (such as name, address, social security number, etc.). Organizations should not assume that collecting IP addresses, MAC addresses, or other less personalized information presents no issues. The FTC takes privacy statements seriously, whatever the information collected (though certainly there is more sensitivity toward certain categories such as health, financial, and children’s information).

The bottom line is “do what you say” when it comes to privacy practices. All companies should evaluate their privacy policies at least every six months to ensure that they remain accurate and complete, have working links (if any), and reflect a company’s current practices.

Read More

Even In The UK, Think Twice Before Using Celebrity Endorsements

Battleship Premiere - RihannaPhoto at

A recent legal case in the UK between singer Rihanna and fashion retailer Topshop has highlighted differences between publicity rights in the UK and some US jurisdictions. Rihanna sued Topshop for its sale of a t-shirt bearing a large photograph of her.  Rihanna had not approved or endorsed the sale of the t-shirt; rather, an independent photographer had taken the picture and licensed it for use on the shirts.

In the United States, many jurisdictions have laws governing the right of publicity; that is, the right to control the use of your image for commercial gain, or to be compensated for the commercial use of your image.  The UK, however, does not have corresponding laws on image rights.  Instead, Rihanna had to allege that Topshop engaged in “passing off” the shirts as being endorsed by the singer, thereby damaging her goodwill and business.  In support, Rihanna argued that the circumstances of the sale of the shirts were likely to mislead customers into thinking that she had endorsed the product because the photograph was similar to those used in official album promotions, the nature of the shirt itself, and the fact that Topshop is a major and reputable retailer.

The lower court considered Rihanna’s prior connections to the store in considering whether passing off occurred.  It noted that Topshop had previously run a competition in which the winner was awarded with a shopping trip to Topshop. Also, only weeks before the shirts went on sale, Topshop tweeted that Rihanna was shopping at one of its locations.  Against that background, the court noted that the particular photograph on the shirt could have led her fans to believe that it was associated with the marketing campaign for the album, since the particular hairstyle and scarf worn by Rihanna in the photograph were widely used in a music video and associated publicity.

Ultimately Rihanna’s passing off arguments were successful, and the court granted an injunction prohibiting Topshop from selling the shirts without informing customers that they had not been approved or authorized by Rihanna.  However, it is interesting to think what the result might have been in an instance where it was more obvious that Rihanna had not endorsed the product; for instance, if the t-shirts were sold, not through a trusted retailer which has been associated with the singer but instead by an independent seller hawking t-shirts on the street corner.  In such circumstances the case in favor of passing off may have been weaker and Rihanna might not have been able to control the use of her image.

In contrast, the outcome under such a scenario might be very different in a state like California, which has strong right of publicity laws.  California Civil Code §3344(a) forbids the use of another’s likeness “on or in products, merchandise, or goods, or for purposes of advertising or selling, or soliciting purchases of, products, merchandise, goods or services, without such person’s prior consent…”   The law establishes liability $750 or actual damages, whichever is greater, as well as “any profits from the unauthorized use that are attributable to the use and are not taken into account in computing the actual damages.”  Punitive damages and attorney’s fees and costs are also available under the statute.

While Rihanna’s victory in UK court does not establish a right of publicity in the country, it does provide an interesting case study in the workarounds that celebrities must use in order to protect their image from being improperly used in jurisdictions which do not have a right of publicity.

Read More

Federal Trade Commission Checks Out Mobile Shopping Apps

Happy young Asian woman shopping.

In August, the Federal Trade Commission (“FTC”) released a staff report concerning mobile shopping applications (“apps”).  FTC staff reviewed some of the most popular apps consumers utilize to comparison shop, collect and redeem deals and discounts, and pay in-store with their mobile devices.  This new report focused on shopping apps offering price comparison, special deals, and mobile payments. The August report is available here.

Popularity of Mobile Shopping Apps/FTC Interest

Shoppers can empower themselves in the retail environment by comparison shopping via their smartphones in real-time.  According to a 2014 Report by the Board of Governors of the Federal Reserve System, 44% of smartphone owners report using their mobile phones to comparison shop while in retail store, and 68% of those consumers changed where they made a purchase as a result.  Consumers can also get instant coupons and deals to present at checkout.  With a wave of a phone at the checkout counter, consumers can then make purchases.

While the shopping apps have surged in popularity, the FTC staff is concerned about consumer protection, data security and privacy issues associated with the apps. The FTC studied what types of disclosures and practices control in the event of unauthorized transactions, billing errors, or other payment-related disputes.  The agency also examined the disclosures that apps provide to consumers concerning data privacy and security.

 Apps Lack Important Information

FTC staff concluded that many of the apps they reviewed failed to provide consumers with important pre-download information.  In particular, only a few of the in-store purchase apps gave consumers information describing how the app handled payment-related disputes and consumers’ liability for charges (including unauthorized charges).

FTC staff determined that fourteen out of thirty in-store purchase apps did not disclose whether they had any dispute resolution or liability limits policies prior to download.  And, out of sixteen apps that provided pre-download information about dispute resolution procedures or liability limits, only nine of those apps provided written protections for users.  Some apps disclaimed all liability for losses.

Data Security Information Vague

FTC staff focused particular attention on data privacy and security, because more than other technologies, mobile devices are personal to a user, always on, and frequently with the user. These features enable an app to collect a huge amount of information, such as location, interests, and affiliations, which could be shared broadly with third parties.  Staff noted that, “while almost all of the apps stated that they share personal data, 29 percent of price comparison apps, 17 percent of deal apps, and 33 percent of in-store purchase apps reserved the right to share users’ personal data without restriction.”

Staff concluded that while privacy disclosures are improving, they tend to be overly broad and confusing. In addition, app developers may not be considering whether they even have a business need for all the information they are collecting.  As to data security, staff noted it did not test the services to verify the security promises made.  However, FTC staff reminded companies that it has taken enforcement actions against mobile apps it believed to have failed to secure personal data (such as Snapchat and Credit Karma).  The report states, “Staff encourages vendors of shopping apps, and indeed vendors of all apps that collect consumer data, to secure the data they collect.  Further those apps must honor any representations about security that they make to consumers.”

FTC Staff Recommends Better Disclosures and Data Security Practices

The report urges companies to disclose to consumers their rights and liability limits for unauthorized, fraudulent, or erroneous transactions.  Organizations offering these shopping apps should also explain to consumers what protections they have based on their methods of payment and what options are available for resolving payment and billing disputes.  Companies should provide clear, detailed explanations for how they collect, use and share consumer data.  And, apps must put promises into practice by abiding by data security representations.

Consumer Responsibility Plays Role, Too

Importantly, the FTC staff report does not place the entire burden on companies offering the mobile apps. Rather, FTC staff urge consumers to be proactive when using these apps.  The staff report recommends that consumers look for and consider the dispute resolution and liability limits of the apps they download.  Consumers should also analyze what payment method to use when purchasing via these apps. If consumers cannot find sufficient information, they should consider an alternative app, or make only small purchases.

While a great “deal” could be available with a click on a smartphone, the FTC staff urges consumers to review available information on how their personal and financial data may be collected, used and shared while they get that deal.  If consumers are not satisfied with the information provided regarding data privacy and security, then staff recommends that they choose a different app, or limit the financial and personal financial data they provide.  (Though that last piece of advice may not be practical considering most shopping apps require a certain level of personal and financial information simply to complete a transaction).

Deal or No Deal?  FTC Will be Watching New Shopping Apps

               FTC Staff has concerns about mobile payments and will continue to focus on consumer protections.  The agency has taken several enforcement actions against companies for failing to secure personal and payment information and it does not appear to be slowing down.  While the FTC recognizes the benefits of these new shopping and payment technologies, it is also keenly aware of the enormous amount of data obtained by companies when consumers use these services. Thus, companies should anticipate that the FTC will continue to monitor shopping and deal apps with particular attention on disclosures and data practices.

Read More

  • Like Us on Facebook