Insights

The Federal Trade Commission (FTC) and National Advertising Division (NAD) of BBB National Programs laid out their enforcement priorities during the 2025 ANA Masters of Advertising Law Conference, at which Crowell & Moring attorneys spoke on and attended various panels.

A new series of lawsuits have been filed in California courts alleging violations of the state’s Business and Professions Code § 17529.5 (the “Anti-Spam Law”). These cases target companies that send marketing and promotional emails to California residents, and they could present serious legal and financial risks for businesses engaged in email marketing.

Crowell attorneys have closely monitored developments related to the California Invasion of Privacy Act (“CIPA”). In particular, we have watched plaintiffs attempt to extend this wiretapping law to encompass website chatbot communications that are managed by third parties.

After conducting an investigation targeted at nine popular social media and video streaming companies, the Federal Trade Commission (FTC or Commission) released a Staff Report examining their data practices, including those relating to minors.  The FTC based its report on responses to questions it compelled under Section 6(b) (which enables the Commission to require an entity to file reports or answers in writing to specific questions) from Amazon.com, Inc. (which owns the gaming platform Twitch), Facebook, Inc. (now Meta Platforms, Inc.), YouTube LLC, Twitter, Inc. (now X Corp.), Snap Inc., ByteDance Ltd. (which owns the video-sharing platform TikTok), Discord Inc., Reddit, Inc., and WhatsApp Inc.

Since the Federal Trade Commission (“FTC”) published its updated 2023 Guides Concerning the Use of Endorsements and Testimonials in Advertising earlier this year, consumer reviews have been front of mind. This guidance covers, in part, the treatment of consumer reviews, and companies have been (or should be) preparing for an uptick in FTC enforcement. But it’s not just the FTC to watch out for. A recent wave of class actions arising under California Civil Code § 1670.8 related to a customer’s right to make statements about their experience with a seller has raised the bar for retailers to another level.

On October 27, 2023, the Office of Environmental Health Hazard Assessment (OEHHA) gave notice of several proposed amendments to the Proposition 65 warning regulations. If implemented, the rules may require many businesses to make substantial changes to their short-form warnings before a two-year phase-in deadline.   

In March 2023, the White House published its National Strategy to Advance Privacy-Preserving Data Sharing and Analytics.  Buried in the report was a quiet, but notable, concern related to the possibility of deanonymizing a consumer due to “insufficient disassociability”.  See Report, pg. 6.  A new wave of class action lawsuits in California—already over three dozen at the time of writing—now seeks to turn a spotlight on these practices, claiming that companies are using “grey market” data to match user patterns with personal identifiable information (PII).

On February 17, 2023, the Illinois Supreme Court ruled 4-3 that violations of the Biometric Information Privacy Act (“BIPA”) (the country’s first biometric privacy legislation) accrue for each incident of capture or dissemination of biometric information, and not only once for each data subject. Cothron v. White Castle Systems found based on the plain language of the statute that violations for collecting or disclosing biometric information occur at every scan or transaction. Cothron v. White Castle Sys., 2023 IL 128004. The court reached this conclusion while admitting the “absurd” implications, including that the ruling could result in damages of $17 billion. Id. at ¶ 40.

Earlier this month, two courts, one in California and one in Massachusetts under two different scenarios, opined on the enforceability of browsewrap and hybridwrap agreements, providing important warnings for companies relying on such agreements to obtain legally required consent for activities such as telemarketing or to otherwise impose terms and conditions on website users. Many cases turn on the enforceability of such agreements, and companies should evaluate their use of browsewrap agreements (e.g., terms of use available through a hyperlink at the bottom of a webpage) and hybridwrap agreements to determine whether changes are appropriate to improve enforceability and mitigate legal risk.

On February 2, 2023, the Illinois Supreme Court ruled that all Biometric Information Privacy Act (“BIPA”) claims are uniformly subject to a five-year statute of limitations, expanding liability for businesses collecting biometric information.[1]In Tims v. Black Horse Carriers, Inc., the court found that a longer, uniform statute of limitations for all claims under BIPA best fulfilled the legislative intent to hold private entities accountable and provide redress for data subjects.[2]The Tims decision partially reversed an appellate court’s interlocutory decision that applied a one-year statute of limitations to some sections of BIPA, while applying a five-year statute of limitations to others.[3]This highly anticipated decision will allow companies to understand and manage their liability risk and will also likely fuel the growth of future BIPA lawsuits. 

Is there a legal, cognizable claim for a consumer who was misled by a movie trailer? Perhaps. In June 2022, two Plaintiffs filed a lawsuit against Universal concerning a movie they streamed titled Yesterday which is owned by Universal.  Woulfe et al v. Universal City Studios LLC et al., 22-cv-00459, ECF No. 83 (C.D. Cal. Dec. 20, 2022).  Prior to streaming, the Plaintiffs watched the movie trailer, which featured actress Ana De Armas.  In the complaint, Plaintiffs alleged they were persuaded by the trailer, and De Armas’ role in particular to stream the movie.  However, De Armas’ character was cut from the final version of Yesterday, so she was not featured in the film whatsoever.  The Plaintiffs alleged they would not have rented the movie had they known De Armas would not appear in the movie. The Plaintiffs then sued Universal under a host of consumer protection violations, including a violation of the California Unfair Competition Law, California Consumer Legal Remedies Act, and California False Advertising Law.