International Monthly: January 2017

 
 U.S. Competition, Consumer Protection and Privacy News
 

JANUARY 2017

Competition

FTC Requires Divestitures in $13.53 Billion Deal Between Boehringer Ingelheim and Sanofi

German pharmaceutical company Boehringer Ingelheim agreed to divest five types of animal health products in the United States to settle FTC charges that its proposed asset swap with Paris-based Sanofi would likely be anticompetitive. Under the proposed swap, Boehringer Ingelheim will acquire Sanofi’s animal care subsidiary, Merial, and Sanofi will obtain Boehringer Ingelheim’s consumer health care business unit. The FTC’s complaint alleges that without the divestitures the proposed asset swap would harm competition in the U.S. markets for various vaccines for pets and certain parasite control products for cattle and sheep. More information can be found in the analysis to aid public comment.

FTC Conditions Abbott Laboratories’ Proposed $25 Billion Acquisition of Rival Medical Device Maker St. Jude Medical, Inc.

U.S.-based global healthcare company Abbott Laboratories agreed to divest two medical device businesses to settle FTC charges that its proposed $25 billion acquisition of St. Jude Medical, Inc. would likely harm competition in the U.S. markets for vascular closure devices and “steerable” sheaths. Vascular closure devices are used to close holes in arteries from the insertion of catheters. “Steerable” sheaths are used to guide catheters for treating heart arrhythmias. According to the complaint, the merged firm would have controlled more than 70 percent of the market for vascular closure devices. In the market for steerable sheaths, St. Jude has held a near-monopoly, with Abbott recently entering the market. The transaction would eliminate any competition between them. The proposed consent order requires the parties to divest all rights and assets related to St. Jude’s vascular closure device business and Abbott’s steerable sheath business. More information can be found in the analysis to aid public comment. FTC staff worked cooperatively with antitrust agencies in Australia, Brazil, Canada, China, the European Union, Israel, Korea, and South Africa on this investigation, including with respect to the remedy and divestiture package, to ensure a consistent outcome.

FTC Staff Supports Proposal for Flexible Physician Supervision of Physician Assistants in Iowa

Staff of the FTC Office of Policy Planning and the FTC Bureaus of Economics and Competition submitted a comment to the Iowa Board of Physician Assistants supporting a regulatory proposal to define physician supervision of a physician assistant (PA), in response to a request for public comment. The proposed rule would continue the current practice of allowing supervising physicians and PAs to determine the appropriate level of supervision and documentation. The comment states that “Iowa patients would likely benefit if physician assistants in Iowa can practice with as few restrictions as possible, consistent with their education, training, skills, and experience. PAs can provide more choice among health care providers, leading to more accessible, affordable, safe, and effective health care.”

Consumer Protection and Privacy

Operators of Canada-Based AshleyMadison.com Settle FTC, State Charges Resulting from 2015 Data Breach That Exposed 36 Million Users’ Profile Information

The operators of the Toronto-based AshleyMadison.com dating site have agreed to settle FTC and state charges that they deceived consumers and failed to protect 36 million users’ account and profile information in relation to a massive July 2015 data breach of their network. The site has members from over 46 countries. The settlement requires the defendants to implement a comprehensive data security program, including third-party assessments. In addition, the operators will pay $1.6 million to settle FTC and state actions. According to the FTC complaint, the defendants assured users that their personal information, such as date of birth, relationship status, and sexual preference, was private and securely protected. But according to the complaint, the defendants had no written information security policy, no reasonable access controls, inadequate security training of employees, no knowledge of whether third-party service providers were using reasonable security measures, and no measures to monitor the effectiveness of their system security. Intruders accessed the companies’ networks undetected several times before the July 2015 breach, which received significant media coverage. The next month, the hackers published sensitive profile, account security, and billing information for more than 36 million AshleyMadison.com users. In addition to working with a coalition of 13 states, the FTC received assistance from the Office of the Privacy Commissioner of Canada and the Office of the Australian Information Commissioner, which reached their own settlements with the company. The FTC used the U.S. SAFE WEB Act to share information with foreign counterparts in connection with this matter.

DeVry University Agrees to $100 Million Settlement with FTC

DeVry

DeVry University and its parent company have agreed to a $100 million settlement of an FTC lawsuit alleging that they misled prospective students with ads that touted high employment success rates and income levels upon graduation.

Under the settlement resolving the FTC charges, DeVry will pay $49.4 million in cash to be distributed to qualifying students who were harmed by the deceptive ads, as well as $50.6 million in debt relief. The FTC’s complaint charged that DeVry misled consumers by claiming that 90 percent of graduates actively seeking employment landed jobs in their field within six months of graduation. For more details, click here.

FTC Providing Over $88 Million in Refunds to AT&T Customers Subjected to Mobile Cramming

AT&T

The FTC is providing over $88 million in refunds to more than 2.7 million AT&T customers who had third-party charges added to their mobile bills without their consent, a practice known as “mobile cramming.” The refunds to consumers relate to 2014 settlements with AT&T and the companies behind two of the cramming schemes. The refunds represent the most money ever returned to consumers in a mobile cramming case. Nearly 2.5 million current AT&T customers will receive a credit on their bill within the next 75 days, and more than 300,000 former customers will receive a check. According to the FTC’s complaint, AT&T placed unauthorized third-party charges on its customers’ phone bills for ringtones and text message subscriptions containing love tips, horoscopes, and “fun facts.” The FTC alleged that AT&T kept at least 35 percent of the charges it imposed on its customers. The settlement also involved all 50 states and the District of Columbia, as well as the Federal Communications Commission.

FTC Charges D-Link Put Consumers’ Privacy at Risk Due to the Inadequate Security of Its Computer Routers and Cameras

The FTC filed a complaint against Taiwan-based computer networking equipment manufacturer D-Link Corporation and its U.S. subsidiary, alleging that inadequate security measures left the company’s wireless routers and Internet cameras vulnerable to hackers and put U.S. consumers’ privacy at risk. The alleged risks included potentially compromising live video and audio feeds from D-Link IP cameras. According to the FTC’s complaint, D-Link promoted the security of its routers on the company’s website. But despite the claims made by D-Link, the FTC alleged, the company failed to take steps to address well known and easily preventable security flaws. The FTC has provided guidance to Internet of Things (IoT) companies on how to preserve privacy and security in their products while still innovating and growing IoT technology.

Digital Advertising Company Settles FTC Charges It Deceptively Tracked Consumers Both Online and Through Their Mobile Devices

Turn Inc., a company that enables sellers to target digital advertisements to consumers, has agreed to settle FTC charges that it deceived consumers by tracking them contrary to its privacy policy. According to the FTC’s administrative complaint, Turn’s privacy policy represented that consumers could block targeted advertising by using their web browser’s settings to block or limit cookies. However, the complaint alleges that Turn used unique identifiers to track millions of Verizon Wireless customers, even after they blocked or deleted cookies from websites. In addition, the agency charged that Turn’s opt-out mechanism applied only to mobile browsers, and did not block tailored ads on mobile applications as the company claimed.

In Other News

New York Times Details Raids of India-Based Tax Collection Impostors and Other Scams Netting Hundreds of Millions of Dollars

The New York Times has published an article detailing the raid and closure of several India-based boiler rooms that were scamming American consumers by impersonating the U.S. Internal Revenue Service. The newspaper’s coverage of the story features calls between Betsy Broder, an attorney with the FTC’s Office of International Affairs, and two young whistleblowers who had been employed by such fraudsters. The article explores the financial inducements that led participants, such as the profiled whistleblowers, to get involved in the scams, as well as the fears that often lead consumers to part with thousands of dollars. The article recounts a raid of several call centers in a single building leading to police interview and release of 630 call-center workers and the arrest of the 70 highest-ranking employees. The U.S. Department of Justice subsequently released an indictment of more than 60 individual and corporate defendants involved in scams impersonating the IRS and U.S. Citizen and Immigration Services, and involving payday loans and bogus government grants. For a new FTC blog post linking to the FTC’s consumer education work against impostor scams over the years and explaining how consumers can avoid telephone scammers, click here.

FTC Economic Issue Paper Examines the Impact of Disclosing Mandatory Hotel Resort Fees Separately from Room Rates

The FTC’s Bureau of Economics has issued a paper concluding that consumers are likely being harmed by the hotel industry practice of disclosing mandatory resort fees separately from posted room rates, without first disclosing the total price. The paper examined the costs and benefits of disclosing mandatory resort fees separately from room rates by reviewing research on drip pricing and partitioned pricing. It found that the practice likely increases consumers’ search costs and cognitive costs in trying to find and choose hotel accommodations unless the total price is presented first. “Separating resort fees from the room rate without first disclosing the total price is unlikely to result in benefits that offset the likely harm to consumers,” the paper states.

FTC Announces Workshop on Hearing Health and Technology

The FTC will host a workshop in Washington, DC on April 18 to examine competition, innovation, and consumer protection issues raised by hearing health and technology, particularly hearing aids and similar devices. An estimated 67 to 86 percent of U.S. adults who may benefit from hearing aids fail to use them. The workshop will bring together researchers, health care providers, industry representatives, consumer representatives, policymakers, and others to examine ways in which enhanced competition and innovation might increase the availability and adoption of hearing aids by consumers who need them. In addition, the workshop will examine how to balance consumer health and safety issues with consumer interests in greater competition and innovation and ensure consumers have access to truthful and non-misleading information about hearing health products and services. For further information on the workshop and the public comment process, including a list of suggested questions open for comment, please visit the workshop website. The workshop will be free and open to the public. A live webcast of the workshop will be available on the day of the event.

FTC Announces Internet of Things Challenge to Combat Security Vulnerabilities in Home Devices

IoT

The FTC announced a public challenge to create an innovative tool that will help protect consumers from security vulnerabilities in the software of home devices connected to the Internet of Things (IoT). The agency is offering a cash prize of up to $25,000 for the best technical solution, with up to $3,000 available for up to three honorable mention winner(s). The FTC is asking IoT Home Inspector Challenge contestants to develop a tool that would address security vulnerabilities caused by out-of-date software in IoT devices. Contestants also have the option of adding features such as those that would address hard-coded, factory default, or easy-to-guess passwords. Submissions will be accepted between March 1 and May 22, 2017.

President Obama Signs the Better Online Ticket Sales (“BOTS”) Act and the Consumer Review Fairness Act

President Obama has signed into law two consumer protection bills: the BOTS Act and the Consumer Review Fairness Act. The BOTS Act prohibits the circumvention of a security measure, access control system, or other technological measure on an Internet website or online service of a ticket issuer that is used to enforce posted event ticket purchasing limits or to maintain the integrity of posted online ticket purchasing order rules for a public event with an attendance capacity of more than 200 persons. The bill also prohibits the sale of or offers to sell an event ticket in interstate commerce obtained through such a circumvention violation if the seller participated in, had the ability to control, or should have known about the violation. The bill provides enforcement authority to the FTC and states.

The Consumer Review Fairness Act disallows form contracts preventing an individual from writing online or other reviews or providing feedback regarding another party to the contract. It also disallows penalties or fees for doing so. Enforcement authority is provided to the FTC and states, and the FTC must provide businesses with nonbinding best practices for compliance.