AD-ttorneys@law - November 6, 2017

Alerts / November 6, 2017

In This Issue:

Neutrogena, Customers in Class Cert Survey Fight

Multiple attacks on putative sunscreen purchaser class

Beach party

Plaintiffs’ lawyers in a class action against Neutrogena were fighting hard in the Central District of California in October 2017. The plaintiffs were trying to win class certification for a group of consumers who allegedly purchased Neutrogena sunscreen based on labels claiming the products contained “naturally sourced sunscreen ingredients.”

In support of their argument, the plaintiffs submitted a survey that polled consumers about the nature of the sunscreen ingredients. The survey purported to demonstrate that most of the consumers, when presented with the labels claiming natural sources, concluded that the products were made entirely of natural ingredients.

Neutrogena’s counsel wasn’t impressed, protesting that the survey was irrelevant because it didn’t show respondents either actual labels or products. “That survey,” stated the Neutrogena team, “violates every rule in the book.”

Somewhat natural?

The certification battle grew out of an original lawsuit filed in 2013. After several twists and turns, including a failed motion to dismiss, the defendants submitted a renewed motion for class certification in the summer.

The plaintiffs, led by named consumer Julie Fagen, had allegedly purchased a range of Neutrogena sunscreen products. The common thread binding the putative class together was the argument that the “naturally sourced” label claim is false and misleading. Neutrogena argued against the certification, claiming that the specific product ingredients that blocked the sun were naturally sourced and that other ingredients did not need to be natural for the labels to be true. The defendants also took a shot at the consumers’ damages model, arguing that it did not support classwide damages.

The takeaway

Surveys and damage models aside, the future of this putative class may come down to a more mundane subject: semantics. A third objection raised against the class rested on the defense’s claim that the plaintiffs, in their own testimony, claimed they wanted naturally sourced products because they thought they were safer than other products. Neutrogena’s counsel was quick to note that “natural and safe don’t mean the same thing”; given that difference, the issuance of reliance is inherently individualized, the defense contends.

The court is currently reviewing the arguments. This case illustrates the importance of class certification battles in defending false advertising consumer claims.

CARU Isn’t Toying Around With Consent!

Organization claims WhatNot solicits information from kids sans screening

OMG!!! TOYS!!!

Ryan is a really cute 7-year-old who happens to sit at the apex of an online empire.

Ryan is the star of Ryan ToysReview, a YouTube channel with 9.4 million subscribers and more than 16 billion – that’s billion – total views.

His videos feature toy reviews with an interesting spin – the reviews center on Ryan actually playing with the toys. His parents are also present, but he’s the center of the action. Predictably, the videos themselves are high-energy, colorful, quick-cut YouTube set pieces sometimes featuring cheesy special effects and even an occasional NBA player as a guest star.

The Ryan ToysReview family has expanded to include four additional review channels with more than 1.5 million additional subscribers.

With a profile like this, it’s no wonder toy companies advertise through the channel.


WhatNot Toys, a company that seeks out toys around the globe to bring back to the North American market, clearly saw the exposure that Ryan ToysReview offered and created an advertisement on the channel.

That’s where the Children’s Advertising Review Unit (CARU) comes in.

CARU, an investigative unit of the advertising industry’s system of self-regulation, ran across WhatNot’s ad in its ongoing search for sites that are not in compliance with its self-regulatory program for children’s advertising and the federal Children’s Online Privacy Protection Act (COPPA).

CARU raised a red flag about WhatNot. According to CARU, its investigators were directed by WhatNot’s Ryan ToysReview video to visit the WhatNot website to receive a free toy package. Once at the website, the user was asked to fill out a form that asked for first and last names and email and street addresses. The form stated, “Sign up today, but if you are under 13, please be sure to ask your parents for permission!”

The takeaway

CARU objected to the lack of age screening on the form. WhatNot pushed back, saying that the tagline telling kids to get parental approval was enough to remain in compliance with the relevant laws.

In its decision, CARU maintained its objection, noting that asking children to obtain consent from parents was not a recognized method under COPPA for “providing notices to parents to obtain parental consent.”

If the site is directed to a mixed audience that is not predominantly children under 13, age screening is an option under COPPA. However, it must be done in a way that does not coach children on how to get around the gate; for instance, by soliciting month, date and year of birth and blocking those users who do not qualify. Even then, the operator should simply tell the users they do not qualify to proceed rather than that they must be 13, and it should use technology to prevent reattempts, such as disabling the back button and dropping a session cookie to block the user for a reasonable period, e.g., 48 hours. However, sites that are predominantly directed to children may not age gate, and they must assume all users are under 13 and follow the notice and parental consent requirements of COPPA for children’s online services.

WhatNot answered the objection by deleting the form from its website and agreeing to follow CARU’s guidance in the future.

Orgs to FTC: Get Smart About Smartwatches

Advocacy groups urge COPPA, FTC Act review of kids’ safety accessory


The smartwatch, a wearable piece of technology that functions as a phone, a GPS tracker and an emergency alert system, promises to make a big impact on how parents interact with their kids. By tapping into Internet connectivity, smartwatches allow parents to easily and quickly contact their child, allow children to send an SOS message to their parents, and allow parents to track and find their kids.

But according to advocacy groups, the smartwatches actually pose a grave threat to their users.


Seven advocacy groups – including the Electronic Privacy Information Center, the Center for Digital Democracy and the Consumer Federation of America – are raising an alarm about the devices. The groups claim that some popular smartwatch models are hackable, while others sport features, such as an “SOS button,” that are essentially unreliable. They recently sent a letter to the Federal Trade Commission (FTC) summarizing these concerns.

The groups are basing their claims on a Norwegian Consumer Council (NCC) study on four models: Caref/Gator, TickTalk/Xplora, SETracker/Wonlex and Tinitell. After examining the products, the NCC claimed to have found serious flaws. The allegedly hackable models purportedly allowed anyone with access to the hacked phone to know where a child is, precisely when the child is separated from their parents and most vulnerable. Some functions, like the crucial SOS button, were said to be unreliable.

Moreover, the study concluded that the smartwatch sector fell short on crucial data protections for their young users. One of the smartwatch makers is reported to have used data gathered by the phone for their marketing campaigns, and another failed to encrypt the sensitive GPS locations of the young wearers. All but one of the companies are alleged to have not secured consent before saving user data. Hacked by the wrong individual, the groups maintain, smartwatches may devolve into a dangerous weapon.

The takeaway

The groups requested that the Commission launch further investigation into the smartwatch niche, particularly on possible violations of the FTC Act and the Children’s Online Privacy Protection Act (COPPA) – the federal children’s privacy law.

What’s more, they threw down the gauntlet and called out the FTC on its past performance. “We recognize that the FTC has done much to extend privacy protections for children and is also aware of the risks of Internet-connected devices,” the letter states. “But…the FTC has failed to take enforcement action in similar cases concerning the safety of children on matters that other consumer agencies have pursued effectively.”

Mattress Firm Sues Tuft & Needle for Nightmare Ad Campaign

Plaintiffs claim hair feels brittle, dull, lifeless after products prove keratin-free

Goliath, meet David

Mattress Firm, the largest mattress retailer in the United States, with 3,500 stores in 49 states, is a highly recognizable brand. Its distinctive red-and-yellow logo appears on each of its storefronts and is featured in its extensive advertising efforts, which it claims cost $300 million to support in 2017.

With online competition on the rise, Mattress Firm began to pay attention to Tuft & Needle, the second-largest “bed-in-a-box company in the United States, and noticed what it calls a nefarious campaign by Tuft & Needle to undermine its market.

Pillow talk

In a lawsuit filed in October 2017, Mattress Firm called out Tuft & Needle for allegedly making numerous false statements in ads about the retailer’s product pricing, product quality and overall honesty. At first glance, these would seem to be the charges you’d expect in a run-of-the-mill false advertising suit. But what adds interest to Mattress Firm’s claims was the underlying technology it claimed was used by its competitor to direct the ads.

Mattress Firm accused Tuft & Needle of buying up Google “AdWords.” AdWords are phrases that when searched for by a Google user yield results that drive the user to particular links. In this case, Mattress Firm alleges, Tuft & Needle purchased phrases like “mattress firm outlet” and “mattress firm reviews.” So far, Mattress Firm admitted in the complaint, so good – buying the words was not unlawful on its own.

But the links themselves featured messaging that Mattress Firm took exception to, including links tagged “Mattress Stores Are Greedy,” for instance, that then sent the user on to Tuft & Needle’s website.

The bed trick

Furthermore, Mattress Firm alleged, Tuft & Needle used the well-known Mattress Firm logo and color scheme in ads that refigured the retailer as “Mattress Goliath” and presented Tuft & Needle as a scrappy up-and-comer.

Once the consumers arrived on Tuft & Needle’s site, they were hit with messaging that Mattress Firm considers problematic, containing claims that Mattress Firm “engages in dishonest and wrongful pricing practices,” including unfair markups, misrepresented pricing and false advertising about the price structure of Mattress Firm products. According to the retailer, the bed-in-a-box upstart even attacked its materials, calling them outdated, and said that the company’s return policy penalties locked customers into a “death spiral.”

The takeaway

Mattress Firm’s suit hits Tuft & Needle with false advertising and federal trademark dilution charges under the Lanham Act, trademark dilution and unfair competition charges under Texas state law, and defamation and business disparagement. The retailer is demanding damages in the form of Tuft & Needle’s profits and the cost of the action and seeks a permanent injunction against “the false, unfair, dilutive, and disparaging advertising practices of Tuft & Needle.”

The court awaits the bed-in-a-box company’s reply.

This case illustrates that care must be taken when using competitor’s marks and in comparative advertising. A brand can expect its competitors to closely scrutinize this type of advertising and, if it crosses the line of what the law permits, to bring self-regulatory or legal claims.

Baker & Hostetler LLP publications are intended to inform our clients and other friends of the firm about current legal developments of general interest. They should not be construed as legal advice, and readers should not act upon the information contained in these publications without professional counsel. The hiring of a lawyer is an important decision that should not be based solely upon advertisements. Before you decide, ask us to send you written information about our qualifications and experience.


In The Blogs

Previous Next
Data Counsel
A Digital Advertising Primer on Preparing for the Post-Cookie World: Part Two
By Fernando A. Bohorquez Jr., Yadilsa Diaz, Gerald J. Ferguson
January 12, 2022
Part I: What Are Third-Party Cookies and Why they are Important — PART II — Privacy Laws And Third-Party Cookies Welcome to our second installment in our five-part series preparing you for the post-cookie world. In our first post, we...
Data Counsel
AdTech: Regulation, Compliance and Where We are Heading
January 10, 2022
Partners Fernando Bohorquez, Gerald Ferguson, Linda Goldstein and Jeewon Serrato, and Associate Justin Yedor served as panelists in a recent article published in the January 2022 issue of Financier Worldwide. In the article, they offer...
Data Counsel
The Impact of Data Security Incident Trends on Commercial Transactions: Part III – Vendor Agreement Resolutions for 2022
By Craig C. Carpenter, Erika Vela
January 5, 2022
As the BakerHostetler Digital Risk Advisory and Cybersecurity team wraps up the 2022 edition of annual Data Security Incident Response (DSIR) Report, we take one last look at the findings in the 2021 edition of the report to prepare our...
Data Counsel
Why Everyone Is Talking About a Rarely Invoked Rule – the FTC’s Health Breach Notification Rule
December 27, 2021
Back in September, the Federal Trade Commission (FTC) issued (by a 3-2 vote) a policy statement (the Statement) regarding the oft-forgotten Health Breach Notification Rule (the Rule). I was at the FTC when the Statement was released and...
Data Counsel
Reporting Cyberattacks: Challenges for US Government Defense Contractors
By Orga Cadet, Brian Craig
December 20, 2021
A report published by the U.S. Government Accountability Office (GAO) on Dec. 8, 2021, highlights the complexity surrounding cybersecurity compliance for the Department of Defense (DOD) and its contractors. The GAO’s report recommended...