For app developers, bringing an app to market is exciting. But it’s still important to check all of your “compliance” boxes before releasing your app to users. Marketing legal pitfalls are common and can quickly erase any revenue generated by your app.
Meeting Truth-in-Advertising Requirements
The Federal Trade Commission Act imposes several requirements on all businesses that use advertising to market their products or services: advertising must be truthful and non-deceptive; advertisers must have evidence to back up their claims; and advertisements cannot be unfair. An ad is considered “deceptive” if it contains a statement - or omits information – that is likely to mislead consumers acting reasonably under the circumstances; and is "material," which means that it is important to a consumer's decision to buy or use the product. Meanwhile, an ad or business practice is unfair if it causes or is likely to cause substantial consumer injury which a consumer could not reasonably avoid; and it is not outweighed by the benefit to consumers.
With regard to marketing apps, the FTC advises that companies must be truthful about what their app can do. The agency has also provided the following rule of thumb:
Look at your product and your advertising from the perspective of average users, not just software engineers or app experts. If you make objective claims about your app, you need solid proof to back them up before you start selling. The law calls that “competent and reliable evidence.” If you say your app provides benefits related to health, safety, or performance, you may need competent and reliable scientific evidence.
Companies must also disclose key information clearly and conspicuously. The FTC offers the following guidance for app developers regarding what it means to be “clear and conspicuous”:
That they’re big enough and clear enough that users actually notice them and understand what they say. Generally, the law doesn’t dictate a specific font or type size, but the FTC has taken action against companies that have buried important terms and conditions in long licensing agreements, in dense blocks of legal mumbo jumbo, or behind vague hyperlinks.
With respect to truth-in-advertising requirements, it’s important to get it right the first time around. Civil penalties imposed by the FTC range from thousands of dollars to millions of dollars, depending on the nature of the violation. In some cases, advertisers have been ordered to give full or partial refunds to all consumers who purchased the product.
Safeguarding User Privacy
App developers must incorporate user privacy protections into their app from the ground up. That means limiting the data you collect from users, securely storing the data you retain, and safely disposing of data you no longer need. The FTC offers the following guidelines:
- Be transparent about your data practices. Even if you need to collect or share data so your app can operate, be clear to users about your practices. Explain what information your app collects from users or their devices and what you do with their data. For example, if you share information with another company, tell your users and give them information about that company’s data practices.
- Offer choices that are easy to find and easy to use. Give your users tools that offer choices in how to use your app – like privacy settings, opt-outs, or other ways for users to control how their personal information is collected and shared. It’s good business to apply the “clear and conspicuous” standard to these choice mechanisms, too. Make it easy for people to find the tools you offer, design them so they’re simple to use, and follow through by honoring the choices users have made.
Marketing to Children
Businesses that plan to market their apps to children must also comply with the Children’s Online Privacy Protection Act (COPPA). It is important to note that COPPA not only applies to apps dedicated to children. It also applies to operators of general audience apps with “actual knowledge that they are collecting, using, or disclosing personal information from children under 13.”
Under COPPA, operators of online services directed to children under age 13 are required to provide notice and obtain parental consent before collecting items of “personal information” from children. “Personal information” includes more commonly understood information like names, email addresses, and social security numbers, as well as “persistent identifier[s] that can be used to recognize a user over time and across different Web sites or online services.” Under COPPA, operators are required to implement certain safeguards to protect children’s privacy. They include:
- Providing direct notice to parents and obtaining verifiable parental consent, with limited exceptions, before collecting personal information from children;
- Offering parents the choice of consenting to the operator’s collection and internal use of a child’s information, but prohibiting the operator from disclosing that information to third parties;
- Authorizing parents to access their child’s personal information to review and/or have the information deleted;
- Providing parents the opportunity to prevent further use or online collection of a child’s personal information; and
- Maintaining the confidentiality, security, and integrity of information they collect from children.
Given the potential for missteps, particularly for first-time entrepreneurs and new businesses, it is wise to consult with an experienced business attorney who can review your planned marketing campaign and flag any potential compliance concerns.
If you have any questions, please contact us
If you have any questions or if you would like to discuss the matter further, please contact me, Jeff Cassin, or the Scarinci Hollenbeck attorney with whom you work, at 201-806-3364.