We think of the Federal Trade Commission (FTC) as an anti-deception agency, and it is just that. The vast majority of its cases are brought against deception or fraud. By statute, however, the FTC also is empowered to prevent “unfairness.” As interpreted by the FTC, a business act or practice is unfair if it: (a) causes substantial consumer injury that is (b) not “reasonably avoidable” and (c) not outweighed by any benefit to consumers or competition.
The FTC’s unfairness authority comes in handy when a practice, while not deceptive, may still be harmful, or when it feels it may not be able to make a deception charge stick. For example, while a pure omission of material information can be deceptive, it may not be as easy to prove under a deception theory as an affirmative misrepresentation. In those instances, if the FTC is confident it can meet its three-pronged unfairness test, then it will not hesitate to proceed under that authority.
The FTC has found it to be particularly handy to rely on this authority as it tries to get a handle on allegedly “unfair” business practices in the mobile market. Recently, exercising its unfairness jurisdiction, it scored two victories: one a settlement and the other a significant court decision upholding application of the unfairness doctrine to the digital world.
The settlement, with General Workings, d.b.a. Vulcun, resolved charges that the company had installed software on browsers without adequate user notice or consent. The software allowed Vulcun to forcibly install apps on mobile devices that, among other things, could have provided it with access to private, sensitive information stored on the devices. The FTC alleged that these furtive app installations were unfair because they caused unavoidable consumer injury that was not outweighed by countervailing consumer or competitive benefits.
In a much more high-profile use of its unfairness authority, the FTC won a major court ruling against Amazon, obtaining summary judgment against its facilitation of real money in-app purchases of virtual goods and currency by kids without the knowledge and okay of their parents. The case was one of three the FTC brought against Amazon, Apple, and Google, seeking to extend case law upholding application of the FTC’s unfairness standard to unauthorized purchases to mobile transactions. Apple and Google settled, agreeing to implement systems to ensure kids could not make in-app purchases without their parents’ consent, and to pay $32.5 million and $19 million, respectively, in consumer redress.
Amazon operates an app store in which customers can download apps to use on Android mobile devices or Kindle Fire tablets. Many of the kids’ apps come with an option to buy virtual items. Charges, sometimes as much as $99.99, are billed to the account holder’s credit card. Amazon started charging for “in-app purchases” (IAPs) in 2011 and retains 30 percent of the revenue from every in-app sale.
The FTC alleged, and the court found, that many customers did not understand in-app purchases, and that children were able to make unlimited in-app purchases without Amazon requiring entry of a password or other action to obtain the account holder’s consent. Only if a customer had previously enabled parental controls would the IAP require a password.
App descriptions stated a download price that was either “FREE” or a set amount, but did not disclose the existence of in-app charges. After Amazon began receiving complaints from parents about unauthorized charges incurred by their children, it initiated an account password prompt, but only for in-app charges of $20 or more, or when a second IAP purchase attempt was made within five minutes of the first one. However, consumers were not told that by entering their password, they unwittingly opened a 60-minute window in which children could place charges with no further authorization. Eventually, as complaints continued to roll in and Amazon became aware that the FTC was investigating it, it began to more clearly disclose the existence of in-app charges and added a password requirement for all first-time IAPs and an option to require a password for all future ones.
As of the date of the court’s decision, Amazon had refined its system to the point where only in-app purchases of $1 or less could be made without authorization via entry of a password. This was too little too late, though, for the court, which found that given “the design of the Appstore and procedures around in-app purchases [up to that time], it is reasonable to conclude that many customers were never aware that they had made an in-app purchase.”
The court still had to decide, though, whether Amazon’s in-app purchase procedures were “unfair.” Amazon argued that the FTC’s three-part test was a “necessary but not sufficient prerequisite for unfairness,” and that additional requirements, such as “unscrupulous or unethical behavior,” also should apply. It had no authority, however, to override a number of appellate decisions that have enforced the standard.
The court concluded that all three elements of the standard were met. It had no trouble finding substantial injury, noting that billing customers without permission has been repeatedly held to cause actionable injury under the FTC Act. Further, while the average amount of individual injury was not necessarily great, thousands of consumers had been affected, and the court applied well-established authority that substantial injury can arise from “small harm to a large number of people.” It rejected Amazon’s argument that there hadn’t been injury because of its liberal refund policy, since not all in-app purchasers had received refunds. Further, it noted that “harm need not be monetary to qualify as injury,” and the time spent pursuing refunds constituted additional injury to Amazon’s customers.
The court also found the injury was not reasonably avoidable since Amazon’s opaque system of in-app purchases had prevented a “free and informed choice” to avoid it. Amazon contended its customers could have avoided damages by activating parental controls and that a reasonable consumer would preemptively “identify and sidestep a potential injury.” The court was not persuaded, for several reasons:
“It is unreasonable to expect customers to be familiar with the potential to accrue in-app purchases while using apps labeled as ‘FREE’ … Amazon cites to a case determining that a ‘reasonable Amazon customer is accustomed to online shopping,’ but online shopping and spending real currency while obtaining virtual items in a game are completely different user activities … while entering a password linking her Amazon account to a new device, a reasonable consumer unaware of the possibility of in-app purchases would not assume she was authorizing unforeseen charges. Nor would a reasonable consumer have seen any connection between IAPs and parental controls until Amazon changed its Appstore interface … until Amazon began to introduce password prompts for in-app purchases … no affirmativeassent to the charges was required … and the password prompts introduced, asking customers to ‘confirm in-app purchase,’ did not make it clear that a single password entry served to authorize multiple IAPs within a certain timeframe …”
Finally, the court found no countervailing benefit to consumers or competition from Amazon’s failure to require a password to place in-app charges. The court rejected Amazon’s claim of a benefit from consumers’ preference for a “seamless, efficient mobile experience” and from innovation, stating that a streamlined experience, even if a benefit, “is not incompatible with the practice of affirmatively seeking a customer’s authorized consent to a charge,” and that there was no evidence to show harm to innovation.
Finding that Amazon’s system of in-app purchases constituted an “unfair” practice under the FTC Act, the court held that Amazon was liable for the unauthorized charges and invited briefing to calculate the amount of restitution it would owe. It declined the FTC’s request for a permanent injunction, however, since Amazon ultimately brought the system into compliance and there was little risk of a recurring violation. In this sense, Amazon’s decision to litigate rather than settle and agree to an injunction, as Apple and Google had done, paid off. And Amazon certainly could afford the legal fees it incurred in forcing the FTC to prove its case.
The FTC’s unfairness authority is a valuable and essential weapon in its arsenal for protecting consumers from harmful but not necessarily deceptive practices in the mobile world, whether it be unwanted app installations, unauthorized charges for in-app purchases, misuse of personal data, or something else. The Amazon decision extends to the digital realm a long line of FTC cases establishing that the imposition of unauthorized charges is “unfair.” As FTC Chairwoman Edith Ramirez remarked in her statement accompanying the Apple settlement: “This basic tenet applies regardless of the technology or platform used to bill consumers and regardless of whether a company engages in deliberate fraud. Indeed, there is nothing in the unfairness authority we have been granted … to suggest that our power is in any way constrained or should be applied differently depending on the technology or platform at issue.”
The Amazon case no doubt has put wind in the FTC’s sails and will embolden it to keep aggressively utilizing its statutory authority to combat what it sees as consumer unfairness in internet and mobile commerce.