ValueClick's $2.9 Million Settlement for Misleading Ads and Data Security Failures
In a significant move, the Federal Trade Commission (“FTC”) has reached a $2.9 million settlement with ValueClick, Inc., a major online advertising company, over allegations of deceptive advertising practices and inadequate data security. This settlement is a clear message to businesses about the importance of transparency, honesty, and security when dealing with consumers online.
The case centers around ValueClick’s subsidiary, Hi-Speed Media, and its misleading advertising strategies. Through a combination of deceptive emails, banner ads, and pop-ups, the company promoted offers of “free” gifts, such as high-end electronics like plasma TVs and iPods. The emails falsely claimed that consumers could receive these items by completing surveys or signing up for various offers. However, the reality was far different. Consumers were led through a series of expensive third-party offers that they had to “participate in” to receive the so-called “free” merchandise, including signing up for costly car loans or satellite TV subscriptions.
The FTC found that these deceptive marketing practices violated the CAN-SPAM Act, which requires businesses to provide accurate information and a clear opportunity to opt out of future communications. Consumers were misled into thinking they were getting something for nothing, only to discover they had to spend considerable amounts of money to qualify for the so-called free gifts. This failure to disclose the true costs of these “free” offers constituted a direct violation of federal law.
In addition to the misleading advertising claims, the settlement also addresses significant security issues. The FTC charged that ValueClick and its subsidiaries misrepresented their ability to protect sensitive consumer data. Despite claims that they encrypted personal information, the companies either failed to use encryption or employed insecure methods, leaving consumer data vulnerable to potential breaches. This failure to secure financial information, coupled with the companies’ vulnerability to SQL injection attacks, highlighted a serious lapse in the companies’ data protection practices, contrary to industry standards.
As part of the settlement, ValueClick, Hi-Speed Media, and E-Babylon agreed to pay the $2.9 million civil penalty, marking the largest settlement in a case under the CAN-SPAM Act at the time. The settlement also includes stringent requirements for the companies to disclose clearly and conspicuously the costs and obligations consumers must incur to qualify for “free” offers. They are now required to provide a full list of obligations such as credit card applications, product purchases, or taking out loans, making it clear that these “free” gifts are far from free.
Furthermore, the settlement mandates that the companies implement a comprehensive data security program, which includes obtaining independent third-party assessments of their security practices for the next two decades. This requirement serves as a warning to other businesses about the importance of safeguarding consumer information and maintaining transparency in their marketing and advertising efforts.
This case underscores the growing concerns around deceptive online marketing and the importance of consumer protection. As digital advertising continues to evolve, companies must be transparent about the true costs of their offers and ensure that the personal information they collect from consumers is adequately protected. The settlement not only serves as a financial penalty for ValueClick but also sets a precedent for stricter compliance with advertising laws and data security regulations.
If you would like to read more about this case and others, visit our Case Studies Library.
© 2008 Cliclaw.com
(Image Credit: iStock Photo)
This article is for information purposes only. It is not intended to be and should not be relied on as legal advice for any particular matter.