Newsletter

FTC Pushing to Hold Companies Liable for Third Parties’ Activities

October 2019

Privacy in Focus®

Recent Federal Trade Commission (FTC) enforcement actions and public statements have shown a renewed focus on trying to hold companies – including technology platforms and other companies dealing with consumer data – accountable for the activities of third parties. In a range of circumstances, the FTC has sought to place the onus on companies to police the conduct of companies that use their platform or with which they do business. This has particular relevance for companies that handle large amounts of consumer data and/or provide platforms that allow for user-generated content. The current Commission has already demonstrated its heightened expectations of companies’ third-party monitoring obligations.

The FTC’s recent settlement with YouTube clearly demonstrated its commitment to shift compliance obligations to platforms. That settlement requires the service to modify its technology platform to allow greater monitoring of third parties’ COPPA compliance – beyond that required by law. The FTC’s COPPA Rule requires certain online operators to obtain parental consent and take other steps if their services are directed to children under the age of 13. The FTC order requires the platform to implement a system for third parties to designate whether their service is directed to children – as the Chairman and Commissioner Wilson describe it in their joint statement, “the first and only mandated requirement on a platform or third party to seek actual knowledge of whether content is child-directed.” That monitoring system is not required by COPPA, and indeed the Chairman’s statement pointedly notes that “this relief will change YouTube’s business model going forward.” Moreover, Commissioner Slaughter dissented from the settlement on the theory that the order should have imposed greater burdens on the platform to monitor third parties for COPPA compliance. 

In other circumstances, the FTC has suggested that it will look “up the chain” at platforms to determine if they should be held liable for misconduct by others. For example, testifying at a September 25 hearing before the U.S. House Subcommittee on Financial Services and General Government, Commissioner Chopra suggested that in investigating fraud, the Commission should look at payment facilitators and companies providing the infrastructure for wrongdoing. This kind of scrutiny could be based on an “unfairness” theory, which requires showing that the practice caused or was likely to cause substantial injury to consumers that could not be reasonably avoided, and that was not outweighed by countervailing benefits to consumers or competition. One recent example of this theory is a complaint filing against Match Group, which includes an allegation that the company “exposed” consumers to a risk of fraud from scammers on the company’s dating website, which the Commission alleged to be unfair.

And outside of platforms, the FTC has scrutinized companies that obtain consumer data from third parties through allegedly unlawful means. In August, for example, the FTC settled a case with Career Education Corporation, an operator of for-profit schools, alleging that it was responsible for a significant number of unwanted telemarketing calls. Additionally, the FTC alleged that the company was responsible for deceiving consumers when its customer lead generators – who were vendors that it paid for customer referrals – allegedly made deceptive statements to consumers in the course of obtaining their information. The complaint alleged that it knew deceptive conduct was ongoing, but continued to accept consumer leads from the companies. In a recent article, the Director of the Bureau of Consumer Protection, Andrew Smith, stated his view that companies should adhere to higher standards when dealing with customer data they obtain from third parties – reasoning that could be extended outside this case-specific context. He highlighted due diligence obligations, contractual compliance standards, audit rights, monitoring, and even requirements that vendors monitor their subcontractors – “fourth parties” – for violations. 

The current Commission continues to be aggressive on enforcement priorities, and the support for all of the legal theories above was unanimous. Companies should pay close attention to their interactions with third parties that may invite scrutiny from the FTC, and recognize that this Commission’s expectations are increasing. 

© 2019 Wiley Rein LLP

Read Time: 4 min
Jump to top of page

Wiley Rein LLP Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek