As we cautioned in a September post, the FTC is stepping up enforcement actions against mobile app developers for failure to comply with consumer protection principles. This month, the FTC took another major step in that direction with a groundbreaking settlement applying the Fair Credit Reporting Act (FCRA) to app developers Filquarian Publishing, LLC, Choice Level, LLC, and Joshua Linsk.
The FCRA is a consumer protection statute designed to regulate the collection, dissemination, and use by companies of consumer information. Filquarian markets mobile apps that run background checks using criminal records obtained from Choice Level, and Linsk is the owner and sole officer of both companies.
Although this was the first time that the FTC has applied the FCRA to a mobile app developer, the prospect has been on the horizon for quite some time. Last February, the Commission issued a press release announcing that it had issued official warning letters to marketers of six mobile apps for background screening. The warnings were explicit: “If you have reason to believe that your background reports are being used for employment or other FCRA purposes,” both you and those customers must comply with the FCRA. Additionally, the FTC posted a “Word of Warning” on its Business Center Blog, informing the public about the warning letters and cautioning app marketers that “disclaimers or not, the FCRA would still apply.”
According to the FTC, Linsk and his companies failed to heed these conspicuous warnings. As detailed in the FTC complaint, since at least 2010, Filquarian had been specifically targeting employers with ads like this one: “Are you hiring somebody and wanting to quickly find out if they have a record? Then Texas Criminal Record Search is the perfect application for you.” Instead of attempting to comply with the FCRA, the FTC’s complaint said, Filquarian and Choice Level posted a disclaimer stating that the companies were not complaint with the FCRA, that their reports were not to be considered screening products for the various FCRA-proscribed purposes, and that the users of their reports assume sole responsibility for FCRA compliance.
The complaint against them cited numerous FCRA violations: (i) regularly furnishing reports to individuals who did not have a permissible purpose to use them, (ii) failing to maintain any procedures for assuring maximum possible accuracy of information provided in the reports, and (iii) failing to provide required notices to users of the consumer reports. The agency concluded that the disclaimers were not enough to absolve the company of FCRA liability, especially when the disclaimer directly contradicts express representations in the company’s advertisements.
Again, we urge all mobile app developers to be aware of the following principles to reduce the likelihood of an FTC enforcement action: (i) an app is no different from an Internet website, which is no different from a print ad, (ii) you’d be smart to pay attention to the FTC’s warnings to other companies and their enforcement actions, and (iii) disclaimers are important but often they simply aren’t enough to avoid liability. Also, the FTC has definitely shown that it will use its broad statutory authority and apply existing laws and regulations – including the 1970s -era FCRA — to mobile apps and other online offerings.