• FTC Fines ValueClick $2.9 Million Over Ad Claims
  • April 17, 2008
  • Law Firm: Manatt, Phelps & Phillips, LLP - Los Angeles Office
  • ValueClick, Inc., the Internet advertiser, has agreed to pay a record $2.9 million fine in a settlement with the Federal Trade Commission over charges that it made deceptive claims in online ads and emails. The fine is the largest to date in a case based on the 2003 CAN-SPAM Act.

    Under the settlement announced by the agency on March 17, 2008, ValueClick must also clearly and conspicuously disclose the costs and obligations consumers must incur to receive any “free” items and is prohibited from future violations of the CAN-SPAM Act.

    The settlement also bars ValueClick from making deceptive claims about the security of the consumer data it collects, and requires that it implement and maintain a comprehensive security program, including independent third-party auditing, for 20 years.

    The settlement resolves FTC charges that ValueClick’s use of misleading commercial emails promising free gifts and its failure to disclose that consumers must spend large amounts of money to receive the “free” products violated the CAN-SPAM Act and the FTC Act.

    Specifically, the agency said that Hi-Speed Media, a ValueClick subsidiary, used deceptive emails, banner ads, and pop-ups telling consumers they were eligible for “free” gifts, including laptops, iPods, and high-value gift cards, to lure them to their Web sites. Once on the sites, consumers were forced to navigate through a morass of burdensome and expensive third-party offers—such as car loans and satellite TV subscriptions—which they were obligated to “participate in” at their own expense, in order to receive the promised “free” merchandise.

    The FTC also charged that ValueClick, Hi-Speed Media, and another ValueClick subsidiary, E-Babylon, misrepresented that their security measures for handling consumers’ financial data met industry standards. According to the FTC, the companies posted online privacy policies that assured customers their information was encrypted, when in fact they either did not encrypt the data at all or employed a nonstandard and insecure form of encryption. The agency also alleged that a number of the companies’ e-commerce Web sites were vulnerable to SQL injection, a widespread type of hacker attack, in contrast to the companies’ pledges that they employed reasonable security measures.

    The ValueClick case is the FTC’s third involving the use of misleading offers of “free” products by Internet-based “lead generation” companies, and its 18th case involving the data security practices of a company handling sensitive consumer information.