September 19, 2021

Volume XI, Number 262

Advertisement

September 17, 2021

Subscribe to Latest Legal News and Analysis

September 16, 2021

Subscribe to Latest Legal News and Analysis
Advertisement

Now Playing at the FTC: MoviePass Data Security Case and ROSCA Settlement

This week, the FTC voted 3–1 to accept a settlement agreement with MoviePass, Inc., its parent company, and two of the now-defunct company’s former employees, after allegations of data security issues and deceptive trade practices. The Commission brought an enforcement action against MoviePass pursuant to the FTC Act and the Restore Online Shoppers’ Confidence Act (“ROSCA”), the latter of which requires disclosure of all material terms, a consumer’s informed consent, and a simple mechanism to stop recurring charges when marketing negative option services.

MoviePass offered a subscription service that allowed consumers to see unlimited movies in theatres for a monthly fee. However, according to the FTC’s complaint, this business model proved unsuccessful, and, once this became apparent to MoviePass, the company implemented at least three strategies to make it more difficult for consumers to actually see movies:

  1. Invalidated passwords of the 75,000 heaviest users for false reasons, requiring them to undergo a complicated password reset process before they could use their subscription.

  2. Implemented a convoluted “ticket verification system,” requiring subscribers to submit pictures of their movie tickets within a certain time period.

  3. Set secret caps on the number of movies subscribers could attend.

Unfortunately, for subscribers to MoviePass, this settlement is not the end of the story. The FTC’s complaint alleges that significant personal information—including name, gender, billing address, and credit card information—was exposed for four months in 2019. Indeed, the information was stored such that it was “accessible to any parties with an internet connection.”

The FTC also alleged that MoviePass failed to disclose all the material terms when it did not tell consumers that it implemented strategies to make it more difficult to use their subscriptions. And, because those material terms were not disclosed, MoviePass failed to obtain consumers’ informed consent.

Commissioner Noah Phillips voted against the case, arguing in his dissenting statement against the FTC’s application of ROSCA to MoviePass, calling it a “novel” theory of liability. The Commissioner’s primary argument is that ROSCA is concerned with the negative option terms and transaction itself, rather than the underlying product or service. Commissioner Wilson’s concurring statement in support of the case offers a different view, quoting from the full ROSCA section to argue that this enforcement action is within the plain language of the law.

Both Commissioners also reference the Supreme Court’s recent decision in AMG Capital Mgmt., LLC v. F.T.C., which ruled that the FTC lacks authority to seek equitable relief under section 13(b) of the FTC Act. Whereas Commissioner Phillips seems to take AMG as a warning to limit FTC authority, Commissioner Wilson says that this ROSCA enforcement action “will serve as notice to the market, and future violations of this type may well warrant civil penalties,” perhaps viewing ROSCA as a partial substitute for authority lost at the Supreme Court.

Despite the ink spilled by Commissioners Phillips and Wilson, the FTC in general, and this blog, the settlement requires no fines, fees, or damages. Instead, it prohibits MoviePass from making certain misleading statements in the future and provides for additional reporting requirements and FTC oversight for future business ventures.

Copyright © 2021, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume XI, Number 159
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Phyllis H. Marcus Partner Consumer Products Food Industry Retail Practices
Partner

With 17 years of experience at the FTC, Phyllis brings a unique advertising and children’s privacy vantage point to our clients.

Phyllis heads the firm’s advertising counseling practice, and focuses on all aspects of advertising, from the initial development of a claim to its ultimate defense in the marketplace. Phyllis’s practice includes claim creation and substantiation, pre-acquisition due diligence, dissemination in traditional and digital media, and both offensive and defensive competitor challenges. She also counsels clients on the intricacies of compliance with the Children’...

202-955-1810
Advertisement
Advertisement
Advertisement