FTC Reaches Settlement with NGL Labs Over Children’s Privacy & AI

On July 9, 2024, the FTC and California Attorney General settled a case against NGL Labs (“NGL”) and two of its co-founders. NGL Labs’ app, “NGL: ask me anything,” allows users to receive anonymous messages from their friends and social media followers. The complaint alleged violations of the FTC Act, the Restore Online Shoppers’ Confidence Act (ROSCA), the Children’s Online Privacy Protection Act (COPPA), and California laws prohibiting deceptive advertising and prohibiting unfair and deceptive business practices.

FTC Act & California Law Violations. The complaint alleged that once a user posted a prompt inviting anonymous messages, they would receive automated messages that appeared to come from their contacts, but in reality, came from NGL itself. The complaint also alleged that the company encouraged users to purchase NGL Pro (a paid version of the app) to learn the identity of the people who sent them anonymous messages, but that once consumers upgraded to NGL Pro, they did not actually learn the senders’ identities. Instead, the complaint alleged that they were sent vague, and sometimes false, hints about the senders’ identities, such as the city the sender may live in or the time the message was sent.

The complaint also alleged that NGL claimed to use “world class AI content moderation” to filter out harmful language and bullying, including by recognizing inappropriate use of emojis. In reality, however, the company was purportedly aware that harmful language and bullying were commonplace on the app and its technology did not filter out such behavior.

COPPA Violations. The FTC alleged that NGL obtained actual knowledge of the age of users under 13 through complaints from parents of children who use the app. NGL allegedly retained the information of users under 13 after such complaints without providing required notices or obtaining consent. Notably, the complaint also alleged that the company was aware that numerous children used the app, however, constructive knowledge is insufficient to establish liability under COPPA.

ROSCA Violations. NGL allegedly (1) failed to clearly disclose that the NGL Pro subscription would charge users on a recurring basis, by disclosing this fact only in small, off-white text that “pro renews for $ 9.99/week;” and (2) misrepresented what customers would receive by subscribing (i.e., by misleading consumers into thinking they could learn who sent them messages by subscribing). NGL also allegedly failed to obtain users’ express informed consent before charging their financial accounts.

Ordered Relief. The order prohibits the company from misrepresenting the capabilities of its AI technology, including its ability to filter out cyberbullying. The company also may not misrepresent that any message received through their app was sent by a live person or that a user will be able to see the identity of those who send them messages.

Even though COPPA’s requirements apply to users under the age of 13 and there is no requirement to age gate, the order requires as fencing-in relief that NGL implement a neutral age gate that will prevent those under 18 from accessing the app. For existing users, NGL must delete personal information unless the user indicates they are over 13 or NGL obtains parental consent to retain the data.

Additionally, the order incorporates a variety of requirements that the FTC has proposed in the proposed revised Negative Option Rule. For example, the company is prohibited from misrepresenting any material fact related to the transaction, including any fact related to the underlying good or service. As in the proposed Negative Option Rule, the order also requires that NGL disclose all material facts related to the Negative Option Feature immediately adjacent to the means of recording the customer’s consent – with the exception of cancellation instructions, which need not be immediately adjacent. NGL also must obtain express informed consent to the Negative Option Feature separately from any other portion of the transaction, through a check box or substantially similar method. The order also incorporates cancellation requirements, such as that cancellation must be available in the same medium as sign-up, even though the complaint does not allege a violation of ROSCA’s cancellation provision. Furthermore, the company must provide users a confirmation email of the purchase, as well as reminders as to the frequency and amount of the charge and how they may cancel.

Finally, the company must pay $ 4.5 million to the FTC and $ 500,000 in civil penalties to the state of California.

LexBlog

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.