On January 7, the Federal Trade Commission (“FTC”) reached a proposed settlement with Tapjoy, a California-based company that operates an advertising platform within mobile gaming applications.  According to its complaint, the FTC alleges that Tapjoy deceived consumers by failing to provide in-game rewards it promised for completing actions associated with third-party advertisements.

Tapjoy’s platform offers virtual currency to consumers for completing various activities, which include purchasing in-game items, watching videos, and completing surveys.  Consumers can then spend the currency on in-app content from publishers.  Consumers frequently incur charges or divulge personal information, including contact information and sensitive health information, to the third-party advertisers through this system.

The FTC’s complaint alleges that Tapjoy deceived consumers about the rewards they could earn for completing the advertising offers.  The company received hundreds of thousands of complaints from consumers who said they never obtained their promised rewards despite having completed the required actions.  Tapjoy was allegedly aware as far back as July 2016 that “too many users [were] simply not getting rewarded.”  Moreover, many users allegedly discovered that the information they divulged was sold by Tapjoy’s advertisers to third-party marketers.  This deceptive conduct allegedly violates Section 5 of the FTC Act, which prohibits “unfair or deceptive acts or practices in or affecting commerce.”

The FTC further alleges that the company did not take adequate steps to address the problems or stop making deceptive claims.  Instead, Tapjoy adopted policies to actively discourage customer service inquiries, including prohibiting consumers from submitting a complaint within 24 hours of completing an offer.  Tapjoy also failed to respond to many customers who were able to submit a complaint.

The proposed consent order prohibits Tapjoy from misrepresenting the rewards it offers and requires the company clearly and conspicuously display the terms under which consumers can receive them.  Additionally, Tapjoy must specify to consumers that the third-party advertisers are the ones that determine if rewards should be issued.  And it must monitor its advertisers to ensure they actually deliver the promised rewards.

Tapjoy is also required to provide an easy-to-use method by which consumers can submit support requests and promptly investigate any complaints it receives.  If Tapjoy learns through an investigation that an advertiser has committed fraud or that there is a pattern of failures with the delivery of rewards, Tapjoy must cease doing business with that advertiser.

Finally, Tapjoy is subject to compliance and recordkeeping obligations for a period of 10 years.

The FTC voted 5-0 to issue the proposed administrative complaint and accept the consent agreement.  The agreement is subject to public comment for 30 days following publication in the Federal Register, after which the Commission will decide whether to make the proposed consent order final.

Commissioners Rohit Chopra and Rebecca Kelly Slaughter issued a joint statement discussing the current scrutiny of the mobile gaming industry and the potential downstream harms to consumers.  Notably, they emphasized the importance of holding “middlemen” like Tapjoy liable for practices that can harm consumers and developers.

More information on Tapjoy’s settlement with the FTC can be found here.

Photo of Laura Kim Laura Kim

Laura Kim draws upon her experience in senior positions at the Federal Trade Commission to advise clients across industries on complex advertising, privacy, and data security matters. She provides practical compliance advice and represents clients in FTC and State AG investigations. Ms. Kim…

Laura Kim draws upon her experience in senior positions at the Federal Trade Commission to advise clients across industries on complex advertising, privacy, and data security matters. She provides practical compliance advice and represents clients in FTC and State AG investigations. Ms. Kim advises on a wide range of consumer protection issues, including green claims, influencers, native advertising, claim substantiation, Made in USA claims, children’s privacy, subscription auto-renewal marketing, and other digital advertising matters. In addition, Ms. Kim actively practices before the NAD, including recent successful resolution of matters for both challengers and advertisers. She co-chairs Covington’s Advertising and Consumer Protection Practice Group and participates in the firm’s Internet of Things Initiative.

Ms. Kim re-joined Covington after a twelve-year tenure at the FTC, where she served as Assistant Director in two divisions of the Bureau of Consumer Protection, as well as Chief of Staff in the Bureau of Consumer Protection and Attorney Advisor to former Chairman William E. Kovacic. She worked on key FTC Rules and Guides such as the Green Guides, Jewelry Guides, and the Telemarketing Sales Rule. She supervised these and other rule making proceedings and oversaw dozens of the Commission’s investigations and enforcement actions involving compliance with these rules. Ms. Kim also supervised compliance monitoring for companies under federal court or Commission order.

Ms. Kim also served as Deputy Chief Enforcement Officer at the U.S. Department of Education, where she helped establish a new Enforcement Office within Federal Student Aid. In this role, she managed investigations of higher education institutions and oversaw issuance of fines and adverse actions for institutions in violation of federal student aid regulations. Ms. Kim also supervised the borrower defense to repayment division and the Clery campus safety and security division.

Photo of Lindsey Tonsager Lindsey Tonsager

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection…

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection laws, and regularly represents clients in responding to investigations and enforcement actions involving their privacy and information security practices.

Lindsey’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of artificial intelligence, data processing for connected devices, biometrics, online advertising, endorsements and testimonials in advertising and social media, the collection of personal information from children and students online, e-mail marketing, disclosures of video viewing information, and new technologies.

Lindsey also assesses privacy and data security risks in complex corporate transactions where personal data is a critical asset or data processing risks are otherwise material. In light of a dynamic regulatory environment where new state, federal, and international data protection laws are always on the horizon and enforcement priorities are shifting, she focuses on designing risk-based, global privacy programs for clients that can keep pace with evolving legal requirements and efficiently leverage the clients’ existing privacy policies and practices. She conducts data protection assessments to benchmark against legal requirements and industry trends and proposes practical risk mitigation measures.

Photo of Andrew Longhi Andrew Longhi

Andrew Longhi is an associate in the firm’s Washington, DC office and a member of the Data Privacy and Cybersecurity and Technology and Communications Regulation Practice Groups.

Andrew advises clients on a broad range of privacy and cybersecurity issues, including compliance obligations, commercial…

Andrew Longhi is an associate in the firm’s Washington, DC office and a member of the Data Privacy and Cybersecurity and Technology and Communications Regulation Practice Groups.

Andrew advises clients on a broad range of privacy and cybersecurity issues, including compliance obligations, commercial transactions involving personal information and cybersecurity risk, and responses to regulatory inquiries.

Andrew is Admitted to the Bar under DC App. R. 46-A (Emergency Examination Waiver); Practice Supervised by DC Bar members.