Skip to main content
SpringerLink
Log in

When Should “Consumers-as-Producers” Have to Comply With Consumer Protection Laws?

  • Original Paper
  • Published:
Journal of Consumer Policy Aims and scope Submit manuscript

Abstract

Since the 1960s, consumer protection law has been built on the contrast between large “producers” and small “consumers.” Today, instead, an ordinary consumer owns what can accurately be called a “personal mainframe”—a home computer whose processing power matches an IBM mainframe from about 10 Years ago. Equipped with a personal mainframe—an Information-Age factory—ordinary “consumers” at home are increasingly also becoming “producers.” As unregulated consumers become regulated producers, a major legal question is whether and when the individual should have to comply with consumer protection laws. The discussion here selects four examples of US legal rules that might apply to consumers-as-producers, with recommendations spanning the range of possibilities: (1) consumer privacy legislation: creating a threshold, with no compliance required for databases of fewer than 5,000 names, is recommended; (2) advertising substantiation: concerning the requirement that advertisers have a “reasonable basis” for their claims, applying current law to small advertisers is recommended; (3) spam: current law does not create a threshold for those who send a few commercial emails, but such a threshold is worth considering; (4) political blogging: the author agrees with the US Federal Election Commission decision to create a major exemption from campaign finance laws for online political advocacy, even for large blogs or websites. The common theme among these recommendations is to describe the sort of harm that existing law seeks to reduce. The approach here next looks at how the use of personal mainframes affects creation of those harms. Where the sorts of harm are likely to be created by consumers-as-producers, the analysis tilts towards requiring compliance. Where the sorts of harms are unlikely to be caused by consumers-as-producers, then the case for an exception is stronger.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

Notes

  1. Swire (1998, 2003, 2005, 2006, 2008). See also National Consumers League (2006). The author served as “reporter” for that document.

  2. For a discussion of such cognitive biases, see Garvin (2005).

  3. Hearing on “Privacy in the Commercial World II” Before the Subcomm. on Commerce, Trade, and Consumer Protection of the H. Comm. on Energy and Commerce, 109 Cong. 30 (2006) [hereinafter Hearings] (testimony of Peter P. Swire, William O’Neill Professor of Law, Moritz College of Law).

  4. Id.

  5. Id.

  6. Swire (2003) pp 859–871. In brief, self-regulation in the 1990s speeded the adoption of good practices by most E-Commerce sites. The credible threat of legislation during that period pushed industry to make relatively rapid progress. Once the threat of legislation receded, however, the pace of improvement slowed. In addition, lessons learned from other privacy laws passed in the 1990s now form a solid foundation for workable general privacy legislation.

  7. The author has explained previously reasons why the degree of privacy invasion is much greater for large databases than for the sorts of small, unaggregated “databases” that the teenage lawn-cutter would create. Swire (2005).

  8. An example of speedy repeal was a strict medical privacy law in Maine that prevented flowers from being delivered to patients in the hospital. The problem for florists was that they needed prior patient consent to learn the number of the hospital room, but the patients were usually receiving the flowers as a gift and so had not given prior consent. See Goldstein (1999).

  9. Council Directive 95/46 art. 3 EC OJ [1995] L281/31.

  10. Swire and Litan (1998). Under the US Sentencing Guidelines, an upward departure may be appropriate when a corporation has demonstrated a pattern of illegal conducts. US Sentencing Guidelines Manual §8C2.8 comment. n. 5 (2005). Under Sarbanes-Oxley, there is heightened pressure for public companies to have accurate and lawful systems in place. See, e.g., 15 U.S.C. §7241(a) (2007) (requiring corporate officers to personally certify financial reports based upon the officer’s own knowledge).

  11. The first public mention of this approach was apparently in the testimony of Microsoft Senior Attorney Michael Hintze before the House Energy & Commerce. Data Security: The Discussion Draft of Data Protection Legislation before the Subcommittee On Commerce, Trade, and Consumer Protection, 108th Congress (2005): http://www.microsoft.com/presspass/exec/hintze/07-28-05DataSecurity.mspx (statement of Michael Hintze, Senior Attorney, Microsoft Corporation).The 5,000-individual approach was suggested in connection with proposed federal legislation to require producers to notify consumers in the event of a data breach. The concerns about a threshold for data breach legislation are very similar to those for privacy legislation. For instance, if a friend loses a PDA, laptop, or other device holding contacts information, should that person be legally required to send you formal written notice of the loss? It may be polite to do so (if the friend has a kept a backup and so knows whom to contact). The author’s own sense is that it would be overbroad to require individuals that have a modest number of business contacts to be covered by federal legislation. A data breach bill with a threshold of 10,000 individuals has been passed by the Senate Judiciary Committee. S. 495 § 301, 110th Congress, First Session.

  12. Title VII of the Civil Rights Act defines “employer” as “a person engaged in an industry affecting commerce who has fifteen or more employees for each working day in each of twenty or more calendar weeks in the current or preceding calendar year, and any agent of such a person.” 42 U.S.C. §2000(e) (2007). Similarly, the Age Discrimination in Employment Act sets the threshold at twenty employees. 29 U.S.C. §630 (b) (2007).

  13. The Do Not Call registry does not have an exception for small business. Telemarketing Sales Rule, 16 C.F.R. §310.4 (b)(1)(iii)(B) (2007). The Junk Fax Prevention Act of 2005, 47 U.S.C.S. §227(b)(2)(D)(iv)(II), authorized the Federal Communications Commission to create a small-business exception. Based on its finding that compliance would not be burdensome for small businesses, the Federal Communications Commission declined to create such an exception. Federal Register, 71, 29,577 (May 3, 2006).

  14. FTC Policy Statement Regarding Advertising Substantiation: www.ftc.gov/bcp/guides/ad3subst.htm.

  15. Id.

  16. Id., citing to 15 U.S.C. § 5.

  17. Id.

  18. Federal Trade Commission, Guides Concerning Use of Endorsements and Testimonials in Advertising, 16 C.F.R. Part 255.

  19. A 2006 speech by an FTC official said that the Endorsement Guidelines apply to word-of-mouth advertising. In particular, word-of-mouth advertisers should disclose “a connection between a seller and an endorser that might materially affect the weight or credibility of the endorsement.” Engle (2006); see Carl (2006).

  20. “The FTC concentrates on national advertising and usually refers local matters to state, county, or city agencies.” Federal Trade Commission. Advertising Practices: Frequently Asked Questions. Answers for Small Business, 7: http://www.ftc.gov/bcp/conline/pubs/buspubs/ad-faqs.pdf.

  21. Id. at 5 (emphasis in the original).

  22. “The FTC concentrates on cases that could affect consumers’ health or safety (for example, deceptive health claims for foods or over-the-counter drugs).” Federal Trade Commission, supra note 19.

  23. E.g., interview with Diana Bixler, former FTC attorney, Jan. 30, 2007.

  24. One alternative would be to create an exception so that small businesses do not need to create studies or other prior substantiation. Under this approach, for small companies, there could be a “reasonable basis” for a claim if there is a good-faith belief in its truthfulness. Under such an approach, the intentional swindler could still be punished. The false claim about breast cancer, for instance, might be punished under a criminal fraud statute or under civil statutes if there is a reckless or intentional misstatement. This alternative would free the consumer-as-producer from the need to substantiate in advance the “reasonable basis” for the claim. The alternative approach, however, would create an enforcement challenge because enforcement agencies would then have to prove a heightened mens rea in the case of an unsubstantiated advertisement.

  25. Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM), 15 U.S.C. §7701 et seq.

  26. CAN-SPAM, supra note 25. § 5.

  27. CAN-SPAM, supra note 25. § 5.

  28. CAN-SPAM, supra note 25. § 3(2), 15 U.S.C. § 7702.

  29. CAN-SPAM, supra note 25. § 4(a), 15 U.S.C. § 7703.

  30. In 2005 and 2006, the author served on an advisory board to Blue Security. The company had innovative software that enabled each user to send one opt-out message to the web site selling the product advertised in the spam email (that is, the software made it easy for the user to exercise the opt-out right in CAN-SPAM). The volume of legitimate opt-outs created large traffic on the web sites. To reduce this traffic, the web sites could receive a free, encrypted do-not-spam service from Blue Security. This approach was succeeding—six of the ten largest spammers in the world began using the do-not-spam service.Unfortunately, one of the remaining spammers declared war on Blue Security. In classic organized-crime fashion, the person or group labeled “PharmaMaster” lashed out at everyone connected with Blue Security. Denial-of-service attacks ultimately affected hundreds of thousands of web sites. Krebs (2006). Singel (2006).Based on this experience, the author concludes that the problem of black-market spam cannot be solved by passing a law or regulation. Effective action will require the sorts of efforts that have been used against the Mafia or other organized crime rings. Notably, the organized crime rings must be denied safe havens where they are protected by local authorities while retaining open access to the Internet.

  31. At the end of 2006, the Federal Trade Commission gained some much-needed powers to cooperate with international authorities, in order to enforce against cross-border fraud. US SAFE WEB Act of 2006, Pub. L. No. 109–455, 120 Stat. 3372.

  32. In earlier writings, that author has argued that law works relatively well on the Internet to regulate “elephants,” which are larger organizations, but much less well against “mice,” which breed quickly on-line and often hide offshore. See Swire (1998, 2005). One new development is the increased scale of black-market Internet operations. Small spam operations cannot keep up with new technology. The result is that most black-market spam today is sent by what Ari Schwartz has quipped are “rodents of unusual size.” Physorg.com (2006).

  33. The chief problem in practice is that it can be difficult for consumers to be certain that the address provided for opt-out is legitimate and not a fake site used by fraudsters. For ways to address this phishing problem, see National Consumers League (2006).

  34. If the emails do not stop, then enforcement against a legitimate business is relatively easy. The consumer can easily save a copy of the opt-out request and a copy of the continued commercial emails. Although there is no private right of action for consumers, this sort of evidence forms an easy case for state attorneys general and others authorized under the statute to sue.

  35. In a somewhat analogous context, discussed directly below, the Federal Election Commission in 2006 created a threshold of 500 substantially similar emails for when certain campaign-finance disclaimers are required. Federal Register, 71, 18,589 (Apr. 12, 2006).In discussions on background with some attorneys with enforcement experience, concern was expressed that it may be burdensome to require enforcers to show more likely than not that only a small number of emails had been sent. To address this practical enforcement concern, it could perhaps be an affirmative defense that the sender was sending only a small number of emails.

  36. The harm to individual recipients is also likely to be negligible—the problem of a flooded in-box does not result from occasional, individualized emails.

  37. 15 U.S.C. §7704 (a)(1).

  38. Under the FEC’s longstanding media rules, news stories, commentaries, and editorials (including endorsements) are exempt from regulation unless the media facility is owned or controlled by a candidate, political party of FEC-registered political committee. 11 C.F.R. § 100.73 & .132. By contrast, free or below-market advertisements provided by media facilities are considered political contributions.

  39. Bipartisan Campaign Reform Act of 2001, Pub. L. 107-155, 116 Stat. 81 (2002), amending the Federal Election Campaign Act of 1971, as amended, 2 U.S.C. § 431 et seq.

  40. The limits applied to State, district, and local political party committees and organizations, as well as State and local candidates. See Internet Communications (2006).“Federal” funds are funds subject to the limitations, prohibitions, and reporting requirements of federal campaign finance laws. See 11 C.F.R. § 300.2(g).

  41. 2 U.S.C. § 431(22).

  42. 11 C.F.R. 100.26; Final Rules on Prohibited and Excessive Contributions; Non-Federal Funds or Soft Money, Federal Register, 61, 49,064 (July 29, 2002).

  43. Shays v. Federal Election Comm’n, 337 F.Supp. 2d 28 (D.D.C. 2004), aff’d, 414 F.3d 76 (D.C. Cir. 2005).

  44. See, e.g., Center for Democracy & Technology and Institute, for Politics, Democracy & the Internet (2005).

  45. 11 C.F.R. § 100.26. FEC Commissioners Lenhard and Weintraub issued a quite readable summary of the revised regulation. Lenhard and Weintraub (2006).

  46. 11 C.F.R. § 100.94 & .155.

  47. 11 C.F.R. § 110.11.

  48. Federal Register, 71, 18,590. The intent of the FEC is clear: “To the greatest extent permitted by Congress and the Shays District decision, the Commission is clarifying and affirming that Internet activities by individuals and groups of individuals face almost no regulatory burdens under the Federal Election Campaign Act.” Id.

  49. Buckley v. Valeo, 424 U.S. 1 (1975).

  50. E.g., Randall v. Sorrell, 126 S. Ct. 2479, 2485 (2006) (plurality opinion) (finding a Vermont campaign finance statute’s expenditure and contribution limitations in violation of the First Amendment); Fed. Election Comm’n v. Mass. Citizens for Life, 479 U.S. 238, 241 (1986) (holding unconstitutional a provision of the Federal Election Campaign Act limiting corporate expenditures “in connection with” federal elections); First Nat’l Bank v. Bellotti, 435 U.S. 765, 767 (1978) (finding unconstitutional on First Amendment grounds a Massachusetts statute limiting corporate contributions and expenditures designed to influence voters).

  51. Federal Register, 71, at 18,590.

  52. Id, quoting Reno v. ACLU, 521 U.S. 844, 970 (1997) (internal quotations omitted).

  53. The prevention of corruption was identified in Buckley as the principal governmental interest that justified limits on campaign contributions. Buckley v. Valeo, 424 U.S. at 31. As stated in the Joint Principles: “Robust political activity by ordinary citizens on the Internet, including their monetary contributions, strengthens and supports the central underlying purpose of the campaign finance law: to protect the integrity of our system of representative democracy by minimizing the corrupting influence of large contributions on candidates and office holders.” Joint Principles, supra n. 44, at 2. The risk of monopolization of political discourse, due to the scarcity of traditional broadcast media, has formed the basis for the Fairness Doctrine and other regulation of traditional media. Red Lion Broadcasting Co. v. FCC, 395 U.S. 367 (1969).

  54. The FEC stated: “Unlike other forms of mass communication, the Internet has minimal barriers to entry, including its low cost and widespread accessibility…[T]he vast majority of the general public who choose to communicate through the Internet can afford to do so.” Federal Register, 71, 18,589–18,590.

  55. Joint Statement of Principles, supra n. 44, at 1.

  56. See Broache (2007).

  57. In particular, the number of visitors to a site should not be the basis for triggering campaign finance requirements. An interesting political site may have no advertisements or other commercial activity at all. In addition, Internet sites sometimes attract huge bumps in visitors when they have newsworthy content. This dissemination of sought-after political news should not entail the penalty of having to comply with complex regulations. If there is indeed movement over time to having some threshold, then a better threshold would likely be based on the scale of commercial activity. Proposed legislation in 2007 attempts to do this, but apparently, the definition of commercial activity is substantially overbroad. Major commercial sites are more analogous to the traditional entities subject to broadcast regulation. The presence of substantial commercial activities also means that the chilling effect will likely be less because funds will exist to hire lawyers and assure compliance.

  58. Joint Statement of Principles, supra n. 44.

  59. For CAN-SPAM, the risk of harassing enforcement is currently low. The only private right of action is for Internet service providers, who have to date sued large spammers and not individuals who occasionally send an email that might be considered “commercial.” 15 U.S.C. § 7706(g). If the law were amended in the future to allow a private right of action for any recipient and there were statutory minimum damages, then there would be the risk of bounty hunters who would sue consumers-as-producers who inadvertently cross the line into commercial email.

  60. Pierce (1998). See Garvin, supra note 2, at 297–298 (discussing literature about whether to have small business exceptions).

  61. Thanks to Professor Naomi Cahn for emphasizing this point.

References

  • Broache, A. (2007). Lobby Bill spares political bloggers, CNET News, Jan. 19, 2007: http://news.com.com/Lobby+bill+spares+political+bloggers/2100-1028_3-6151519.html (discussing debate on Section 220 of S.1, a lobbying reform bill).

  • Carl, W. (2006). FTC response on word of mouth marketing regarding disclosure: http://wom-study.blogspot.com/2006/12/ftc-response-on-word-of-mouth.html (analyzing the Engle speech).

  • Center for Democracy & Technology and Institute, for Politics, Democracy & the Internet (2005). Joint statement of “principles” relating to notice of proposed rulemaking 2005-10, the internet: definitions of “public communication” and “generic campaign activity’ and disclaimers, June 3, 2005: http://www.cdt.org/speech/political/20050603cdt-ipdi.pdf (collecting 1,115 signatures from advocacy groups, bloggers, and other individuals with diverse political viewpoints) [Hereinafter “Joint Statement of Principles”].

  • Engle, M. (2006). Word of mouth advertising and FTC advertising law. Word of Mouth Marketing Association, Summit 2006: http://www.womma.org/summit2/presentations/Engle.pdf.

  • Federal Trade Commission (2000a). Advertising and marketing on the internet: rules of the road, 2: http://www.ftc.gov/bcp/conline/pubs/buspubs/ruleroad.pdf. (“..claims must be substantiated, especially when they concern health, safety, or performance.”).

  • Federal Trade Commission (May 2000b). Dot Com disclosures: www.ftc.gov/bcp/conline/pubs/buspubs/dotcom/index.html.

  • Garvin, L. (2005). Small business and the false dichotomies of contract law. Wake Forest Law Review, 40, 302–368.

    Google Scholar 

  • Goldstein, A. (1999). Long reach into patients’ privacy; new uses of data illustrate potential benefits, hazards. Washington Post, Aug. 23, 1999, at A1 (strict Maine medical privacy law repealed two weeks after taking effect).

  • Internet Communications (2006). Federal Register, 71, 18,589–18,591 (Apr. 12).

  • Krebs, B. (2006). In the fight against spam email, Goliath wins again. Washington Post, May 17, 2006, at A1.

  • Lenhard, R., & Weintraub, E. (2006). FEC internet rulemaking—background and FAQ, Mar. 27, 2006: http://www.fec.gov/members/lenhard/speeches/statement20060327.pdf.

  • National Consumers League (2006). A call for action: Report from the National Consumers League Anti-Phishing Retreat, available at http://www.nclnet.org/news/2006/Final%20NCL%20Phishing%20Report.pdf.

  • Physorg.com. (2006). For FTC, e-commerce means managing “mice”, July 25, 2006: http://www.physorg.com/news73065889.html.

  • Pierce Jr., R. (1998). Small is not beautiful: The case against special regulatory treatment of small firms. Administrative Law Review, 50, 537.

    Google Scholar 

  • Singel, R. (2006). Under attack, spam fighter folds. Wired News, May 16, 2006: http://www.wired.com/news/technology/0,70913-0.html.

  • Swire, P. P. (1998). Of elephants, mice, and privacy: International choice of law and the internet. 32 The International Lawyer 991.

  • Swire, P. P. (2003). Trustwrap: The importance of legal rules for e-commerce and internet privacy. 54 Hastings L.J., 847.

  • Swire, P. P. (2005). Elephants and mice revisited: Law and choice of law on the internet. 153 U. Penn. L. Rev. 1975.

  • Swire, P. P. (2006). The internet and the future of consumer protection. Center for American Progress, July 24, available at http://www.americanprogress.org/issues/2006/07/internet.html.

  • Swire, P. P. (2008). No cop on the beat: Underenforcement in e-commerce and cybercrime. J. Telecomm. & High Technology L. (forthcoming), available at http://ssrn.com/abstract=1135704.

  • Swire, P. P., & Litan, R. E. (1998). None of your business: world data flows, e-commerce, and the European privacy directive. 45–49.

Download references

Acknowledgements

For comments on earlier drafts, my thanks to participants at the Boalt Conference on DRM and Consumer Protection, the 2007 Freedom-to-Connect Conference, the Institute for Information Law Conference on the Place of the iConsumer in EU and US Law, and faculty workshops at the George Washington University Law School and the Moritz College of Law. My thanks for helpful discussions with Yochai Benkler, Ed Black, Julie Cohen, John Duffy, Natali Harberger, Robert Pitofsky, John Podesta, Pamela Samuelson, and Marc Spindelman, and for excellent research assistance by Ryan Coyer and especially Lauren Dubick, who played an unusually large role during the early phases of this project. My thanks as well to the Moritz College of Law and to the Center for American Progress for supporting the conference on “The Internet and the Future of Consumer Protection,” from which the current paper emerged.

Author information

Authors and Affiliations

  1. Moritz College of Law, Ohio State University, Columbus, OH, USA

    Peter P. Swire

  2. 8520 Howell Road, Bethesda, MD, 20817, USA

    Peter P. Swire

  3. Center for American Progress, Washington, DC, USA

    Peter P. Swire

Authors
  1. Peter P. Swire
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Peter P. Swire.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Swire, P.P. When Should “Consumers-as-Producers” Have to Comply With Consumer Protection Laws?. J Consum Policy 31, 473–487 (2008). https://doi.org/10.1007/s10603-008-9082-5

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10603-008-9082-5

Keywords

Search

Navigation