Consumer groups, state regulators, the Federal Trade Commission (FTC), and the Consumer Financial Protection Bureau (CFPB) continue to monitor and regulate online lead generation on multiple fronts. As a result, all participants are feeling the squeeze – publishers, aggregators, and buyers alike – and, notably, the lines of legal responsibility and accountability are becoming increasingly ambiguous. In sum, there are serious concerns regarding the viability of some forms of online lead generation.
A broad range of business practices is being targeted by government agencies, including the representations made to consumers about the products, services, and merchants they are connected to, as well as how their data is used, as well as the collection and security of personal information. Furthermore, the products and services that are ultimately sold to consumers may not comply with applicable laws (and in some cases may not).
The practice of lead generation is to identify or cultivate consumer interest in a product or service, and then sell that information to other parties. It is the Federal Trade Commission that is leading the charge against what it believes to be widespread abuses committed by sellers and buyers of online leads. Apart from bringing enforcement actions against companies, which we discuss in greater detail below, the agency has also invested considerable resources in researching and understanding the industry.
An FTC workshop entitled “Follow the Lead: An FTC Workshop About Online Lead Generation” was held in October 2015, during which a variety of stakeholders, including industry representatives, consumer advocates, and government regulators discussed consumer protection issues. This workshop, as well as the subsequent public comment period that closed on December 20, 2015, provides critical insights into how online lead generation works and its variations, and the types of conduct that may be unfair or deceptive, and may begin the identification of practices that can be adopted by buyers and sellers of leads.
Lead generation is governed by three broad sets of laws:
- Advertising and marketing law principles, enshrined in the Federal Trade Commission Act, the Consumer Financial Protection Act (CFPA), and state laws (called “mini-FTC Acts”), prohibit unfair or deceptive practices or acts, including false or misleading advertising. Additionally, the Consumer Financial Protection Act prohibits “abusive” practices.
- Certain marketing channels are regulated by specific state and federal statutes. As an example, the Telephone Consumer Protection Act (TCPA) and the CAN-SPAM Act regulate telephone and email communications, respectively, and the Telemarketing Sales Rule applies to many types of telemarketing communications.
- Mortgages, credit cards, and other consumer loans are regulated by statutes (e.g., Truth in Lending Act and Regulation Z, Credit Card Act, and Mortgage Acts and Practices Advertising Rule (“MAP Rule” or Regulation N). It is typically regulated by these laws how such products are advertised, as well as how they must be structured and serviced.
Online lead generation relies heavily on collecting and transferring consumer data. It depends on the industry/product vertical and what type of data is collected, but it typically includes a consumer’s contact information, their device, and IP address, and, notably, sensitive information like Social Security numbers, bank account numbers, and credit card numbers.
If this data were to get into the wrong hands, it could lead to serious harm to consumers. However, the FTC and other regulators continue to cite anecdotal examples of high rates of data breaches and unscrupulous sales, despite significant data security measures taken by responsible parties involved in lead generation. The result is a proliferation of scams targeting consumers who provided their data to lead generators. In recent years, consumer groups and regulators have been concerned about alleged consumer harm, no matter how real or perceived it is.
When developing lead generation campaigns, lead generators should take the end purchasers’ regulatory landscape into consideration, particularly in the consumer financial services sector. Consumer loans and other financial services have been particularly targeted by state regulators through online lead generation.
Many states require borrowers to obtain licenses before lending to them, and many impose interest rate caps that make lending to high-risk borrowers impossible. The state (and more recently the federal) regulators disagree with many online lenders that claim they are not always required to obtain a license in the state where the borrowers reside. As states have pushed back on these lenders in recent years, they have halted their activities, forced them to obtain licenses, and, increasingly, prohibited them from marketing to residents.
There is nothing illegal or new about lead generation. According to Jessica Rich, Director of the Federal Trade Commission’s Bureau of Consumer Protection, “Lead generation has been a very important industry for many, many decades in the marketplace.” At the same time, government enforcement agencies continue to target lead generation in increasingly aggressive and novel ways.
It is noteworthy that regulators seem to have adopted the position that all parties involved in the generation and purchase of leads are responsible for policing one another’s activity, or face liability for each other’s noncompliance. Considering the level of blindness that is characteristic of online lead generation – for example, end buyers often do not know the identities of the publishers and vice versa – this is a serious and potentially insurmountable problem. As a result, all parties involved in lead generation will need to closely monitor developments in order to properly assess compliance risks.