On May 4, the Federal Trade Commission announced that it had reached a settlement with Very Incognito Technologies, Inc., d/b/a Vipvape, a hand-held vaporizer manufacturer.  The settlement resulted from the FTC’s allegations that Vipvape violated the FTC Act by representing on its website that it was a participant in the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules system when, in fact, Vipvape was not certified as such.  The FTC alleged that these representations were deceptive and therefore violated Section 5 of the FTC Act, which prohibits unfair and deceptive acts. 

While it did not admit or deny any of the FTC’s allegations, Vipvape agreed that it will be liable for civil penalties and other relief if it violates the FTC Act in the future.  The settlement terms also prohibit Vipvape from any further misrepresentation regarding its participation, membership, or certification in any privacy or security program sponsored by a government, or standard-setting or self-regulatory organization.   

This case is similar to the recent enforcement action that the Consumer Financial Protection Bureau filed against Dwolla, Inc., an online payment platform.  In both cases, a government regulator is using its broad powers to prevent alleged unfair and deceptive practices to regulate privacy.  In Dwolla, the CFPB alleged that the company violated the Consumer Financial Protection Act by  falsely representing to its customers that its data security and encryption practices met or exceeded industry standards and complied with the Payment Card Industry Data Security Standard.  Unlike the Vipvape matter, which was limited to injunctive relief, the CFPB ordered Dwolla to pay a $100,000 civil penalty and to correct the issues that gave rise to the consent order.