This week, the Federal Trade Commission (FTC) announced a proposed settlement with MoviePass to resolve allegations that the company offered an automatically renewing movie subscription program but blocked paid subscribers from using the advertised services, and failed to adequately secure subscribers’ personal data.

The FTC brought the case against MoviePass under the Restore Online Shoppers Confidence Act (ROSCA), the federal statute governing online negative option programs. The statute requires sellers to clearly and conspicuously disclose all “material terms of the transaction” and obtain consumers’ express informed consent before charging them for online negative option features.

However, the FTC’s complaint did not take issue with the company’s billing disclosures or consent mechanism. Instead, it asserted that the company’s failure to disclose its deceptive tactics that prevented subscribers from accessing all of the advertised benefits violated ROSCA. In the complaint the FTC alleged that MoviePass, Inc deceptively marketed a MoviePass subscription service that allowed customers to view movies at local theaters for a monthly fee. However, once customers purchased a subscription, MoviePass allegedly used various methods to prevent subscribers from accessing the advertised service. For example, to limit the movies that customers could view, MoviePass allegedly blocked account access by invalidating subscriber passwords under the guise of “suspicious activity or potential fraud.” The FTC asserted that resetting a password was cumbersome and often failed, precluding subscribers from regaining access. Next, the FTC alleged that MoviePass’s operators implemented a ticket verification program that required users to submit pictures of their physical movie ticket stubs for approval through the app within a certain time frame after purchase. Users who failed to submit their ticket stubs would be blocked from viewing future movies and could risk subscription termination. Third, MoviePass allegedly used “trip wires” to block certain groups of subscribers—heavy users who viewed more than three movies per month—from using the service to purchase more tickets. These allegations seem to echo statements from the FTC’s Dark Patterns workshop (we blogged about the workshop here), which discussed ways the FTC should address websites and apps that impair consumers’ autonomy, decision making, and choice.

The complaint also challenged the company’s failure to take reasonable measures to secure consumers’ data, resulting in a data breach in 2019. The complaint also names individual respondents, including MoviePass’s CEO, its parent company, and the parent company’s CEO. The proposed consent order prohibits MoviePass, its parent company, and the individuals from misrepresenting their services in the future, and requires them to implement a comprehensive security program to identify and address security risks. Additionally, MoviePass’s operators must obtain biennial third-party assessments of its security program.

The case reflects a new enforcement tactic by the FTC and signals its intent to use ROSCA to challenge “undisclosed material terms” that do not relate specifically to the negative option feature but instead to the underlying product or service. This FTC tactic appears to be an effort to avoid the Supreme Court’s recent decision in AMG Capital. That case, as we previously wrote, substantially limited the FTC’s avenues to seek monetary relief under Section 13(b) of the FTC Act—the statute the FTC historically invoked to challenge unfair and deceptive acts and practices generally. By contrast, the Restore Online Shoppers’ Confidence Act permits the FTC to bring challenges through Section 19 of the FTC Act, which allows the FTC to go directly to court and obtain monetary redress for first-time offenders. However, the MoviePass settlement did not include a monetary element but was limited to conduct prohibitions.

Clearly aware of the new approach, two commissioners issued separate statements. In a dissenting statement, Commissioner Philips criticized the use of ROSCA in the case and the FTC’s message that it may seek to shoehorn general allegations of deception about a product or service into a ROSCA claim (and thereby obtain ROSCA’s statutory monetary relief). In addition, Commissioner Wilson issued a concurring statement expressing support for similar future actions under ROSCA, even if the undisclosed terms do not relate to the negative option feature but instead to the underlying good or service. She concluded that MoviePass’s conduct fell well within ROSCA’s purview and that this case will serve as notice to future violators that they may be subject to civil penalties for similar activities.

The case raises serious concerns for companies offering negative option programs, because it indicates that the FTC will use ROSCA to challenge any potentially misleading, deceptive, or unfair aspect of an autorenewal program. This, in turn, would significantly expand the FTC’s ability to obtain monetary redress and civil penalties that would not otherwise be available to it. Next, while the complaint asserted that MoviePass failed to disclose all “material terms” of the offer, the FTC did not articulate what it believes constitute the specific “material terms” that must be disclosed. As a result, businesses must reevaluate their negative option disclosures to identify necessary changes or additional terms. Finally, the case makes clear that negative option marketers must carefully structure not only their pre-enrollment disclosures and consent processes, but also their services and fulfillment process, to reduce the risk of a ROSCA challenge.