A Radio ad for Nord VPN, an internet security company, heard on 29 August 2022, stated “Nord VPN, cyber security built for everyday. Shop online without web trackers following your every step. Switch on privacy, switch off trackers and malware …”.
The complainant, who understood that a VPN would not protect against malware, challenged whether the claim “switch off … malware” could be substantiated and was misleading.
Nord VPN explained that malware was malicious software that was designed to work against the interests of the owner of a system or device (i.e. to intentionally harm the user’s device). They said that, in addition to their VPN service, the advertised product also provided an antivirus-like feature called “Threat Protection” which checked downloaded files for malware and deleted potentially dangerous files before they caused any damage. That feature helped to protect against malware.
They sent an assessment from an independent IT research institute which they said showed that their service detected 98.72% of malware, making them comparable with other well established antivirus service providers.
They believed the ad did not, either expressly or by implication, suggest that the advertised product provided full protection against malware risks. They also believed the phrases “switch on” and “switch off” were obviously playful and creative and would not be understood to mean that the service offered 100% protection against any online threat.
Radiocentre endorsed the advertiser’s response. They believed that consumers generally were sufficiently knowledgeable on IT matters to understand that the advertised product did not offer 100% security.
The ASA noted that the ad did not contain any explanation about the features of the product, including the “Threat Protection” feature and that the claim “Switch off malware” was unqualified. We considered that, in that context, listeners were likely to understand the claim “switch off … malware” to mean that the advertised product would stop all malware attacks. Because the information sent by the advertisers did not show that the product would protect users against all malware attacks, we considered that the claim had not been substantiated and was therefore misleading.
The ad breached BCAP Code rules 3.1 3.1 Advertisements must not materially mislead or be likely to do so. (Misleading advertising) and 3.9 3.9 Broadcasters must hold documentary evidence to prove claims that the audience is likely to regard as objective and that are capable of objective substantiation. The ASA may regard claims as misleading in the absence of adequate substantiation. (Substantiation).
The ad must not appear again in its current form. We told NordVPN SA not to claim, either expressly or implicitly, that the advertised product could protect users against all malware attacks, unless they held adequate substantiation to show that was the case.