With the Supreme Court recently upholding the constitutionality of the Telephone Consumer Protection Act (“TCPA”), political campaigns, PACs, and grassroots GOTV organizations now know the tools by which they will be allowed to go to battle as it relates to the use of text messaging to get out the vote, raise awareness and raise funds.

Just as it was for Barack Obama’s historic 2008 election win, the ability for campaigns to find creative ways to engage new and previously-apathetic voters via text message while also complying with the TCPA’s texting restrictions will be of great import. But in the 2020 election, the importance can’t be understated – with the pandemic limiting person-to-person contact, our cell phones providing an increasing percentage of consumer’s daily content consumption, and with so many organizations now looking to galvanize new voters with shifting mindsets for social justice and change.

But, as has been the unintended consequence of this 31-year-old bill, it is already leading to significant legal exposure for failing to comply with the deceptively penal law – both from the Plaintiffs bar and from the FCC. From the 2016 and 2019 separate class actions filed against the Trump campaign for sending texts to people who never consented, to the recent class action filed this past June against a Georgia Congressional candidate for sending confirmation texts following opt-outs, to the $2.8 million FCC fine of a robocalling platform for sending a total of 180 unwanted texts ($16,000 penalty per text, as opposed to the $1,500 per text maximum allowable penalty in civil class actions).

This article will discuss campaign-related TCPA class action (and FCC) activity past and present, a trend which is sure to pick up in the coming months, particularly with the heightened awareness brought on by the recent Supreme Court decision. This article will then discuss some of the more common ways of reducing the risk of TCPA exposure from a legal perspective, and utilizing newer applications and technologies that facilitate manual / peer-to-peer texting on a large scale – a specific practice that was recently approved by the FCC in a declaratory ruling in late June.

TCPA and Campaigns: Obama ’08 and SCOTUS 2020 Clearing the Path

The TCPA was enacted in 1991 to combat a rising tide of unwanted telemarketing calls and faxes, and has since been expanded to cover calls to cell phones and text messaging. The original intent was to restrict automated or prerecorded (robo)calls unless the receiving party consents to receive the call, though critics have noted that technology has outpaced the federal statutes regulating telemarketing, leaving marketers uncertain as to what is and is not permitted under what was already a complex and difficult law to comply with.

But it was another challenge to the law’s constitutionality that recently was decided by the Supreme Court, who on July 6 struck down a specific exception for texts/calls related to the collection of federally-backed debts, but declined to strike down the bill in its entirety, instead severing the unconstitutional provision, and reiterating the heightened importance in 2020 of the TCPA and the need to protect consumer’s cell phones from these unwanted texts. (see related article on the recent Supreme Court’s decision)[1].

While the political organizations backing the challenge fell short of its ultimate goal of invalidating the entire bill, the ruling does at least provide some clarity on what it can and cannot do. But it also provides clarity for the Plaintiffs bar: with required statutory damages of $500-$1,500 per call or text, and essentially strict liability even when the texts/calls are made by a third party marketing company, class action judgments and settlements in the seven, eight, and nine figures are common among many industries (see related article for TCPA trends in the Cannabis industry)[2].

While the TCPA is primarily concerned with commercial solicitations, the law (and accompanying FCC regulations) do treat campaigns differently than other company’s involved in the sale of goods and services – for better and for worse. On the one hand, the First Amendment political speech is further protected with lessened restrictions on calls and texts, including political calls being exempt from the Federal Do Not Call List, autodial calls to landlines being permitted, and importantly, manually-dialed phone calls by volunteers being permitted even without the prior consent of the called party (among other differences). On the other hand, the law and the FCC recognize the dangers posed by abuses of TCPA compliance by political organizations, and has therefore provided the FCC with the authority to increase the available fine per violation from a maximum of $1,500 to a maximum of $16,000.

Even before anyone knew what COVID-19 was, texting was already proven to be an effective tool, with many studies showing one text the day before an election increased voter turnout by 0.5%, and with the cost per vote for a reminder text averaging about $15, as opposed to $25 for door-knocking and $20-$26 for live phone calls. Now, with the elimination of door knocking and the reduction in manual workforce call centers caused by COVID-19, texting stands to fill that a large part of that void.

The importance of texting first became truly evident in the 2008 election, when Barack Obama used text messaging to increase voter turnout in record numbers. But the way in which the campaign created their call list without violating the TCPA was truly the unsung hero in that portion of the strategy. While it of course requested cell phone numbers and obtained consents at traditional voter registration drives, but it got most of its mobile numbers through an interesting engagement strategy: if a voter texted the campaign, Obama would text back to announce his pick for Vice President.

This turned out to be a quite simple yet effective way to get around the most common TCPA obstacle: the exploit opt-in. However, as stated above, the TCPA has little forgiveness – and large consequences.

Campaign-Related TCPA Class Action and FCC Activity

Much like the Olympics, there is an inevitable wave of campaign-related TCPA class action activity every four years (and smaller waves every two years, somewhat akin to the Winter Olympics if we’re to extend the analogy). In March of 2016, the FCC the Federal Communications Commission (FCC) issued an Advisory to remind political campaigns of the “clear limits” on autodialed and prerecorded voice calls and texts under the TCPA. Nevertheless, the class action activity was fast and furious by April.

Case in point, the Trump campaign had a pair of TCPA class actions filed two days apart in April 2016, one with a lead Plaintiff who claims to never have provided his phone number, and one with a lead Plaintiff who provided his phone number to Event Brite in order to obtain a ticket to a Trump rally, but alleges that this action did not constitute consent to receive an unsolicited text message.

Though the campaign alleged that Plaintiff could not prove any use of auto-dialing, and defended the law suits into the beginning of the Presidency. After Trump won the election, the case created the unusual situation where the government had to consider defending a law against its own president, but it was reportedly settled in February 2017 for $200,000.[3]

This go-around, the Trump campaign was hit by another TCPA class action earlier in the process, just recently losing a motion to dismiss on June 8, 2020[4]. In this pending case, the Chief Judge’s ruling covered a number of issues of wide applicability and interest, holding that that a single text message is enough to establish Article III standing to sue.  While the court acknowledged the Eleventh Circuit’s contrary opinion in Salcedo v. Hanna, 936 F.3d 1162, 1172 (11th Cir. 2019), it agreed with the “logic of the majority of circuits…that a text message, while a different format than a phone call, voicemail, or fax, presents at least an equivalent level of disturbance and injury, and thus constitutes a cognizable injury under the TCPA.” The court also rejected the Campaign’s challenge to Plaintiffs’ pleading of the Campaign’s use of an automatic dialing system, deciding the issue now rather than at the summary judgment phase (as is done in other Circuits).

While these circuit splits were highlighted and addressed by the court in the recent Trump case, another recent class action suit filed against a longtime Georgia state senator highlights yet another important circuit split that could create liability for an unknowing campaign.[5] In According to the Complaint filed on June 22 against a long-time Georgia state senator an automatic telephone dialing system in was used in early May to send automated text messages to a large number of residents. However, the interesting wrinkle to this law suit is the additional allegation related to the common practice of sending a confirmation text following an “opt out” or “unsubscribe” by the consumer. Specifically, Plaintiffs allege that they texted “Stop” on May 9 in an effort to opt out of receiving the texts, and the automated system confirmed his number had been unsubscribed, thus constituting an additional message sent to him after he had “revoked” authority for the system to send him messages. Such an allegation can often come as a surprise to many companies and campaigns, particularly seeing as how some Circuits have held this “opt out follow-up” to be another unsolicited message, and some have found it to be acceptable. As such, the practice may be permitted when reaching out to certain individuals in certain states, but not as to others – leading to a “better safe than sorry” approach as the advisable approach when deciding whether or not to include these opt-out follow up texts in any texting marketing plan.

Reducing the potential for the Plaintiffs bar to tack on additional unwanted messages to the class count at a cost of $500-$1,500 per violation is no doubt a prime concern, but as discussed above, the Plaintiffs bar is not the only TCPA enforcement threat to political campaigns. The long arm of the FCC has shown its teeth as well, with one notable example being made in 2017 of a robocalling platform that assisted campaigns with a $2.88 million fine.

But aside from the message sent by the fine amount, the matter of Dialing Services LLC provided some guiding principles for any campaign looking to learn from others past mistakes. The matter actually began in 2012, when Dialing Services was responsible for 4.7 million calls in a three-month period for multiple clients. The FCC’s Enforcement Bureau put Dialing Services on notice of the violations by issuing a warning in 2013, but when the FCC later inspected Dialing Services years later, it found a total of 180 unsolicited calls to cell phones.

So why the hammer thrown down with the maximum $16,000 fine per violation? For starters, the Order reflects the FCC’s displeasure with Dialing Services for assisting clients in blocking or altering caller ID information, stating that the “Caller ID spoofing and blocking functionalities are designed to deceive consumers about the originating point of calls or to hide the originating point altogether.” Additionally, the FCC rejected Dialing Services’ argument that consumers may have provided prior express consent “orally or in ways not easily documented.”

Finally, so as to make it clear that more than one party can be liable under the TCPA for such actions, though the calls were made for the benefit of Dialing Services’ customers, Dialing Services was found to be liable for the TCPA violations because “the record also shows that Dialing Services was directly involved in creation of the content of illegal robocall campaigns and actively assisted clients with the creation and structure of messages. The Commission reasoned that Dialing Services was “so involved” in the calls, it either had the responsibility to obtain consent from the called parties or should have required the platform’s customers to provide proof of [the] respective consents” from the consumers receiving the calls.

What To Do (and recent FCC Guidance)

With the second surge of the pandemic gaining momentum as we speak, and the possibility of yet another surge (or even another pandemic) between now and November, its safe to say texting will be utilized by most every political campaigns, PACs, social movement, and grassroots Get Out the Vote organization we will come into contact with.  So, what can these organizations do to avoid crippling TCPA exposure and liability?

First, in a general sense, a state-by-state analysis of such laws is required prior to launching any political campaign or texting campaign, as a number of states have more restrictive laws on telemarketing, and some even attempt to regulate political speech or do not extend the exemptions that exist under the TCPA to political campaign calls (such as placing political calls on state DNC restrictions).

Campaigns using third party texting and marketing services must not only diligently vet the third party marketing companies to ensure proper TCPA (and campaign-specific) compliance protocols, but should also take additional steps as second layers of protection – such routinely cross-check the Federal Do Not Call List, which essentially acts as a published dating service between Plaintiffs attorneys and prospective Plaintiffs. And once voters opt out of receiving messages, campaigns should not only ensure those opts outs are subsequently complied with, but they would also be wise to eliminate any follow-up confirmation texts (or else risk being on the wrong side of the circuit split).

As always, the terms and conditions by which consent is initially given are of increasing importance, where a clear, conspicuous and enforceable arbitration provision and/or class action waiver will go a long way in limiting the potential TCPA class action exposure. Closely related then is the choice of law provision in any terms and conditions, since many states (such as California) have their own unique treatment of class action waivers and arbitration provisions, often resulting in challenges on various grounds. And as the FCC case discussed above shows, the consents better be documented, stored and retrievable, since the campaign / texting platform has the burden of proof to show consent was obtained.

Specific to the 2020 election, it remains to be seen who will find the most creative ways to effectively use text messaging without running afoul of the TCPA. Look for many campaigns to start employing new applications that facilitate manual, peer-to-peer texting on a large scale. These apps ensure that staff or volunteer texters use manual intervention to send texts to voters, which addresses the automatic dialing system restriction. Whereas previously campaigns could only text voters who had given their explicit consent, strategies such as these now allow campaigns to text cell numbers pulled from voter files.

Such a practice (or at least one specific application of this practice) was recently discussed and approved by the FCC in a Declaratory Ruling issued June 25, 2020. The petitioner argued that its P2P texting platform requires a human to “to actively and affirmatively manually dial each recipient’s number and transmit each message one at a time, and that it cannot store, produce, or dial random or sequential numbers. Rather, the sender dials a number and may choose to send either a pre-scripted or unique text message to begin a two-way text conversation. Though Consumer groups argued that P2P platforms such as this can send vast amounts of text messages in short time with minimal and meaningless human participation, the FCC reiterated that the relevant question as to whether a platform is an ATDS, is if the platform can store, produce, and dial random or sequential numbers without human intervention, not if many calls or texts can be made in short time.

As stated by the FCC, “The TCPA does not and was not intended to stop every type of call. Rather, it was limited only to calls made using an autodialer or an artificial or prerecorded voice.” However, campaigns and organizations must be careful not to get too cute or too creative, as the FCC has already shown its strong distaste for Caller ID spoofing and blocking functionalities designed to deceive voters about the originating point of calls. Additionally, in what may some NFL fans may consider the “Vontaze Burfict Rule of Thumb”, repeat offenders seem to face a significant threat of being hit with the maximum fines, even if the subsequent offenses are isolated or limited.

For continued updates on this developing and important legal issue in the 2020 election cycle….check your phone.

[1] See https://www.consumerclassdefense.com/2020/07/a-fractured-supreme-court-strikes-down-and-severs-the-tcpas-government-debt-exemption-leaving-the-rest-of-the-statute-intact/

[2] See https://www.consumerclassdefense.com/2020/06/mass-texts-how-the-cannabis-industry-must-deal-with-the-surge-of-tcpa-class-actions-during-covid-19/

[3] See https://www.politico.com/story/2017/02/donald-trump-texting-lawsuit-234768

[4] See Pederson v. Donald J. Trump for President, Inc., case number CV 19-2735, 2020 WL 3047779 (D. Minn. June 8, 2020).

[5] See Bowman v. Unterman, case number 1:20-cv-02612, in the U.S. District Court for the Northern District of Georgia.

Yesterday, a divided Supreme Court issued a plurality opinion in Barr v. American Association of Political Consultants, Inc.  (“Political Consultants”) striking down and severing a 2015 amendment to the TCPA, which exempts government debt collection calls (“government debt exemption”) from the statute’s general prohibition on calls to cell phones (“cell phone ban”).  The effect of this ruling was to affirm the Fourth Circuit’s decision and leave the cell phone ban intact.

A majority of justices agreed that the government debt exemption violated the First Amendment but disagreed as to everything else: whether strict or intermediate scrutiny governed the First Amendment analysis, whether the government debt exemption failed that analysis and whether the severability and equal protection principles applied by the plurality constitute an appropriate remedy.  In focusing on their disagreements, the Justices largely ignored the issue of political speech and the generous First Amendment protection usually afforded it.

The plurality opinion was drafted by Justice Kavanaugh, joined in full by Justices Robert and Alito and in part by Justice Thomas.  Kavanaugh began by offering this choice observation: “Americans passionately disagree about many things.  But they are largely united in their disdain for robocalls.”  (Kavanaugh Slip Op. at 1).  The plurality’s perception of public opinion appears to have been the main driver of its decision and the analysis used to reach its destination (upholding the TCPA) was relatively straightforward.

First, Kavanaugh found that the government debt exemption was a content-based restriction on speech subject to strict scrutiny and that the government conceded that the exemption could not survive strict scrutiny.  In doing so, Kavanaugh rejected the AAPC’s argument that Congress’s act of passing the government debt exemption in 2015, which permits what many consumers view as the most annoying and intrusive type of calls (debt collection), revealed that Congress did not have (or at least no longer had) a genuine concern for consumer privacy.  Instead, the AAPC contended, Congress was only concerned with collecting debt owed to the federal government.  But, wrote Kavanaugh, “As is not infrequently the case with either/or questions, the answer to this either/or question is “both.” Congress is interested both in collecting government debt and protecting consumer privacy.”  (Kavanaugh Slip Op. at 11). Second, Kavanaugh determined that severance was appropriate under both general severability and equal treatment principles, which allow unconstitutional laws to be cured by either “extending the benefits or burdens to the exempted class,” sometimes referred to as “leveling up or down.” (Kavanaugh Slip Op. at 17-20).

Justices Sotomayor, Breyer, Ginsburg and Kagan concurred in the judgment of the plurality with respect to severability, but wrote separately to emphasize their belief that strict scrutiny did not apply.  Sotomayor found that the government debt exemption failed intermediate scrutiny, while Beyer, Ginsburg, and Kagan found it did not and expressed concern that the plurality was using the First Amendment in a way that could “threaten the workings of ordinary regulatory programs posing little threat to the free marketplace of ideas enacted as a result of that public discourse.”  (Breyer Slip. Op. at 4).

Justice Gorsuch agreed with the plurality’s finding that the government debt exemption was subject to strict scrutiny and violated the First Amendment but disagreed as to why.  Of all of the Justices, Gorsuch was most sympathetic to the AAPC’s argument that the government’s consumer privacy rationale was suspect: “[If] the government thinks consumer privacy interests are insufficient to overcome its interest in collecting debts, it’s hard to see how the government might invoke consumer privacy interests to justify banning political speech.”  (Gorsuch Slip Op. at 3).   Gorsuch and Thomas were also most concerned with protecting speech and affording the AAPC a real remedy.  Instead of severing the government debt exemption, which has the perverse effect of expanding the TCPA’s restrictions on speech, Gorsuch and Thomas would have “leveled up” — expanded the benefits afforded government debt collection speech to political speech by awarding the AAPC a novel remedy: an injunction prohibiting the TCPA’s application to political speech.  (Id. at 5).

Takeaways and stray observations:

  • The plurality opinion, which invalidates the government debt exemption, applies only prospectively.  This means that any collection calls made to collect a government debt from the date the government debt exemption was enacted in 2015, to the date that the district court enters final judgment on remand, cannot serve as a basis for TCPA liability.  (Plurality Slip Op. at 22, n. 12).
  • Remember Political Consultants did not challenge the constitutionality of the many other content-based exemptions to the cell phone ban, such as those for certain healthcare related calls and package delivery notifications, which are created by the FCC pursuant to its rulemaking authority under 47 U.S.C. § 227(b)(2)(c).  Such challenges have not been able to overcome procedural hurdles arising from the Hobbs Act and the Chevron deference doctrine, which is why that issue was raised in the district court by AAPC but later withdrawn.  Whether a successful challenge to these content-based exemptions, or the FCC’s power to make such content-based exemptions in the first instance, remains to be seen.  (For an illuminating discussion of the Hobbs Act and Chevron deference in the context of the TCPA, see generally PDR Network, LLC v. Carlton & Harris Chiropractic, Inc., 588 U.S. ___ (2019)). 
  • None of the Justices commented on the explosion of (often abusive) TCPA litigation, although Justice Gorsuch did make some defense-friendly observations regarding the changes in cell phone billing practices and technology from 1991, when the TCPA was enacted, to present.  (Gorsuch Slip Op. at 1-2).
  • Political Consultants likely spells the death knell for the petition for certiorari in the case of Charter Communications, Inc., et al. v. Gallion, which raises the same First Amendment issue (albeit in the context of commercial speech), and has been pending with the Court since December 2019.
  • The petition for certiorari in Facebook, Inc. v. Duguid is still very much alive and, indeed, Facebook filed a supplemental brief the day after Political Consultants issued urging the Court to address its one remaining question presented: the deepening circuit split with respect to the TCPA’s definition of “automatic telephone dialing system.”
    • As expected, on July 9, 2020, the Supreme Court granted Facebook’s petition for certiorari in Duguid on the second question presented, which concerns the interpretation of the term “automatic telephone dialing system.”  It also denied the petition for certiorari in Gallion.
  • While Political Consultants was a setback for political campaigns in election season, the FCC did recently issue a campaign-friendly ruling on person-to-person (P2P) text messaging platforms.  More to come on that in a future post.

From court closures and the way judges conduct appearances and trials to the expected wave of lawsuits across a multitude of areas and industries, the COVID-19 outbreak is having a notable impact in the litigation space—and is expected to for quite some time.

To help navigate the litigation landscape, we are kicking off a webinar series that will take a look at what’s happening now and what to expect in terms of litigation practice and litigation trends in the months to come. The initial webinars detailed below will be supplemented by topic-specific programs that will take a deeper dive into the respective topics. Feel free to attend one or all, and please invite your colleagues.

Court Is “In Session”: The Post-Pandemic Courthouse

In the first installment of our Post-Pandemic Litigation Webinar Series, Seyfarth litigators from a variety of legal disciplines will examine the virtual courthouse in a post-pandemic world. Specifically, our presenters will address:

  • What is going on in courts across the country, and how/when are they rescheduling
  • How will state, federal, and bankruptcy courts run post-pandemic
  • Will we be able to have jury trials
  • How long this “new normal” is expected to last
  • Necessary tools needed to adapt and keep your cases moving forward

Scott Carlson, Partner, Seyfarth Shaw


Suzanna Bonham, Partner, Seyfarth Shaw
Gina Ferrari, Partner, Seyfarth Shaw
William Hanlon, Partner, Seyfarth Shaw
Scott Humphrey, Partner, Seyfarth Shaw

Tuesday, July 14, 2020

1:00 p.m. to 2:00 p.m. Eastern
12:00 p.m. to 1:00 p.m. Central
11:00 a.m. to 12:00 p.m. Mountain
10:00 a.m. to 11:00 a.m. Pacific

If you have any questions, please contact Colleen Vest at cvest@seyfarth.com and reference this event.

New Era, New Litigation: Lawsuits You Can Expect in the Post-Pandemic Environment

During the second installment of our Post-Pandemic Litigation Webinar Series, our panel will provide high-level insights on what companies of all sizes can expect in terms of litigation as a result of COVID-19. Specifically, our presenters will address the high-level trends we are observing in the following areas:

  • Bankruptcy and Financial Services
  • Class Actions and TCPA
  • Commercial Litigation
  • Construction and Real Estate Litigation
  • Health Care, Life Sciences, and Pharmaceutical
  • Securities Litigation
  • Trade Secrets and Cybersecurity/Privacy

James McGrath, Partner, Seyfarth Shaw


Kristine Argentine, Partner, Seyfarth Shaw
Jesse Coleman, Partner, Seyfarth Shaw
Tonya Esposito, Partner, Seyfarth Shaw
Richard Lutkus, Partner, Seyfarth Shaw
Kate Schumacher, Partner, Seyfarth Shaw
Rebecca Woods, Partner, Seyfarth Shaw

Wednesday, July 22, 2020

1:00 p.m. to 2:00 p.m. Eastern
12:00 p.m. to 1:00 p.m. Central
11:00 a.m. to 12:00 p.m. Mountain
10:00 a.m. to 11:00 a.m. Pacific

If you have any questions, please contact Danielle Freeman at dfreeman@seyfarth.com and reference this event.

Event Details

Wednesday, July 15, 2020
1:00 p.m. to 2:00 p.m. Eastern
12:00 p.m. to 1:00 p.m. Central
11:00 a.m. to 12:00 p.m. Mountain
10:00 a.m. to 11:00 a.m. Pacific

Consumer spending in the US plunged more than 13% as a result of the COVID-19 pandemic. As states begin reopening and marketers begin refocusing on acquiring new customers and strengthening their relationships with existing customers, it is imperative for marketers to remember that the Telephone Consumer Protection Act (TCPA) and CAN-SPAM Act apply to all marketing campaigns that involve texts, calls, and emails to consumers.

The TCPA continues to be one of the most heavily litigated consumer protection statutes in the country, with over 3,000 lawsuits filed in 2019. TCPA lawsuits are often brought as class actions because the statute provides for hefty fines ($500-$1,500) per text or call with no limit on the total amount of damages sought. As a result, the potential risk to businesses for TCPA non-compliance can be as catastrophic as the pandemic itself. While new privacy laws like the CCPA provide additional unsubscribe and class action rights to individuals, CAN-SPAM remains relevant in that each separate email sent in violation of CAN-SPAM remains subject to penalties of up to $43,280.

This webinar is intended for both attorneys and marketing professionals and will provide helpful tools for businesses to avoid becoming targets of consumer litigation. The presenters will provide a back-to-basics primer on TCPA and CAN-SPAM rules and penalties regarding text, calls, and emails. They will provide helpful best practices with respect to using third-party vendors and externally sourced marketing lists. The webinar will conclude with an overview of TCPA trends and hot topics.

Topics will include:

  • TCPA rules regarding texts and calls to consumers
  • CAN-SPAM Act rules with respect to emails
  • Interaction between the CCPA and CAN-SPAM
  • Penalties for non-compliance
  • Best practices with respect to using third-party vendors and externally-sourced marketing lists

TCPA trends and hot topics, including the FCC’s March 20, 2020, Declaratory Ruling regarding COVID-19 calls


Jordan Vick, Partner, Seyfarth Shaw LLP
Robert Milligan, Partner, Seyfarth Shaw LLP
Bart Lazar, Partner, Seyfarth Shaw LLP

Register Here


A blog post authored by Seyfarth attorneys Darren Dummit, Robert Milligan and Stanley Jutkowitz, titled Mass Texts: How the Cannabis Industry Must Deal with the Surge of TCPA Class Actions During Covid-19,” was referenced in a new story from Law.com.

The Law.com article explores how TCPA class actions are targeting the cannabis industry.

Read the full article at Law.com


Seyfarth attorneys Robert Milligan and Joshua Salinas recently published an article titled “Avoiding California’s Consumer Law Pitfalls Amid the COVID-19 Pandemic” for Law.com.

COVID-19 has created unprecedented challenges, including in the area of consumer class action law. This article discusses the new traps and areas of uncertainty the pandemic has caused for businesses navigating California consumer laws.

Read the full article at Law.com.

Biometric privacy continues to be a hot-button topic in the United States, and internationally, with states continuing to join the wave of strict consumer biometric data protection laws.  In an effort to avoid costly class action litigation as the country begins to reopen following the COVID-19 pandemic, businesses should be mindful of the potential risks when implementing consumer-related biometric policies and procedures.

What Is Biometric Data?

Generally, biometric data are physical characteristics that can be used to digitally identify a person.  Physiological biometrics pertain to the body and include DNA, retinal scans, fingerprints or other characteristics such as the shape of a person’s hand or face or the sound of their voice.  For example, lawsuits premised on the capture of physiological biometric data have included the use of facial recognition at stores, entrances to businesses and facilities, or on websites, or the use of finger print identification (often, but not always, in employment context).

In addition, some states, such as California, have expanded biometric information to also include behavioral characteristics, which encompass a person’s specific movements and actions or even thought-patterns.

Current Biometric Privacy Laws

Prior to 2018, only three states had biometric privacy laws: Illinois, Texas and Washington, and today, that number has nearly tripled.  Among those three states, only the Illinois’ Biometric and Information Privacy Act (BIPA, 740 ILCS 14/) provided for a private right of action, which has made it very attractive to the plaintiffs’ bar.  In fact, between 2018 and 2019, there were over 200 BIPA class action complaints filed across the United States.

In 2018, Louisiana amended its Data Breach Security Notification Law (Louisiana Revised Statutes 51:3071, et seq.) by expanding the definition of personal information to include biometric data and requiring notice to affected Louisiana residents within 60 days.  It further amended the breach notification law to impose data security and destruction requirements on covered entities, which broadly includes any person that conducts business in the state.  While the Louisiana Attorney General is currently the primary enforcer of data breach laws, private rights of action are permitted, which at the time, made it the second state to provide for such recourse.  In 2019, Arkansas also jumped on the biometric bandwagon and expanded the scope of “personal information” in its Personal Information Protection Act (PIPA) to include biometric data which is defined as data that is “generated by automatic measurements of an individual’s biological characteristics.”

On January 1, 2020, both California and Oregon’s biometric privacy laws went into effect.  California’s Consumer Privacy Act (CCPA, Sec. 1798.100) creates proactive notice, consent, and deletion obligations, among others, depending on how the personal information is used.  Notably, personal information under the CCPA is broadly expanded beyond a consumer’s biometric information and includes a consumer’s “internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement.”  Given the CCPA’s broad definition and reach, lawsuits under the act could expectedly surpass BIPA in short time.  Note, however, that while BIPA broadly provides for a private right of action for any person “aggrieved” by a violation of the act, the CCPA only provides consumers with a limited private right of action, specifically, when their “nonencrypted and nonredacted personal information” is “subject to an unauthorized access and exfiltration, theft, or disclosure as a result of the business’s violation of the duty to implement and maintain reasonable security procedures.”

Oregon amended its Consumer Information Protection Act (OCIPA, ORS 646A-600, et seq.), effective January 1, 2020, to follow the national trend of expanding laws beyond mere “identity theft protection,” to focus on larger scale consumer privacy and data rights, which now includes protections for biometric data.  Personal information under the act now includes automatic measurements of a consumer’s physical characteristics, such as an image of a fingerprint, retina or iris, that are used to authenticate the consumer’s identity in the course of a financial transaction or other transaction.

Finally, just as the COVID pandemic halted the nation, New York moved forward with its final phase of enacting its own biometric privacy law.  On March 21, 2020, New York completed its enactment of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act).  The SHIELD Act was split into two phases: the first phase broadened the current notification requirements for data breaches (effective October 23, 2019) and the second phase requires businesses to put reasonable measures in place to protect information (effective March 21, 2020).  The Act revised New York’s 2005 breach notification law to include biometric information to its definition of personal information and requires businesses that maintain New York residents’ personal information to include protections for biometric data when developing and implementing reasonable safeguards as required by the act. The SHIELD Act also provides for a limited private right of action.  As with the CCPA, the SHIELD Act is very new and untested, and therefore, businesses are encouraged to ensure compliance with these new laws (and previously existing laws) before implementing any consumer-based biometric policies.

Pending Biometric Privacy Laws

Aside from the eight states discussed above, another eleven states have proposed biometric privacy laws over the past few years.  Of those eleven states, Michigan, Alaska, Delaware, Florida, New Hampshire, Montana and Rhode Island have all introduced biometric privacy legislation since 2017, however, each have since died in committee or chamber.  Though no biometric privacy legislation has been passed in New Jersey, the state attempted to pioneer biometric regulation with a proposed bill back in 2002, six years before biometric privacy legislation was first passed in the United States. Currently, only Massachusetts, Hawaii and Arizona have pending biometric privacy legislation.

Post-COVID Concerns for Consumer-Based Businesses

As businesses adjust to the new “norms” following COVID-19, they will likely explore policies and procedures that aim to minimize consumer interaction and protect its invitees and customers from potential exposure to the virus.  While these policies are sure to give both the consumers and employees a feeling of comfort, such policies could be far more costly than expected if the proper measures are not taken beforehand.

One solution that businesses have been exploring is the implementation of contactless infrared facial scanning at the entrances of store fronts to scan a consumer’s temperature.  However, this sort of policy, if unconsented, likely violates biometric privacy laws because, for example, BIPA prohibits unconsented capturing of “biometric identifiers,” which includes a “scan of … face geometry.”  While the intended capture of data is the consumer’s temperature, which is not covered under the law, it would nonetheless capture the consumer’s facial geometry, which is.  As discussed above, many of the recent biometric laws, and proposed legislation, gets its roots from BIPA, which means that contactless infrared temperature scanning would likely violate several other biometric privacy laws across the country.  Therefore, such a strategy would require notice and consent to comply with the act.

As recent as April 2020, it was announced that certain amusement parks would be conducting temperature checks at its security checkpoints to avoid any potential COVID outbreaks among its customers.  While it is unclear what type of protocols will be implemented, there are reports that companies are exploring everything from handheld temperature checks to drone technology, and everything in between, including facial scanning.  As businesses begin to implement policies to enhance consumer safety following the COVID-19 outbreak, some policies will undoubtedly be challenged in the courts and shape the development of biometric privacy laws across the country.

The idea of capturing a consumer’s facial geometry is not new for COVID-19, rather, it was also used as early as 2017 to provide for faster food service.  In September 2017, restaurant chain Wow Bao was sued in Cook County, Illinois over its use of facial recognition technology to verify customers’ orders.  The complaint alleges that Wow Bao failed to obtain consent prior to capturing and storing customers’ biometric information.  This case is still pending, but decisions in this case will likely guide any future litigation or potential litigation as retailers and businesses start to put new policies in place.

Following the practices below will be more important than ever since the landscape of biometric laws continue to evolve and related lawsuits gain traction in the court systems.  As these laws are tested in the courts, we learn the strengths and dangers that these laws bear on businesses.  Further pursuit of these lawsuits recently became more attractive with the Illinois Supreme Court’s January 2019 decision finding that a “violation [of BIPA], in itself, is sufficient to support the individual’s or customer’s statutory cause of action.”  Rosenbach v. Six Flags Entertainment Corp., 2019 IL 123186, ¶ 33.

Best Practices

Businesses are encouraged to review and revise contacts and terms of conditions in order to cover new biometric privacy laws and developments in the existing laws.  Revising terms and conditions recently proved to be beneficial for Shutterfly who, in 2019, was sued in Illinois by two consumers, alleging that Shutterfly illegally collected face scans of Chicago-area residents without adhering to BIPA regulations.  (Vernita Miracle-Pond, et al. v. Shutterfly Inc., N.D. Ill. Case. No. 19-cv-04722).  The court held that a Shutterfly user must arbitrate the accusations of the complaint even though Shutterfly unilaterally amended its arbitration clause after the lawsuit was filed.  (2020 WL 2513099).  The key factor in the court’s decision was that Shutterfly users consent to unilateral modifications of the terms of use.  (Id. at *6).  The court rejected plaintiff’s argument that a new arbitration provision was ineffective because she did not receive notice and held: “[o]n the contrary, when parties agree in advance to allow unilateral modifications to the terms of their contract, subsequent modifications are binding regardless of whether the other party later ‘accepts’ the change.”  (Id.)

In order to ensure compliance with the growing landscape of biometric privacy laws, businesses should consult with experts before implementing any post-COVID procedures which may collect personal and physiological information about consumers, its customers or invitees.  If a business chooses to proceed with collection of biometric data, it should, at a minimum, adhere to the practices below:

  1. Develop and provide notice to consumers that covers information relating to capturing of biometric data, including the type of technology being used, the purpose for capturing the data, how the data will be captured, and how the data is being stored;
  2. Obtain consent from the consumer for collection and storage of biometric data, where applicable by law;
  3. Take steps to ensure that neither the business nor any vendor storing biometric data on the business’s behalf sells or discloses the data;
  4. Implement security protocols for the protection of biometric data; and
  5. Have appropriate provisions in vendor contracts ensuring they comply with existing laws and that the business may retain the right to request information and have the right to be notified in the event of a suspected breach.

Major operational changes and disruptions occasioned by COVID-19 have created a swell of contract disputes and new litigation in various industries. The area of higher education is no different.  Faced with safety concerns and government stay-at-home orders, universities across the nation have had to adjust, often by ceasing in-person instruction, transitioning to remote learning, and suspending on-campus services, including university-furnished student housing. These adjustments have been met with class actions filed by students seeking tuition and fee reimbursements or abatements.  We have been monitoring these cases closely as they continue to flood into federal and state courts and have been counseling our clients on what they can expect, possible defenses, and mitigation of liability.  We also note that the class actions that have been filed are specific to the Spring 2020 semester.  Now that the 2019-2020 school year has wrapped up and universities, colleges, and higher education institutions begin to grapple with what to do in the fall, a closer look at these cases are warranted to potentially avoid another wave of class actions come September.

These suits generally contend that the student-class members have not received the college experience they bargained for, and most assert claims for breach of contract, unjust enrichment, and conversion.  Importantly, however, universities hit with these class actions have available to them several potentially applicable defenses.  First, to the extent the plaintiff alleges that the university has breached its obligations under an express agreement, quasi-contractual remedies, such as unjust enrichment, are generally not recoverable.[1]  Because the theory of unjust enrichment is founded on a contract implied in law, if a valid, express contract governs the parties’ relationship, unjust enrichment is not applicable.[2]  Similarly, many courts hold that claims for conversion—a tort premised on wrongful appropriation of tangible property—is not actionable where the suit essentially involves a contract dispute.[3]  Because, like unjust enrichment, “a claim of conversion cannot be predicated on a mere breach of contract,”[4] universities defending against class-action complaints asserting both breach of contract and unjust enrichment and/or conversion have colorable defenses that the latter claims fail as a matter of law, permitting potential disposition of these claims at the pleadings stage.

The defense of sovereign immunity may also provide for early disposition of some class actions. Public universities facing suit should consider whether they qualify for sovereign immunity—insulating them from damages awards—under the Eleventh Amendment.  If the class action complaint seeks monetary relief and no waiver is applicable, dismissal on sovereign immunity grounds may be appropriate.[5]

The doctrines of impossibility of performance and frustration of purpose may also be available, as the ability to provide traditional instruction has been impeded by an event beyond universities’ control.  Impossibility typically discharges, in part, a party’s contractual obligation when an unanticipated condition makes performance “objectively impossible,”[6] and courts have applied the doctrine to the education context.[7]  Here, government stay-at-home orders have arguably rendered colleges’ ability to provide in-person instruction and on-campus services truly impossible, potentially excusing the universities’ alleged nonperformance.  Under the related doctrine of frustration of purpose, colleges may also be able to argue that because the pandemic and ensuing government restrictions have so frustrated a “common object”[8] of their contracts with students—contemplating in-person instruction—the universities’ alleged failure to perform does not amount to a breach of contract.  Relatedly, and depending on the language of written agreements, universities should also evaluate whether force majeure, or “act of God,” provisions can be employed.  It bears noting, however, that application of these defenses to the present situation—sweeping restrictions imposed as a result of a pandemic—has not been fully tested in the courts.  We will note also, with respect to these defenses, two important points: (1) in many states, these are only partial defenses providing only an equitable defense, and (2) these doctrines are premised on the unforseeability of an event, and as institutions look to the new school year, the possibility of another wave of COVID-19 and another round of stay-at-home orders will likely be deemed foreseeable.

Finally, and perhaps most significantly, universities should enjoy some amount of deference from courts adjudicating these class actions.  Many courts recognize that where a student pursues a contract action against a university based on an academic decision—such as adjusting curriculum in light of a serious health risk—“judicial intervention in any form should be undertaken with only the greatest reluctance.”[9]  In this vein, many courts have been resistant to recognize “educational malpractice” as a cause of action.[10]  These jurisdictions have refrained from permitting such claims, whether brought in tort or contract, “on the premise that [u]niversities must be allowed the flexibility to manage themselves and correct their own mistakes.”[11] Universities faced with class actions in the wake of COVID-19 may similarly be able to argue that breach-of-contract claims, which essentially allege that remote instruction is inadequate, amount to an “impermissible ‘educational malpractice’ claim in disguise.”[12]  Similarly, universities may argue that, in light of the judicial deference in how the schools choose to oeprate, the alleged breach is no breach at all because the schools continue to provide advancement towards degree, educational instruction and virtual programs such that the students are still getting the benefit of the bargain.

Indeed, courts have invoked the principle of judicial restraint in the higher education context when a university is forced to make changes due to an unanticipated event.  In a 1971 New York case, the father of a university student sued for a tuition refund after classes were suspended following mass anti-war demonstrations.[13]  The trial court ruled in favor of the father, and the appellate court reversed, finding that the court below “erred in substituting its judgment for that of the University,” and emphasizing that the university had the authority to make changes to maintain order on its campus.[14]  Although this New York case is somewhat dated, it is helpful for the proposition that when a supervening event affects a university’s ability to provide the same or similar instruction or campus services, such as the case of mass anti-war protests or a pandemic, the university’s reasonable adjustments to curriculum—even suspending classes—may not warrant tuition refunds or other monetary relief.

COVID-19 and resultant government orders have significantly changed the higher education landscape and that change is expected to last into the new school year.  While all of these cases remain in their infancy, and there is no direction yet from the courts on the veracity of these claims, universities and higher education institutions can use these cases as a guide when discussing the new school year and take action now to mitigate against the possibility of future actions.  Schools should review their marketing and online materials to include information about courses, services, activities, and offerings offered remotely.  If certain activities, facilities, or offerings are not going to be available in the fall, reference to those items should be removed.  Now is also the time to review and revise contracts and policies to determine whether revisions may be appropriate in light of COVID-19.  For instance, universities may want to consider adding arbitration provisions, revising refund policies, and adding disclaimers about the accessibility of facilities, in-person classes, and other activities.  Universities should also review their insurance policies and talk to their providers early on about what their coverage includes.  Although there is no clear path forward yet, the reality is that the world around us is changing and it is important to make sure our businesses are changing with it.


[1] See, e.g., No. 13-cv-3455, 2014 WL 1411249, at *2 (N.D. Cal. Apr. 11, 2014) (“[A]s a matter of law, an unjust enrichment claim does not lie where the parties have an enforceable express contract.”); No. 11-2605, 2012 WL 3111679, at *8 (D. Md.  July 30, 2012) (“[U]njust enrichment cannot be asserted when an express contract defining the rights and remedies of the parties exists.”); 404 F. Supp. 2d 1023, 1029 (M.D. Tenn. 2005) (dismissing unjust enrichment claim where express contract existed);

[2] See No. 03-c-2105, 2003 WL 21801190, at *2 (N.D. Ill. Aug. 4, 2003).

[3] See, e.g., No. 213CV02671JTFCGC, 2014 WL 12887673, at *3 (W.D. Tenn. Oct. 17, 2014) (dismissing conversion claim as duplicative of breach-of-contract claim); No. 13-60384-civ, 2013 WL 4496504, at *5 (S.D. Fla. Aug. 20, 2013) (noting that, under both New York and Massachusetts law, “a plaintiff may not recover under both breach of contract and conversion for the same damages”).

[4] 888 F. Supp. 2d 385, 397, n.8 (S.D.N.Y. 2012).

[5] See, e.g., 837 F.2d 197 (5th Cir. 1988) (university protected from damages award in student suit alleging civil rights violations).

[6] No. 01-civ-9104, 2003 WL 1960587, at *4 (S.D.N.Y. Apr. 25, 2003).

[7] 505 F.3d 1283 (D.C. Cir. 2007) (invoking impossibility doctrine in finding education provider’s nonperformance under individualized education plan with student excused).

[8] 508 F.2d 377, 381 (2d Cir. 1974) (“Frustration of purpose excuses performance when a virtually cataclysmic, wholly unforeseeable event renders the contract valueless to one party.”).

[9] 862 F.2d 570, 575 (6th Cir. 1988).

[10] See, e.g., 55 Fed. App’x 308 (6th Cir. 2003) (disallowing claim sounding in educational malpractice); 304 F. Supp. 3d 656, 664 (S.D. Ohio 2018) (same).

[11] 926 F.2d 1029, 1034 (8th Cir. 2019) (internal quotations omitted).

[12] 304 F. Supp. at 664.

[13] 319 N.Y.S.2d 893 (N.Y. Ct. App. 1971).

[14] Id. at 894.

In this webinar, Seyfarth attorneys Robert Milligan, Jonathan Braunstein, Daniel Joshua Salinas, and Darren Dummit covered the recent developments in consumer class actions related to COVID-19 in California, explaining the claims and expected defenses, and proactive attempts that companies can employ now to attempt to avoid these suits.

As a conclusion to this webinar, we compiled a summary of takeaways:

  • With all sporting events, concerts, conferences and festivals either “postponed” or cancelled by the pandemic, and with uncertainty as to what future events may look like, class action refund litigation have proven to be somewhat inevitable for those who were not capable or willing to provide full refunds immediately. Going forward, while best efforts are made to provide “full value” with different options for future events, traditional uses of cash flow from paid-in-advance revenue may need to be revisited, along with terms and conditions of the contract provisions, including arbitration provisions, class actions waivers, updated force majeure provisions, and limitation of remedies. Looking ahead, the restrictions imposed on the events in a post-pandemic world will result in additional refund cases, including arguments around diminishment in value.
  • For businesses and activities which involve annual or monthly membership or subscription fees, such as  gyms, co-working spaces, theme parks, ski mountains, and golf/social clubs, class action litigation has also been an inevitability absent an immediate refund or cessation of all payments, and absent an enforceable arbitration agreement and/or class action waiver. Going forward, these organizations would be wise offer and track multiple alternatives, so as to best mitigate damages and defeat class certification issues, while also revising future terms and conditions to account for the possibility of pandemic shutdowns, rollovers, and suspensions of payment. Looking ahead, these organizations will face tough choices (and potential class action risks) as some customers claim diminishment in value as a result of social distancing, while others claim a health-related inability or unwillingness to engage in the same activity.
  • Class actions suits against colleges, universities, and other education providers arising from the closure of facilities during the COVID-19 pandemic have exploded across the nation, including over 15 such actions brought in California. Opportunistic plaintiffs’ counsel are filing suits demanding partial refunds on tuition, campus fees, room and board, and of course attorneys’ fees. Plaintiffs allege that on-line instruction does not provide the benefit of the bargain that they contracted for. Likely defenses that will be explored by the education providers include: 1) no breach (e.g. no requirement to provide in-person instruction and providers have sole discretion to make academic judgments); 2) substantial performance; 3) force majeure and related contractual defenses; 4) limitation of damages provisions; and 5) sovereign immunity for public institutions. Additionally, providers with arbitration and class action waiver provisions may be better positioned to avoid class suits. Lastly, plaintiffs will face substantial class certification challenges as providers attempt to demonstrate that individual issues predominate.
  • Price gouging occurs when, during abnormal market conditions, a seller increases the prices of goods, services, or commodities to a level much higher than is considered reasonable or fair. Unconscionable or exorbitant pricing can occur after a demand spike or supply disruption during a public emergency. COVID-19’s unprecedented size, scope and duration presents extraordinary opportunities for price gouging. On March 4, 2020, California Governor Gavin Newsom declared a state of emergency in response to the COVID-19 public health emergency. Executive Order N-44-20 makes it unlawful to increase the price of food items, consumer goods, or medical and emergency supplies by more than 10 percent of what a seller charged for that item on February 4, 2020, subject to certain exceptions. In California, price gouging during a declared state of public emergency is a crime. See Cal. Penal Code Section 396.  Whether criminal or not, price gouging is generally discouraged and may be considered exploitative and unethical. Numerous other states and jurisdictions have their own similar but distinct and somewhat varying price gouging laws. Price gouging can have a profound impact across commercial business and supply chains. Actual or perceived price gouging presents tremendous challenges, class action litigation risks, and potential exposures for commercial businesses and employers. As businesses reopen, employees return to work, and courts resume operations, there is likely to be a spike in price gouging claims, disputes, and lawsuits—including class actions—filed by consumers or businesses under state and federal consumer protection, antitrust, and unfair competition laws.
  • California remains an attractive forum for consumers alleging privacy violations. The reopening of brick-and-mortar stores, offices, and other physical locations may increase in the need to screen and collect physiological data of customers or employees entering the space. Companies collecting or using such data should ensure they have compliant collection, storage, and notice policies and practices. Notably, the California Attorney General has made it clear at this point that he will not be giving companies extra time to make sense of, and comply with, the new California Consumers Privacy Act in light of the COVID-19 pandemic.

A recording of the webinar is available on the Seyfarth website: https://www.seyfarth.com/news-insights/covid-19-related-consumer-class-action-developments-and-trends-in-california.html