Seyfarth attorneys Robert Milligan and Joshua Salinas recently published an article titled “Avoiding California’s Consumer Law Pitfalls Amid the COVID-19 Pandemic” for Law.com.
COVID-19 has created unprecedented challenges, including in the area of consumer class action law. This article discusses the new traps and areas of uncertainty the pandemic has caused for businesses navigating California consumer laws.
Read the full article at Law.com.
Biometric privacy continues to be a hot-button topic in the United States, and internationally, with states continuing to join the wave of strict consumer biometric data protection laws. In an effort to avoid costly class action litigation as the country begins to reopen following the COVID-19 pandemic, businesses should be mindful of the potential risks when implementing consumer-related biometric policies and procedures.
What Is Biometric Data?
Generally, biometric data are physical characteristics that can be used to digitally identify a person. Physiological biometrics pertain to the body and include DNA, retinal scans, fingerprints or other characteristics such as the shape of a person’s hand or face or the sound of their voice. For example, lawsuits premised on the capture of physiological biometric data have included the use of facial recognition at stores, entrances to businesses and facilities, or on websites, or the use of finger print identification (often, but not always, in employment context).
In addition, some states, such as California, have expanded biometric information to also include behavioral characteristics, which encompass a person’s specific movements and actions or even thought-patterns.
Current Biometric Privacy Laws
Prior to 2018, only three states had biometric privacy laws: Illinois, Texas and Washington, and today, that number has nearly tripled. Among those three states, only the Illinois’ Biometric and Information Privacy Act (BIPA, 740 ILCS 14/) provided for a private right of action, which has made it very attractive to the plaintiffs’ bar. In fact, between 2018 and 2019, there were over 200 BIPA class action complaints filed across the United States.
In 2018, Louisiana amended its Data Breach Security Notification Law (Louisiana Revised Statutes 51:3071, et seq.) by expanding the definition of personal information to include biometric data and requiring notice to affected Louisiana residents within 60 days. It further amended the breach notification law to impose data security and destruction requirements on covered entities, which broadly includes any person that conducts business in the state. While the Louisiana Attorney General is currently the primary enforcer of data breach laws, private rights of action are permitted, which at the time, made it the second state to provide for such recourse. In 2019, Arkansas also jumped on the biometric bandwagon and expanded the scope of “personal information” in its Personal Information Protection Act (PIPA) to include biometric data which is defined as data that is “generated by automatic measurements of an individual’s biological characteristics.”
On January 1, 2020, both California and Oregon’s biometric privacy laws went into effect. California’s Consumer Privacy Act (CCPA, Sec. 1798.100) creates proactive notice, consent, and deletion obligations, among others, depending on how the personal information is used. Notably, personal information under the CCPA is broadly expanded beyond a consumer’s biometric information and includes a consumer’s “internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement.” Given the CCPA’s broad definition and reach, lawsuits under the act could expectedly surpass BIPA in short time. Note, however, that while BIPA broadly provides for a private right of action for any person “aggrieved” by a violation of the act, the CCPA only provides consumers with a limited private right of action, specifically, when their “nonencrypted and nonredacted personal information” is “subject to an unauthorized access and exfiltration, theft, or disclosure as a result of the business’s violation of the duty to implement and maintain reasonable security procedures.”
Oregon amended its Consumer Information Protection Act (OCIPA, ORS 646A-600, et seq.), effective January 1, 2020, to follow the national trend of expanding laws beyond mere “identity theft protection,” to focus on larger scale consumer privacy and data rights, which now includes protections for biometric data. Personal information under the act now includes automatic measurements of a consumer’s physical characteristics, such as an image of a fingerprint, retina or iris, that are used to authenticate the consumer’s identity in the course of a financial transaction or other transaction.
Finally, just as the COVID pandemic halted the nation, New York moved forward with its final phase of enacting its own biometric privacy law. On March 21, 2020, New York completed its enactment of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act). The SHIELD Act was split into two phases: the first phase broadened the current notification requirements for data breaches (effective October 23, 2019) and the second phase requires businesses to put reasonable measures in place to protect information (effective March 21, 2020). The Act revised New York’s 2005 breach notification law to include biometric information to its definition of personal information and requires businesses that maintain New York residents’ personal information to include protections for biometric data when developing and implementing reasonable safeguards as required by the act. The SHIELD Act also provides for a limited private right of action. As with the CCPA, the SHIELD Act is very new and untested, and therefore, businesses are encouraged to ensure compliance with these new laws (and previously existing laws) before implementing any consumer-based biometric policies.
Pending Biometric Privacy Laws
Aside from the eight states discussed above, another eleven states have proposed biometric privacy laws over the past few years. Of those eleven states, Michigan, Alaska, Delaware, Florida, New Hampshire, Montana and Rhode Island have all introduced biometric privacy legislation since 2017, however, each have since died in committee or chamber. Though no biometric privacy legislation has been passed in New Jersey, the state attempted to pioneer biometric regulation with a proposed bill back in 2002, six years before biometric privacy legislation was first passed in the United States. Currently, only Massachusetts, Hawaii and Arizona have pending biometric privacy legislation.
Post-COVID Concerns for Consumer-Based Businesses
As businesses adjust to the new “norms” following COVID-19, they will likely explore policies and procedures that aim to minimize consumer interaction and protect its invitees and customers from potential exposure to the virus. While these policies are sure to give both the consumers and employees a feeling of comfort, such policies could be far more costly than expected if the proper measures are not taken beforehand.
One solution that businesses have been exploring is the implementation of contactless infrared facial scanning at the entrances of store fronts to scan a consumer’s temperature. However, this sort of policy, if unconsented, likely violates biometric privacy laws because, for example, BIPA prohibits unconsented capturing of “biometric identifiers,” which includes a “scan of … face geometry.” While the intended capture of data is the consumer’s temperature, which is not covered under the law, it would nonetheless capture the consumer’s facial geometry, which is. As discussed above, many of the recent biometric laws, and proposed legislation, gets its roots from BIPA, which means that contactless infrared temperature scanning would likely violate several other biometric privacy laws across the country. Therefore, such a strategy would require notice and consent to comply with the act.
As recent as April 2020, it was announced that certain amusement parks would be conducting temperature checks at its security checkpoints to avoid any potential COVID outbreaks among its customers. While it is unclear what type of protocols will be implemented, there are reports that companies are exploring everything from handheld temperature checks to drone technology, and everything in between, including facial scanning. As businesses begin to implement policies to enhance consumer safety following the COVID-19 outbreak, some policies will undoubtedly be challenged in the courts and shape the development of biometric privacy laws across the country.
The idea of capturing a consumer’s facial geometry is not new for COVID-19, rather, it was also used as early as 2017 to provide for faster food service. In September 2017, restaurant chain Wow Bao was sued in Cook County, Illinois over its use of facial recognition technology to verify customers’ orders. The complaint alleges that Wow Bao failed to obtain consent prior to capturing and storing customers’ biometric information. This case is still pending, but decisions in this case will likely guide any future litigation or potential litigation as retailers and businesses start to put new policies in place.
Following the practices below will be more important than ever since the landscape of biometric laws continue to evolve and related lawsuits gain traction in the court systems. As these laws are tested in the courts, we learn the strengths and dangers that these laws bear on businesses. Further pursuit of these lawsuits recently became more attractive with the Illinois Supreme Court’s January 2019 decision finding that a “violation [of BIPA], in itself, is sufficient to support the individual’s or customer’s statutory cause of action.” Rosenbach v. Six Flags Entertainment Corp., 2019 IL 123186, ¶ 33.
In order to ensure compliance with the growing landscape of biometric privacy laws, businesses should consult with experts before implementing any post-COVID procedures which may collect personal and physiological information about consumers, its customers or invitees. If a business chooses to proceed with collection of biometric data, it should, at a minimum, adhere to the practices below:
- Develop and provide notice to consumers that covers information relating to capturing of biometric data, including the type of technology being used, the purpose for capturing the data, how the data will be captured, and how the data is being stored;
- Obtain consent from the consumer for collection and storage of biometric data, where applicable by law;
- Take steps to ensure that neither the business nor any vendor storing biometric data on the business’s behalf sells or discloses the data;
- Implement security protocols for the protection of biometric data; and
- Have appropriate provisions in vendor contracts ensuring they comply with existing laws and that the business may retain the right to request information and have the right to be notified in the event of a suspected breach.
Major operational changes and disruptions occasioned by COVID-19 have created a swell of contract disputes and new litigation in various industries. The area of higher education is no different. Faced with safety concerns and government stay-at-home orders, universities across the nation have had to adjust, often by ceasing in-person instruction, transitioning to remote learning, and suspending on-campus services, including university-furnished student housing. These adjustments have been met with class actions filed by students seeking tuition and fee reimbursements or abatements. We have been monitoring these cases closely as they continue to flood into federal and state courts and have been counseling our clients on what they can expect, possible defenses, and mitigation of liability. We also note that the class actions that have been filed are specific to the Spring 2020 semester. Now that the 2019-2020 school year has wrapped up and universities, colleges, and higher education institutions begin to grapple with what to do in the fall, a closer look at these cases are warranted to potentially avoid another wave of class actions come September.
These suits generally contend that the student-class members have not received the college experience they bargained for, and most assert claims for breach of contract, unjust enrichment, and conversion. Importantly, however, universities hit with these class actions have available to them several potentially applicable defenses. First, to the extent the plaintiff alleges that the university has breached its obligations under an express agreement, quasi-contractual remedies, such as unjust enrichment, are generally not recoverable. Because the theory of unjust enrichment is founded on a contract implied in law, if a valid, express contract governs the parties’ relationship, unjust enrichment is not applicable. Similarly, many courts hold that claims for conversion—a tort premised on wrongful appropriation of tangible property—is not actionable where the suit essentially involves a contract dispute. Because, like unjust enrichment, “a claim of conversion cannot be predicated on a mere breach of contract,” universities defending against class-action complaints asserting both breach of contract and unjust enrichment and/or conversion have colorable defenses that the latter claims fail as a matter of law, permitting potential disposition of these claims at the pleadings stage.
The defense of sovereign immunity may also provide for early disposition of some class actions. Public universities facing suit should consider whether they qualify for sovereign immunity—insulating them from damages awards—under the Eleventh Amendment. If the class action complaint seeks monetary relief and no waiver is applicable, dismissal on sovereign immunity grounds may be appropriate.
The doctrines of impossibility of performance and frustration of purpose may also be available, as the ability to provide traditional instruction has been impeded by an event beyond universities’ control. Impossibility typically discharges, in part, a party’s contractual obligation when an unanticipated condition makes performance “objectively impossible,” and courts have applied the doctrine to the education context. Here, government stay-at-home orders have arguably rendered colleges’ ability to provide in-person instruction and on-campus services truly impossible, potentially excusing the universities’ alleged nonperformance. Under the related doctrine of frustration of purpose, colleges may also be able to argue that because the pandemic and ensuing government restrictions have so frustrated a “common object” of their contracts with students—contemplating in-person instruction—the universities’ alleged failure to perform does not amount to a breach of contract. Relatedly, and depending on the language of written agreements, universities should also evaluate whether force majeure, or “act of God,” provisions can be employed. It bears noting, however, that application of these defenses to the present situation—sweeping restrictions imposed as a result of a pandemic—has not been fully tested in the courts. We will note also, with respect to these defenses, two important points: (1) in many states, these are only partial defenses providing only an equitable defense, and (2) these doctrines are premised on the unforseeability of an event, and as institutions look to the new school year, the possibility of another wave of COVID-19 and another round of stay-at-home orders will likely be deemed foreseeable.
Finally, and perhaps most significantly, universities should enjoy some amount of deference from courts adjudicating these class actions. Many courts recognize that where a student pursues a contract action against a university based on an academic decision—such as adjusting curriculum in light of a serious health risk—“judicial intervention in any form should be undertaken with only the greatest reluctance.” In this vein, many courts have been resistant to recognize “educational malpractice” as a cause of action. These jurisdictions have refrained from permitting such claims, whether brought in tort or contract, “on the premise that [u]niversities must be allowed the flexibility to manage themselves and correct their own mistakes.” Universities faced with class actions in the wake of COVID-19 may similarly be able to argue that breach-of-contract claims, which essentially allege that remote instruction is inadequate, amount to an “impermissible ‘educational malpractice’ claim in disguise.” Similarly, universities may argue that, in light of the judicial deference in how the schools choose to oeprate, the alleged breach is no breach at all because the schools continue to provide advancement towards degree, educational instruction and virtual programs such that the students are still getting the benefit of the bargain.
Indeed, courts have invoked the principle of judicial restraint in the higher education context when a university is forced to make changes due to an unanticipated event. In a 1971 New York case, the father of a university student sued for a tuition refund after classes were suspended following mass anti-war demonstrations. The trial court ruled in favor of the father, and the appellate court reversed, finding that the court below “erred in substituting its judgment for that of the University,” and emphasizing that the university had the authority to make changes to maintain order on its campus. Although this New York case is somewhat dated, it is helpful for the proposition that when a supervening event affects a university’s ability to provide the same or similar instruction or campus services, such as the case of mass anti-war protests or a pandemic, the university’s reasonable adjustments to curriculum—even suspending classes—may not warrant tuition refunds or other monetary relief.
COVID-19 and resultant government orders have significantly changed the higher education landscape and that change is expected to last into the new school year. While all of these cases remain in their infancy, and there is no direction yet from the courts on the veracity of these claims, universities and higher education institutions can use these cases as a guide when discussing the new school year and take action now to mitigate against the possibility of future actions. Schools should review their marketing and online materials to include information about courses, services, activities, and offerings offered remotely. If certain activities, facilities, or offerings are not going to be available in the fall, reference to those items should be removed. Now is also the time to review and revise contracts and policies to determine whether revisions may be appropriate in light of COVID-19. For instance, universities may want to consider adding arbitration provisions, revising refund policies, and adding disclaimers about the accessibility of facilities, in-person classes, and other activities. Universities should also review their insurance policies and talk to their providers early on about what their coverage includes. Although there is no clear path forward yet, the reality is that the world around us is changing and it is important to make sure our businesses are changing with it.
 See, e.g., No. 13-cv-3455, 2014 WL 1411249, at *2 (N.D. Cal. Apr. 11, 2014) (“[A]s a matter of law, an unjust enrichment claim does not lie where the parties have an enforceable express contract.”); No. 11-2605, 2012 WL 3111679, at *8 (D. Md. July 30, 2012) (“[U]njust enrichment cannot be asserted when an express contract defining the rights and remedies of the parties exists.”); 404 F. Supp. 2d 1023, 1029 (M.D. Tenn. 2005) (dismissing unjust enrichment claim where express contract existed);
 See No. 03-c-2105, 2003 WL 21801190, at *2 (N.D. Ill. Aug. 4, 2003).
 See, e.g., No. 213CV02671JTFCGC, 2014 WL 12887673, at *3 (W.D. Tenn. Oct. 17, 2014) (dismissing conversion claim as duplicative of breach-of-contract claim); No. 13-60384-civ, 2013 WL 4496504, at *5 (S.D. Fla. Aug. 20, 2013) (noting that, under both New York and Massachusetts law, “a plaintiff may not recover under both breach of contract and conversion for the same damages”).
 888 F. Supp. 2d 385, 397, n.8 (S.D.N.Y. 2012).
 See, e.g., 837 F.2d 197 (5th Cir. 1988) (university protected from damages award in student suit alleging civil rights violations).
 No. 01-civ-9104, 2003 WL 1960587, at *4 (S.D.N.Y. Apr. 25, 2003).
 505 F.3d 1283 (D.C. Cir. 2007) (invoking impossibility doctrine in finding education provider’s nonperformance under individualized education plan with student excused).
 508 F.2d 377, 381 (2d Cir. 1974) (“Frustration of purpose excuses performance when a virtually cataclysmic, wholly unforeseeable event renders the contract valueless to one party.”).
 862 F.2d 570, 575 (6th Cir. 1988).
 See, e.g., 55 Fed. App’x 308 (6th Cir. 2003) (disallowing claim sounding in educational malpractice); 304 F. Supp. 3d 656, 664 (S.D. Ohio 2018) (same).
 926 F.2d 1029, 1034 (8th Cir. 2019) (internal quotations omitted).
 304 F. Supp. at 664.
 319 N.Y.S.2d 893 (N.Y. Ct. App. 1971).
 Id. at 894.
In this webinar, Seyfarth attorneys Robert Milligan, Jonathan Braunstein, Daniel Joshua Salinas, and Darren Dummit covered the recent developments in consumer class actions related to COVID-19 in California, explaining the claims and expected defenses, and proactive attempts that companies can employ now to attempt to avoid these suits.
As a conclusion to this webinar, we compiled a summary of takeaways:
- With all sporting events, concerts, conferences and festivals either “postponed” or cancelled by the pandemic, and with uncertainty as to what future events may look like, class action refund litigation have proven to be somewhat inevitable for those who were not capable or willing to provide full refunds immediately. Going forward, while best efforts are made to provide “full value” with different options for future events, traditional uses of cash flow from paid-in-advance revenue may need to be revisited, along with terms and conditions of the contract provisions, including arbitration provisions, class actions waivers, updated force majeure provisions, and limitation of remedies. Looking ahead, the restrictions imposed on the events in a post-pandemic world will result in additional refund cases, including arguments around diminishment in value.
- For businesses and activities which involve annual or monthly membership or subscription fees, such as gyms, co-working spaces, theme parks, ski mountains, and golf/social clubs, class action litigation has also been an inevitability absent an immediate refund or cessation of all payments, and absent an enforceable arbitration agreement and/or class action waiver. Going forward, these organizations would be wise offer and track multiple alternatives, so as to best mitigate damages and defeat class certification issues, while also revising future terms and conditions to account for the possibility of pandemic shutdowns, rollovers, and suspensions of payment. Looking ahead, these organizations will face tough choices (and potential class action risks) as some customers claim diminishment in value as a result of social distancing, while others claim a health-related inability or unwillingness to engage in the same activity.
- Class actions suits against colleges, universities, and other education providers arising from the closure of facilities during the COVID-19 pandemic have exploded across the nation, including over 15 such actions brought in California. Opportunistic plaintiffs’ counsel are filing suits demanding partial refunds on tuition, campus fees, room and board, and of course attorneys’ fees. Plaintiffs allege that on-line instruction does not provide the benefit of the bargain that they contracted for. Likely defenses that will be explored by the education providers include: 1) no breach (e.g. no requirement to provide in-person instruction and providers have sole discretion to make academic judgments); 2) substantial performance; 3) force majeure and related contractual defenses; 4) limitation of damages provisions; and 5) sovereign immunity for public institutions. Additionally, providers with arbitration and class action waiver provisions may be better positioned to avoid class suits. Lastly, plaintiffs will face substantial class certification challenges as providers attempt to demonstrate that individual issues predominate.
- Price gouging occurs when, during abnormal market conditions, a seller increases the prices of goods, services, or commodities to a level much higher than is considered reasonable or fair. Unconscionable or exorbitant pricing can occur after a demand spike or supply disruption during a public emergency. COVID-19’s unprecedented size, scope and duration presents extraordinary opportunities for price gouging. On March 4, 2020, California Governor Gavin Newsom declared a state of emergency in response to the COVID-19 public health emergency. Executive Order N-44-20 makes it unlawful to increase the price of food items, consumer goods, or medical and emergency supplies by more than 10 percent of what a seller charged for that item on February 4, 2020, subject to certain exceptions. In California, price gouging during a declared state of public emergency is a crime. See Cal. Penal Code Section 396. Whether criminal or not, price gouging is generally discouraged and may be considered exploitative and unethical. Numerous other states and jurisdictions have their own similar but distinct and somewhat varying price gouging laws. Price gouging can have a profound impact across commercial business and supply chains. Actual or perceived price gouging presents tremendous challenges, class action litigation risks, and potential exposures for commercial businesses and employers. As businesses reopen, employees return to work, and courts resume operations, there is likely to be a spike in price gouging claims, disputes, and lawsuits—including class actions—filed by consumers or businesses under state and federal consumer protection, antitrust, and unfair competition laws.
- California remains an attractive forum for consumers alleging privacy violations. The reopening of brick-and-mortar stores, offices, and other physical locations may increase in the need to screen and collect physiological data of customers or employees entering the space. Companies collecting or using such data should ensure they have compliant collection, storage, and notice policies and practices. Notably, the California Attorney General has made it clear at this point that he will not be giving companies extra time to make sense of, and comply with, the new California Consumers Privacy Act in light of the COVID-19 pandemic.
A recording of the webinar is available on the Seyfarth website: https://www.seyfarth.com/news-insights/covid-19-related-consumer-class-action-developments-and-trends-in-california.html
Wednesday, May 27, 2020
3:00 p.m. to 4:00 p.m. Eastern
2:00 p.m. to 3:00 p.m. Central
1:00 p.m. to 2:00 p.m. Mountain
12:00 p.m. to 1:00 p.m. Pacific
Already an attractive forum for expensive consumer class action suits, the COVID-19 pandemic has created unprecedented disruption and challenges for businesses navigating California’s consumer protection laws. The ongoing pandemic has created even more costly traps and pitfalls for businesses struggling to pilot these uncharted waters. This webinar discusses some of California’s most common consumer protection related issues being litigated as a result of the pandemic, and further discusses what businesses should be aware of to reduce potential exposure and litigation during this crisis. Experienced counsel will discuss the latest developments and trends that impact California businesses and companies conducting business with California consumers.
Specifically, attendees will gain further insight into the following aspects of recent class action litigation:
- Tuition and fee refund actions against universities and other educational institutions
- Membership and subscription refund actions against gyms, theme parks, ski mountains, and semi-private clubs
- Refund actions against sports teams, conferences, festivals, and ticket brokers
- Price gouging actions involving high impact products and services
- Privacy actions in the context of data collection necessity or mandated because of COVID-19
- Auto renewal and deceptive pricing actions
Particular areas of focus of this webinar will be on describing the recent developments, explaining the claims and expected defenses, and proactive attempts that companies can employ now to attempt to avoid these suits. We hope you will join us and share your views on the issues raised.
Seyfarth Synopsis: On May 6, 2020, the Supreme Court heard oral arguments on a First Amendment challenge to a 2015 amendment to the TCPA, which exempted calls regarding debts owed to the government from certain of its prohibitions. While most Justices seemed to agree that the exemption was a content based restriction on speech, the Justices struggled with whether severance was the appropriate remedy.
The Telephone Consumer Protection Act (“TCPA”) prohibits the use of automated, artificial or prerecorded calls to any cell phone unless made for emergency purposes or without prior express consent (“cell phone ban”). In 2015, Congress amended the TCPA to create an additional exemption for calls related solely to the collection of debts owed to the U.S. government (“government debt exemption”).
In Barr v. American Association of Political Consultants et al., Case No. 19-631 (2020), an association of political and polling organizations (“Political Consultants”) challenged the constitutionality of the TCPA, arguing that the government debt exemption was a content-based restriction on speech in violation of the First Amendment.
The Fourth Circuit ruled that the government debt exemption was a content-based restriction on speech but chose to remedy that defect by severing the exemption, leaving the cell phone ban in place. The Attorney General petitioned the Supreme Court for review, arguing that the government debt exemption was not a content-based restriction on speech. On January 10, 2020, the Supreme Court granted the petition for certiorari to determine whether the exemption was a content-based restriction on speech subject to strict scrutiny and, if so, whether the appropriate remedy was to sever the exemption or invalidate the cell phone ban in its entirety. The Court held oral arguments on May 6, 2020, which were live streamed on C-SPAN. We were listening.
Oral Argument Observations
The Justices were largely in agreement that the government debt exemption was a content-based restriction on speech that could not survive scrutiny. The most notable exception was Justice Kagan, who suggested that Congress had intended to create a content-neutral exemption but failed to do so because of sloppy drafting. On the whole, however, the Justices focused on the issue of the appropriate remedy: severance or invalidation of the cell phone ban.
Many of the Justices appeared sympathetic to the Government’s argument that severance would be appropriate given that the TCPA (1) is very popular with consumers; (2) has been in place since 1991; and (3) survived all constitutional challenges prior to the addition of the government debt exemption in 2015.
Nevertheless, the Justices appeared uncomfortable with the ramifications of severance, which would have a perverse result: making the restriction on speech even broader (by eliminating an exemption to the ban on speech) and failing to give the prevailing party (the Political Consultants) any relief. The Justices pondered whether such a ruling would provide a disincentive to bringing First Amendment challenges in the future. The Justices also expressed due process concerns with eliminating the rights of individuals who were not parties to this case (e.g., private debt collectors who the government can engage to collect government debts).
The Political Consultants further argued that severing the government debt exemption from the cell phone ban was not sufficient to remedy the First Amendment violation because the cell phone ban itself was an improper restriction on speech. Although the Political Consultants conceded that, without the government debt exemption, the cell phone ban would be content neutral and subject only to intermediate scrutiny, they argued that the cell phone ban could not even survive that level of review because it was not supported by an important government interest. Specifically, the Political Consultants argued that Congress’s act of passing the government debt exemption in 2015—which permits the Government or its agents to make debt-collection calls, widely regarded as the most annoying and intrusive type of autodialed or prerecorded calls—was itself evidence that the Government does not value consumer privacy as highly as the Attorney General contended on appeal.
In response to this argument, however, Chief Justice Roberts pointed out that Congress may be taking steps one at a time (such as it did in passing the 2015 amendment creating the government debt exemption) to remedy the cell phone ban’s broad restriction on speech. The Chief Justice questioned whether it would be appropriate for the Court to intervene in this Congressional process.
Lastly, two other intriguing options were proposed by the Justices but did not receive extensive consideration: (1) remanding to the Fourth Circuit (presumably for further consideration of the appropriate remedy or due process issues); or (2) crafting the Court’s opinion in such a way to carve out political speech from the cell phone ban.
A majority of the Justices are likely to find that the government debt exemption is a content-based restriction on speech, but how they will choose to remedy that infirmity (or whether they will even reach agreement on a remedy) is unclear. Indeed, as Justice Kavanaugh noted, the Court has no precedent for ruling on severability when the First Amendment violation is created by an exception to the restriction on speech. The Court’s decision is expected by June 2020. We will update you here when it issues.
Companies responding to the pandemic are faced with the challenges of not only complying with federal, state, and local emergency orders and guidelines for each location in which they operate, but also ensuring that any measures taken to address the foregoing do not affect compliance with other laws. In the wake of business closures and event cancellations brought on by the pandemic, plaintiffs’ attorneys have continued to look to California’s various consumer protection statutes as fodder for class litigation, bringing an influx of COVID-19-related lawsuits against companies still dealing with unprecedented restrictions on their businesses.
With in-person purchasing opportunities limited or prohibited during the pandemic, companies have looked to expand their online offerings to consumers, particularly companies providing subscription-based products or services such as entertainment and streaming content providers, data storage and security providers, and recurring “box” and food delivery services. Companies using such business models to conduct business with consumers in California should ensure that they are in compliance with California’s various consumer protection statutes to avoid costly class actions.
Many of these actions are aimed at membership- and subscription-based businesses, such as gyms and sports clubs, ski resorts, and theme parks. Consumers have filed actions in California and several other states, seeking injunctive and declaratory relief, restitution, and damages for claims under the California’s Consumer Legal Remedies Act (“CLRA”), Cal. Civ. Code §§ 1750, et seq., Unfair Competition Law (“UCL”), Cal. Bus. & Prof. Code §§ 17200, et seq., and False Advertising Law (“FAL”), Cal. Bus. & Prof. Code §§ 17500, et seq. In the case of one class action complaint brought against a fitness center, the plaintiffs have also asserted claims for breach of warranty, breach of contract, misrepresentation, fraud, conversion, and violation of California’s Health Studio Services Contract Law, Cal. Civ. Code §§ 1812.80, et seq., based on the company’s alleged collection of membership fees after the imposition of stay-at-home and similar orders due to COVID-19.
The reach of these laws is not limited to businesses – a former union member has brought a similar action against his union, alleging violations of the Electronic Funds Transfer Act and various provisions of California’s Business and Professions Code for automatic withdrawals of fees following the termination of the plaintiff’s membership in the union.
Given such an extensive body of consumer protection laws, compliance for companies doing business in California can be fraught with the potential for class action lawsuits. Membership- and subscription-based businesses must also adhere to specific requirements for accepting and collecting payments on a recurring basis, which may raise issues under the CLRA, UCL, FAL, and common law, in addition to California’s Automatic Renewal Law (“ARL”), Cal. Bus. & Prof. Code §§ 17600, et seq.
The ARL was enacted in 2009 with the express purpose of “end[ing] the practice of ongoing charging of consumer credit or debit cards . . . without the consumers’ explicit consent.” Cal. Bus. & Prof. Code § 17600. A popular tool for plaintiffs and regulators alike, the ARL applies to almost any arrangement in which a paid subscription or purchase agreement is automatically renewed unless and until it is canceled by the consumer. As business models increasingly rely on automatic renewals, perpetual subscriptions, and electronic billing, the ARL can increasingly become a trap that businesses must navigate if they are to construct a California-compliant subscription plan. Under the ARL, any subject arrangement must conform to the following requirements,* which can be grouped into five (5) main categories:
- Clear and conspicuous disclosures. The offer to enroll and key terms of the subscription agreement must be disclosed in a manner that clearly calls attention to the auto-renewal language and must be in visual proximity (or temporal proximity for audio offers) to the request for consent. The following terms must be disclosed in type or font that is larger than or otherwise in contrast with surrounding text (or, for audio disclosures, in a volume and cadence sufficient to be readily audible and understandable):
- a. The nature of the subscription or purchasing agreement as one that will continue until the consumer cancels;
- b. How to cancel the offer;
- c. The recurring amounts that will be charged to the consumer’s payment account;
- d. That the amount of the charge may change and the post-change amount, if known;
- e. The length of the automatic renewal term; and
- f. Any minimum purchasing obligation(s).
- Retainable acknowledgment. The business must provide to the consumer an acknowledgment that provides the terms of the automatic renewal of continuous service, the cancellation policy, and how to cancel. The acknowledgment must be provided in a manner that is capable of being retained by the consumer (e.g., in writing).
- Affirmative consent. The business must obtain affirmative consent from the consumer before charging the consumer’s debit or credit card on a recurring basis. The consent may be given orally or in writing.
- Mechanisms for cancellation. The business must provide a cost-effective, timely, and easy-to-use mechanism for cancellation (e.g., a toll-free number, email address).
- Notice of material change(s). The business must provide to the consumer clear and conspicuous notice of any “material” change in the terms of the subscription, as well as written information about how to cancel the offer if already accepted.
*The ARL was amended in 2018 to extend the above requirements to promotional offers, e.g., special pricing that will be followed by automatic charges, and to allow for the termination or cancellation of online services via sufficiently uncomplicated online means. [See our previous article covering the 2018 amendments here.]
Remedies And Takeaways For Businesses
Any products sold without the above disclosures are considered an unconditional gift under the ARL, meaning consumers will likely be entitled to refunds without returning their purchases. However, the ARL does not limit the remedies available for violations of its provisions, permitting consumers to pursue virtually any civil remedy. In addition, alleged violations of the ARL can be repackaged into claims under the UCL, CLRA, and FAL, offering the remedies available under those statutes as well (e.g., injunctive relief, restitution, and statutory and punitive damages).
The current trend in COVID-19-related consumer class litigation is a powerful reminder to diligently assess consumer disclosures and business protocols. Membership- and subscription-based businesses should always be mindful of the ARL’s requirements, but especially of the notices they provide to consumers during this time, and should make sure the notices include all necessary information. In the action described above, brought against the union, the plaintiff alleges in his complaint that the union “never provided advanced clear and conspicuous notice to plaintiff of this auto-renewal,” and failed to provide any notice or otherwise inform the plaintiff “of its intent to renew the twenty (20) dollar auto withdrawal.”
Businesses should also carefully consider the issues that will likely arise where collections are concerned to avoid claims stemming from unauthorized withdrawal or retention of funds, especially since the ARL and other laws discussed do not state a minimum amount required for injury. Membership- and subscription-based businesses and organizations in particular should seek the advice of competent counsel in revisiting their compliance measures.