Certain restaurants, grocers, and other food establishments will soon be required to comply with the Food and Drug Administration’s (“FDA”) menu labeling rules. The FDA previously finalized menu labeling rules in connection with the Affordable Care Act to make calorie and nutritional information more available to consumers dining out. Last year, the FDA extended the compliance deadline to May 7, 2018. Continue Reading FDA Menu Labeling Rules Unfreeze
A federal judge recently held that a plaintiff cannot state a claim for false advertising under Illinois law by cherry picking statements in isolation if, on the whole, the information available to plaintiff dispelled the alleged deception. On April 6, 2018, the Northern District of Illinois dismissed a proposed class action that unsuccessfully claimed that a fast food restaurant and an Illinois franchisee had misrepresented the value of certain value meals. The proposed class action, filed in Illinois in 2016, was one of hundreds of cases filed that year alone in a recent surge in food consumer class action litigation.
According to a recent report by the U.S. Chamber Institute for Legal Reform, food marketing class actions increased from about 20 in 2008 to over 425 active cases in federal courts in 2015 and 2016. During this same two-year period, Illinois ranked as a favorite of the class action bar by hosting the fourth largest number of food class actions in federal courts and only trailed California, New York and Florida.
Plaintiff filed a class action complaint against a fast food restaurant and its franchisee alleging that certain value meals were not a good value because consumers could have purchased the meal items separately at a lower cost than the bundled meal. Plaintiff claimed that marketing the meals as “values” suggests that the meals cost less than ordering each item individually. Plaintiff therefore argued that labeling such meals as value meals was false, deceptive, and misleading in violation of the Illinois Consumer Fraud and Deceptive Business Practices Act.
Judge Elaine Bucklo rejected Plaintiff’s claims. She held that, under Illinois law, consumers who simply don’t bother to compare prices easily visible at the point of purchase cannot claim they have been misled. Judge Bucklo reasoned that, although Plaintiff’s argument had “superficial appeal,” she and the consumers she sought to represent had all the information necessary to compare prices. Judge Bucklo noted that, if Plaintiff had “take[n] the time to compare prices,” she would have realized that she could have saved a few cents by purchasing the items individually.
In holding that there could be “no possibility for deception,” Judge Bucklo relied on a line of cases dismissing similar claims where plaintiff consumers received all the information they needed to make an informed purchasing decision. Judge Bucklo distinguished the fast food restaurant’s prominent display of all prices near the chain’s registers from situations where “consumers would have to consult an ingredients list or other fine print to determine whether prominent images or labels a defendant uses in connection with its product accurately reflect the product’s true nature or quality.”
The court’s decision is a victory for food chains and other restaurants. Restaurants and retailers should consider prominently displaying all information necessary to evaluate pricing claims in advertisements or at the point of purchase.
The battle for control of the Consumer Financial Protection Bureau (“CFPB”) raged on this Thursday during oral argument before the United States Court of Appeals for the District of Columbia Circuit in English v. Trump. All three panel judges seemed skeptical of English’s claim that she should be acting director of the CFPB, but two judges questioned whether President Trump could appoint Mulvaney as acting director when a provision in the Dodd-Frank Act states that a subsection on budgeting and financial management “may not be construed as implying … any jurisdiction or oversight over the affairs or operations of the [CFPB]” by the Office of Management and Budget (“OMB”). Continue Reading D.C. Circuit Questions English’s Standing to Challenge CFPB Control
In response to “the void left by the Trump Administration’s pullback of the [CFPB],” the New Jersey Attorney General recently announced that Paul R. Rodriguez will be serve at the Director of the New Jersey Division of Consumer Affairs, the state’s lead consumer protection agency. Mr. Rodriguez will serve as the Acting Director of the Division beginning on June 1, 2018, until he is confirmed by the New Jersey Senate. This appointment fulfills one of Governor Phil Murphy’s promises to create a “state-level CFPB” in New Jersey.
Several other state attorneys general, including those in California, Connecticut, Hawaii, Illinois, Iowa, Maine, Maryland, Massachusetts, Minnesota, New Mexico, North Carolina, Oregon, Vermont, Virginia, and Washington, have announced that they intend to fill any void resulting from leadership changes at the CFPB by continuing to vigorously enforce federal consumer protection laws, as well as the consumer protection laws of their respective states. This sentiment was memorialized in a December 14, 2017, letter from the attorneys general to President Trump expressing their support for the CFPB’s mission and their disapproval of Mick Mulvaney’s appointment as CFPB Acting Director.
Seyfarth Shaw will continue to monitor and report on this potential state-level CFPB formation trend and related enforcement activity.
Seyfarth Synopsis: In light of the uncertainties surrounding lawsuits alleging violations of the Illinois Information Biometric Privacy Act (“BIPA”), the Northern District of California has taken a firm position on a plaintiff’s Article III standing. U.S. District Judge James Donato delivered opinions in In re Facebook Biometric Info. Privacy Litig., Case No. 15-CV-03747; 2018 U.S. Dist. LEXIS 30727 (N.D. Cal. Feb. 26, 2018) and Gullen v. Facebook Inc., Case No. 16-CV-00937; 2018 U.S. Dist. LEXIS 34792 (N.D. Cal. March 2, 2018), denying Facebook’s motions to dismiss for lack of subject matter jurisdiction in both cases. The court held that plaintiffs’ Article III standing was satisfied through mere collection of biometric information.
The decisions provide plaintiffs the ability to get their feet in the door and threaten businesses and employers alike. The court dismissed Facebook’s argument that Article III standing requires “real-world harms,” stating that the argument exceeds the law. Instead, the court held that a plaintiff has standing when they are deprived of procedures that protect statutorily protected interests, similar to the procedures outlined in the BIPA. Continue Reading California Federal District Court Does Not ‘like’ Facebook’s Standing Argument in Illinois Biometric Information Privacy Act Case
On March 16, 2018, the D.C Circuit issued a decision invalidating portions of the FCC’s 2015 TCPA Omnibus Declaratory Ruling and Order. Notably, the decision overturns as “arbitrary and capricious” the FCC’s definition of an automated telephone dialing system (“ATDS”) and the one-call safe harbor for calling a phone number that has been reassigned to a non-consenting person. The decision was not a complete victory for businesses as the D.C. Circuit sustained the FCC’s order on both consumers’ ability to revoke consent and the scope of the “time-sensitive healthcare call” exemption.
The FCC’s Definition of ATDS is Arbitrary and Capricious
In the 2015 Order, the FCC defined an ATDS as equipment that contained the potential “capacity” to dial random or sequential numbers, even if that capacity could be added only through specific modifications or software updates, so long as the modifications were not too theoretical or too attenuated. In crafting this definition, the FCC noted that smartphones could be included within the definition and only categorically ruled out a rotary-dial telephones.
In striking down the 2015 Order, the court made it clear that under the current definition of an ATDS, anyone with a smartphone, which the court estimates to be 80% of the population, is at risk of violating the TCPA because “all smartphones, under the Commission’s approach, meet the statutory definition of an autodialer.” Under the FCC’s interpretation, if a person sent a group text message to ten acquaintances without obtaining their express consent, he or she would be liable for ten distinct violations of the TCPA, with a minimum damage recovery of $5,000. In sum, the court held that “[i]t cannot be the case that every uninvited communication from a smartphone infringes federal law, and that nearly every American is a TCPA-violator-in-waiting, if not a violator-in-fact.” The D.C. Circuit held that, if the 2015 Ruling does not encompass smartphones, then the FCC failed to “articulate a comprehensible standard.”
In striking down the FCC’s sweeping definition of an ATDS, the court ordered the FCC going forward to take into account whether a system actually used autodialer functionality or whether it was merely possible to download software to convert a telephone into an ATDS. Additionally, the court held that the FCC must determine whether the definition of an ATDS requires that a system “must itself have the ability to generate random or sequential telephone numbers,” or whether it is “enough if the device can call from a database of telephone numbers generated elsewhere.” Finally, the court left open the issue of human intervention. Based on the decision, if the FCC departs from the statutory requirement of using a random or sequential number generator, it must also tackle the issue of human intervention.
In light of Chairman Ajit Pai’s expression of support for business-friendly reforms to the TCPA, it is likely that the D.C. Circuit’s ruling may result in real change in this area of the law.
The FCC’s One-Call Safe Harbor and Definition of “Called Party” are Arbitrary and Capricious
The court then turned its attention to the distinct challenges raised by the reassignment of cell phone numbers. Under the 2015 Order, a caller could place only a single call to a reassigned number before running afoul of the TCPA. Per the 2015 Order, a “called party” was the current subscriber, i.e. the consumer assigned the number and billed for the call.
The D.C. Circuit rejected both the one-call safe harbor for calling reassigned numbers and the definition of “called party.” The court held that issues related to calls or texts to reassigned numbers where the prior owners had provided consent to be contacted, present a looming challenge because “there is no dispute that millions of wireless numbers are reassigned each year.”
The court set aside the FCC’s post-reassignment interpretation on the ground that a one-call safe harbor is “arbitrary and capricious.” In reaching this result, the court focused on the FCC’s own determination that callers must be able to reasonably rely on the consent provided by former subscribers when calling or texting. Based on the record before it, the court held that it was not reasonable to hold that placing a single call to a reassigned number was likely to afford a caller reasonable notice that the number was one of the millions of numbers reassigned each year. By striking down the one-call safe harbor and the definition of “called party,” the court provided defendants with a potential defense to avoid liability for calling reassigned numbers if a defendant can establish that its reliance on the former subscriber’s consent was reasonable at the time it placed calls to the new subscriber.
Critically, in addition to striking down the one-call safe harbor, the court set aside the definition of “called party” as the “current subscriber” on the grounds that it would impose strict liability for calls to reassigned numbers. Thus, it appears that defendants may once again argue that “called party” means “intended recipient” when defending against TCPA claims based on calls or texts to reassigned numbers.
Consumers May Still Revoke Consent in Any “Reasonable” Manner
In upholding consumers’ right to revocation of consent, the court set limits. As an initial matter, a consumer may only revoke consent using “reasonable” means. The reasonableness of the revocation is governed by a totality-of-the-circumstances test. Thus, if a consumer uses creative revocation techniques or declines to follow reasonable revocation procedures set forth by the caller, the revocation may not be reasonable or permissible. Moreover, the D.C. Circuit emphasized that the FCC’s ruling “does not address revocation rules mutually adopted by contracting parties,” meaning that callers and consumers may contractually agree to revocation mechanisms.
TCPA Consent Standards for Healthcare Calls Upheld
The D.C. Circuit declined to expand the scope of calls placed to wireless numbers without express consent “for which there is exigency and that have healthcare treatment purposes.” Under the 2015 Order, calls placed to consumers for certain purposes, including, appointment reminders, pre-operative instructions and lab results do not require consent. In upholding the contours of the 2015 Order, the court declined to except “advertisements, solicitations and post-treatment financial communications” from the consent requirements. The court held that billing communications are not made for “emergency purposes.”
As of now, the state of the TCPA is in flux. Under Chairman Pai, we are cautiously optimistic that the new FCC regime will likely advance more business-friendly rules. We will continue to monitor changes to the law and provide timely updates.
On January 10, 2018, the U.S. District Court for the Eastern District of Virginia denied Plaintiff Tiffanie Branch’s renewed motion for class certification in Branch v. Government Employees Insurance Company, No. 3:16-cv-1010, 2018 WL 358504 (E.D. Va. Jan. 10, 2018). In particular, the Court found that the facts underlying her allegations were too individualized and specific to merit class certification. Because of this deficiency, Branch failed to meet, among other criteria, the predominance criterion required by Rule 23(b)(3) of the Federal Rules of Civil Procedure. This post examines the interaction between predominance and Article III standing.
In August 2016, Branch accepted a job offer with Defendant GEICO, contingent upon the results of a background check. The background report included a felony conviction that Branch had not disclosed on her application. GEICO preliminarily graded Branch’s report as “Fail” because of the conviction and then contacted Branch by phone. During the call, Branch explained that the conviction was a misdemeanor, not a felony. While Branch averred that GEICO had rescinded the job offer over the phone, GEICO maintained that it had advised her that she would receive a pre-adverse action letter with a copy of the background check and a summary of her rights, including instructions on how to dispute the background report. GEICO sent Branch the letter the next day, and later sent an adverse action letter, indicating that GEICO would not hire her.
On December 30, 2016, Branch filed a putative class action, alleging that GEICO’s hiring process violated section 1681(b)(3)(A) of the Fair Credit Reporting Act (“FCRA”). That section mandates that, prior to taking an adverse action upon a consumer report for employment purposes (such as a background check), the prospective employer must provide a copy of the consumer report and a disclosure of consumer rights. Branch alleged that GEICO’s act of grading applicants “Fail” was an final decision rather than a preliminary one and that thus the adverse action occurred before GEICO provided any notice to the applicant. Branch sought to certify a class of similarly situated individuals who sought employment from GEICO and had their background reports graded “Fail” before GEICO sent the individuals a copy of their reports and a summary of their rights.
In response, GEICO argued that its grading process was not final. GEICO defended that its policy and practice was to grade a background report, provide the applicant a pre-adverse action notice and an opportunity to dispute the report if it was graded “Fail,” and then take final action only after the cure period had expired. GEICO noted that about 25% of applicants graded “Fail” had their grades changed after disputing their background reports. GEICO argued that Branch could not show that common issues would predominate at trial because her claim turned on her individualized allegation that GEICO rescinded her job offer over the phone.
Class Certification: Predominance and Article III Standing
In addition to Rule 23(a)’s requirements for class certification—numerosity, commonality, typicality, and adequacy of representation—a class must also fit within one of the prescribed conditions of Rule 23(b). EQT Prod. Co. v. Adair, 764 F.3d 347, 357 (4th Cir. 2014). In this instance, Branch argued that her proposed class satisfied Rule 23(b)(3) because “questions of law or fact common to class members predominate over any questions affecting only individual members . . . .” Fed. R. Civ. P. 23(b)(3) (emphasis added).
The Court held that this argument failed in part because of Article III, which necessitated that Branch define her class in a way so that each member had standing. At a minimum, each member must have suffered an injury in fact to satisfy Article III standing. Lujan v. Defs. of Wildlife, 504 U.S. 555, 560 (1992). The court reasoned that, as defined, the class left open the “possibility that some class members did not suffer injuries.” The court noted that it was not the designation of the “Fail” grade on an employment application in response to a criminal background check that created the adverse action in violation of FCRA. Rather, it was only if GEICO diverted from its hiring policy by immediately rescinding a job offer upon the “Fail” designation without a meaningful period to dispute the designation. In other words, the court explained, what purportedly happened to Branch did not necessarily happen to the absent class members. Consequently, the court held that this particularized inquiry “cause[d] individual injury issues to predominate,” sinking Branch’s attempt to certify her defined class.
Implications for Businesses
Businesses facing class action lawsuits should consider all options for defeating class certification. Although the United States Supreme Court has not yet decided whether each putative class member must have standing for a class to be certified, the courts of appeals and the district courts are giving greater scrutiny to this issue. Businesses should investigate claims early to see if there are differences between the named plaintiff and the individuals he or she seeks to represent. Even minor differences, if relevant, can defeat certification.
Since its enactment a decade ago, the Illinois Biometric Information Privacy Act (BIPA) has seen a recent spike in attention from employees and consumers alike. This is due, in large part, to the technological advancements that businesses use to service consumers and keep track of employee time.
What Is The BIPA?
Intending to protect consumers, Illinois was the first state to enact a statute to regulate use of biometric information. The BIPA regulates the collection, use, safeguarding, handling, storage, retention, and destruction of biometric identifiers and information. The statute defines biometric identifiers to include a retina or iris scan, fingerprint, or scan of hand or face geometry. Furthermore, the statute defines biometric information as any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual. Any person aggrieved by a violation of the act may sue to recover actual or statutory damages or other appropriate relief. A prevailing party may also recover attorneys’ fees and costs.
Since September of 2017, there have been more than thirty-five class action BIPA lawsuits with no particular industry being targeted. More commonly sued industries include healthcare facilities, manufacturing and hospitality.
The drastic increase in litigation is largely contributable to employers’ attempt to prevent “buddy punching,” a term that references situations where employees punch in for a co-worker where biometric data is not required to clock in or out. For example, in Howe v. Speedway LLC, the class alleges that defendants violated the BIPA by implementing a finger-operated clock system without informing employees about the company’s policy of use, storage and ultimate destruction of the fingerprint data. Businesses engaging in technological innovation have also come under attack from consumers. In Morris v. Wow Bao LLC, the class alleges that Wow Bao unlawfully used customers’ facial biometrics to verify purchases at self-order kiosks.
In Rivera v. Google Inc.,the District Court for the Northern District of Illinois explained that a “biometric identifier” is a “set of biometric measurements” while “biometric information” is the “conversion of those measurements into a different, useable form.” The court reasoned that “[t]he affirmative definition of “biometric information” does important work for the Privacy Act; without it, private entities could evade (or at least arguably could evade) the Act’s restrictions by converting a person’s biometric identifier into some other piece of information, like mathematical representation or, even simpler, a unique number assigned to a person’s biometric identifier.” Thus, a company could be liable for the storage of biometric information, in any form, including an unreadable algorithm.
More recently, in Rosenbach v. Six Flags, the Illinois Appellate Court, Second District, confirmed that the BIPA is not a strict liability statute that permits recovery for mere violation. Instead, consumers must prove actual harm to sue for a BIPA violation. The court reasoned that the BIPA provides a right of action to persons “aggrieved” by a statutory violation, and an aggrieved person is one who has suffered an actual injury, adverse action, or harm. Vague allegations of harm to privacy are insufficient. The court opined that, if the Illinois legislature intended to allow for a private cause of action for every technical violation of the BIPA, the legislature could have omitted the word “aggrieved” and stated that every violation was actionable. The court’s holding that actual harm is required is consistent with the holdings of federal district courts on this issue.
Damages and Uncertainty
Plaintiffs and their counsel are attracted to the BIPA because it provides for significant statutory damages as well as attorneys’ fees and costs. The BIPA allows plaintiffs to seek $1,000 for each negligent violation, and $5,000 for each intentional or reckless violation, plus attorneys’ fees and costs.
To date, all claims have been filed as negligence claims, and, thus, it is unclear what a plaintiff must show to establish an intentional violation. Similarly, the law is unsettled on whether the statutory damages are awarded per claim or per violation. A per violation rule would exponentially increase a defendant’s potential liability. For example, some plaintiffs are currently seeking $1,000 or $5,000 for each swipe of a fingerprint to clock in or out.
How To Protect Your Business
To avoid a costly mistake when retaining biometric data, businesses should:
- provide employees or consumers with a detailed written policy that includes why and how the data will be collected, stored, retained, used, and destroyed;
- require a signed consent before collecting the data;
- implement a security protocol to protect the data; and
- place an appropriate provision in vendor contracts (e.g., for data storage) to require vendors to adhere to the law and report any data breaches.
Consent can be obtained in different ways. For example, employers may condition employment upon an individual’s consent to a data retention policy, and companies can require consumers to accept a click-through consent before accessing a company’s website or application.
Seyfarth Synopsis: One court upholds protection of Dodd-Frank limiting the President’s removal authority, while another court stifles a challenge against Mulvaney serving as acting Director of CFPB.
Last week, the Trump Administration experienced mixed results in the ongoing litigation over the Consumer Financial Protection Bureau (“CFPB”). As we’ve mentioned in our prior publications, there are several actions pending that involve the President’s authority to control the CFPB. The first action discussed below, which had been languishing in the court for some time, raised the issue of whether the CFPB’s structure as an independent agency is constitutional. The Trump Administration lost on this issue for the moment. In the second action, the Trump Administration dodged, at least temporarily, a challenge to President Trump’s appointment of current CFPB Director Mick Mulvaney because the court determined that the plaintiff, a non-profit credit union, had no standing to bring its case. Continue Reading Win Some, Lose Some: Trump Gets a Loss and a Win in the Fight to Control the CFPB
On January 23, 2018, the Consumer Financial Protection Bureau’s (“CFPB”) Acting Director, Mick Mulvaney, issued a mission statement to the CFPB redirecting the agency’s mission and focus. Mulvaney emphasized that the law mandates the enforcement of consumer protection laws and that, although things would be different under new leadership, the CFPB will continue to fulfill its mandate.
Mulvaney made clear that he did not see the CFPB as the “good guys” out to fight the “bad guys,” but instead he noted that the agency would treat both consumers and financial services companies fairly and equally. To that end, the CFPB will focus its enforcement efforts on quantifiable and unavoidable harm to the consumer. Where no such harm exists, the agency will not go looking for excuses to bring lawsuits. Continue Reading Under New Leadership, CFPB No Longer Interested in Pushing the Envelope on Consumer Protection Laws