In the wake of the D.C. Circuit’s opinion vacating the Federal Communications Commission’s order interpreting the Telephone Consumer Protection Act (TCPA), federal courts have disagreed on how to define an “automated telephone dialing system” (“autodialer”) under the statute. Judge Edmond E. Chang of the U.S. District Court for the Northern District of Illinois recently stepped into the fray, holding in Gadelhak v. AT&T Service, Inc., that equipment qualifies as an autodialer only if it has the (present) capacity to generate numbers randomly or sequentially. Continue Reading New TCPA Ruling Holds an Autodialer Must Have the Capacity to Generate Numbers Randomly or Sequentially
As of January 1, 2019, video game developers and publishers are now subject to certain accessibility requirements under the Twenty-First Century Communications and Video Accessibility Act (CVAA) that apply to manufacturers and providers of advanced communications services (ACS). Games made available to the public prior to December 31, 2018 are not subject to the new requirements, even if they continue to be sold to the public after January 1, 2019. However, all games released on or after January 1, 2019, and all games released prior to that date that undergo future “substantial upgrades,” must comply with the ACS accessibility requirements. Continue Reading New Accessibility Requirements in Effect for Video Game Software
The U.S. Supreme Court denied a petition for writ of certiorari filed by Spirit Airlines Inc. in Spirit Airlines Inc. v. Steven Maizes et al., which sought review of the Eleventh Circuit’s decision that when an arbitration agreement cites the American Arbitration Association (“AAA”) rules but is otherwise silent on the issue of who determines class arbitrability, the arbitrator, not the court, should determine whether the arbitration clause allows for class proceedings. Continue Reading Supreme Court’s Denial of Spirit Airline’s Petition for Review Leaves Uncertainty about Whether Court or Arbitrator Determines Whether Class Arbitration Is Available
Last month, the Direct Selling Association (DSA) launched the Direct Selling Self-Regulatory Council (DS-SRC), a new enforcement agency charged with policing the direct selling industry. The DS-SRC will be administered by the Advertising Self-Regulatory Council, which operates under the Council of Better Business Bureaus.
Direct selling companies use independent sellers to market and sell products and services, typically outside of a fixed retail establishment. One form of direct selling that has received significant scrutiny from the Federal Trade Commission (FTC) is multilevel marketing (MLM), which distributes products or services through a network of independent salespeople who earn income from their own retail sales and from retail sales made by their direct and indirect recruits. Continue Reading Proactive Self-Regulatory Council for the Direct Selling Industry Launches in January
The U.S. Court of Appeals for the Ninth Circuit issued a decision on January 15, 2019 in a closely followed web accessibility case, Robles v. Domino’s Pizza, LLC, reaffirming Ninth Circuit precedent holding that companies whose online activities share a nexus with physical places of public accommodation may be held liable under the Americans with Disabilities Act for failing to make their websites and apps accessible to persons with disabilities. Most notably, however, the decision expressly rejected the argument that the lack of regulatory clarity on the ADA’s application to web content violates due process rights. Continue Reading Ninth Circuit Rules That Lack of Web Accessibility Regulations Does Not Bar ADA Suits
New changes to the Massachusetts data breach notification statute emphasize timely and public disclosure of data security incidents, including requiring companies to disclose compliance with Massachusetts’ data security law. Among other more technical changes, H. 4806, effective April 11, increases the information that breached companies must provide to Massachusetts state agencies and provides for ways that information will be made public. Under the changes, when a breach is reported to the attorney general and the director of the Office of Consumer Affairs and Business Regulation (OCABR):
- Companies are required to disclose whether or not they have the written information security plan required by MA law;
- The OCABR is required to make consumer notices provided to it public within one day, and update the breach notification report on its website within 10 days; and
- The OCABR is required to inform consumers of their ability to file a public records request to obtain a copy of the notice provided to the AG and OCABR.
On December 29, 2018, Google won summary judgment in Rivera v. Google, a privacy class action alleging violations of the Illinois Biometric Information Privacy Act (BIPA). The case involved “face grouping,” a feature that enables Google Photos to automatically sort and group the photographs in a user’s private account based on visual similarities between the images of faces in the photos. The court held that any alleged collection of “biometric information” or “biometric identifiers” stemming from this feature did not cause an injury-in-fact sufficient to confer Article III standing. The Rivera v. Google decision demonstrates that, even in the context of claims arising out of privacy statutes, like Illinois’ BIPA, a defendant can prevail on a challenge to subject matter jurisdiction if it can demonstrate that the alleged violation did not result in any concrete injury to the plaintiffs. Some states impose similar requirements to bringing suit in state court. As states continue to enact privacy legislation, corporations that collect private information can mitigate risk by considering and enhancing their available Article III defenses, including by documenting how they protect potential plaintiffs’ information from disclosure.
The Ninth Circuit recently denied a motion for rehearing en banc in Marks v. Crunch, leaving in place a Ninth Circuit decision that broadly defines “automated telephone dialing system” (“autodialer”) under the Telephone Consumer Protection Act (“TCPA”). The decision conflicts with decisions from other circuits. And in the New Year, the FCC is expected to issue its own new interpretation of the term “autodialer” under the TCPA. Amidst this uncertainty, companies should proceed cautiously when reaching consumers by phone or text, and should consider how to minimize risk with respect to the TCPA’s autodialer provisions. Continue Reading Ninth Circuit Interprets Automatic Telephone Dialing System under TCPA, Leaving Circuit Split
It’s been a busy year in consumer protection law and during this holiday season, we’re taking stock of the past year and looking ahead to what’s next. In 2018, we saw many class actions related to pricing practices, scrutiny of Made in USA claims, continued growth in popularity and the evolution of influencers (CGI influencers!), changes to automatic renewal laws, and a new slate of FTC Commissioners.
In 2019, we expect significant activity in these areas, plus more activity related to consumer reviews and the Consumer Review Fairness Act. Further, representatives from the FTC are signaling that the FTC may start seeking more monetary remedies for consumer protection violations moving forward (versus only injunctive relief and ongoing monitoring). Finally, the growth of the blockchain and digital currencies has raised a number of complex legal issues that companies using the blockchain must navigate, and 2019 will likely bring additional guidance (and challenges) in this area.
For more thoughts on what comes next, see our Hot Ad Law Topics for the New Year.
In July, the California legislature approved a new consumer privacy law that represents one of the most significant pieces of privacy legislation ever passed in the United States. The California Consumer Privacy Act of 2018 (CCPA), set to take effect in 2020, creates a host of obligations for businesses that collect personal information about consumers, households, or devices in California and meet certain threshold criteria. The CCPA imposes transparency obligations and requires businesses to provide disclosures about their information practices both before collecting personal information and in response to consumer requests. In addition, companies that “sell” personal information, a concept defined broadly under the law, must provide additional choices and disclosures to consumers, including the ability to stop the sale of their personal information. Continue Reading Understanding California’s New Consumer Privacy Law