In This Issue:

• Cosmetic Company Attacks Foundation of Resell Claim
• Jenny Craig Sheds $3 Million in TCPA Class Action Settlement
• Company Settles TCPA Suit, Sues Insurers for Not Covering Cost
• Teen Hangout Site Shuttered for COPPA Violations
• Brooklyn Woman Puts the Squeeze on Florida Natural OJ Producers
• Not Too Early to Start to Prepare for New California Privacy Law

Cosmetic Company Attacks Foundation of Resell Claim

Plaintiffs are too scattered and purchased too many products to state a claim, says Ulta Beauty

Retouchable

Back in March, we reported on a class action against Ulta Beauty and wondered aloud how the company would respond to the (rather serious) claims. Well, we’ve got an update – but let’s go over the original accusations first.

Paula Ogurkiewicz, by her own account an avid purchaser of Ulta Beauty products, brought claims against the company in a class action filed in Cook County, Illinois Circuit Court in March. She alleged that Ulta’s management pursued a businesswide policy whereby personnel in individual stores kept returned or damaged products beneath certain quotas by reselling the damaged or returned items as new products in order to save money.

Eye (Coli) Liner

To meet the quotas, employees were allegedly encouraged to touch up the used products so that they appeared new – and then repackage the used products and put them on the shelf for sale. And here’s where her allegations took a turn toward stomach-churning: Her action cited a report that claimed “refurbished” makeup sold by Ulta and other companies was contaminated by various nastiness, including E. coli.

Ogurkiewicz’s action and similar suits were further fueled by a social media meltdown in early 2018, when a former employee claimed that Ulta had been repackaging used products for years.

Ogurkiewicz’s case was consolidated with several other actions in June; then in August, we got our update on the combined class action (now swollen with more than 20 plaintiffs).

Ulta moved to dismiss early that month, taking aim at the social media roots of the action. The company argued that the plaintiffs’ “broad claim of a nationwide ‘fraud’ and ‘deceit’ – based on anonymous social media allegations and a handful of declarations” could not survive dismissal.

But Ulta got granular in another argument: “Plaintiffs are residents of specific states who purchased specific products,” the motion reads. “Defendants carry tens of thousands of different products in over 1,000 retail locations in 48 states.” Because they sought damages and injunctive relief in nationwide claims, “plaintiffs improperly assert claims based on products they did not purchase that arise under the laws of states in which they do not live.”

The Takeaway

It will be interesting to see how the court rules on Ulta’s motion. The decision will be illuminating in terms of whether plaintiffs alleged an injury-in-fact. As Ulta noted in the decision, plaintiffs are seeking to recover for all purchases of Ulta products, even those that may not have been repackaged as new. Of course, counsel for the plaintiffs noted in response to that argument, “It’s like Russian roulette,” he said. “You have a chance of picking a product that was used and you don’t know, which goes into the theory of damages.” Stay tuned!

Jenny Craig Sheds $3 Million in TCPA Class Action Settlement

An enormous class of 600,000-plus might have been a deciding factor

Unsolicited

In May, Miami-Dade County resident Zoey Bloom filed an ambitious class action complaint against weight-loss giant Jenny Craig in the Southern District of Florida. The suit alleged that the diet company texted Bloom with special offers to join its program, even though Bloom never provided consent for the contact.

The suit, relying on earlier decisions, also maintained that the message itself – its length and use of a short code – inferred that the contacts were made by an autodialing system. Specifically, the system was alleged to be a “combination of hardware and software systems” that have the “current capacity or present ability to generate or store random or sequential numbers or to dial sequentially or randomly …”

Bases Covered

“Current capacity or present ability:" It’s an interesting choice of words, given the recent back-and-forth about what constitutes an autodialer system in the first place (see our previous report on a case caught up in that controversy here). Bloom certainly seemed to be placing one foot on either side of the debate about whether capacity or ability defines what an autodialer is. Bloom sued Jenny Craig on behalf of a nationwide class for knowing and willful violations of the Telephone Consumer Protection Act; all told, she estimated that the $1,500 per-call penalty multiplied by the class size would exceed $5 million.

The Takeaway

A settlement was reached in short order, with an agreement reached in July and a final motion made in early August.

The total cash payment from the company amounted to $3 million, $250,000 of which will be used for costs and fees. Jenny Craig denied the allegations in the original complaint as well as any liability.

If $3 million seems like a lot, consider the size of the class as defined by the settlement – 628,610 members. At $1,500 a pop, that’s quite a bit of money.

The savings might have been too hard to resist for Jenny Craig.

Company Settles TCPA Suit, Sues Insurers for Not Covering Cost

Insurance companies refuse to pay for “knowing violations”

Change of Pace

Normally, we’d be writing about In Re Monitronics International, Inc., a multidistrict Telephone Consumer Protection Act (TCPA) litigation in the Northern District of West Virginia. In that case,the company was sued for vicarious liability under the TCPA for failing to stop dealers from placing autodialed calls with prerecorded messages to Do Not Call registry-listed numbers on its behalf. The parties reached a settlement in June 2017, with the company agreeing to pay $28 million to the plaintiffs, and the court entered its final approval order and judgment in June.

But that’s not the interesting part.

The Twist

The novel aspect of this lawsuit (for the purposes of this column, at least), is the follow-on suit that was launched by Monitronics against its insurers in the Northern District of Texas in early August.

Monitronics claims that its insurers – named defendants Everest Indemnity Insurance, Navigators Specialty Insurance and Axis Surplus Insurance – were required by their policies to indemnify the company but never paid up.

Monitronics is appealing the June 2018 final approval order. While it deposited $5 million into the settlement fund’s account as required by the agreement, the remainder of the $28 million will be due within 10 business days after the appeal is dismissed or the judgment is affirmed, and the time for review of that order has run. It’s that payment that Monitronics wants its insurers to make.

The Takeaway

The suit alleges that the three insurance companies wrongfully cite several policy exclusions in an attempt to wiggle free of the obligations. Some have to do with quotidian matters, like whether the loss fell within the coverage period of the policy.

But Everest Indemnity claims that it is exempted from covering the fee because it is not obligated to pay if the underlying injury was a “knowing violation of the rights of another.” Axis claimed that it did not have to pay because it was exempted from covering damages arising from “false, misleading, deceptive, fraudulent or misrepresenting statements in Advertising.”

While the suit doesn’t openly assert it, a key line of dispute will likely be that the insurers should pay under the policy because Monitronics did not knowingly violate the TCPA or any other law when the autodialers made the calls. As TCPA class actions continue to be filed, it will be interesting to see how this coverage dispute plays out.

Teen Hangout Site Shuttered for COPPA Violations

Two years after massive data breach, NJ AG weighs in

Lipstick Traces

We’d like to give you some background on i-Dressup.com, but the site no longer exists.

The Facebook page for i-Dressup (“Dress up games for people who love fashion”) features countless images, generally cartoons of young women and their outfits labeled by category (“little orange dresses,” “Summer BBQ Party Outfits,” “Girl Equestrian”). Perhaps i-Dressup.com featured an online version of old-school paper dolls; perhaps the games were more complex.

What we can be sure about are the players who were left behind when the site went down. They had some strong feelings about the disappearance of their former hangout:

I-dressup is gone.I still can't believe it. I lost all my friends forever! :(

I miss I dress up sooooo much. I miss my virtual room,clothes,fashion avenue and especially contests.������������contests were the best part of I dressup. I will miss buying rare stuff too .I had six bunny dolls, they were so cute��������

will we be able to play ever again?? ive been on this game since i was 9 ;_;

Typographical errors and emojis appear in the original, we swear.

Breaches

What happened to i-Dressup? According to technology news site Ars Technica, the site suffered a major data breach in September 2016. A person claiming to be the hacker told the publication that the site had taken about three weeks to breach but had yielded 2.2 million account credentials with the potential to leak even more. Ars Technica verified that the user IDs, which had been uploaded to the web, were real.

It’s unclear when, exactly, the site shut down. But one saddened former community member posted a missive on the i-Dressup Facebook page that indicated the site had been shuttered since October 2016.

The latest chapter in this dramatic, impeccably decked-out saga closed in early August 2018, with a consent order issued by New Jersey Attorney General Gurbir S. Grewal.

According to the order, i-Dressup was owned and operated by Unixiz Inc., a California-based company. In the wake of the breach, the Garden State launched an investigation into Unixiz and claims to have discovered violations of the Children’s Online Privacy Protection Act (COPPA) and the New Jersey Consumer Fraud Act.

The violations related to a lack of safeguards for the stolen user information, but also for the improper collection of children’s personal information and failure to obtain parental consent. The investigators claimed that Unixiz had actual knowledge that many of its users were under 13 years old.

The Takeaway

In the consent order, Unixiz promised to shut down the (already-closed) i-Dressup site and reform its data collection and storage policies to bring them in line “with all laws protecting the privacy of children and others online.” It was also hit with more than $98,000 in fines.

It’s not clear if Unixiz is running any additional children’s sites where these changes will make a difference; but if they do launch new services in the future, a quick glance at their own Facebook page might clue them in to the age of their users:

I want i-dressup back. I've been on this game since
I was 8..aww.

Brooklyn Woman Puts the Squeeze on Florida Natural OJ Producers

Plaintiff claims company’s juice contains synthetic weed killer

The Juice Is Loose

Brooklyn, New York resident Alexandra Axon made a bold attack against companies from her home state’s distant cousin, Florida, in the Eastern District of New York.

Axon alleges that Citrus World Inc. and Florida’s Natural Growers Inc., producers of Florida Natural orange juice, are falsely labeling and advertising their juice as a natural product, even though it allegedly contains glyphosate.

If you’re a hardcore reader of AD-ttorneys@law, you’ve seen glyphosate pop up in past stories. It’s a herbicide used around the world, commonly known as “Roundup,” and sold by Monsanto since the 1970s. It’s … uh … cropped up (sorry, couldn’t resist) in lawsuits we’ve covered involving Quaker Oats and Bigelow Tea. A recent high-profile trial against Monsanto’s parent company found that Roundup caused terminal cancer in the plaintiff. He was awarded $289 million in damages.

Axon takes exception to the extensive use of “natural” in the advertising for Florida Natural orange juice (although she spills little ink on the product’s name). The suit mentions the use of phrases and terms such as:

• “We just squeeze, flash-pasteurize and pour into freshness-saving cartons”
• “100% pure”
• “straight-from-grove taste”

But these claims are all undercut by the alleged presence of glyphosate and its byproducts in the juice. Axon brings charges against the companies including false and misleading marketing, breach of express warranty, and unjust enrichment.

The Takeaway

Should it continue, a central aspect of this case will involve whether traces of herbicide render “natural” advertising false or misleading – and if so, what specific levels of herbicide make a lawsuit viable.

Not Too Early to Start to Prepare for New California Privacy Law

In late June, the California legislature signed into law Assembly Bill 375 (AB 375) as the California Consumer Privacy Act of 2018 (CCPA), a privacy law, unprecedented in the U.S., that grants California residents a broad range of European-like rights when it comes to their personal information (PI), effective Jan. 1, 2020. Regardless of the likelihood of forthcoming modifications to the CCPA, businesses should assume that the finalized law will substantially increase the required level of privacy transparency and choice for consumers, and result in the need to implement data management systems and practices that will enable compliance. We explore the subject in detail here.