In This Issue:
A Friendly Reminder from the FTC: You May Be in Trouble
Continuing the countdown to the effective date of the amended Children’s Online Privacy Protection Act Rule, the Federal Trade Commission sent “educational letters” to more than 90 businesses that may be impacted by the coming changes.
The agency said that the letters do not reflect “an official evaluation” of the companies’ practices, but were instead intended to help recipients achieve compliance with the forthcoming Rule changes by the July 1 deadline. The FTC released the final amended version of the COPPA Rule in December 2012.
Letters were sent to domestic and foreign companies that appeared to collect personal information from children under age 13, such as images or sounds of children and their persistent identifiers.
The identity of the recipients was not revealed by the FTC.
The letters highlighted several Rule changes, including the requirement to post accurate privacy policies and to provide notice and obtain verifiable parental consent before collecting, using, or disclosing any “personal information” from children. The agency also emphasized the broadened definition of “personal information,” which now includes photographs or videos with a child’s image, audio files that contain a child’s voice, and persistent identifiers, such as a mobile device identifier or IP address.
“Please take the time to review the upcoming changes to COPPA,” wrote Maneesha Mithal, Associate Director of the agency’s Division of Privacy and Identity Protection. “We also strongly encourage you to review your apps, your policies, and your procedures for compliance.”
Mithal noted that the agency can seek injunctive relief or penalties of up to $16,000 per violation of the COPPA Rule. But she added that the FTC will “exercise its prosecutorial discretion” when enforcing the changes for companies – particularly small businesses – that make a “good faith” effort to comply with the Rule in the early months after it becomes effective.
To read the agency’s letters, click here.
Why it matters: Despite requests to push back the effective date, the FTC is moving ahead at full steam to implement the new COPPA Rule. In late April the agency released an FAQ guide for the forthcoming changes, and the letters provide yet another reminder to businesses to be ready for the July 1 deadline.
The suit against Delta was the first filed by the AG’s office as part of its enforcement efforts, which began last year when Harris reached an agreement with the six largest online app providers – Amazon, Apple, Google, Hewlett-Packard, Microsoft, and Research in Motion. The companies agreed that the Act applies to mobile apps. Facebook signed onto the agreement later in the year.
Harris wasted no time in taking action pursuant to the Act by sending approximately 100 warning letters last October. Recipients – including Delta – were cautioned that they could be sued if they did not bring their apps into compliance within 30 days. Delta failed to do so and was the target of the AG’s first lawsuit.
The complaint alleged that Delta Air Lines’ “Fly Delta” app collects information like a user’s name, phone number, gender, geolocation, passport number, debit or credit information, and e-mail address when a customer uses the app to check in and make flight reservations.
But Delta told the court that the federal Airline Deregulation Act, which preempts California’s Privacy Act, prohibits the states from regulating “critical business operations” of airlines, including the ability to collect and handle customer information.
The federal statute, 49 U.S.C. § 41713, provides that a state “may not enact or enforce a law, regulation, or other provision having the force and effect of law related to a price, route, or service of an air carrier that may provide air transportation under this subpart.” Only the Department of Transportation can regulate airline privacy policies and Web sites, Delta argued.
San Francisco Superior Court Judge Marla J. Miller agreed.
At a hearing, Judge Miller said the app fell under the category of Delta’s “services,” according to a report from Bloomberg. “I think that this case is, in effect, an attempt to apply a state law designed to prevent unfair competition, which regulates an airline’s communication with consumers, and I think it’s preempted,” she said at the hearing.
In a subsequent one-paragraph order, Judge Miller dismissed the suit with prejudice.
To read the court’s order in People v. Delta, click here.
Why it matters: The dismissal – with prejudice – may slow the momentum of the AG’s push for privacy policies. An appeal is possible, although a spokesperson for Harris said the office is “reviewing the judge’s ruling” and declined to make any additional comments. The decision itself, however, will be unlikely to impact future suits, as the basis for the ruling – federal law governing airlines – will be irrelevant unless Harris decides to sue another airline.
ZIPping Into Court and Into a Settlement Deal
Consumer class actions challenging the collection of ZIP codes continue to pose threats to companies.
The wave of litigation began in 2009 when the California Supreme Court decided Pineda v. Williams-Sonoma. In that case the court determined that the state’s Song-Beverly Credit Card Act (“Song-Beverly Act”) prohibits the collection of ZIP codes, which fall under the definition of “personal information” protected by the statute.
Dozens of consumer class actions were filed in the wake of the decision and other states with similar consumer protection laws faced comparable suits, including Massachusetts.
ZIP code litigation continues to work its way through the court system. Nike recently lost a motion for summary judgment in a trio of Song-Beverly consolidated class actions filed in California federal court. In seeking summary judgment, Nike relied on its extensive employee training and point-of-sale software. It argued that the Song-Beverly Act is not violated if a customer provides a ZIP code voluntarily for a purpose unrelated to processing the credit card transaction, and it presented “irrefutable evidence” of its policies and procedures such that customers could not have reasonably perceived the request for a ZIP code as a condition to completing a credit card transaction.
For example, signs were posted in Nike stores that read, “Nike will ask for your ZIP code during all purchases and returns. This information is used for marketing and consumer research only. Providing your ZIP code is voluntary and not required to complete your transaction. Under the specific terms for our posted return policy, additional information will be required when processing a return.”
Nike provided declarations of eight sales managers and store employees attesting that they were trained not to request a ZIP code until a credit card transaction is complete and proffered evidence that a transaction had to be complete before the point-of-sale software requested a ZIP code.
Despite the evidence, U.S. District Court Judge Susan Illston denied the motion and said disputes of material fact remained in the suit. She noted that the software system would prompt a cashier to request a ZIP code after the customer’s receipt had started to print, making it possible for a cashier to request a ZIP code prior to handing the receipt and merchandise to the customer, which could confuse some consumers.
In a second suit, OfficeMax reached a preliminary settlement agreement in a pair of consolidated class actions alleging that the retailer illegally requested and recorded ZIP codes during credit card transactions.
Although the company admitted no wrongdoing and asserted multiple defenses – including evidence that the same day Pineda was handed down, it immediately informed all California stores to stop requesting ZIP codes at the point of sale – OfficeMax agreed to a $600,000 settlement fund for the class.
Class members can receive up to $15 in merchandise vouchers. A $10 voucher is available to those who submit a claim notice. Without having to go through the claims process, 120,000 customers who make purchases at an OfficeMax store during a set time period will also receive a $5 voucher.
The $600,000 fund does not include a limit on claims for the $10 vouchers nor does it cover attorneys’ fees for the class. Pursuant to the deal, class counsel will petition the court for a fee ranging between $200,000 and $500,000.
To read the court’s order in Gormley v. Nike, click here.
To read the preliminary settlement motion in Dardarian v. OfficeMax, click here.
Why it matters: The cases demonstrate that companies must exercise caution when collecting ZIP codes from consumers who use their credit cards during a transaction and should consider if the intended purpose is worth the risk of litigation. Although Nike and OfficeMax both took immediate action following the Pineda decision – a company’s ZIP code collection practices could still be challenged.
Vermont Amends Law, Allows Skill Contests
Vermont has amended its state law to allow sponsors to charge an entry fee or require a purchase to enter a contest.
The changes to the state’s consumer protection law took effect on April 26 when Governor Peter Shumlin signed Senate Bill 3. The legislation added a new section, 9 V.S.A. § 2481x, which provides that:
“Nothing in this chapter shall be construed to prohibit a person from requiring or paying any kind of entry fee, service charge, purchase, or similar consideration in order to enter, or continue to remain eligible for, a game of skill or other promotion that is not based on chance.”
The legislation also amended 13 V.S.A. § 2143b, Vermont’s statute on contests and sweepstakes, which now reads:
“Notwithstanding the provisions of this chapter, a person may organize, execute, or participate in a contest or game of chance, including a sweepstakes, provided that persons who enter the contest or game of chance are not required to venture money or other valuable things. The cost of mailing an entry shall not be considered a venture of money or other valuable things. This section shall not be construed to prohibit a person from organizing, executing, or participating in a contest that is not a contest of chance.”
To read Vermont’s updated law, click here.
Why it matters: Vermont’s new law brings the state in line with the majority of other jurisdictions, which allow consideration to enter contests or other games of skill. Only a handful of states still place restrictions upon consideration or payment to enter a contest. Sponsors of a contest should carefully review their rules to ensure compliance in all participating states.
CFPB Weighs In on Maine, Tennessee Gift Card Laws
In the first use of its authority to issue preemption determinations, the Bureau of Consumer Financial Protection reached two different results while determining whether federal law preempted unclaimed property laws relating to gift cards in Maine and Tennessee.
The federal Credit Card Accountability and Responsibility and Disclosure Act of 2009 prohibits the expiration of gift card funds within five years of issuance, among other requirements. But state laws in Maine and Tennessee allow for unused balances to revert to the state after two years.
Solicitation for public comment about the issue generated 20 comments, two from consumer advocacy groups and 18 from gift card issuers and trade associations – all of which agreed that the Bureau should determine whether both state laws were preempted. Industry groups noted the burdens of complying with both state and federal laws, as well as the potential for constitutional due process concerns when issuers must honor cards held by consumers and then seek reimbursements from the state pursuant to state escheat laws. The consumer groups expressed concern that consumers would not often succeed – or would not even try – to reclaim their property if required to retrieve unused value from the state rather than the issuers.
Emphasizing that it was relying upon the interpretation provided by Maine’s state treasurer that the law requires a holder must honor a gift card that has been presumed abandoned pursuant to the Act, the Bureau said the law should not be preempted. “Under the Maine Act, as explained by the State’s Treasurer, an issuer that has transferred the unused value on an abandoned gift card to the state must honor the gift card on presentation indefinitely, and may then request reimbursement from the state,” Director Richard Cordray wrote. “Because the Maine Act does not interfere with consumers’ ability to use their gift cards at the point-of-sale for at least as long as they are guaranteed that right by [federal law], the Bureau has determined that there is no basis for concluding that the provisions in Maine’s unclaimed property law relating to gift cards are inconsistent with, or therefore preempted by, federal law.”
The agency reached a different conclusion with regard to the Tennessee law, however, which does not require issuers to honor cards after funds have been transferred to the state. Consumers would be forced to submit an unclaimed property claim with the state to recover their funds and would likely have to wait at least several weeks to receive their property, the CFPB said. Therefore, Tennessee’s statute “is inconsistent with federal law because, by permitting issuers to decline to honor gift cards as soon as two years after issuance and relieving them of liability to consumers for the property, the effect of this provision is to permit cards and their underlying funds to expire sooner than is permitted” under federal law.
To read the CFPB’s determinations, click here.
Why it matters: In the discussion of both laws, the Bureau noted that its determination reflected communications with the state authorities and could change if the interpretation of the statutes changes. “If legislative, judicial, or other official action effected a relevant change” in how the states applied their gift card laws, “the Bureau could revisit its determination.” Now that the determinations provide clarity about how to handle gift cards in Maine, issuers in the state will now face administrative difficulties when they must honor gift cards presented at the point-of-sale and then seek reimbursement from the state.
Skyy’s Not the Limit for FTC Robocall Action
California-based Skyy Consulting violated the Telemarketing Sales Rule by providing voice-over-Internet services that allowed clients to place illegal outbound prerecorded telemarketing calls, the Federal Trade Commission alleged in a recent complaint.
Doing business as CallFire, the defendant has the ability to make thousands of telephone calls with prerecorded messages simultaneously as well as the ability to control the name and number displayed on a recipient’s caller ID. According to the complaint, the company knew – or consciously avoided knowing – that its clients delivered illegal robocalls, including those promoting the sale of insurance, debt consolidation, and mortgage services.
The company failed to “effectively prevent the delivery of prerecorded messages that are prohibited by the TSR,” the FTC alleged, nor did it require that clients demonstrate they have excluded numbers from the National Do Not Call Registry when they used CallFire’s voice broadcasting service.
Although declining to admit liability, Skyy agreed to settle the charges by paying a $75,000 civil penalty and reviewing all prerecorded messages of its clients prior to delivery. If the company discovers a client in violation of the Rule, Skyy promised to terminate the contract.
Commissioner Maureen K. Ohlhausen wrote a separate concurrence joining her Commissioners in approving the proposed consent decree, but she emphasized that she did so because of CallFire’s complicity.
“I would not support imposing liability on a party merely for creating or providing a product or service with legal uses, absent reason to believe that the party knows or consciously avoids knowing that its client is using it to violate the TSR,” she wrote. “In this matter, however, I support the imposition of liability because CallFire actively encouraged clients to use its robocall service to target large numbers of consumers for marketing purposes, without any inquiry to whether its clients were complying with the TSR.”
To read the FTC’s complaint and proposed consent order with Skyy Consulting, click here.
Why it matters: The agency’s action serves as an important reminder that a company can violate the TSR by providing substantial assistance or support to a seller or telemarketer it knows or consciously avoids knowing is in violation of the Rule. In addition to the prohibition on certain types of telemarketing calls to those numbers on the National Do Not Call Registry, the TSR prohibits robocalls to induce the purchase of goods and services without prior, express consent.
Noted and Quoted . . . Becca Wahlquist and Ronald Katz Provide Insight to Law360 on Litigation Developments
Law360 recently turned to litigation partner Becca Wahlquist to comment on the unwavering flood of consumer class actions brought under the Telephone Consumer Protection Act (TCPA).
The article “TCPA Class Action Surge Shows No Signs of Abating,” published on May 24, 2013, describes the relative ease with which plaintiffs can bring TCPA class actions given that they need only show that they received unsolicited communications, not actual injury. These actions also bring the allure of uncapped statutory damages at $500 to $1,500 per violation.
According to Becca, “Because companies have so many customers nationwide, and because of the statutory damages available for each call or text, classwide allegations of TCPA violations can create a threat of staggering damages, even when the claims lack merit.”
To read the full article, click here.
To attend Manatt’s no-cost webinar, “Are You Ready for New TCPA Consent Requirements?” click here.
On May 22, 2013, Law360 featured an article authored by litigation partner Ronald Katz on the recent decision by the U.S. Court of Appeals for the Third Circuit, Ryan Hart v. Electronic Arts Inc. The decision provides guidance in an unclear area of law involving the rights of publicity of a college athlete and the First Amendment arguments of a video game manufacturer.
The court held that the so-called “transformative use test” applied, and that Electronic Arts did not sufficiently transform athlete Ryan Hart’s image used in the “NCAA Football” game to merit First Amendment protection. According to Ron, an “important practice tip that flows from this opinion is that merely changing the form of an image – for example, from a painting to a digital image – is not transformative. In the context of what is transformative, the medium is not the message.”
To read the full article, click here.
Most Read Stories
In case you missed any, here are our top 10 most widely read stories in April:
1. “FTC Closes Another Investigation into Endorsement Guides Violation”
2. “No Rest for the NAD, As it Decides Multiple Mattress Disputes”
3. “9th Circuit: This Case Is ‘Why Fair Use Exists’”
4. “Noted and Quoted . . . Adweek and InsideCounsel Turn to Linda Goldstein and Marc Roth on Impact of FTC Regulatory Developments”
5. “TCPA Class Actions Prohibited in New York”
6. “Got Settlement? Muscle Milk Suit Settles for $5.3 Million”
7. “Big Companies, Big Privacy Violations, Big Settlements”
8. “Employer Violated Privacy, Publicity Rights by ‘Hijacking’ LinkedIn Account”
9. “‘Repeat Offender’ Subject of FTC Action”
10. “Noted and Quoted . . . Marc Roth Sheds Light on Necessary Components of Privacy Policies for InsideCounsel”