Consumer Protection Archives - Page 15 of 32

FTC Proposes New Rule Codifying “Made in USA” Policy

On July 16, 2020 the FTC published a notice of proposed rulemaking in which it announced its intention to codify its long-time enforcement policy regarding products labeled as “Made in the USA” (MUSA); these claims are currently enforced through the FTC’s general authority to prevent unfair and deceptive practices.

The proposed rule does not change the substantive criteria on which such claims will be evaluated and rather is primarily intended to (1) strengthen the FTC’s enforcement mechanism by making it easier for the FTC to assess civil penalties against those making unlawful MUSA claims and (2) give marketers more regulatory certainty. Under the proposed rule, a MUSA claim may, as before, only be made where (1) the final processing or assembly occurs in the USA, (2) all significant processing that goes in the product occurs in the USA, and (3) all or virtually all of the ingredients or components of the product are made and sourced in the U.S. While the proposed rule would apply to a broad range of product labels, it would also apply to MUSA claims found outside of the product label such as mail order catalogs and mail order promotional materials defined to include “any materials, used in the direct sale or direct offering for sale of any product or service, that are disseminated in print or by electronic means, and that solicit the purchase of such product or service by mail, telephone, electronic mail, or some other method without examining the actual product purchased.” The proposed rule would not apply to qualified MUSA claims.

Comments to the proposed rule are due by September 14, 2020.

ARTICLE BY Food and Drug Law at Keller and Heckman LLP.

For more on labeling regulation, see the National Law Review Administrative & Regulatory law section.

Seila Law LLC v. Consumer Financial Protection Bureau: Has the Supreme Court Tamed or Empowered the CFPB?

On June 26, the Supreme Court issued its long-awaited opinion in Seila Law LLC v. Consumer Financial Protection Bureau,¹ finally resolving the question that has dogged the new agency since its inception: Is the leadership structure of the Consumer Financial Protection Bureau (CFPB) constitutional? Writing for a 5-4 majority, Chief Justice John Roberts ruled that the CFPB structure—“an independent agency that wields significant executive power and is run by a single individual who cannot be removed by the President unless certain statutory criteria are met”—violates the Constitution’s separation of powers.²

For financial services companies regulated by the CFPB, the most important aspect of Seila Law is not the headline constitutional defect, but the remedy. Choosing “a scalpel rather than a bulldozer,”³ the Court did not invalidate the CFPB. The Court held 7-2 that the Director’s constitutionally offensive removal protection could be severed from the CFPB’s other authorities, thus bringing the Director (and with her, the CFPB) under Presidential control, while leaving the CFPB’s other powers in place.⁴

While Seila Law is an important case in the evolving doctrine of separation of powers as applied to independent agencies, the case has three immediate consequences for financial services companies. First, the CFPB is here to stay, and its broad authorities and other controversial aspects (such as its insulation from Congressional appropriations) remain intact. Second, the CFPB’s Director is now directly accountable to the President, significantly raising the stakes in the 2020 election for the agency’s regulatory and enforcement agenda. Third, the Court left one important question unanswered: it declined to address the effect of its ruling on prior CFPB rules and enforcement actions. While we believe the agency will attempt to cure the constitutional defect, we expect continued litigation—and uncertainty—on this issue.

Background

In response to the 2008 financial crisis, Congress passed the Dodd-Frank Wall Street Reform and Consumer Protection Act (the “Dodd-Frank Act”), creating the CFPB as an independent financial regulator within the Federal Reserve System.⁵ The CFPB has expansive authority to “implement and, where applicable, enforce Federal consumer financial law,” which includes 19 enumerated federal consumer-protection statutes and the Dodd-Frank Act’s broad prohibition on unfair, deceptive, and abusive acts and practices.⁶ The CFPB’s authority over consumer financial products and services includes rulemaking authority with respect to the enumerated statutes, the ability to issue orders, including orders prohibiting products and services which it concludes are “abusive” or substantively unfair, as well as the power to impose significant financial penalties on financial services companies. The CFPB is funded through the Federal Reserve System, and thus is not subject to Congressional constraint through the appropriations process. Although technically housed within the Federal Reserve System, the CFPB also is not subject to oversight or control by the Board of Governors of the Federal Reserve System. As a result, the CFPB was created to be an independent agency, largely unconstrained by Congress or the Federal Reserve System. The CFPB is headed by a single Director appointed by the President, by and with the advice and consent of the Senate, for a five-year term.⁷ The Director may be removed by the President only for “inefficiency, neglect of duty, or malfeasance in office.”⁸

In 2017, the CFPB issued a civil investigative demand to Seila Law LLC, a California-based law firm that provides debt-related legal services to consumers. Seila Law refused to comply, objecting that concentrating the CFPB’s authority in a single Director with for-cause removal protection violated the separation of powers doctrine. The CFPB filed a petition to enforce its demand in federal district court. The district court rejected Seila Law’s constitutional objection and ordered the law firm to comply with the demand. The Court of Appeals for the Ninth Circuit affirmed.⁹

Case Analysis: Seila Law

The Supreme Court granted certiorari to address the constitutionality of the CFPB’s single-Director structure. That decision was telling in and of itself, given that the Ninth Circuit’s ruling was in accord with PHH Corporation v. CFPB, the D.C. Circuit’s en banc opinion upholding the Director’s removal protection.¹⁰ As many had expected, the Supreme Court reversed the Ninth Circuit and held that Congress’s restriction on the President’s power to remove the CFPB’s Director violated the separation of powers doctrine.

The Court began its analysis from the premise that Article II of the Constitution gives the entire executive power to the President alone, “who must ‘take care that the Laws be faithfully executed.’”¹¹ Lesser officers who aid the President in his or her duties “must remain accountable to the President, whose authority they wield.”¹² The President’s power to remove these lesser officers at will is foundational to the President’s executive function and “has long been confirmed by history and precedent.”¹³ The Court held that “[w]hile we have previously upheld limits on the President’s removal authority in certain contexts, we decline to do so when it comes to principal officers who, acting alone, wield significant executive power.”¹⁴ The Court found that the CFPB’s Director fit that bill. In creating the CFPB, Congress “vest[ed] significant governmental power in the hands of a single individual accountable to no one.”¹⁵ Such an agency “has no basis in history and no place in our constitutional structure.”¹⁶

Next, the Court turned to the remedy. Seila Law argued that the Director’s unconstitutional removal protection rendered the “entire agency … unconstitutional and powerless to act.”¹⁷ The Court disagreed. Relying on the Dodd-Frank Act’s severability clause, the Court’s severability precedent, and the proposition that “Congress would have preferred a dependent CFPB to no agency at all,” the Court ruled that the Director’s removal protection is severable from the CFPB’s other statutory authorities.¹⁸ “The agency may therefore continue to operate, but its Director, in light of our decision, must be removable by the President at will.”¹⁹

Finally, the Court expressly declined to address how its holding affects prior CFPB regulatory and enforcement actions. The government had argued that the Court need not reach the constitutional question because the CFPB’s demand to Seila Law had since been ratified by an Acting Director accountable to the President.²⁰ The Court remanded the question of ratification to the lower courts, noting that it “turns on case-specific factual and legal questions not addressed below and not briefed here.”²¹

Implications

Seila Law is an important case for the canons of administrative law and the separation of powers doctrine. But for financial services companies regulated by the CFPB, it has meaningful (and immediate) practical consequences.

First, the CFPB has escaped Supreme Court review with its authorities basically untouched. Absent Congressional action, the CFPB will (i) continue to be run by a single Director, (ii) continue to wield expansive rulemaking, supervisory, and enforcement authority over the multi-trillion dollar market for consumer financial products and services, and (iii) continue to be insulated from Congressional control via the appropriations process.

Second, the CFPB’s Director is now directly accountable to the President—whoever that person may be. Typically, financial regulators have a measure of insulation from the political process to provide consistency and certainty to financial markets. With this decision, the election of the next President—and the prospect of a Democratic administration—could result in significant and immediate changes to the CFPB’s regulatory and enforcement agenda.

Third, while Seila Law secured the CFPB’s future, the Court left in place significant uncertainty as to its past. This past includes major enforcement actions and rulemakings that have reshaped the market for consumer financial products and services over the last nine years. Of course, it remains to be seen what appetite financial services companies have to challenge the CFPB’s prior rules and enforcement orders. And, we expect the CFPB will attempt to remedy the constitutional defect by ratifying the agency’s past actions or perhaps invoking the de facto officer doctrine.²² Yet, the availability of either remedy is an open question. Ratification in particular is a live dispute in both Seila Law and a pending en banc appeal before the Fifth Circuit, Consumer Financial Protection Bureau v. All American Check Cashing.²³ Ratification of prior agency actions was also left unresolved in another thread of the Supreme Court’s recent separation of powers jurisprudence. In Lucia v. SEC, the Court found that the SEC hired administrative law judges (ALJs) in violation of the Appointments Clause, but offered limited remedial guidance aside from instructions that Lucia was entitled to a “new hearing before a properly appointed” ALJ.²⁴ While litigating Lucia’s challenge, the SEC issued an order purporting to ratify its past ALJ appointments by approval of the Commission itself. The Court acknowledged that order, but declined to address its validity.²⁵

1 Seila Law v. Consumer Financial Protection Bureau, 591 U.S. ____ (2020) (June 26, 2020).

2 Id., Slip Op. at 2–3.

3 Id., at 35.

4 Id., at 3.

5 Title X of the Dodd-Frank Act, 12 U.S.C. § 5301 et seq., created the CFPB and defines its authorities.

6 12 U.S.C. § 5511 (defining CFPB’s purpose); 12 U.S.C. § 5481(14) (defining “Federal consumer financial law”).

7 Id. § 5491(b)(2), (c).

8 Id. § 5491(c)(3). For a detailed discussion of the CFPB and its powers, see our Clients & Friends Memo, The Consumer Financial Protection Bureau: The New, Powerful Regulator of Financial Products and Services (March 06, 2012).

9 Seila Law, Slip Op. at 6–8 (discussing procedural history).

10 PHH Corp. v. CFPB, 881 F. 3d 75 (D.C. Cir. 2019) (en banc). Tellingly, then-Judge Kavanaugh wrote the D.C. Circuit panel decision holding that the CFPB’s structure violated the separation of powers doctrine. 839 F.3d 1 (D.C. Cir. 2016). The en banc court vacated that decision, but now-Justice Kavanaugh joined the majority in Seila, reiterating his separation of powers analysis from the D.C. Circuit. For further analysis of the PHH decision, see our Client & Friends Memo Federal Appeals Court Rules That CFPB Structure is Constitutional (Jan. 31, 2018) (discussing the en banc decision); D.C. Circuit Brings CFPB under Presidential Control (Oct. 13, 2016) (discussing the initial panel decision of the D.C. Circuit).

11 Seila Law, Slip Op. at 11 (quoting U.S. Const., Art. II, § 1).

12 Id. at 12.

13 Id.

14 Id. at 36. Specifically, the Court wrote that it has recognized two limited exceptions to the President’s unrestricted removal power. Seila Law, Slip Op. at 15–16. First, in Humphrey’s Executor, 295 U.S. 602 (1935), the Court upheld removal restrictions for Commissioners of the Federal Trade Commission, which Roberts characterized as “a multimember body of experts, balanced along partisan lines, that performed legislative and judicial functions and was said not to exercise any executive power.” Seila Law, Slip Op. at 15. Second, in United States v. Perkins, 116 U.S. 483 (1886), and Morrison v. Olson, 487 U.S. 654 (1988), the Court permitted removal protections for certain inferior officers with narrow duties, such as an independent counsel appointed to investigate and prosecute specific crimes.

15 Seila Law, Slip Op. at 23.

16 Id. at 18.

17 Id. at 31.

18 Id. at 32–36 (emphasis in original).

19 Id. at 3.

20 Id. at 30.

21 Id. at 31. Justice Thomas viewed this theory as irrelevant, since the Acting Director could not have ratified the continuance of the action by Director Kraninger. Justice Kagan did not address this theory specifically.

22 See Ryder v. United States, 515 U.S. 177 (1995) (the de facto officer doctrine “confers validity upon acts performed by a person acting under the color of official title even though it is later discovered that the legality of that person’s appointment or election to office is deficient.”).

23 No. 18-60302 (5th Cir.).

24 Lucia v. S.E.C., 138 S. Ct. 2044, 2055 (2018).

25 Id. at 2055 n.6.

ARTICLE BY Rachel Rodman and Scott A. Cammarn and Nihal S. Patel at Cadwalader, Wickersham & Taft LLP.

For more on the CPFB, see the National Law Review Consumer Protection law section.

Sellers Beware – The COVID-19 Pandemic Has Opened the “Price-Gouging” Pandora’s Box

As the Covid-19 emergency goes on, both federal and New Jersey authorities have begun to enforce anti-price gouging and anti-hoarding provisions of federal and state law. A wide range of businesses, including but going beyond the sellers of medical equipment, should be aware of the limits imposed by these statutes and the dangers posed by enforcement.

A. The New Jersey Consumer Fraud Act

As has been widely reported in the media, the State of New Jersey is aggressively enforcing the anti-price gouging provisions of the Consumer Fraud Act, N.J.S.A. 56:8-107 through 109, during the current coronavirus emergency. Enforcement of the statute by the Division of Consumer Affairs or by private civil action under the Consumer Fraud Act poses a risk to the sellers of a broad variety of goods. However, it also poses a potential remedy for business purchasers for end use whose ordinary supply chain has been disrupted by the emergency.

During a state of emergency declared by the Governor, N.J.S.A. 56:8-109 declares it to be an “unlawful commercial practice” for any person to sell or offer for sale “any merchandise which is consumed or used as a direct result of an emergency or which is consumed or used to preserve, protect, or sustain the life, health, safety or comfort of persons or their property for a price that constitutes an excessive price increase.” In turn N.J.S.A. 56:8-108 defines an “excessive price increase” as more than 10 percent greater than the seller’s price in the usual course of business immediately before the declaration of emergency, unless the price increase is attributable either to the seller passing through increased prices from its supplier or costs imposed by the emergency. In that case, the statute defines an excess price increase as an increase of more than 10 percent beyond the seller’s customary pre-emergency markup.

The statutory language sweeps broadly and may be applied to price increases of almost any product where demand has increased or the supply chain has been disrupted by the coronavirus emergency. A recent news story reports that more than 3,600 complaints of alleged price-gouging have been made to the Attorney General’s Division of Consumer Affairs, against more than 2,100 business, involving not only medical supplies but food and commodities in short supply like toilet paper and disinfectants. The Division is urging the public to remain “vigilant” and is actively soliciting complaints on its website. As it investigates complaints, the Division is issuing subpoenas for the seller’s pre-emergency and current cost, price and markup information. The defense of passing through increased costs requires the seller to document both higher charges from suppliers and other costs, such as hazard pay for employees, imposed by the emergency.

Penalties for violation of the Consumer Fraud Act include civil penalties of up to $10,000 for a first offense. There are additional penalties if the violation was directed against senior citizens or persons with disabilities. In addition, the Attorney General may obtain an injunction against future violations. The courts may order restitution to consumers of money obtained in violation of the Act, and twice the amount obtained in the case of senior citizens. Failure to make restitution as ordered is punishable as contempt of court.

In addition to the enforcement powers of the Attorney General, N.J.S.A. 56:8-19 gives any person who has suffered an “ascertainable loss of moneys or property . . . as a result of any practice declared unlawful” under the Consumer Fraud Act as amended or supplemented a private right of action to recover treble damages and attorneys’ fees, either directly or as a counterclaim in a suit by the seller. No reported decision decides whether this private right of action would apply to a violation of the Act’s anti-price gouging provisions, but it is reasonable to anticipate that creative counsel are contemplating private class actions on behalf of retail purchasers.

The private right of action under the Consumer Fraud Act extends not only to individual consumers but to businesses that purchase supplies or equipment for use in the business. Hospitals, medical practices and other large scale purchasers of supplies and equipment affected by the coronavirus emergency may wish to explore that possibility.

B. The Federal Defense Production Act

The Korean War vintage Defense Production Act (“DPA”) gives the President broad powers to direct the production of essential goods and to prioritize their distribution during periods of declared national emergency. Section 101 of the DPA, 50 U.S.C. § 4511, authorizes the President or his delegate to designate goods as scarce materials critical to the national defense. Section 102 of the Act, 50 U.S.C.§ 4512, the anti-hoarding provision, prohibits any person from accumulating “1) in excess of the reasonable demands of business, personal, or home consumption, or (2) for the purpose of resale at prices in excess of prevailing market prices, materials which have been designated by the President as scarce materials or materials the supply of which would be threatened by such accumulation.” Designations are required to be published in the Federal Register. Section 103 of the DPA, 50 U.S.C. § 4513 makes the violation of § 102 a federal crime subject to a $10,000 fine and one year imprisonment. In addition § 706, 50 U.S.C. § 4556, authorizes the federal courts to enjoin violations of the DPA at the suit of the government. Other provisions, not relevant here, authorize the government to provide incentives and subsidies to increase production of essential goods.

The DPA is based on the War Powers Acts of World War II. It is designed to authorize the kind of command economy in place during that war, in which the armed forces were the sole end user, the government controlled production by placing contracts, fixing priorities and allocating raw materials, and the government directly controlled prices in the civilian market. It empowers the federal government to become the sole buyer and allocator of materials critical to the national defense. However, the President has chosen not to take the responsibility for centralized purchasing and allocation of critical medical supplies. Instead, the federal government has decided to allow states and other end users to compete for limited resources while using the DPA’s criminal provisions to try to curb the more egregious examples of exploitation.

On March 23, 2020, the President issued Executive Orders 13909 and 13910, which invoke his authority under DPA § 101 to declare ventilators and medical personal protective equipment as scarce materials critical to the national defense. Under authority designated by the Executive Orders, on March 25, 2020 the Secretary of Health and Human Services designated a variety of masks, gloves, gowns, face shields and other personal protective equipment, as well as respirators, sterilization materials, and ventilators as scarce materials subject to the anti-hoarding section of the DPA. The designation was published in the Federal Register at 85 FR 17592 (Mar. 30, 2020). It enumerates the types of short-supply equipment but does not provide guidance as to what constitutes accumulation in excess of reasonable demand for consumption or what prices are considered in excess of the prevailing market price.

The Department of Justice has created a joint federal-state anti-hoarding task force under the leadership of the United States Attorney for the District of New Jersey, and several criminal prosecutions of alleged hoarders have been instituted. However, the prohibitions in DPA § 102 of accumulation “in excess of reasonable demands” for the holder’s consumption or for resale at a price “in excess of prevailing market prices” appear to impose a rather vague standard of criminal liability, and there do not appear to be any reported decisions interpreting them. Unlike the New Jersey statute, there is no definite markup that would be allowed.

DPA § 104, 50 U.S.C. §4514, prohibits the President from imposing wage or price controls without Congressional authorization. Perhaps for that reason, the government has not set permissible prices for short-supply equipment at any time since the HHS designation. Instead, the government is taking the position that prevailing prices are either prices in effect in January and February of 2020, before the coronavirus crisis began in the United States, or that they are “benchmark” prices of a major private manufacturer. Whether either of those standards provides fair advance notice sufficient to support criminal liability is, to say the least, contestable.

In addition, the government’s position appears to criminalize what may be entirely legitimate economic activity. Experience has shown that there were large amounts of masks and other designated short-supply medical equipment scattered in pockets of inventory around the United States and abroad. Middlemen perform the valuable service of finding these supplies, marshaling them and making them available to end users. That takes effort, which will not be undertaken without the prospect of compensation. Unlike the New Jersey statute, the DPA does not on its face recognize the costs incurred by accumulators to obtain otherwise unavailable goods, either those passed through from upstream sellers, the expenses of search, or reasonable compensation for the effort involved.

In conclusion, the government has not used the Defense Production Act to set prices directly. Its criminal anti-hoarding provisions are a very blunt instrument for regulating economic activity in a time of shortage, especially because the federal government is not acting as the sole buyer or allocator of goods or fixing prices but is instead requiring end users of short-supply equipment to compete against each other. These criminal provisions have never been tested in court, and they leave open the possibility of vigorous defense based on the lack of a clear standard of criminal liability, on the need to attract scarce goods into the market, and on the pass-through of legitimate costs incurred to do so, including a reasonable profit.

ARTICLE BY the Litigation Practice Group at Sills Cummis & Gross P.C.

For more on COVID-19 related price issues, see the National Law Review Coronavirus News legal section.

Price Gouging and Deceptive Advertising Practices Amidst COVID-19 Pandemic

The Federal Trade Commission, the Food and Drug Administration and state Attorneys General have bumped the protection of consumers in the midst of the COVID-19 crisis to the top of their respective lists, including, but not limited to, price gouging and unsubstantiated product efficacy claims. The U.S. Department of Justice has also issued a broad mandate regarding criminal enforcement of deceptive, fraudulent and predatory practices.

State Attorneys General

State Attorney General have actively been policing the advertising of claims related to products that purport to cure, treat or prevent COVID-19. This includes both express and implied claims (e.g., immunity-based claims).

Currently are no vaccines, pills, potions, lotions, lozenges or other prescription or over-the-counter products to treat or cure.

By way of example, a group of thirty-two state attorneys general recently sent letters to executives at prominent online retailers, urging them to help police price gouging. Additionally, the New York Attorney General has asked GoDaddy and other online registrars to halt and de-list domain names used for Coronavirus-related scams and fake remedies designed to unlawfully and fraudulently profit off consumers’ fears around the coronavirus disease.

The NY AG has also recently contacted Craigslist.com, calling on the company to immediately remove posts that attempt to price gouge users, or otherwise purport to sell items that provide “immunity” to the coronavirus or allow individuals to test for the disease. For example, the AG’s letter referred to posts that promoted an “immunity pack,” a fake coronavirus testing kit, and face masks that are not even proven to provide coronavirus-related protection. The AG also asked Craigslist to remove an advertisement for a bottle of Purell that was priced at over $200.

Price gouging on disinfectant products is also a priority.

State AGs and other federal agencies are actively investigating potential price gouging violations, filing enforcement lawsuits, issuing civil investigative demands (CIDs), and serving cease-and-desist warnings. The NYC Department of Consumer and Worker Protection (DCWP) – formerly the New York City Department of Consumer Affairs (DCA) – has also been policing local business that it believes are selling necessary products (e.g., cleaning products, diagnostic products and services, disinfectants [wipes, liquids, sprays], face masks, gloves, hand sanitizers, medicines, paper towels, rubbing alcohol, soap, tissues and basic food supplies).

The State of New York’s price gouging statute prohibits the sale of goods and services necessary for the health, safety and welfare of consumers at unconscionably excessive prices during any abnormal disruption of the market. During any abnormal disruption of the market for consumer goods and services vital and necessary for the health, safety and welfare of consumers, no party within the chain of distribution of such consumer goods or services or both shall sell or offer to sell any such goods or services or both for an amount which represents an unconscionably excessive price.

In the State of New York, whether a price is unconscionably excessive is a question of law for the court. The court’s determination that a violation has occurred shall be based on any of the following factors: (i) that the amount of the excess in price is unconscionably extreme; or (ii) that there was an exercise of unfair leverage or unconscionable means; or (iii) a combination of both factors in subparagraphs (i) and (ii).

Proof that a violation of has occurred can include, for example, evidence that: (i) the amount charged represents a gross disparity between the price of the goods or services which were the subject of the transaction and their value measured by the price at which such consumer goods or services were sold or offered for sale by the defendant in the usual course of business immediately prior to the onset of the abnormal disruption of the market; or (ii) the amount charged grossly exceeded the price at which the same or similar goods or services were readily obtainable by other consumers in the trade area. A defendant may be able to rebut such evidence by establishing that additional costs not within its control were imposed on the defendant for the goods or services.

Where a violation is alleged to have occurred, the AG may seek an injunctions, civil penalties and restitution.

Under the Rules of the City of New York, stores are prohibited from selling items that have been declared in short supply at excessively increased prices. NYC has recently issued an emergency rule prohibiting price increases above 10% on various products necessary to combat the coronavirus. New York State has now proposed legislation concerning medical supplies that includes a presumption that a price exceeding 10% of its price immediately prior to a public health emergency is to be considered unconscionably excessive.

Other states also utilize percentage-drive formulas when assessing excessive or unconscionable price increases, such as, without limitation, Arkansas, Florida, Michigan, Missouri, New Jersey, North Carolina, Ohio, Oklahoma, Pennsylvania, Tennessee, Texas, Utah, West Virginia, and Wisconsin. Some states impose liability upon manufacturers and distributors. Some states also impose civil fines and penalties for violations, in addition to potential criminal liability.

Any entity charged with price gouging during a public health emergency would be entitled to rebut an alleged violation of this new law with evidence that the additional costs not within the control of the defendant were imposed on the defendant for the consumer medical supplies.

FTC and FDA

The Federal Trade Commission and the Food and Drug Administration recently announced that it has issued joint warning letters to companies that allegedly had been disseminating unsubstantiated product advertising claims related to the coronavirus. The letters cite efficacy claims that are not supported by competent and reliable scientific evidence, as well as issues relating to unapproved and misbranded drugs.

On March 26, 2020, FTC lawyer and Chairman Joe Simons issued a statement setting forth the agency’s enforcement efforts to protect consumers from unfair and deceptive commercial practices and to educate the public. The FTC “will not tolerate businesses seeking to take advantage of consumers’ concerns and fears regarding coronavirus disease, exigent circumstances, or financial distress,” FTC lawyer Simons stated.

The FTC has also issued a press release calling attention to business-to-business scams that seek to exploit companies’ concerns about COVID-19, and sent letters to VoIP service providers and other companies warning them that “assisting and facilitating” illegal telemarketing or robocalls related to the coronavirus or COVID-19 pandemic is against the law.

“It’s never good business for VoIP providers and others to help telemarketers make illegal robocalls that scam people,” said FTC attorney Andrew Smith, Bureau of Consumer Protection Director. “But it’s especially bad when your company is helping telemarketers exploiting fears about the coronavirus to spread disinformation and perpetrate scams,” Smith stated.

Department of Justice

The U.S. DoJ has issued a broad mandate with respect coronavirus-related fraud, price gouging and product hoarding. In fact, it recently filed a number of federal criminal actions to combat fraud and other offenses related to the coronavirus pandemic.

Two of the actions were filed in California. One involving allegations that an individual solicited investments in a company he claimed would be used to market pills that would prevent coronavirus infections, as well as market an injectable cure for those who had already contracted the virus. The other, involving allegations that an individual mislabeled drugs that were purported to be a miracle cure for COVID-19.

Another two actions were filed in New Jersey. One involving charges of violating the federal Anti-Kickback Statute and conspiracy to commit health care fraud. The other, involving allegations of assault resulting from an individual who represented to have tested positive for COVID-19 that coughed on FBI agents, lied to them about his accumulation and sale of surgical masks, medical gowns and other medical supplies, and selling supplies to doctors and nurses at inflated prices. .

The DoJ also recently filed a civil wire fraud lawsuit in a Texas federal district court against a website (coronavirusmedicalkit.com) that was purportedly offering access to bogus World Health Organization vaccines.

Digital marketers, consumer-facing businesses and others in the supply chain should consider consulting with experienced FTC defense counsel to avoid unsupported efficacy claims and inadvertently charging unlawful prices for goods and services necessary for the health, safety and welfare of consumers.

ARTICLE BY Richard B. Newman of Hinch Newman LLP.

For more on FTC COVID-Actions, see the National Law Review Coronavirus News section.

Clash of Consumer Protection Goals: Does the Text of the TCPA Frustrate the Purposes of the CPSA?

“Hello. This is an automated call from Acme Manufacturing. Our records indicate that you purchased Product X between December 2019 and January 2020. We wanted to let you know that we are recalling Product X because of a potential fire risk. Please call us or visit our website for important information on how to participate in this recall.”

When companies recall products, they do so to protect consumers. In fact, various federal laws, including the Consumer Product Safety Act (CPSA), the Federal Food, Drug, and Cosmetic Act (FDCA), and National Highway and Motor Vehicle Safety Act (MVSA), encourage (and may require) recalls. And the agencies that enforce these statutes would likely approve of the hypothetical automated call above because direct notification is the best way to motivate consumer responses to recalls.^[1]

But automated calls to protect consumers can run into a problem: the Telephone Consumer Protection Act (TCPA).

Are Recall Calls a Nuisance or an Emergency?

The TCPA seeks to protect consumers from the “nuisance and privacy invasion” of unwanted automated marketing calls.^[2] The TCPA prohibits any person from making marketing calls to landlines, or any non-emergency calls or text messages^[3] to wireless lines, using automated dialers or recorded messages unless the recipient has given prior written consent. The Act includes a private right of action and statutory per-violation damages – $500, trebled to $1,500 if a court finds the violation willful and knowing.^[4] These penalties can add up quickly: In one case, a jury found that a company violated the TCPA nearly two million times, exposing the company to minimum statutory damages totaling almost $1,000,000,000.^[5]

There is an important exception to the TCPA’s prohibition on automated calls. The TCPA allows autodialed calls for emergency purposes,^[6] but the Act does not define that phrase. While the FCC has interpreted emergency purposes to mean “calls made necessary in any situation affecting the health and safety of consumers,”^[7] recalls are not explicitly identified within this definition. As a result, aggressive plaintiffs have demanded millions in damages from companies that use automatic dialers to disseminate recall messages.^[8]

For example, a grocery chain – Kroger – made automated calls to some purchasers of ground beef as part of a recall stemming from salmonella concerns. A plaintiff responded with a purported class action that did not mention the recall ^[9] but was based on consumers alleging that they had received “annoying” “automated call[s] from Kroger.”

Moving to dismiss, Kroger observed that the plaintiff – who had not listened to the call beyond its initial greeting^[10] and thus could not comment on the call’s text – had “cherry-picked”^[11] portions of consumers’ online comments to support the case, omitting text that clearly demonstrated that the calls were made for health and safety purposes.^[12] Kroger argued that the online comments did not support the plaintiff’s allegations that Kroger had made any marketing calls.

The court granted Kroger’s motion and dismissed the complaint without leave to amend. Even so, Kroger was compelled to spend time and money defending the claim.

In light of this type of lawsuit, one communications firm involved in automotive recalls has petitioned the FCC to “clarify . . . that motor vehicle safety recall-related calls and texts are ‘made for emergency purposes.’”^[13] The Association of Global Automakers and the Alliance of Automobile Manufacturers commented in support of the petition, arguing that the “[l]ack of clarity regarding TCPA liability for vehicle safety recall messages has had a chilling effect on these important communications.”^[14] The Settlement Special Administrator for the Takata airbag settlements also wrote in support, commenting that automated “recall-related calls and texts serve an easily recognizable public safety purpose.”^[15]

The TCPA’s emergency exception offers protection in litigation. The FCC’s definition – “calls made necessary in any situation affecting the health and safety of consumers” – neatly encapsulates the entire function of a recall, namely acting to protect consumers’ health and safety. Moreover, in developing the emergency exception, Congress broadened initial language that excepted calls made by a “public school or other governmental entity” to the enacted “emergency purposes” phrasing precisely to ensure the exception encompassed automated emergency calls by private entities.^[16] One of the seminal emergency purposes for which a private entity might seek to make automated calls is a product recall.

Even with such sound arguments that TCPA claims related to recall calls are without merit within the statute, however, aggressive plaintiffs have brought such claims. These efforts compel companies to spend finite resources defending claims that should not be brought in the first place. An express statutory or regulatory statement that recalls are squarely within the definition of emergency purposes would give companies greater confidence that not only would they be able to successfully defend against any effort to pit the TCPA against consumer-protection values, but that the claims are so unlikely to be brought that the companies need not even fear to have to defend.

Protecting Against Recall-Call Complaints

Until the FCC or Congress expressly instructs plaintiff’s counsel not to try to litigate against automated recall calls, there are steps companies that want to use automated dialers to drive recall responses can take to minimize any risk of a court misinterpreting their calls or finding TCPA liability where it should not attach.

For example, companies may (as some already do) ask for customers’ consent to be autodialed in connection with the products they have purchased – e.g., by including consent language on product warranty cards or registration forms. In fact, the Consumer Product Safety Improvement Act of 2008 (CPSIA)^[17] already requires manufacturers of durable infant and toddler products to include registration cards for recall-communication purposes.^[18]Companies in some other industries (like the on- and off-road motor vehicle industries) typically have robust registration systems that can incorporate auto dialing consent, and more companies in other spaces may want to consider using registration to facilitate recalls.

Further, automated recall calls should focus on the recall. If calls extend to marketing messaging, that could undermine both a future TCPA defense and the efficacy of that and future recall communications.

Optimally, companies would be less likely to need these defenses if the statute more clearly signaled to would-be litigants that they should not even bother. If the FCC grants the pending petition and plainly states that product recalls are emergencies for TCPA purposes, courts’ deference to agency interpretations might deter at least some complaints. A statutory amendment would be the surest guarantee, though, and manufacturers may wish to ask Congress to amend the TCPA to clarify that recall messages are emergency messages.

[1] See, e.g., Joseph F. Williams, U.S. Consumer Prod. Safety Comm’n, Recall Effectiveness Workshop Report, 5 (Feb. 22, 2018).

[2] Pub. L. No. 102-243, § 2(12), 105 Stat. 2394, 2395 (Dec. 20, 1991).

[3] Rules and Regulations Implementing the Telephone Consumer Protection Act of 1991, CG Docket No. 02-278, Report and Order, 18 FCC Rcd 14014, 14115, para. 165 (2003)

[4] TCPA at § 3(a), 105 Stat. at 2399 (codified at 47 U.S.C. § 227(c)(5)).

[5] Wakefield v. ViSalus, Inc., No. 3:15-cv-1857-SI (D. Or.).

[6] See, e.g., TCPA at § 3(a), 105 Stat. at 2395-96 (codified at 47 U.S.C. § 227(b)(1)(A)).

[7] 47 C.F.R. § 64.1200(f)(4).

[8] See, e.g., Compl., Ibrahim v. Am. Honda Motor Co., Inc., No. 1:16-cv-04294, Dkt. #1 (N.D. Ill. Apr. 14, 2016).

[9] Compl., Brooks v. Kroger Co., No. 3:19-cv-00106-AJB-MDD, Dkt. #1 (S.D. Cal. Jan. 15, 2019) (“Brooks”).

[10] Pl. Opp. to Mot. to Dismiss at 5, Brooks, Dkt. #9 (Apr. 4, 2019).

[11] Reply in Supp. of Mot. to Dismiss at 7, Brooks, Dkt. #10 (Apr. 11, 2019).

[12] The plaintiff quoted one complaint as “Automated call from Kroger.” Compl. at 3-4, Brooks. As the defense noted, that complaint continued, “requesting that you return ground beef . . . due to the threat of salmonella.” Mem. in Supp. of Mot. to Dismiss at 6, Brooks Dkt. #7 (Mar. 21, 2019).

[13] IHS Markit Ltd. Petition for Emergency Declaratory Ruling, CG Docket No. 02-278, Petition, ii (Sept. 21, 2018).

[14] IHS Markit Ltd. Petition for Emergency Declaratory Ruling, CG Docket No. 02-278, Comments of Association of Global Automakers, Inc. and Alliance of Automobile Manufacturers, 9 (Nov. 5, 2018).

[15] IHS Markit Ltd. Petition for Emergency Declaratory Ruling, CG Docket No. 02-278, Comments of Patrick A. Juneau, 3 (Nov. 5, 2018).

[16] S. Rep. No. 102-178, 5 (Oct. 8, 1991).

[17] Pub. L. No. 110-314, 122 Stat. 3016 (Aug. 14, 2008) (codified as amended at 15 U.S.C. § 2056a).

[18] 15 U.S.C. § 2056a(d).

ARTICLE BY Jeffrey Skinner and Mike Gentine of Schiff Hardin LLP.

For more on CPSA, FDCA, MVSA & other recalls, see the National Law Review Consumer Protection law section.

Lyft Sexual Assault Claims Consolidated for Pre-Trial Proceedings

Lyft and other companies have become a part of life and people look to them for a safe ride home at the end of a night out. However, ridesharing companies, like Lyft and Uber, have been under fire for passenger safety concerns, and the stories of women being sexually assaulted by their drivers are prolific, harrowing and terrifying. In response to this disturbing trend, a wave of lawsuits in California are addressing the company’s responsibility when a passenger is assaulted.

Lyft Sexual Assault Claims Consolidated in San Francisco Superior Court

Recently, California Superior Court Judge Hon. Kenneth Freeman granted a petition to consolidate multiple Lyft sexual assault cases in California recommending the Superior Court of California San Francisco County as the appropriate venue for the “complex” coordinated matters to be heard.

The Lyft passenger lawsuits claim the plaintiffs were sexually assaulted by sexual predators driving for Lyft after Lyft had been on actual notice of ongoing, sexual assaults by its drivers. According to the complaints, Lyft failed to respond to the sexual assaults by adopting and implementing adequate driver hiring or monitoring systems and procedures to protect riders. This failure to respond to an identified, systemic issue of sexual assault put more riders at risk.

The Lyft plaintiffs filed a motion to coordinate the cases, as most of the cases included in the ruling had been filed in San Francisco Superior Court. The court agreed with the Lyft plaintiffs that: Lyft’s corporate headquarters are in San Francisco, as are the majority of corporate witnesses and documents. The court added, the San Francisco Superior Court uses e-filing, which could potentially save the parties significant costs. Additionally, only cases that are “complex” as defined by California’s Judicial Council standards may be coordinated.

Need for ESI (Electronically Stored Information) Orders, Are Lyft Drivers are Independent Contractors or Employees, Additional Plaintiffs Joining Requires Complex Case Management

Co-Counsel for the Lyft Sexual Assault Plaintiffs, Brooks Cutter of Cutter Law argued that there are likely to be thousands of documents, studies, e-mails, and memoranda that are relevant to the claims and defenses in this case and discovery will inevitably require a complex ESI (Electronically Stored Information) order and accordingly a court like San Francisco Superior Court is well-equipped to handle such issues, including staying discovery, staying portions of the case, obtaining stipulations that apply to the entire coordinated case, and selecting bellwether plaintiffs.

Many of the underlying cases in the consolidation action allege vicarious liability or the liability of Lyft for the torts or wrongful actions of their drivers whether or not Lyft classifies them as an employee or independent contractor. Lyft, Uber, and Doordash are actively fighting California Assembly Bill 5 Pledging over $90 Million To Fund Voter Initiative To Overturn AB-5 which went into effect January 1, 2020. AB-5 profoundly alters the legal standard applied in evaluating whether a worker is classified as an employee or an independent contractor. Furthermore, Uber and Postmates on December 31^st filed a legal challenge in Federal Court alleging AB-5 violates individuals’ constitutional rights, seeking declaratory and injunctive remedies claiming the law unfairly discriminates against technology platforms and those who make a living through them.

Lyft has also been accused of stalling and slowing down discovery. Coordinated proceedings could help plaintiffs’ attorneys combat Lyft’s delays, and it could be beneficial to have one judge see how Lyft has conducted itself in discovery.

Attorney Cutter stated he is aware of five more related sexual assault cases that have been filed in the time since that petition was filed. According to attorney Cutter, “There are definitely victims who have not yet come forward.”

Lyft Fought Against Sexual Assault Lawsuit Consolidation

Lyft, represent by Williams & Connolly, argued that the consolidation of Lyft Sexual assault cases “would make in San Francisco Superior Court a national clearinghouse for claims against San Francisco-based companies.” Furthermore, Lyft contended that:

“all claims against a California based-company —wherever the underlying incidents arise, and however much the disputed facts occurred elsewhere and other states’ laws govern the contested legal issues — could be brought in California courts and coordinated.”

Lyft’s two main objections to consolidation are that “the allegations of misconduct are not the same and that the majority of the cases did not occur in California.”

Judge Freeman, however, disagreed with the company, focusing instead on Lyft’s actions or inactions as an organization to protect rider’s safety. “To the contrary, the predominating legal and factual issues will examine Lyft’s liability for allegedly failing to institute a system to have prevented the assaults in these cases and potential future assaults.” Judge Freeman said. “The court agrees with plaintiffs that this is not a case against the drivers; it is fundamentally a case against Lyft.”

Significance of Lyft Consolidation Ruling

Judge Freeman also found that coordination of the suits would make the most efficient use of court resources and avoid duplicative testimony. In giving his ruling he further noted that there is a risk of duplicative and inconsistent rulings if the cases were not coordinated, which would create confusion, and it would hinder the Court of Appeal’s ability to hear challenges to inconsistent rulings, orders, and judgments, which would inevitably cause significant delays.

“This is an important ruling for victims as it means the claims will be heard in a single court in California,” plaintiff’s co-counsel Brooks Cutter said. “Lyft opposed our motion and wanted to force victims to undergo litigation in separate courts across the country. As a California company, it is appropriate for these Lyft claims to be heard in California.”

The Lyft sexual assault and rape claims each allege that the company did not adequately address the issue of sexual misconduct committed by sexual predators who drove for the ride-sharing company. Furthermore, they allege Lyft owed that duty to its riders, who believed it offered a safe form of transportation. Attorney Cutter says, “The occurrence of sexual assault in the vast majority of these lawsuits is undisputed. The focus of these lawsuits is Lyft’s accountability for the assaults, which plaintiffs contend were enabled by Lyft’s lax background checks and failure to enact reasonable in-app monitoring to help ensure rider safety.”

Alexandra LaManna, a spokeswoman for Lyft, disclosed to the New York Times: in 2019 nearly one in five employees at the company had been dedicated to initiatives strengthening the rideshare platform’s safety, and that in recent months Lyft had introduced more than 15 new safety features. Lyft announced in September of 2019 some of these safety features: access to 911 through the app and monitoring and offers of support from Lyft personnel to the driver and passenger if a trip is experiencing an unexpected delay. These are on top of the company’s criminal background checks, steps to prevent fraudulent use of the app and identify driver identity, and harassment prevention programs.

However, despite these steps, more Lyft lawsuits are being filed, alleging the ride-sharing company has not taken adequate steps to protect riders from sexual assault.

Lyft has not Released a Safety Report – Lyft Victims Can Still File Lawsuits

In December 2019, Lyft competitor Uber released a safety report. Uber reported that in 2017 and 2018 it received reports of 5,981 incidents of sexual abuse. In 2018, this included 235 rapes and 280 reports of attempted rape, 1,560 reports of groping, 376 reports of unwanted kissing to breast, buttocks or mouth and 594 reports of unwanted kissing to another body part. Because Uber’s figures are based on the information it received, the actual numbers could in fact be higher than reported.

Lyft has not released its safety report regarding sexual assaults, rapes, and accidents. Attorney Cutter finds the lack of safety report from Lyft to be problematic. He says, “It is important for Lyft to issue a safety report so the public has a better understanding of the significant risk of sexual assault in rideshare vehicles.”

Victims who suffered sexual assault committed by a Lyft driver are still eligible to file a lawsuit. Consolidation of the current lawsuits does not prevent future lawsuits from being filed, and it is likely there are many more victims who have yet to come forward about their experiences.

ARTICLE BY Jennifer Schaller and Eilene Spear of The National Law Review / The National Law Forum LLC.

More on consolidated case litigation in the National Law Review Litigation and Trial Practice section.

Venmo’ Money: Another Front Opens in the Data Wars

When I see stories about continuing data spats between banks, fintechs and other players in the payments ecosystem, I tend to muse about how the more things change the more they stay the same. And so it is with this story about a bank, PNC, shutting off the flow of customer financial data to a fintech, in this case, the Millennial’s best friend, Venmo. And JP Morgan Chase recently made an announcement dealing with similar issues.

Venmo has to use PNC’s customer’s data in order to allow (for example) Squi to use it to pay P.J. for his share of the brews. Venmo needs that financial data in order for its system to work. But Venmo isn’t the only one with a mobile payments solution; the banks have their own competing platform called Zelle. If you bank with one of the major banks, chances are good that Zelle is already baked into your mobile banking app. And unlike Venmo, Zelle doesn’t need anyone’s permission but that of its customers to use those data.

You can probably guess the rest. PNC recently invoked security concerns to largely shut off the data faucet and “poof”, Venmo promptly went dark for PNC customers. To its aggrieved erstwhile Venmo-loving customers, PNC offered a solution: Zelle. PNC subtly hinted that its security enhancements were too much for Venmo to handle, the subtext being that PNC customers might be safer using Zelle.

Access to customer data has been up until now a formidable barrier to entry for fintechs and others whose efforts to make the customer payment experience “frictionless” have depended in large measure on others being willing to do the heavy lifting for them. The author of Venmo article suggests that pressure from customers may force banks to yield any strategic advantage that control of customer data may give them. So far, however, consumer adoption of mobile payments is still miniscule in the grand scheme of things, so that pressure may not be felt for a very long time, if ever.

In the European Union, the regulators have implemented PSD2 which forces a more open playing field for banking customers. But realistically, it can’t be surprising that the major financial institutions don’t want to open up their customer bases to competitors and get nothing in return – except a potential stampede of customers moving their money. And some of these fintech apps haven’t jumped through the numerous hoops required to be a bank holding company or federally insured – meaning unwitting consumers may have less fraud protection when they move their precious money to a cool-looking fintech app.

A recent study by the Pew Trusts make it clear that consumers are still not fully embracing mobile for any number of reasons. The prime reason is that current mobile payment options still rely on the same payments ecosystem as credit and debit cards yet mobile payments don’t offer as much consumer protection. As long as that is the case, banks and fintechs and merchants will continue to fight over data and the regulators are likely to weigh in at some point.

It is not unlike the early mobile phone issue when one couldn’t change mobile phone providers without getting a new phone number – that handcuff kept customers with a provider for years but has since gone by the wayside. It is likely we will see some sort of similar solution with banking details.

ARTICLE BY Philip P. Gura of Womble Bond Dickinson (US) LLP.

For more on fintech & banking data, see the National Law Review Financial Institutions & Banking law page.

Florida’s Legislature to Consider Consumer Data Privacy Bill Akin to California’s CCPA

Florida lawmakers have proposed data privacy legislation that, if adopted, would impose significant new obligations on companies offering a website or online service to Florida residents, including allowing consumers to “opt out” of the sale of their personal information. While the bill (SB 1670 and HB 963) does not go as far as did the recent California Consumer Privacy Act, its adoption would mark a significant increase in Florida residents’ privacy rights. Companies that have an online presence in Florida should study the proposed legislation carefully. Our initial take on the proposed legislation appears below.

The proposed legislation requires an “operator” of a website or online service to provide consumers with (i) a “notice” regarding the personal information collected from consumers on the operator’s website or through the service and (ii) an opportunity to “opt out” of the sale of certain of a consumer’s personal information, known as “covered information” in the draft statute.

The “notice” would need to include several items. Most importantly, the operator would have to disclose “the categories of covered information that the operator collects through its website or online service about consumers who use [them] … and the categories of third parties with whom the operator may share such covered information.” The notice would also have to disclose “a description of the process, if applicable, for a consumer who uses or visits the website or online service to review and request changes to any of his or her covered information. . . .” The bill does not otherwise list when this “process” would be “applicable,” and it nowhere else appears to create for consumers any right to review and request changes.

While the draft legislation obligates operators to stop selling data of a consumer who submits a verified request to do so, it does not appear to require a description of those rights in the “notice.” That may just be an oversight in drafting. In any event, the bill is notable as it would be the first Florida law to require an online privacy notice. Further, a “sale” is defined as an exchange of covered information “for monetary consideration,” which is narrower than its CCPA counterpart, and contains exceptions for disclosures to an entity that merely processes information for the operator.

There are also significant questions about which entities would be subject to the proposed law. An “operator” is defined as a person who owns or operates a website or online service for commercial purposes, collects and maintains covered information from Florida residents, and purposefully directs activities toward the state. That “and” is assumed, as the proposed bill does not state whether those three requirements are conjunctive or disjunctive.

Excluded from the definition of “operator” is a financial institution (such as a bank or insurance company) already subject to the Gramm-Leach-Bliley Act, and an entity subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Outside of the definition of “operator,” the proposed legislation appears to further restrict the companies to which it would apply, to eliminate its application to smaller companies based in Florida, described as entities “located in this state,” whose “revenue is derived primarily from a source other than the sale or lease of goods, services, or credit on websites or online services,” and “whose website or online service has fewer than 20,000 unique visitors per year.” Again, that “and” is assumed as the bill does not specify “and” or “or.”

Lastly, the Department of Legal Affairs appears to be vested with authority to enforce the law. The proposed legislation states explicitly that it does not create a private right of action, although it also says that it is in addition to any other remedies provided by law.

The proposed legislation is part of an anticipated wave of privacy legislation under consideration across the country. California’s CCPA took effect in January and imposes significant obligations on covered businesses. Last year, Nevada passed privacy legislation that bears a striking resemblance to the proposed Florida legislation. Other privacy legislation has been proposed in Massachusetts and other jurisdictions.

ARTICLE BY John E. Clabby, Joseph W. Swanson, Steven Blickensderfer and Patricia M. Carreiro of Carlton Fields.

For more on new and developing legislation in Florida and elsewhere, see the National Law Review Election Law & Legislative News section.

Reflections on 2019 in Technology Law, and a Peek into 2020

It is that time of year when we look back to see what tech-law issues took up most of our time this year and look ahead to see what the emerging issues are for 2020.

Data: The Issues of the Year

Data presented a wide variety of challenging legal issues in 2019. Data is solidly entrenched as a key asset in our economy, and as a result, the issues around it demanded a significant level of attention.

Clearly, privacy and data security-related data issues were dominant in 2019. The GDPR, CCPA and other privacy regulations garnered much consideration and resources, and with GDPR enforcement ongoing and CCPA enforcement right around the corner, the coming year will be an important one to watch. As data generation and collection technologies continued to evolve, privacy issues evolved as well. In 2019, we saw many novel issues involving mobile, biometric and connected car Facial recognition technology generated a fair amount of litigation, and presented concerns regarding the possibility of intrusive governmental surveillance (prompting some municipalities, such as San Francisco, to ban its use by government agencies).
Because data has proven to be so valuable, innovators continue to develop new and sometimes controversial technological approaches to collecting data. The legal issues abound. For example, in the past year, we have been advising on the implications of an ongoing dispute between the City Attorney of Los Angeles and an app operator over geolocation data collection, as well as a settlement between the FTC and a personal email management service over access to “e-receipt” data. We have entertained multiple questions from clients about the unsettled legal terrain surrounding web scraping and have been closely following developments in this area, including the blockbuster hiQ Ninth Circuit ruling from earlier this year. As usual, the pace of technological innovation has outpaced the ability for the law to keep up.
Data security is now regularly a boardroom and courtroom issue, with data breaches, phishing, ransomware attacks and identity theft (and cyberinsurance) the norm. Meanwhile, consumers are experiencing deeper and deeper “breach fatigue” with every breach notice they receive. While the U.S. government has not yet been able to put into place general national data security legislation, states and certain regulators are acting to compel data collectors to take reasonable measures to protect consumer information (e.g., New York’s newly-enacted SHIELD Act) and IoT device manufacturers to equip connected devices with certain security features appropriate to the nature and function of the devices secure (e.g., California’s IoT security law, which becomes effective January 1, 2020). Class actions over data breaches and security lapses are filed regularly, with mixed results.
Many organizations have focused on the opportunistic issues associated with new and emerging sources of data. They seek to use “big data” – either sourced externally or generated internally – to advance their operations. They are focused on understanding the sources of the data and their lawful rights to use such data. They are examining new revenue opportunities offered by the data, including the expansion of existing lines, the identification of customer trends or the creation of new businesses (including licensing anonymized data to others).
Moreover, data was a key asset in many corporate transactions in 2019. Across the board in M&A, private equity, capital markets, finance and some real estate transactions, data was the subject of key deal points, sometimes intensive diligence, and often difficult negotiations. Consumer data has even become a national security issue, as the Committee on Foreign Investment in the United States (CFIUS), expanded under a 2018 law, began to scrutinize more and more technology deals involving foreign investment, including those involving sensitive personal data.

I am not going out on a limb in saying that 2020 and beyond promise many interesting developments in “big data,” privacy and data security.

Social Media under Fire

Social media platforms experienced an interesting year. The power of the medium came into even clearer focus, and not necessarily in the most flattering light. In addition to privacy issues, fake news, hate speech, bullying, political interference, revenge porn, defamation and other problems came to light. Executives of the major platforms have been on the hot seat in Washington, and there is clearly bipartisan unease with the influence of social media in our society. Many believe that the status quo cannot continue. Social media platforms are working to build self-regulatory systems to address these thorny issues, but the work continues. Still, amidst the bluster and criticism, it remains to be seen whether the calls to “break up” the big tech companies will come to pass or whether Congress’s ongoing debate of comprehensive data privacy reform will lead to legislation that would alter the basic practices of the major technology platforms (and in turn, many of the data collection and sharing done by today’s businesses). We have been working with clients, advising them of their rights and obligations as platforms, as contributors to platforms, and in a number of other ways in which they may have a connection to such platforms or the content or advertising appearing on such platforms.

What does 2020 hold? Will Washington’s withering criticism of the tech world translate into any tangible legislation or regulatory efforts? Will Section 230 of the Communications Decency Act – the law that underpins user generated content on social media and generally the availability of user generated content on the internet and apps – be curtailed? Will platforms be asked to accept more responsibility for third party content appearing on their services?

While these issues are playing out in the context of the largest social media platforms, any legislative solutions to these problems could in fact extend to others that do not have the same level of compliance resources available. Unless a legislative solution includes some type of “size of person” test or room to adapt technical safeguards to the nature and scope of a business’s activities or sensitivity of the personal information collected, smaller providers could be shouldered with a difficult and potentially expensive compliance burden. Thus, it remains to see how the focus on social media and any attempt to solve the issues it presents may affect online communications more generally.

Quantum Leaps

Following the momentum of the passage of the National Quantum Initiative at the close of 2018, a significant level of resources has been invested into quantum computing in 2019. This bubble of activity culminated in Google announcing a major milestone in quantum computing. Interestingly, IBM suggests that it wasn’t quite as significant as Google claimed. In any case, the development of quantum computing in the U.S. has progressed a great deal in 2019, and many organizations will continue to focus on it as a priority in 2020.

Reports state that China has dedicated billions to build a Chinese national laboratory for quantum computing, among other related R&D products, a development that has gotten the attention of Congress and the Pentagon. This may be the beginning of the 21^st century’s great technological race.
What is at stake? The implications are huge. It is expected that ultimately, quantum computers will be able to solve complex computations exponentially faster – as much as 100 million times faster — than classic computers. The opportunities this could present are staggering. As are the risks and dangers. For example, for all its benefits, the same technology could quickly crack the digital security that protects online banking and shopping and secure online communications.
Many organizations are concerned about the advent of quantum computing. But given that it will be a reality in the future, what should you be thinking about now? While not a real threat for 2020 or the near-term thereafter, it would be wise to think about it if one is anticipating investing in long-term infrastructure solutions. Will quantum computing render the investment obsolete? Or, will quantum computing present a security threat to that infrastructure? It is not too early to think about these issues, and for example, technologists have been hard at work developing quantum-proof blockchain protocols. It would at least be prudent to understand the long-term roadmap of technology suppliers to see if they have even thought about quantum computing, and if so, to see to how they see quantum computing impacting their solutions and services.

Artificial Intelligence

We have seen significant level of deployment in the Artificial Intelligence/Machine Learning landscape this past year. According to the Artificial Intelligence Index Report 2019, AI adoption by organizations (of at least one function or business unit) is increasing globally. Many businesses across many industries are deploying some level of AI into their businesses. However, the same report notes that many companies employing AI solutions might not be taking steps to mitigate the risks from AI, beyond cybersecurity. We have advised clients on those risks, and in certain cases have been able to apportion exposure amongst multiple parties involved in the implementation. In addition, we have also seen the beginning of regulation in AI, such as California’s chatbot law, New York’s recent passage of a law (S.2302) prohibiting consumer reporting agencies and lenders from using the credit scores of people in a consumer’s social network to determine that individual’s credit worthiness, or the efforts of a number of regulators to regulate the use of AI in hiring decisions.

We expect 2020 to be a year of increased adoption of AI, coupled with an increasing sense of apprehension about the technology. There is a growing concern that AI and related technologies will continue to be “weaponized” in the coming year, as the public and the government express concern over “deepfakes” (including the use of voice deepfakes of CEOs to commit fraud). And, of course, the warnings of people like Elon Musk and Bill Gates, as they discuss AI, cannot be ignored.

Blockchain

We have been very busy in 2019 helping clients learn about blockchain technologies, including issues related to smart contracts and cryptocurrency. 2019 was largely characterized by pilots, trials, tests and other limited applications of blockchain in enterprise and infrastructure applications as well as a significant level of activity in tokenization of assets, cryptocurrency investments, and the building of businesses related to the trading and custody of digital assets. Our blog, www.blockchainandthelaw.io keeps readers abreast of key new developments and we hope our readers have found our published articles on blockchain and smart contracts helpful.

Looking ahead to 2020, regulators such as the SEC, FinCEN, IRS and CFTC are still watching the cryptocurrency space closely. Gone are the days of ill-fated “initial coin offerings” and today, security token offerings, made in compliance with the securities laws, are increasingly common. Regulators are beginning to be more receptive to cryptocurrency, as exemplified by the New York State Department of Financial Services revisiting of the oft-maligned “bitlicense” requirement in New York.

Beyond virtual currency, I believe some of the most exciting developments of blockchain solutions in 2020 will be in supply chain management and other infrastructure uses of blockchain. 2019 was characterized by experimentation and trial. We have seen many successes and some slower starts. In 2020, we expect to see an increase in adoption. Of course, the challenge for businesses is to really understand whether blockchain is an appropriate solution for the particular need. Contrary to some of the hype out there, blockchain is not the right fit for every technology need, and there are many circumstances where a traditional client-server model is the preferred approach. For help in evaluating whether blockchain is in fact a potential fit for a technology need, this article may be helpful.

Other 2020 Developments

Interestingly, one of the companies that has served as a form of leading indicator in the adoption of emerging technologies is Walmart. Walmart was one of the first major companies to embrace supply use of blockchain, so what is Walmart looking at for 2020? A recent Wall Street Journal article discusses its interest and investment in 5G communications and edge computing. We too have been assisting clients in those areas, and expect them to be active areas of activity in 2020.

Edge computing, which is related to “fog” computing, which is, in turn, related to cloud computing, is simply put, the idea of storing and processing information at the point of capture, rather than communicating that information to the cloud or a central data processing location for storage and processing. According to the WSJ article, Walmart plans on building edge computing capability for other businesses to hire (following to some degree Amazon’s model for AWS). The article also talks about Walmart’s interest in 5G technology, which would work hand-in-hand with its edge computing network.

Our experience with clients suggest that Walmart may be onto something. Edge and fog computing, 5G and the growth of the “Internet of Things” are converging and will offer the ability for businesses to be faster, cheaper and more profitable. Of course this convergence also will tie back to the issues we discussed earlier, such as data, privacy and data security, artificial intelligence and machine learning. In general, this convergence will increase even more the technical abilities to process and use data (which would conceivably require regulation that would feature privacy and data security protections that are consumer-friendly, yet balanced so they do not stifle the economic and technological benefits of 5G).

This past year has presented a host of fascinating technology-based legal issues, and 2020 promises to hold more of the same. We will continue to keep you posted!

We hope you had a good 2019, and we want to wish all of our readers a very happy and safe holiday season and a great New Year!

ARTICLE BY Jeffrey D Neuburger of Proskauer Rose LLP.

For more in technology developments, see the National Law Review Intellectual Property or Communications, Media & Internet law sections.

FDA Issues Warning Letters, Cautions Consumers on Unapproved CBD Products

Nearly a year after the 2018 Farm Bill legalized hemp nationwide, the legal status of one of its most popular products, cannabidiol (CBD), is becoming clearer.

On Nov. 25, the U.S. Food and Drug Administration (FDA) issued a revised consumer update regarding unapproved CBD products and issued a new round of warning letters to CBD retailers selling products in violation of the Food, Drug and Cosmetics Act (FDCA). The agency also warned of potential health risks and safety concerns associated with numerous unapproved CBD products. The FDA publicized its determination that CBD cannot be considered as Generally Recognized as Safe (GRAS) under federal law, foreclosing one of the regulatory paths available to the FDA for allowing CBD as a food ingredient.

These recent actions underscore the FDA’s interpretation that food products, unapproved drugs, dietary supplements and cosmetics containing CBD sold in interstate commerce often violate the FDCA.

FDA warning letters

In this recent round of enforcement efforts, the FDA issued fifteen warning letters to CBD companies selling a variety of products in interstate commerce, including balms, capsules, oils, tinctures, lotions, gummies, chews and sprays that were marketed for use by adults, children and animals.

The letters outline the FDA’s legal analysis which concludes that the products at issue were marketed in interstate commerce as unapproved new drugs, misbranded drugs, adulterated foods or improperly labeled as dietary supplements in violation of the FDCA. The crux of this analysis is that CBD is an active ingredient in an approved drug as well as other drugs under clinical investigation.

These products triggered FDCA violations in a variety of ways:

Unapproved new drugs – CBD products making claims to prevent, diagnose, mitigate, treat or cure serious diseases, such as cancer, AIDS, schizophrenia and diabetes.
Misbranded drugs – CBD products marketed as drugs that also fail to bear adequate directions for use.
Dietary supplement labeling – Improperly using the label “dietary supplement” when it does not meet the definition under the FDCA.
Adulterated human food – CBD products marketed as conventional human foods and contain a drug approved by the FDA.

Each warning letter identified an “unapproved new drug” violation with products making aggressive health claims surrounding cancer or other similar serious conditions, suggesting the FDA continues to focus its efforts at “egregious, over-the-line” health claims as referenced by former FDA Commissioner Scott Gottlieb.

FDA consumer update

The FDA simultaneously issued a consumer update, signaling that unapproved CBD products remain prohibited under the FDCA. The agency noted it has seen only limited data about CBD safety and that some of the data points to risks that should be considered before taking CBD.

The FDA warned that unapproved CBD products may pose safety risks and make unproven health claims. The FDA fears consumers may put off getting proper diagnosis, treatment or supportive care due to unsubstantiated claims associated with CBD products.

Additionally, the FDA noted the information it currently has “underscores the need for further study and high quality, scientific information about the safety and potential uses of CBD.” The consumer update further notes:

No FDA evaluation of CBD products – There has been no FDA evaluation of whether unapproved CBD products are effective for their intended use, what the proper dosage might be, how they could interact with FDA-approved drugs or whether they have dangerous side effects or other safety concerns.
Potential health risks – Specifically, the FDA also identified some of the potential risks associated with using CBD products, including liver injury and male reproductive toxicity. Other potential health risks remain unknown to date, including the effects of sustained daily usage by adults as well as the effects on children, breastfed newborns and developing fetuses.
Side effects – Other side effects include drowsiness, gastrointestinal distress and increased irritability and agitation.
Unregulated manufacturing process and product safety is unknown – The manufacturing process of unapproved CBD drug products has not been subject to FDA review and the effects of CBD containing potentially unsafe levels of contaminants, such as pesticides and heavy metals, are unknown.

CBD remains a legal product

Despite this recent action from the FDA, hemp-derived CBD remains a legal product under federal law, but it must be marketed without violating the FDCA. Additionally, the warning letters and consumer update highlight that the FDA is targeting its enforcement to companies engaged in interstate commerce and making egregious, unsubstantiated health claims.

As is the case with other cannabis issues, the disconnect between state and federal law means companies are finding ways to bring products to market while limiting their risk. However, stakeholders must be aware of the risks under state and federal law when marketing any product containing CBD.

Expect more information from the FDA soon

The consumer update also notes that the FDA is “evaluating the regulatory frameworks that apply to certain cannabis-derived products that are intended for non-drug uses, including whether and/or how the FDA might consider updating its regulations, as well as whether potential legislation might be appropriate.” More information will be coming soon from the FDA, but it may be awhile before CBD can be marketed legally as a food ingredient or dietary supplement under federal law.

ARTICLE BY Zachary Bemis of Godfrey & Kahn S.C.

More on FDA CBD Regulation via the National Law Review Biotech, Food & Drug law page.

Share this:

Like this:

Background

Case Analysis: Seila Law

Implications

Share this:

Like this:

A. The New Jersey Consumer Fraud Act

B. The Federal Defense Production Act

Share this:

Like this:

State Attorneys General

FTC and FDA

Department of Justice

Share this:

Like this:

Are Recall Calls a Nuisance or an Emergency?

Protecting Against Recall-Call Complaints

Share this:

Like this:

Lyft Sexual Assault Claims Consolidated in San Francisco Superior Court

Need for ESI (Electronically Stored Information) Orders, Are Lyft Drivers are Independent Contractors or Employees, Additional Plaintiffs Joining Requires Complex Case Management

Lyft Fought Against Sexual Assault Lawsuit Consolidation

Significance of Lyft Consolidation Ruling

Lyft has not Released a Safety Report – Lyft Victims Can Still File Lawsuits

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Data: The Issues of the Year

Social Media under Fire

Quantum Leaps

Artificial Intelligence

Blockchain

Other 2020 Developments

Share this:

Like this:

FDA warning letters

FDA consumer update

CBD remains a legal product

Expect more information from the FDA soon

Share this:

Like this: