InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
U.S. Supreme Court Passes on Two Banking Cases
This week the Supreme Court denied petitions for a writ of certiorari in two banking-related appeals. In Cummings v. Doughty, No. 12-351, the petitioners, a bank and its CEO, asked the Supreme Court to determine whether the safe harbor established by the Annunzio-Wylie Anti-Money Laundering Act provides absolute (versus qualified) immunity from claims that arise from the submission of a suspicious activity report (SAR). The petitioners were appealing a Louisiana state court holding, which the state appellate courts declined to review, that denied petitioners immunity under the Act after the CEO reported a bank president for possible suspicious activity. The bank president claimed that the petitioners lacked a good faith basis to report him and, therefore, could not receive absolute immunity. The petitioners argued that the First Circuit and the Second Circuit have held, based on the plain language of the Act, that financial institutions have absolute immunity from any cause of action relating to the submission of a SAR, while the Eleventh Circuit has held that the Act only grants qualified immunity. The Supreme Court declined to remedy the apparent circuit split.
In Parks v. MBNA America Bank, N.A., No 12-359, the Supreme Court denied review of a California Supreme Court decision that held that the National Bank Act preempts state requirements that certain disclosures accompany preprinted or “convenience checks” provided by a credit card issuer to its cardholders. The plaintiff filed suit on behalf of a putative class after he used such checks and was assessed finance charges that were greater than those that he would have been assessed had he used his credit card instead. He alleged that California law requires certain disclosures to be provided with the checks, including those related to convenience checks. In June, the California Supreme Court held the specific disclosure obligations imposed by the state law at issue, including precise language and placement of the disclosures, exceeded any federal law requirements and is preempted as an obstacle to the broad grant of power given to national banks by the NBA to conduct the business of banking.
European Parliament Moves Towards Common Rules for Card Payments
On November 20, the European Parliament adopted a nonbinding resolution calling for the development of common rules and standards for personal credit and debit card payments. The resolution explains that such rules would bring the card payment market “closer to its full potential and efficiency.” The Members of Parliament called on the European Commission to develop the legislative proposals needed to extend the current single Euro payments area (SEPA) regulation, which governs euro credit and direct debit transactions among banks, to the market for card, internet and mobile payments, but cautioned that lawmakers should avoid regulating the internet and mobile payment market too heavily, so as not to hinder its growth and innovation. The resolution also claims that current fees for handling card payments are high relative to the costs they need to cover, but does not call for caps. Finally, the resolution states that minimum security requirements for card, internet and mobile payments should be the same in all EU member states.
Federal District Court Finds Valid Agreement under ESIGN Based on Upload of Images in Accordance with Website Terms of Use
On November 13, the United States District Court for the District of Maryland held that uploaded pictures to a website disclosing in its Terms of Use (TOU) that uploading images creates valid assignments of the rights to use those images were electronic signatures creating valid assignments. Metro. Reg’l Info. Sys., Inc. v. Am. Home Realty Network, Inc., No. 12-cv-00954 (D. Md. Nov. 13, 2012). The plaintiff had obtained a preliminary injunction against the defendant’s use of images that appeared on the plaintiff’s website, and the defendant appealed the injunction, arguing, inter alia, that no valid assignment of the images had occurred under Section 204(a) of the Copyright Act, which requires assignments to be in writing and signed by the assignor. Citing Section 101(a) of the Electronic Signature in Global and National Commerce Act (ESIGN Act), the court found that users’ acts of uploading images constituted electronic signatures sufficient to satisfy the requirements of the Copyright Act. The court thus denied the defendant’s motion to suspend the preliminary injunction.
FTC Loses Motion in Unfair Billing Case Against Online Payday Loan Referral Service
On November 7, the U.S. District Court for the Middle District of Florida held that numerous factual issues prevented the court from granting summary judgment on the FTC’s claims that an online payday loan referral business engaged in unfair and deceptive billing practices and failed to provide adequate disclosures. FTC v. Direct Benefits Group, LLC, No 11-1186, 2012 WL 5430989 (M.D. Fla. Nov. 7, 2012). The FTC alleges that the defendants violated the FTC Act by obtaining consumers’ bank account information through payday loan referral websites and debiting their accounts without their consent. The FTC also alleges that the defendants failed to adequately disclose that, in addition to using consumers’ financial information for a payday loan application, they would use it to charge them for enrollments in unrelated programs and services. Although it acknowledged that the FTC had presented substantial evidence regarding consumer complaints about the defendants’ activities, the court held that because the defendants maintain that no consumer could be enrolled in the programs without at least clicking an “okay” button on the defendants’ websites, the FTC was not entitled to summary judgment. A bench trial is scheduled for November 27, 2012, during which the parties will present additional evidence and arguments regarding the content and operation of the websites and whether consumers could enroll in the referral programs without taking affirmative steps to do so.
House Members Release Data Brokers' Responses to Congressional Inquiry
On November 8, a bipartisan group of lawmakers released the responses of nine firms the lawmakers targeted in July 2012 as “major data brokerage companies” and from which the members sought information about how each firm collects, uses, and protects consumer data. Representative Markey (D-MA) who is leading the inquiry of these firms characterized the responses as incomplete, particularly with regard to how the firms analyze personal information to categorize and rate consumers. Last month, Senator Rockefeller (D-WV) initiated a similar review of data broker practices.
California AG Notifies Mobile Application Developers of Non-Compliance
On October 30, California Attorney General (AG) Kamala Harris announced that her office’s Privacy Enforcement and Protection Unit sent letters to numerous mobile application developers advising those entities of their noncompliance with state privacy law. Specifically, the AG alleges that the targeted mobile application developers failed to post a privacy policy that is reasonably accessible to the consumer, as required by the California Online Privacy Protection Act. Under the state unfair competition law, violation of the Act may result in penalties of up to $2,500 per violation. A violation in this instance is each download of a mobile application that does not properly include a privacy policy. The letters provide thirty-day notice of noncompliance as required by the Act, within which each developer must provide specific plans and a timeline for compliance, or an explanation of why the application is not covered by the Act.
Arizona Appellate Court Requires Further Proceedings on Whether Certain Emails Constitute Electronic Signatures Under State Law
Recently, the Arizona Court of Appeals ruled that a state trial court erred in dismissing a claim that an emailed thank-you note acknowledging the receipt of a signed agreement constituted an electronic signature. Young v. Rose, 286 P.3d 518 (Az. Ct. App. 2012). In this case, a real estate agent sued two former clients for breaching an exclusive representation contract. The clients had manually signed the contract and returned it as a PDF copy. The agent never manually signed the agreement, but claimed that her electronic business card attached to an email thanking her clients for the PDF copy constituted an electronic signature under the Arizona Electronic Transactions Act, which includes a broad definition of electronic signature. The trial court disagreed and dismissed the case, noting that the agent’s business card was included on all of her outgoing emails and therefore could not constitute an electronic signature in some cases but not others. The Arizona Court of Appeals vacated the trial court order on procedural grounds and held that further proceedings are necessary to determine whether the email at issue qualifies as an electronic signature. The court explained that in addition to proving the existence of an electronic signature, the agent must also establish that the parties intended to conduct the transaction by electronic means.
FTC Obtains Consumer Privacy Consent Order From Web Analytics Company
On October 22, the FTC announced a proposed consent order with an Internet tracking and analytics company that allegedly gathered personal data without consumer consent and failed to honor its promises to protect personal data. According to the FTC, Compete Inc. encouraged consumers to download its tracking software by promising rewards and information about the websites that customers visited. After installation, Compete’s software automatically collected information that consumers entered into websites, including usernames, passwords, search terms, and credit card and Social Security numbers. The FTC stated that Compete violated promises to consumers to collect only the names of websites that consumers visited, to remove personally identifiable information, and to protect consumer information. The proposed consent order requires Compete to (i) fully disclose what information it collects, (ii) obtain consumers’ express consent prior to collecting data, (iii) delete or anonymize previously collected information, and (iv) implement an information security program with regular third-party audits for the next twenty years.
CFPB Proposes Change to Credit Card Ability to Pay Rules
On October 17, the CFPB proposed a rule to amend the current Regulation Z requirement that credit card issuers consider an applicant's independent ability to pay regardless of age. The current regulation, as amended by the Federal Reserve Board, and which took effect October 1, 2011, has received criticism from members of Congress and other stakeholders that the rule limits access to credit for stay-at-home spouses and partners. The CFPB's proposed revision would remove the ability to pay requirement for consumers who are twenty-one and older and permit issuers to consider income to which such consumers have a "reasonable expectation of access." The proposed rule would not change the independent ability to pay requirement for individuals under the age of twenty-one. Comments on the proposed rule will be accepted for sixty days following publication in the Federal Register.
FTC Announces Two Privacy Events
On October 15, the FTC announced that it will host a workshop to examine the practices and privacy implications of comprehensive collection of consumers' online activities. On December 6, 2012, consumer protection organizations, academics, business and industry representatives, privacy professionals, and other stakeholders will review Internet data collection methods, identify those companies currently capable of comprehensive Internet data collection, consider what new legal protections are needed, and explore other related topics. The workshop is one step the FTC promised to pursue in a March 2012 report that urged companies to implement certain consumer privacy protections. On October 17, the FTC announced an upcoming forum on using enforceable industry codes of conduct to protect consumers in cross-border commerce. The forum will focus on the use of systems, like the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules system which was created earlier this year, when information moves between countries with different privacy rules. The forum will bring together government officials, academics, industry members, and consumer groups to discuss the increasing use of such codes.