InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
House Members Introduce Mobile Device Privacy Legislation
On September 12, Representatives Edward Markey (D-MA) and Diana DeGette (D-CO) unveiled new legislation to establish consumer privacy protections with regard to mobile applications. The Mobile Device Privacy Act (H.R. 6377) would direct the FTC to promulgate regulations that require upfront disclosure of (i) the existence of any monitoring software on a device, (ii) the types of information that could be collected, (iii) the identity of those with access to the collected information, and (iv) the expected use of the information. Prior consumer consent to the collection of information and procedures for enabling consenting device owners to stop such collection would also be required. In addition, the bill would mandate information security practices in connection with information collected from mobile device users, and establish an enforcement regime involving both the FTC and the FCC, as well as state attorneys general and private suits.
Second Circuit Holds Email Notice of Arbitration Agreement Insufficient
On September 7, the U.S. Court of Appeals for the Second Circuit held that three plaintiff consumers were not bound to arbitrate certain claims related to their purchase of a discount club membership because email notice of the arbitration clause was insufficient. Schnabel v. Trilegiant Corp., No. 11-1311 WL 3871366 (2nd Cir. Sep. 7, 2012). On appeal of the district court's denial of its motion to compel arbitration, the membership club marketer argued that it provided the plaintiffs with notice of an arbitration provision (i) through a hyperlink appearing on the page the plaintiffs would have seen before enrolling in a service offered by the defendants and (ii) through an email sent to the plaintiffs after their enrollment. The Second Circuit disagreed and affirmed the district court's decision. According to the court, the email notice containing the arbitration clause "was both temporally and spatially decoupled from the plaintiffs' enrollment in and use of [the membership]; the term was delivered after initial enrollment and . . . members such as the plaintiffs would not be forced to confront the terms while enrolling in or using the service or maintaining their memberships." As such, "the email did not provide sufficient notice to the plaintiffs of the arbitration provision, and the plaintiffs therefore could not have assented to it solely as a result of their failure to cancel their enrollment in the defendants' service." The court did not provide a substantive ruling on notice via a hyperlink, holding instead that the defendants forfeited their argument by failing to raise it in the district court.
Ohio Supreme Court Holds Website Notice of Sheriff's Sale Does Not Satisfy Due Process
On September 6, the Supreme Court of Ohio held that notice of a sheriff's sale via the sheriff's website was insufficient to satisfy due process and reversed an appellate court decision that denied a foreclosing lender's motion to set aside the sheriff's sale. PHH Mortg. Corp. v. Prater, No. CA2010-12-095, WL 3848454 (Ohio Sept. 6, 2012). The lender obtained a motion for default judgment and permission to foreclose on a borrower. The sheriff's office tried multiple times to schedule a sale and each time withdrew the sale at the lender's request. The sheriff's office informed the lender in a letter that the sheriff's office no longer would send notices of scheduled sales via letter, and that the lender would need to check the sheriff's website for future notices. Notice subsequently was posted on the website and the property was sold. Both the trial court and intermediate appellate court denied the lender's request to set aside the sale. The lender argued that the sale was invalid because it had not received written notice. In a unanimous decision, the Ohio Supreme Court held that the notice directing the lender to check the sheriff's website was notice of a change in procedure and did not constitute actual notice of the sale. While the court acknowledged that Internet publication may conserve resources, it held that such notice is akin to newspaper notice and is insufficient to satisfy due process. The court agreed with a dissenting appellate court judge who identified e-mail notice as a closer substitute for mail notice, and explained that, in any event, such a change in notice requirements would have to be effectuated through a change to state or local law. The court reversed the appellate court's decision and set aside the sheriff's sale.
Federal District Court Declines to Enforce Browsewrap Arbitration Agreement
On August 28, the U.S. District Court for the Central District of California held that a retailer's so-called browsewrap agreement failed to provide the consumer with constructive notice of an agreement to arbitrate disputes and declined to enforce arbitration. Nguyen v. Barnes & Noble, Inc., No 12-0812, WL 3711081 (C.D. Cal. Aug. 28, 2012). The consumer filed suit under New York's and California's unfair competition and false advertising laws and other state statutes, alleging that the retailer canceled his online purchase of two sale items, causing him to have to later purchase substitute products at more expense. The retailer responded that by making the purchase through the company's website, the consumer accepted the website's Terms of Use, which contained an agreement to arbitrate any claims arising out of the use of that website. On the retailer's motion to compel arbitration, the court explained that the website's browsewrap agreement stated that any user of the site is deemed to have accepted its terms by, among other things, making a purchase. The court held that the retailer cannot show that the consumer had constructive notice of the Terms of Use because the site did not require that the consumer affirmatively assent to the terms. The court denied the retailer's motion to compel arbitration and allowed the litigation to proceed.
Ninth Circuit Holds Omission of Annual Fee in Credit Card Advertisements, Online Application Not Misleading
On August 31, the U.S. Court of Appeals for the Ninth Circuit upheld a district court’s dismissal of a putative class action alleging that a credit card issuer and a retailer violated California law when they failed to explicitly state the card’s annual fee in advertisements. Davis v. HSBC Bank Nevada, N.A., No. 10-56488, 2012 WL 3804370 (9th Cir. Aug. 31, 2012). The cardholder applied for a credit card that offered rewards for purchases, to be used at the retailer’s stores. Neither the advertisement for the card nor the application website mentioned that the card required an annual fee. The fee was disclosed only in the “Terms and Conditions” that the cardholder acknowledged having read and accepted prior to opening the credit account. On appeal, the cardholder argued that the omission of the annual fee in the advertisements, combined with the promise of rewards, constituted false advertising because it implied that no offsetting charges would erode the rewards. The court held that the advertisement was unlikely to deceive a reasonable consumer, even though it is possible that some people could misunderstand the terms. The court also rejected the cardholder’s argument that the issuer and retailer fraudulently concealed the fee. In doing so the court drew a distinction from its earlier decision in Barrer v. Chase Bank, N.A., 566 F.3d 883 (9th Cir. 2009), in which it held that a provision granting the issuer the right to alter the cardholder’s APR was buried in fine print and therefore violated TILA’s “clear and conspicuous” requirement. The court explained that its decision in Barrer had no bearing on the cardholder’s instant common law claims. Finally, the court rejected the cardholder’s claim that the online application and advertisements violated the state’s Unfair Competition Law because the online application is protected by a federal safe harbor and the advertisements were not deceptive.
Federal Court Dismisses Consumer Privacy Action Brought Under California's Shine the Light Act
On August 24, the U.S. District Court for the Northern District of California dismissed a putative class action alleging that Time magazine failed to establish procedures to comply with California’s Shine the Light Act (SLA). Murray v. Time, Inc., No 12-00431, 2012 WL 3634387 (N.D. Cal. Aug. 24, 2012). The SLA requires businesses to disclose to California consumers upon request any information collected and shared with third-party direct marketers. Alternatively, businesses can adopt a policy of not sharing consumer information without first obtaining consumer consent. All businesses must make consumers aware of their SLA rights by (i) maintaining a disclosure on their website and providing contact information for consumers to make a request about information shared with direct marketers, (ii) requiring customer service agents to provide the contact information upon request, or (iii) making the contact information available at every place of business in the state. The named plaintiff contends that by the nature of its business Time only could provide the required information on its website, and that it failed to do so. The court dismissed the case, holding that the named plaintiff suffered no economic or informational injury and therefore lacked standing to pursue his claims. The court held that the plaintiff’s general allegations concerning the “inherent monetary value” of consumer data are presented without any facts regarding the value of his specific personal information and therefore could not prove any economic injury. With regard to informational injury, the court explained that the plaintiff does not claim that he was deprived any information in response to a request, but rather that he was deprived of the ability to make the request. Such a procedural violation of the SLA, the court held, does not equate to informational injury. The court allowed the plaintiff to re-plead additional facts in support of his claim, but he may not add other plaintiffs or defendants.
FTC Issues Advertising and Privacy Guidelines for Mobile Application Developers
On September 5, the FTC published “Marketing Your Mobile App: Get It Right from the Start,” a guide to assist mobile application developers in complying with federal advertising and privacy requirements. The Guide provides basic guidance and principles related to truthful advertising and consumer privacy protections. For example, the guide urges application developers to (i) disclose key information in advertising materials clearly and conspicuously, (ii) collect sensitive information only with user’s affirmative consent, and (iii) avoid collecting unnecessary data and ensure the security of any sensitive data that is collected.
NACHA Proposes Guidelines for Use of QR Codes for Consumer Bill Pay
On August 30, NACHA – The Electronic Payments Association, proposed guidelines to facilitate the use of Quick Response (QR) codes for consumer bill payments. A QR code is a type of barcode readable by a mobile device equipped with a QR application. The guidelines, developed by NACHA’s Council for Electronic Billing and Payment, seek to establish a single QR code format to serve consumer bill pay needs through a variety of channels, including a biller’s website, a financial institution’s online bill pay website site, or other aggregation bill pay websites. The proposal recommends guidelines for the QR code size and format, billing data to be included, and encoding format. NACHA has requested comment from interested parties by September 19, 2012 and expects to prepare a final version of the guidelines before the end of 2012.
Privacy Challenge to Bank's Overseas Call Centers Dismissed
On August 28, the U.S. District Court for the District of Columbia dismissed a putative class action that claimed that a bank’s use of overseas call centers subjects private financial records to U.S. government review in violation of the Right to Financial Privacy Act (RFPA). The RFPA generally prohibits financial institutions from providing customer information to a government authority. Stein v. Bank of Am. Corp., No. 11-1400, 2012 WL 3671009 (D.D.C. Aug. 28, 2012). The bank customer plaintiffs claim that because foreign states and foreign nationals are not subject to U.S. privacy laws, including the RFPA, the bank’s transmission of account and other customer data to an overseas call center risks making that data available for potential review by federal national security authorities. The bank moved to dismiss for lack of subject matter jurisdiction and failure to state a claim. The court granted the bank’s motion, finding that the plaintiffs failed to allege a cognizable injury sufficient to establish standing. The court held that the bank customers do not allege that the bank actually provided any records to a government entity and therefore, the customers do not adequately plead “a concrete and particularized injury, free of conjecture or speculation.”
FTC Extends Comment Period for Children's Privacy Rule
On August 27, the FTC extended through September 24, 2012 the time period for comments on proposed changes to the Children’s Online Privacy Protection Rule. The comment period originally was due to close on September 10, 2012.