Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On September 14, 2023, in the U.S. District Court of the Northern District of California, San Jose Division, plaintiffs filed a motion for preliminary approval of a proposed Class Action Settlement Agreement and Release pursuant to which a tech giant will pay $62 million to resolve claims that it illegally tracked and stored such users’ private location information even after users opted out. According to the filing, the proposed settlement “would be used to pay for the costs of Notice and Settlement administration, any Court-awarded attorneys’ fees and expenses and Class Representative Service Awards” with the balance being “distributed to one or more Court-approved cy pres recipients” each of which must be “independent 501(c)(3) organizations with a track record of addressing privacy concerns on the Internet.”
The company also agreed to injunctive relief for a period of at least three years, requiring it to, among other things: (i) “maintain a policy whereby (a) Location Information stored through Location History (“LH”) and Web & App Activity (“WAA”) is automatically deleted by default after a period of at least 18 months when users opt into these settings for the first time, and (b) users can set their own auto-delete periods;” (ii) provide users with instructions on how to disable each data collection setting, delete the data collected, and set retention limits; and (iii) confirm that the company “does not now share users’ precise Location Information collected in LH or WAA with third parties (except for valid legal reasons).” The settlement class includes as many as 247 million smartphone users whose location information the company stored “while “Location History” was disabled” from January 1, 2014, through the notice date.
In a statement on September 15, a spokesperson for the company said “[c]onsistent with improvements we've made in recent years, we have settled this matter, which was based on outdated product policies that we changed years ago."
On September 7, the U.S. District Court for the Northern District of New York issued a Final Order approving a more than $2.2 million settlement deal to end a class action over a credit union’s overdraft and insufficient funds fee practices.
The deal includes a $2.1 million settlement fund. After payment of attorneys’ fees to customers’ counsel, 80% of the settlement fund will go to customers who were allegedly charged overdraft fees on debit card transactions that did not overdraw their accounts when the transactions were authorized, and 20% will go to customers who were allegedly hit with multiple insufficient funds fees on a single transaction. In addition, the credit union will forgive, waive and not collect nearly $165,000 in uncollected fees.
On December 7, 2022, plaintiffs filed a putative class action complaint in the United States District Court for the Northern District of New York that consolidated two putative class action cases in which the plaintiffs alleged the credit union’s assessment of more than one insufficient funds fee on a single transaction and assessment of overdraft fees on debit card transactions that did not overdraw the customers’ accounts was a breach of contract, breach of the covenant of good faith and fair dealing, and violative of New York General Business § 349, et seq. Shortly after the actions were consolidated, the parties notified the court that they were working towards a settlement.
9th Circuit affirms summary judgment finding in favor of debt collector in lawsuit over retail card debt collection
On August 28, the U.S. Court of Appeals for the Ninth Circuit affirmed the decision of a district court to throw out a pair of consolidated punitive class action lawsuits brought against a nationwide debt collector company that alleged the company unlawfully attempted to collect debts incurred on retail-branded credit cards. A three-judge panel held that the debt collector did not “intentionally” violate provisions of the FDCPA when it circulated collection letters that did not disclose the time-barred natures of the debts under Oregon law and rejected the plaintiff’s argument that the district court had erred in granted summary judgment in favor of the company. The 9th Circuit noted that “mistakes about the time-barred status of a debt can be bona fide errors” and that the debt collector company presented evidence indicating that its failure to disclose that certain Oregon debts were time-barred were not intentional. Moreover, the 9th Circuit rejected plaintiff’s claim that a four-year statute of limitations applied to store-branded credit card accounts at the time the collection letters were sent, in part because the debt collector had sound reason to take the position that a six-year statute of limitations applied for an “account stated” under Oregon law. Ultimately, the applicable statute of limitations in this scenario remains “unsettled” under Oregon law. This, along with the fact that the 9th Circuit agreed that the company’s alleged violations were unintentional, resulted in the court’s decision to affirm the summary judgment finding in favor of the debt collector.
On August 30, a California Appeals Court (Appeals Court) reversed a lower court’s ruling that a mere alleged debt, whether or not actually due or owing – as opposed to a debt that is, in fact, actually due or owing – is insufficient to state a claim under the Rosenthal Fair Debt Collection Practices Act (Rosenthal Act). Enacted in 1977, the Rosenthal Act aims “to prohibit debt collectors from engaging in unfair or deceptive acts or practices in the collection of consumer debts.” Plaintiff purchased a home with a previously-installed solar energy system. The previous homeowner and plaintiff reached an agreement whereby the prior homeowner would purchase the energy produced through the system through monthly payments. However, the defendant, the provider of the solar energy system, sent late payment notices to plaintiff demanding that he make monthly payments. Although plaintiff did not engage in a “consumer credit transaction” with the defendant, the Appeals Court found that the plaintiff’s receipt of statements and notices from the defendant constituted money “alleged to be due or owing,” as required to state a claim under the Rosenthal Act. In holding that the plaintiff’s claim “has merit,” the Appeals Court emphasized that the Rosenthal Act was specifically designed to “eliminate the recurring problem of debt collectors dunning the wrong person or attempting to collect debts which the consumer has already paid,” and “[i]t is difficult to conceive of a more unfair debt collection practice than dunning the wrong person”.
On September 5, the CFPB filed an opposition to a motion for a preliminary injunction made by a group of Kentucky banks (plaintiff banks) in the U.S. District Court for the Eastern District of Kentucky. As previously covered by InfoBytes, the plaintiff banks filed their motion for a preliminary injunction seeking an order to enjoin the CFPB from enforcing the Small Business Lending Rule against them for the same reasons that a Texas district court enjoined enforcement of the rule (Texas decision covered by InfoBytes here). The CFPB argues that the plaintiff banks have not satisfied any of the factors necessary for preliminary relief, including that they have not shown that their claim is likely to succeed on the merits, and they have not shown that they face imminent irreparable harm. The Bureau also argues that the plaintiff banks are factually wrong in asserting that the Rule would require lenders to compile “‘scores of additional data points’ about their small business loans,” and that the additional data requirements are consistent with the Bureau’s statutory authority to require such additional data if it assists in “‘fulfilling the purposes of [the statute].’” The CFPB argues, among other things, that the “outlier ruling of the 5th Circuit” in the Texas case does not demonstrate that the plaintiff banks are entitled to the relief they seek.
On August 29, the D.C. Circuit overturned the SEC’s denial of a company’s application to convert its bitcoin trust into an exchange-traded fund (ETF). In October 2021, the company applied to convert its bitcoin trust to an ETF pursuant to Section 19(b)(1) of the Securities Exchange Act of 1934 (Exchange Act) and Rule 19b-4 thereunder, a proposed rule change to list and trade shares. In June 2022, the SEC denied the company’s application on the basis that the burden under the Exchange Act and the SEC’s Rules of Practice, which requires among other things, that the rules of national securities exchange be “designed to prevent fraudulent and manipulative acts and practices” and “to protect investors and the public interest.”
The company promptly appealed, alleging that the SEC “acted arbitrarily and capriciously by denying the listing of [the company]’s proposed bitcoin ET[F] and approving the listing of materially similar bitcoin futures ET[F]s”. The three-judge panel held that the SEC “failed to provide the necessary “reasonable and coherent explanation” for its inconsistent treatment of similar products” and “in the absence of a coherent explanation, this unlike regulatory treatment of like products is unlawful.”
This decision does not mean that the SEC must approve the company’s application. However, the SEC must review the application again.
SEC files brief in its Supreme Court appeal to reverse 5th Circuit ruling against use of adjudication powers and ALJs
On August 28, the SEC filed a brief in its appeal to the U.S. Supreme Court to reverse the decision of the U.S. Court of Appeals for the Fifth Circuit’s 2022 ruling that the commission’s in-house adjudication is unconstitutional. As previously covered by InfoBytes, the 5th Circuit held that the SEC’s in-house adjudication of a petitioners’ case violated their Seventh Amendment right to a jury trial and relied on unconstitutionally delegated legislative power. The brief argues that securities laws are “distinct from common law because they authorize the government to seek civil penalties even if no private person has yet suffered harm from the defendant’s violation (and therefore no person could obtain damages).” Moreover, the SEC argues that the Court has continually upheld the right of an agency to decide whether to enter an enforcement action through the civil or criminal process. The SEC referenced the 1985 Heckler v. Chaney case, which set the precedent that there is no constitutional difference between the power to decide whether to pursue an enforcement action and where to pursue an enforcement action, as they are both executive powers, supporting the claim that there is “a long and unbroken line of decisions that have relied on the public-rights doctrine in upholding such statutory schemes against Article III and Seventh Amendment challenges.” The SEC also reminded the Court that when it enforces securities laws through an administrative enforcement proceeding with a result that is not in favor of the respondent, the respondent may obtain a judicial review through the court of appeals. Finally, the commission contends that the 5th Circuit erred when it held that statutory removal restrictions for ALJs are unconstitutional, and that Congress has “acted permissibly in requiring agencies to establish cause for their removal of ALJs.”
On August 22, the U.S. District Court for the Western District of New York refused to dismiss CFPA and FDCPA claims brought by the CFPB that alleged violations related to misrepresentations made to debtors by debt collectors. The CFPB’s complaint alleged that defendants purchased defaulted consumer debt and then placed it for collection with, or sold it to, a network of debt collectors who consistently violated consumer protection laws by making false statements to debtors. These false statements included informing consumers that (i) they would be sued for failing to pay the debts; (ii) that their credit score would be impacted by paying or not paying the debt; and (iii) that they could face criminal charges for failing to pay the debt. The complaint additionally alleged that defendants were aware of the allegedly unlawful acts by the debt collectors they used through monitoring of the debt collectors and consumer complaints made to defendants.
The CFPB’s complaint alleged violations against a variety of corporate entities responsible for the alleged debt collection practices, as well as individual executives at those entities. Defendants moved to dismiss the complaint on several grounds. The defendants argued that they are not “covered persons” under the CFPA, because they do not actually collect debts themselves. The district court held that the defendants were “covered persons” under the CFPA since they were engaged in the collection of consumer debt, writing that it would “strain ordinary understanding to say that a company is not engaged in collecting debt when it purchases defaulted debt, places that debt with other companies for collection, and then receives some of the money recovered by those debt collectors.” Similarly, the defendants argued that they are not “debt collectors” under the FDCPA. The court also rejected this argument, reasoning that defendants’ principal purpose was debt collection making them a “debt collector” for FDCPA purposes, because they purchased portfolios of debts and derived most of their revenue from collecting those debts.
The district court also rejected defendants’ arguments that they could not be held vicariously liable for the conduct of the third-party debt collectors under the CFPA or FDCPA, reasoning that parties can be found vicariously liable for the acts of their agents under both statutes. The court held that because the CFPB’s complaint alleged that the defendants exercised authority over the debt collectors, vicarious liability for the violations by the debt collectors was appropriate.
The district court further held that the complaint adequately alleged violations of the CFPA by the individual defendants. The court held that the individual defendants enabled violations of the CFPA, relying on the fact that the individual defendants had both knowledge of the violations and the ability to control the violations, by either providing instructions to the debt collectors or by refusing to place debts with those collectors. Further, the court held that the individual defendants could be liable for “substantially assisting” violations of the CFPA, because the complaint alleged that the individual defendants recklessly disregarded unlawful behavior by the debt collectors and continued to place or sell debts to those collectors.
Finally, defendants also argued that both the CFPA and the FDCPA claims are time barred by the statute of limitations. The court rejected the defendants’ argument that the CFPB’s FDCPA claims were barred by the FDCPA’s one-year statute of limitations, holding that this provision applies only to private plaintiffs. The court held that FDCPA claims brought by the CFPB are subject to the CPFA’s statute of limitations, which bars claims brought more than three years after the CFPB’s discovery of the violations. The court further rejected the defendants’ argument that the claims were barred by this three-year statute of limitations, holding that it is unclear from the complaint when the CFPB became aware of facts constituting the violation and that the receipt of a consumer complaint by the CFPB will not necessarily constitute the date that the CFPB discovered or should have discovered the facts constituting the violation.
CFPB contests motions for preliminary injunctions to block enforcement of Small Business Lending Rule
On August 22, the CFPB filed an opposition to a motion made by a group of intervenors seeking to expand the scope of a preliminary injunction issued by the U.S. District Court for the Southern District of Texas, which enjoined the CFPB from implementing its Small Business Lending Rule. As previously covered by InfoBytes, the original plaintiffs in the litigation, a Texas banking association and a Texas bank, challenged the legality of the CFPB’s Small Business Lending Rule. After the American Bankers Association joined the case, the plaintiffs sought, and the court granted, a preliminary injunction enjoining implementation and enforcement of the rule against plaintiffs and their members. The intervenors, who consist of both banking and credit union trade associations, as well as individual banks and credit unions, seek a nationwide injunction that would apply beyond the parties to the case, or at least to the intervenors and their members. The CFPB’s opposition to this request for an expanded preliminary injunction argues that the intervenors fail to show that they would suffer immediate harm from enforcement of the Small Business Lending Rule.
In a related matter, on August 21, a group of Kentucky banks and a Kentucky banking association filed a motion for a preliminary injunction in the U.S. District Court for the Eastern District of Kentucky against the CFPB, seeking a preliminary injunction enjoining the CFPB from enforcing the Small Business Lending Rule against the plaintiffs and their members. Referencing the parallel Texas litigation, the Kentucky plaintiffs allege that they are entitled to an order enjoining enforcement of the Small Business Lending Rule against them for the same reasons that the Texas district court enjoined enforcement of the rule.
The most recent litigation activity follows a request from a group of trade associations to the CFPB to take administrative action to address the disparity in compliance dates that results from the district court’s injunction, a disparity that the trade associations argue is both unfair and disruptive to the market’s compliance efforts. The CFPB declined this request.
Both of these challenges to the Small Business Lending Rule point to a recent decision issued by the U.S. Court of Appeals for the Fifth Circuit in Community Financial Services Association of America v. Consumer Financial Protection Bureau, where the court found that the CFPB’s “perpetual self-directed, double-insulated funding structure” violated the Constitution’s Appropriations Clause (covered by InfoBytes here), as justification for why the final rule should ultimately be set aside.
On August 22, the U.S. Court of Appeals for the Seventh Circuit affirmed the dismissal of a proposed class action alleging that defendant insurance companies leaked the plaintiffs’ drivers license numbers, holding that the plaintiffs lacked standing to sue the insurance companies. In a split decision, the majority opinion held that plaintiffs failed to establish standing to bring a lawsuit under the Driver’s Privacy Protection Act (DPPA) based on the unauthorized disclosure of their driver’s license numbers through a form on defendant’s website. The majority held that plaintiffs failed to allege a concrete injury, writing that allegations that plaintiffs are worried about future identity theft stemming from the disclosure are insufficient for standing, focusing on legitimate reasons why driver’s license numbers are commonly exposed to third-parties. The majority further held that plaintiffs failed to allege that false unemployment benefit applications submitted in their name were traceable to the disclosure of their driver’s license number, dooming their standing claim. In a dissent, Judge Kenneth Ripple disagreed with the majority’s conclusion that plaintiffs failed to make sufficient allegations to justify standing, reasoning that the DPPA contemplates a private right of action for the types of harms suffered by the plaintiffs and that plaintiffs adequately alleged that they suffered harm from false unemployment benefit applications submitted as a result of the driver’s license number leak.