Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
District Court allows majority of privacy invasion class action claims to proceed against social media company
On September 9, the U.S. District Court for the Northern District of California granted in part and denied in part a social media company’s motion to dismiss a multidistrict class action alleging the company failed to prevent third parties from accessing and misusing private data of its users, in violation of the Stored Communications Act (SCA), the Video Privacy Protection Act (VPPA), and various state laws. In the consolidated action, the plaintiffs allege that the company (i) made sensitive user information—including basic facts such as gender, age, and address; and substantive content such as photos, videos, and religious and political views—available to third parties without user consent; and (ii) failed to prevent those same third parties from selling or otherwise misusing the information. The company moved to dismiss the action, arguing, among other things, that “people have no legitimate privacy interest in any information they make available to their friends on social media.”
The district court disagreed, concluding that most of the plaintiffs’ claims should survive, and that the company “could not be more wrong” in its argument that its users lose all privacy interest in the information they share with their friends on social media. The court asserted that when a user shares information with a limited audience, they “retain privacy rights and can sue someone for violating them.” The court also rejected the company’s argument that the plaintiffs did not have standing to sue in federal court because they could not show “tangible negative consequences from the dissemination of [the] information.” The court noted that privacy invasion is a redressable injury in itself and does not need a secondary economic injury to confer standing. Additionally, while the court recognized that the company’s argument that the users consented to this practice has “some legal force,” it cannot “defeat the lawsuit entirely, at least at the pleading stage.” Therefore, the court denied the motion as to the VPPA and narrowed certain claims under the SCA and California state laws, mostly with regard to claims on behalf of users who signed up for the service after 2009, who purportedly authorized the company to share information through their friends with app developers.
On August 28, the U.S. Court of Appeals for the 11th Circuit held that receiving one unsolicited text message is not enough of a concrete injury to establish standing under the TCPA. According to the opinion, a former client of an attorney received an unsolicited “multimedia text message” from the attorney offering a ten percent discount on services. The client filed a putative class action, alleging the attorney violated the TCPA arguing the text message caused him “‘to waste his time answering or otherwise addressing the message’” leaving his cell phone “‘unavailable for otherwise legitimate pursuits’” and resulted in “‘an invasion of  privacy and right to enjoy the full utility’” of his cell phone. The attorney moved to dismiss the complaint for lack of standing and the district court denied the motion. However, the court allowed the attorney to pursue an interlocutory appeal.
On appeal, the 11th Circuit looked to the Supreme Court decision in Spokeo, Inc. v. Robins— which held that a plaintiff must allege a concrete injury, not just a statutory violation, to establish standing—as well as the legislative history of the TCPA and determined there was “little support” for treating the client’s allegations as a concrete injury. Specifically, the panel noted that the allegations of “a brief, inconsequential annoyance are categorically distinct from those kinds of real but intangible harms” Congress set out to protect. Moreover, the “chirp, buzz, or blink of a cell phone” is annoying, but not a basis for invoking federal court jurisdiction. The panel also acknowledged that Congress, not a federal court, is “well positioned” to assess the new harms of technology. Because the client failed to allege a concrete harm by receiving the unsolicited text message, the panel reversed the district court decision.
On June 5, the U.S. Court of Appeals for the 9th Circuit affirmed a lower court’s decision to decertify a class of callers claiming their cellphone calls were unlawfully recorded, holding that the class representative lacked standing as to its individual claim. According to the opinion, customers of a concrete supplier alleged that calls placed to a phone system that the company began using in 2009 failed to inform callers that their cellphone calls were being recorded. In 2013, the company changed the recording to state that the calls maybe be “monitored or recorded.” The class representative sought to certify a class of all persons whose calls were recorded between the time that the company started using the call recording system in 2009 to when it updated the recording. The district court initially denied certification under the Federal Rule of Civil Procedure Rule 23’s predominance requirement, and later—after certifying the class based on evidence presented concerning the timing of certain recorded calls—decertified the class for failing to satisfy the “commonality” and “predominance” requirements once the concrete supplier identified nine customers who claimed they had actual knowledge of the recording practice during the class period. In addition, the court concluded that the class representative lacked standing to seek damages on its individual claim or injunctive relief because it lacked standing under the 2016 Supreme Court opinion Spokeo, Inc. v. Robins, which required that it show a concrete or particularized injury as a result of the concrete supplier's alleged violation.
On appeal, the 9th Circuit rejected the class’s argument that it “has standing to appeal the decertification order notwithstanding the adverse judgment against it on the merits” due to the following two exceptions to the mootness doctrine that may permit a class representative to appeal decertification even if its individual claims have been mooted: (i) the class representative “retains a ‘personal stake’ in class certification”; or (ii) “the claim on the merits is ‘capable of repetition, yet evading review,’” even though the class representative has lost “his personal stake in the outcome of the litigation.” The appellate court concluded that “neither of these mootness principles can remedy or excuse a lack of standing as to the representative's individual claims.”
On February 13, the U.S. District Court for the District of Nevada rejected a cloud communication company’s motion to dismiss a TCPA class action. According to the opinion, the plaintiffs’ alleged the company “collaborated as to the development, implementation, and maintenance of [a] telemarketing text message program,” which was used by a theater production company to send text messages without prior consent in violation of the TCPA and the Nevada Deceptive Trade Practices Act (NDTPA). The company moved to dismiss the claims, arguing, among other things, that it was not liable under the TCPA because it was a “transmitter” and not an “initiator” of communications. Citing the FCC’s previous determination that, under certain circumstances transmitters may be held liable under the TCPA, the court rejected this argument, concluding that the company took steps necessary to send the automated messages and that its “alleged involvement was to an extent that [it] could be considered to have initiated the contact.” Moreover, the court determined the plaintiff sufficiently alleged injury under the TCPA, concluding that violations of privacy and injury to the “quiet use and enjoyment of [a] cellular telephone” are consistent with the purpose of the TCPA. The court did dismiss the plaintiff’s NDTPA claims, however, holding that the transaction did not involve the sale or lease of goods or services as the law requires.
On January 23, the U.S. District Court for the District of Minnesota denied two financing companies’ (collectively, “defendants”) motions to dismiss an action alleging the defendants violated the Consumer Leasing Act (CLA), TILA, and a Minnesota law prohibiting usurious contracts through a transaction to purchase a puppy. According to the opinion, the plaintiff financed the purchase of a puppy through the defendants, which allowed her to take possession of the puppy in exchange for 24 monthly payments through an agreement styled as a “Consumer Pet Lease.” The agreement had an APR of 120 percent. The plaintiff filed suit against the defendants alleging the companies violated (i) the CLA by failing to disclose the number of payments owed under the agreement prior to execution; (ii) TILA by failing to adequately disclose the finance charge, the APR, and the “total of payments” as required under the Act; and (iii) the state’s usury law cap of 8 percent for personal debt. The defendants moved to dismiss the action challenging the plaintiff’s standing, among other things. The court, rejected the defendants arguments, finding that the consumer adequately alleged injury by stating she “would” have, not “might” have, pursued other funding had the defendants disclosed the actual interest rate. Additionally, the court determined the consumer plausibly alleged a CLA violation because the agreement contains information the plaintiff could view as “conflicting and confusing.” With respect to the TILA claims, the plaintiff argued that, although the agreement is styled as a lease, it is actually a credit sale, and the court rejected one of the defendant’s arguments that it was not a creditor, but rather a servicer not subject to TILA. Lastly, the court held the plaintiff adequately pleaded her state usury claim, but noted the claim’s viability would be better informed by discovery. Accordingly, the court denied the defendants’ motions to dismiss.
8th Circuit holds employee failed to plead injuries in FCRA suit against employer, law firm, and credit reporting agency
On September 6, the U.S. Court of Appeals for the 8th Circuit held that an employee lacked standing to bring claims under the Fair Credit Reporting Act (FCRA) because she failed to sufficiently plead she suffered injuries. An employee brought a lawsuit against her former employer, a law firm, and a credit reporting agency (defendants) alleging various violations of the FCRA after the employee’s credit report that was obtained as part of the hiring process background check was provided to the employee in response to her records request in a wrongful termination lawsuit she had filed. The district court dismissed the claims against the employer and the law firm and granted judgment on the pleadings for the credit reporting agency. Upon appeal, the 8th Circuit, citing the Supreme Court’s 2016 ruling in Spokeo, Inc. v. Robins (covered by a Buckley Sandler Special Alert), concluded the former employee lacked Article III standing to bring the claims. The court found that the former employee authorized her employer to obtain the credit report and failed to allege the report was used for unauthorized purposes, therefore there was no intangible injury to her privacy. Additionally, the court determined that the injuries to her “reputational harm, compromised security, and lost time” were “‘naked assertion[s]’ of reputational harm, ‘devoid of further factual enhancement.’” As for claims against the law firm and credit reporting agency, the court found that the injury was too speculative as to the alleged failures to take reasonable measures to dispose of her information. Further, whether the credit reporting agency met all of its statutory obligations to ensure the report was for a permissible purpose was irrelevant, as she suffered no injury because she provided the employer with consent to obtain her credit report.
2nd Circuit holds NCUA lacks standing to bring derivative suit against two national banks regarding RMBS claims
On August 2, the U.S. Court of Appeals for the 2nd Circuit held that the National Credit Union Administration (NCUA) lacked standing to bring a suit against two national banks on behalf of trusts created by the agency that held residential mortgage-backed securities (RMBS). According to the opinion, in 2009 and 2010, NCUA took control of five failing credit unions, including ownership of certificates the credit unions held in RMBS trusts. NCUA then transferred the certificates into new trusts and a financial institution was appointed, pursuant to an Indenture Agreement, as Indenture Trustee. NCUA subsequently brought derivative claims on behalf of the trusts against two national banks, trustees of the original RMBS trusts. In affirming the lower court’s dismissal of the claims, the appellate panel found that the NCUA did not have derivative standing to sue on behalf of the trusts because the trusts had granted the right, title, and interest to their assets, including the RMBS trusts, to the Indenture Trustee. The 2nd Circuit reasoned that therefore only the Indenture Trustee possesses the claims, and the NCUA did not have the right to sue on behalf of the Indenture Trustee under the Indenture Agreement.
- Jonice Gray Tucker to discuss "MCCA's blueprint for selling & buying - A pitch workshop for outside counsel" at the Minority Corporate Counsel Association Creating Pathways to Diversity Conference
- Buckley Webcast: Get ready for CCPA
- Daniel P. Stipano to discuss "BSA/AML culture of compliance roundtable" at the FiSCA Annual Conference
- Daniel P. Stipano to discuss "Is there a better way to fight money laundering" at the FiSCA Annual Conference
- Michelle L. Rogers to discuss "What's trending in enforcement" at the Mortgage Bankers Association Annual Convention & Expo
- Kathryn L. Ryan and Moorari K. Shah to discuss "Today's regulatory environment - Are you in the know?" at the Equipment Leasing and Finance Association Annual Convention
- Buckley Webcast: Smoke and mirrors: Navigating the regulatory landscape in banking the marijuana industry
- H Joshua Kotin to discuss "CMS - Components of a successful monitoring program" at the RegList Annual Workshop
- Tim Lange to discuss "Temporary authority to operate - Are you prepared? Hear what the states are doing" at the RegList Annual Workshop
- Sherry-Maria Safchuk to discuss "Cybersecurity" at the RegList Annual Workshop
- Jeffrey P. Naimon to discuss "Hot topics in mortgage origination" at the Conference on Consumer Finance Law Annual Consumer Financial Services Conference
- Jonice Gray Tucker to discuss "Fintech regulatory developments, crypto-assets, blockchain and digital banking, and consumer issues" at the Practising Law Institute Banking Law Institute
- Amanda R. Lawrence to discuss "How to balance a successful (and stressful) career with greater personal well-being" at the American Bar Association Women in Litigation Joint CLE Conference