InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
DFPI says debt collection licenses “unavoidably delayed”
On May 23, the California Department of Financial Protection and Innovation (DFPI) sent a notice to applicants and prospective applicants announcing unforeseen delays in the issuance of licenses under the Debt Collection Licensing Act. The FBI informed DFPI that new changes are needed to state agency protocols for requesting federal background checks. Prospective licensees are encouraged to continue submitting applications through the Nationwide Multistate Licensing System. DFPI stated that during this delay (which “is necessary to enable the Department to effectuate the licensing background check required under the Debt Collection Licensing Act”), “applicants may continue to engage in business, and the Department will not take action for unlicensed activity against applicants who filed their applications after December 31, 2021.” DFPI will reach out to applicants with instructions for submitting fingerprints for background checks when the process becomes available, and advised licensees that “[f]or purposes of including California debt collector license numbers when contacting or communicating with debtors as required under Civil Code section 1788.11, an applicant who has filed its application through NMLS may indicate “license number pending” or similar verbiage until a license is issued.” DFPI will notify applicants when it begins issuing licenses and encourages applicants to check the Department’s website for updates.
9th Circuit: Incomplete loan modification application bars plaintiff's CA Homeowner Bill of Rights claims
On May 11, the U.S. Court of Appeals for the Ninth Circuit affirmed dismissal of a plaintiff’s allegations that a lender violated RESPA and the California Homeowner Bill of Rights (HBOR), breached its contract, and breached the implied covenant of good faith and fair dealing. The court also dismissed the plaintiff’s request for promissory estoppel. In affirming the district court, the appellate court determined that the plaintiff’s HBOR claims failed, specifically because the plaintiff insufficiently showed that she incurred actual damages because of a RESPA violation. The appellate court also agreed that the plaintiff’s HBOR claims failed because she did not submit a complete application. Under HBOR, mortgage servicers are prohibited from reporting a notice of default if a lender’s “complete application for a first lien loan modification” is pending. The appellate court concluded that the plaintiff failed to sufficiently show that she had submitted a complete loan modification application, and did not demonstrate that she took follow-up action in response to a letter stating her loan modification application was incomplete, meaning her claim failed.
With respect to the plaintiff’s remaining claims, the 9th Circuit held, among other things, that the lender’s “alleged promise to consider plaintiff’s loan modification application upon dismissal of her lawsuit was neither sufficiently definite to create a contract nor sufficiently ‘clear and unambiguous to support a promissory estoppel.’” Moreover, the plaintiff’s claim for breach of the covenant of good faith and fair dealing also failed because she could not prove breach of contract. Specifically, she did not state a claim for breach of the deed of trust because, as the plaintiff herself noted, “she failed to perform under the deed of trust when she did not make loan payments, and performance under the contract is a necessary element of a breach of contract claim.”
The dissenting judge disagreed with the majority in two key respects. First, the judge argued the majority wrongfully rejected the plaintiff’s HBOR claim because the complaint contended that the lender “would send out such boilerplate letters so that it did not have to comply with the requirement that it cease foreclosure activities once an application is complete,” and that “a lender’s bad faith conduct does not render a borrower’s application incomplete.” Regarding the plaintiff’s good faith and fair dealing claim, the judge argued that the plaintiff plausibly alleged that she submitted a complete application to the lender. According to the complaint, the plaintiff submitted the necessary documents and was allegedly informed by the lender’s lawyer that “her application was ‘in review, which meant that plaintiff’s application was complete.’”
DFPI amends requirements for Increased Access to Responsible Small Dollar Loans Program
On May 10, the California Department of Financial Protection and Innovation (DFPI) issued a notice of approval of amendments to regulations under the California Financing Law (CFL) related to the agency’s pilot program for increased access to responsible small-dollar loans (RSDL program). The RSDL program, which became operative in 2014, allows finance lenders licensed under the CFL and approved by the DFPI commissioner to charge specified alternative interest rates and charges, including an administrative fee and delinquency fees, on loans subject to certain requirements.
The approved amendments, among other things, increase the upper dollar loan limit from $2,500 to $7,500, require applicants to submit mandatory policies and procedures for addressing customer complaints and responding to questions from loan applicants and borrowers, require lenders report additional information about the finders they use, and allow lenders to use qualified finders to disburse loan proceeds, collect loan payments, and issue notices and disclosures to borrowers. (See also DFPI’s final statement of reasons, which outlines specific revisions and discusses the agency’s responses to public comments.) The amendments are effective July 1.
District Court dismisses privacy class action claims citing absence of jurisdiction
On May 5, the U.S. District Court for the Northern District of California granted defendants’ motions to dismiss a putative class action concerning invasion of privacy claims related to the collection of consumer data over an online shopping platform. The Canada-based e-commerce company and two of its wholly-owned subsidiaries operate an e-commerce platform that hosts merchants’ websites and facilitates and verifies customers’ payment information. According to the plaintiff, the defendants’ platform intercepts payment information and collects shoppers’ sensitive personal information through the use of cookies, including names, addresses, and credit card information. The plaintiff alleged that the defendants compile the data into individualized profiles, which is shared with merchants, and also share shoppers' data with other non-merchant third parties. Shoppers are not required to consent to any of these activities and are supposedly unaware that their sensitive information is being tracked and shared, the plaintiff stated, claiming violations of California’s Invasion of Privacy Act, Computer Data Access and Fraud Act, and Unfair Competition Law, among other things. In dismissing the action, the court concluded that the plaintiff’s privacy claims against the defendants are too general and fail to identify which defendant is responsible for the plaintiff’s alleged injuries. The court noted that it would normally permit the plaintiff to amend his complaint to address the issue, but said that in this case the court lacks both general and specific jurisdiction over any of the defendants. The court explained that the plaintiff failed to argue that any of the three entities (based either in Canada or Delaware) are subject to general jurisdiction in California. Simply stating that the platform “enables merchants to sell products online . . . does not represent an intentional act directed at California residents,” the court stated.
District Court allows data sharing invasion of privacy claims to proceed
On May 4, the U.S. District Court for the Central District of California partially dismissed the majority of a putative class action accusing several large retailers and a data analytics company (collectively, “defendants”) of illegally sharing their consumer transaction data, allowing only an invasion of privacy claim to proceed. In 2020, plaintiffs’ claimed the retail defendants shared consumer data without authorization or consent, including “all unique identification information contained on or within a consumer’s driver’s license, government-issued ID card, or passport, e.g., the consumer’s name, date of birth, race, sex, photograph, complete street address, and zip code,” with the data analytics company who used the information to create “risk scores” that purportedly calculated a consumer’s likelihood of retail fraud or other criminal activity. The court permanently dismissed the plaintiffs’ California Consumer Privacy Act claims, finding that the state law was not in effect when some of the plaintiffs allegedly attempted returns or exchanges and that the law does not contain an express retroactivity provision. Additionally, while plaintiffs argued that the retail defendants engaged in “a pattern or practice of data sharing,” the court concluded that plaintiffs failed “to allege that they are continuing to return or exchange merchandise at these retailers such that their data is disclosed” to the data analytics company. The court also dismissed the FCRA claims, ruling that the data analytics company’s risk report is not a “consumer report” subject to the FCRA because it does not “bear on Plaintiff’s eligibility for credit.” Plaintiffs’ claims for unjust enrichment and violations of California's Unfair Competition Law were also dismissed. However, the court concluded that the plaintiffs had plausibly alleged a reasonable expectation of privacy against the defendants, pointing to “the wide discrepancy between Plaintiffs’ alleged expectations for Retail Defendants’ use of their data and its actual alleged use.”
“The court finds dismissing this claim at the pleading stage particularly inappropriate where, as is the case here, defendants are the only party privy to the true extent of the intrusion on Plaintiffs’ privacy,” the court stated. “Reading the Complaint in a light most favorable to Plaintiffs, Plaintiffs sufficiently allege that [] defendants’ intrusion into Plaintiffs’ privacy was highly offensive.”
California governor orders state to create blockchain regulatory framework
On May 4, the California governor issued an executive order calling on the state to create a transparent and consistent framework for companies operating in blockchain, cryptocurrency, and related financial technologies. This framework, the governor stated, should harmonize federal and California laws and balance innovation with consumer protection. The executive order outlined several priorities, including:
- The framework should include input from a range of stakeholders for potential blockchain applications and ventures;
- The Department of Financial Protection and Innovation (DFPI) should engage in a public process, including with federal agencies, to “develop a comprehensive regulatory approach to crypto assets harmonized with the direction of federal regulations and guidance” and should “exercise its authority under the California Consumer Financial Protection Law (CCFPL) to develop guidance and, as appropriate, regulatory clarity and supervision of private entities offering crypto asset-related financial products and services” in the state;
- DFPI should publish consumer protection principles that include model disclosures, error resolution, and other criteria, and “seek input from stakeholders and licensees in order to publish guidance for California state-chartered banks and credit unions”;
- DFPI should engage in actions to protect consumers, including initiating enforcement actions to enforce the CCFPL, enhancing its review of consumer complaints related to crypto asset-related financial products and services and working with companies to remedy such complaints, and publishing consumer education materials;
- GovOps should issue a request for innovative ideas to explore opportunities for deploying blockchain technologies that address public-serving and emerging needs; and
- Members of the Governor's Council for Postsecondary Education should “identify opportunities to create a research and workforce environment to power innovation in blockchain technology, including crypto assets” to “expose students to emerging opportunities.”
The governor emphasized that while blockchain technology over the past decade “has laid the foundation for a new generation of innovation, spurring a rise in entrepreneurialism in sectors including financial technology,” among others, its impact “is both uncertain and profound” and carries risks and legal implications.
California reinstates single commercial loan licensing exemption under the CFL
On April 28, the California governor signed SB 577, which amends provisions relating to certain financial institutions, including California Financing Law (CFL), Escrow Agent, and Money Transmitter licensees.
The bill reinstates a licensing exemption available to commercial lenders in California. Specifically, the bill reenacted a provision that formerly expired on January 1, 2022. This reinstated provision permits a lender to make a single loan within a 12-month period, if the loan is a commercial loan as defined by the CFL, without having to obtain a CFL license.
The bill also updates contact information to be included on notices posted by California Money Transmitter licensees. Specifically, the bill establishes that California Money Transmitter licensees are required to prominently post, in English and in the same language used by the licensee to conduct business, on the premises of each branch office that conducts money transmission activities a certain notice, including specific contact information for the California Department of Financial Protection and Innovation.
Finally, the bill removes obsolete language from provisions governing criminal and civil background requirements for Escrow Agent licensees.
The bill is effective immediately.
District Court orders evidence showing customer agreed to arbitration clause in clickwrap agreement
On April 15, the U.S. District Court for the Northern District of California ordered a defendant “teledentristry” practice to file a declaration evidencing a clickwrap agreement that shows that the plaintiff assented to an arbitration agreement in an addendum to a retail installment contract. The plaintiff filed a putative class action claiming the defendant failed to comply with consumer protection licensing requirements and made misleading and false representations to consumers about the scope of its services and the provided dental care. The defendant moved to compel arbitration, stating that when customers create an account on the defendant’s website, they are required to affirmatively check a clickwrap checkbox to provide informed consent and must agree to the defendant’s terms and conditions before finalizing the registration process. The checkbox is not pre-checked, the defendant stated, and customers can view the full terms and conditions when clicking on the hyperlinks for each policy. The defendant maintained that if the plaintiff had clicked on the “Informed Consent” hyperlink, he would have been presented with the arbitration clause. The defendant also claimed that its servers log customers’ electronic assent to the terms and conditions and provided evidence purportedly showing that the plaintiff accepted the terms and conditions. The plaintiff countered that he did not assent to the arbitration agreement.
The arbitration dispute concerns whether the plaintiff assented to the arbitration agreement, whether the agreement is valid and enforceable, and whether the agreement delegates questions of arbitrability to the arbitrator and not the court. According to the court, the defendant failed to show sufficient evidence that the plaintiff agreed to the arbitration agreement and stated it will issue a ruling once the defendant provides additional evidence showing what the plaintiff would have seen when he allegedly assented to the clickwrap agreement, as well as “the circumstances under which [plaintiff] received and allegedly assented to the addendum to the retail installment contract.” The court’s order also granted plaintiff’s motion to further amend the complaint but denied plaintiff’s motion to remand on the grounds that the Class Action Fairness Act of 2005 conferred subject-matter jurisdiction upon the court.
California Court of Appeal: Including extraneous language in FCRA disclosure may constitute willful violation
On April 19, the California Court of Appeal for the Fourth Appellate District reversed a trial court’s summary judgment order and held that the inclusion of extraneous language in an employer’s FCRA disclosures to job applicants may constitute willful violation of the FCRA. The plaintiff filed a putative class action against the defendant employer, contending that it willfully violated the FCRA by providing job applicants with a disclosure that included extraneous language unrelated to the topic of consumer reports. The plaintiff alleged that the disclosure violated the FCRA’s requirement for providing a standalone disclosure informing the applicant that the employer may obtain the applicant’s consumer report when making a hiring decision upon applicant’s consent. The defendant filed a motion for summary judgment arguing that no reasonable jury could find that the plaintiff’s FCRA violation was willful, because the erroneous disclosure form was the result of a drafting mistake that took place when the defendant modified a sample disclosure provided by a consumer reporting agency to ensure compliance with the FCRA. The trial court granted the defendant’s motion, finding that any non-compliance resulted from a drafting was an inadvertent error.
On appeal, the Court of Appeal reversed and remanded with instructions that the trial court deny the motion for summary judgment. The appellate court found that “a reasonable jury could find that [the employer] acted willfully because it violated an unambiguous provision of the FCRA.” The Court of Appeal noted that that there’s evidence that at least one of the defendant’s employees was aware that the extraneous language would be included in the disclosure form. In addition, the continuous use of the allegedly problematic disclosure form for nearly two years could signify recklessness. The Court of Appeal reasoned further that the defendant’s “continued and prolonged use” of the “problematic” disclosure form “suggest[ed] that it had no proactive monitoring system in place to ensure its disclosure was FCRA-complaint.”
District Court allows state claims concerning the use of individuals’ likenesses in online ads to proceed
On April 19, the U.S. District Court for the Northern District of California denied a motion to dismiss in a putative class action alleging a California-based website operator violated various Ohio, Indiana, and California state laws by appropriating individuals’ names and likenesses and using this information in online teaser profile advertisements. Plaintiffs contended that the “teasers” violated their rights of publicity, and that memberships give users access to data including location history, family members, court records, employment information, and more. Plaintiffs further stated that “they ‘did not consent to the commercial use of their personal information and personas to promote subscriptions to a website with which they have no relationship.’” Defendant moved to dismiss on numerous grounds, including lack of standing.
In denying the motion to dismiss, the court ruled that plaintiffs have Article III standing to sue and that plaintiffs sufficiently pleaded a cognizable injury in “that their names, likenesses, and related information have commercial value and were being used for a commercial purpose.” The court also reviewed the adequacy of pleadings with respect to the alleged state violations and concluded, among other things, that the defendant’s teasers “are not subject to statutory exceptions for newsworthiness or public interest information.” As to the defendant’s alleged violations of California’s Unfair Competition Law (UCL), the court considered whether the California Consumer Privacy Act (CCPA) “immunizes [defendant’s] behavior from UCL liability.” According to the defendant, the CCPA generally obligates businesses to notify California residents when personal information is being used, it also “contains an express exemption for the use of publicly available data.” Because this conduct is allegedly permitted by the CCPA, the defendant argued, it cannot violate the UCL. The court disagreed, writing that “all that these provisions of the CCPA do are exempt publicly available data from special notification and disclosure rules that the statute itself imposes on companies that collect Californians’ data. . . . They do not expressly or impliedly set aside privacy-based tort claims or related UCL claims.”