Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • EU Court of Justice: Orders to remove defamatory content issued by member state courts can be applied worldwide


    On October 3, the European Court of Justice held that a social media company can be ordered to remove, worldwide, defamatory content previously declared to be unlawful “irrespective of who required the storage of that information.” The decision results from a 2016 challenge brought by a former Austrian politician against the social media company’s Ireland-based operation—responsible for users located outside of the U.S. and Canada—to remove defamatory posts and comments made about her on a user’s personal page that was accessible to any user. The social media company disabled access to the content after an Austrian court issued an interim order, which found the posts to be “harmful to her reputation,” and ordered the social media company to cease and desist “publishing and/or disseminating photographs” showing the former politician “if the accompanying text contained the assertions, verbatim and/or [used] words having an equivalent meaning as that of the comment” originally at issue. On appeal, the higher regional court upheld the order but determined that “the dissemination of allegations of equivalent content had to cease only as regards [to] those brought to the knowledge of the [social media company] by the [former politician] in the main proceedings, by third parties or otherwise.”

    The Austrian Supreme Court of Justice requested that the EU Court of Justice adjudicate whether the cease and desist order may also be “extended to statements with identical wording and/or having equivalent content of which it is not aware” under Article 15(1) of Directive 2000/31 (commonly known as the “directive on electronic commerce”). Specifically, the EU Court of Justice considered (i) whether Directive 2000/31 generally precludes a host provider that has not “expeditiously removed illegal information”—including identically worded items of information—from removing content wordwide; (ii) if Directive 2000/31 does not preclude the host provider from its obligations, “does this also apply in each case for information with an equivalent meaning”; and (iii) does Directive 2000/31 also apply to “information with an equivalent meaning as soon as the operator has become aware of this circumstance.”

    According to the judgment, Directive 2000/31 “does not preclude those injunction measures from producing effects worldwide,” holding that a national court within the member states may order host providers to remove posts it finds defamatory or illegal. However, the judges concluded that such an order must function “within the framework of the relevant international law.”

    Courts European Union Privacy/Cyber Risk & Data Security

    Share page with AddThis
  • Class certification granted in FCRA suit against credit reporting agency


    On October 1, the U.S. District Court for the Central District of California granted a plaintiff’s motion for class certification in an action against a national credit reporting agency for allegedly failing to follow reasonable procedures to assure maximum possible accuracy in the plaintiffs’ credit reports, in violation of the FCRA. As previously covered by InfoBytes, the credit reporting agency allegedly failed to delete all of the accounts associated with a defunct loan servicer, despite statements claiming to have done so in January 2015. As of October 2015, 125,000 accounts from the defunct loan servicer were still being reported, and the accounts were not deleted until April 2016. The class action alleges that the credit reporting agency violated the FCRA by continuing to report the past-due accounts, even after deleting portions of the positive payment history on the accounts. After the district court initially granted summary judgment in favor of the credit reporting agency, the U.S. Court of Appeals for the Ninth Circuit revived the lawsuit, holding that a “reasonable jury could conclude that [the credit reporting agency’s] continued reporting of [the account], either on its own, or coupled with the deletion of portions of [the consumer’s] positive payment history on the same loan, was materially misleading.” 

    In certifying a class of all persons whose credit report contained an account originated after January 21, 2015, from the defunct loan servicer, the district court concluded that the “Defendant’s failure to use maximum reasonable procedures to prevent the continued reporting of delinquent [loan servicer] accounts—presents a clear risk of material harm to Plaintiff’s concrete interest in accurate credit reporting.” The court rejected the credit reporting agency’s argument that the named plaintiff must prove standing on behalf of the entire class, determining that “for all the same reasons Plaintiff has standing, it’s at least possible that the unnamed class members also have standing.” Moreover, the court rejected the argument that damages should be an individual question because many class members “likely suffered no injury at all.” The court concluded that the fact that each class member may “collect slightly different amounts of statutory damages is insufficient, without more, to defeat a showing of predominance in this case.”

    Courts Class Action Ninth Circuit Appellate FCRA Credit Reporting Agency

    Share page with AddThis
  • D.C. Circuit upholds majority of FCC order overturning net neutrality rules


    On October 1, the U.S. Court of Appeals for the D.C. Circuit issued a decision, which mostly ratifies the FCC’s 2017 reversal of the net neutrality rules barring internet service providers (ISPs) from slowing down or speeding up web traffic based on business relationships. (See previous InfoBytes coverage here.) Notably, however, the decision vacates a portion of the FCC’s 2018 Restoring Internet Freedom Order (Order), which preempted states from issuing their own net neutrality rules on requirements that the FCC “‘repealed or decided to refrain from imposing’ in the Order or that [are] ‘more stringent’ than the Order.”

    The D.C. Circuit held that the FCC’s decision to reclassify broadband internet access as a Title I service under the Telecommunications Act—allowing for a “light-touch” regulatory framework for ISPs instead of the more heavily regulated Title II—deserves Chevron deference. The appellate court also noted that while “[p]etitioners dispute that the transparency rule, market forces, or existing antitrust and consumer protection laws can adequately protect internet openness. . . . [we] are ultimately unpersuaded.”

    The D.C. Circuit also concluded that the FCC failed to adequately address how the reversal of the net neutrality rules could affect public safety issues, holding that the FCC must address this issue. The appellate court stressed that “[u]nlike most harms to edge providers incurred because of discriminatory practices by broadband providers, the harms from blocking and throttling during a public safety emergency are irreparable.” Additionally, the appellate court instructed the FCC to revisit its analysis on how the reversal will affect the regulation of pole attachments as well as low-income households that receive the internet through an FCC subsidy program. Furthermore, while the appellate court concluded that the FCC overreached its authority in prohibiting states from passing their own net neutrality rules, Judge Williams—who concurred in part and dissented in parted—reasoned that the internet cannot be divided into state markets, and that state actions “would frustrate an agency’s authorized policy.”

    Courts Appellate D.C. Circuit Net Neutrality FCC

    Share page with AddThis
  • Seventh Circuit affirms dismissal of FDCPA suit concerning “current balance” reference


    On September 25, the U.S. Court of Appeals for the Seventh Circuit affirmed the dismissal of an action against a debt collection agency for allegedly violating the FDCPA by referring to the amount owed as a “current balance” in a letter—even though it was static and not going to change. According to the opinion, the plaintiff contended that  “current balance” falsely implied that the balance might increase in the future, which, she argued, was a violation of the FDCPA’s prohibition on false, deceptive, or misleading representations connected to the collection of a debt. By implying that the amount owed might increase if not paid, the plaintiff argued, the debt collector allegedly misled debtors into giving static debts greater priority. The district court granted the debt collector’s motion to dismiss for failure to state a claim, ruling “that no significant fraction of the population would be misled” by the letter’s use of the “current balance” phrase. The plaintiff appealed, arguing that the phrase would confuse an unsophisticated consumer.

    On appeal, the 7th Circuit determined that there is nothing inherently misleading about the reference and stated that, not only did the debt collector’s letter not contain a directive for a debtor to call for a current balance, it also failed to include language implying that a “current balance” means anything other than the balance owed. “It takes an ingenious misreading of this letter to find it misleading,” the appellate court concluded. “Dunning letters can comply with the [FDCPA] without answering all possible questions about the future. A lawyer’s ability to identify a question that a dunning letter does not expressly answer (‘Is it possible the balance might increase?’) does not show the letter is misleading, even if a speculative guess to answer the question might be wrong.”


    Courts Debt Collection FDCPA Appellate Seventh Circuit

    Share page with AddThis
  • EU's “right to be forgotten” law applies only in EU


    On September 24, the European Court of Justice held that Europe’s “right to be forgotten” online privacy law — which allows individuals to request the deletion of personal information from online sources that the individual believes infringes on their right to privacy—can be applied only in the European Union. The decision results from a challenge by a global search engine to a 2015 order by a French regulator, Commission Nationale de l'Informatique et des Libertés (CNIL), requiring the search engine to delist certain links from all of its global domains, not just domains originating from the European Union. The search engine refused to comply with the order, and the CNIL imposed a 100,000 EUR penalty. The search engine sought annulment of the order and penalty, arguing that the “right to be forgotten” does not “necessarily require that the links at issue are to be removed, without geographical limitation, from all its search engine’s domain names.” Moreover, the search engine asserted that the CNIL “disregarded the principles of courtesy and non-interference recognised by public international law” and infringed on the freedoms of expression, information, and communication.

    The Court of Justice agreed with the search engine. Specifically, the Court noted that while the “internet is a global network without borders” and internet users’ access outside of the EU to a referencing link to privacy infringing personal information is “likely to have immediate and substantial effects on that person within the Union itself,” there is no obligation under current EU law for a search engine to carry out the requested deletion on all global versions of its network. The Court explained that numerous nations do not recognize “the right to be forgotten” or take an alternate approach to the right. Additionally, the Court emphasized that “the right to the protection of personal data is not an absolute right, but must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality.” The Court concluded that, while the EU struck that balance within its union, “it has not, to date, struck such a balance as regards the scope of a de-referencing outside of the union.”

    Courts Privacy/Cyber Risk & Data Security European Union Of Interest to Non-US Persons

    Share page with AddThis
  • FTC settles with Belizean bank over real estate scheme

    Federal Issues

    On September 24, the FTC announced a proposed $23 million settlement with a Belizean bank resolving allegations that it assisted various entities in deceiving U.S. consumers into purchasing parcels of land in a luxury development in Belize. As previously covered by InfoBytes, in November 2018, the FTC filed charges and obtained a temporary restraining order against the operators of an international real estate investment scheme, which allegedly violated the FTC Act and the Telemarketing Sales Rule by advertising and selling parcels of land through the use of deceptive tactics and claims. The FTC asserted that consumers who purchased lots in the development purchased them outright or made large down payments and sizeable monthly payments, including HOA fees, and that defendants used the money received from these payments to fund their “high-end lifestyles,” rather than invest in the development. The FTC argued that “consumers either have lost, or will lose, some or all of their investments.” At the time, the FTC filed separate charges against the Belizean bank for allegedly assisting and facilitating the scam.

    According to the FTC, the bank has now agreed to the proposed consent order to settle the allegations. The consent order requires the bank to pay $23 million, which will be used to provide equitable relief, including consumer redress, and to cease all non-liquidation business activities permanently. Additionally, the consent order prohibits the liquidator or anyone else from seeking to re-license and operate the bank’s business. The consent order must be approved by the U.S. District Court for the District of Maryland.

    Federal Issues FTC FTC Act Courts Telemarketing Sales Rule Settlement Consent Order

    Share page with AddThis
  • District Court dismisses investors’ data breach claims


    On September 18, the U.S. District Court for the Northern District of California dismissed with prejudice a class action suit brought against an online payments firm and associated entities and individuals (collectively, “defendants”) for allegedly misleading investors (plaintiffs) about a 2017 data breach. The court stated that the plaintiffs plausibly alleged the defendants’ November 2017 announcement about the data breach was misleading because it “disclosed only a security vulnerability, rather than an actual security breach that potentially compromised” 1.6 million customers, which the plaintiffs contended was not actually disclosed until a month later when a follow-up statement was released. However, the court argued that the plaintiffs failed to show under the loss-causation theory that the defendants knew the breach affected 1.6 million customers when the company made its first statement, and contended that confidential witness statements provided by the plaintiffs from three former employees did not credibly support allegations that the defendants and its executives knew the full extent of the breach when they warned of potential vulnerabilities or “used that knowledge (or recklessly disregarded it) to deceive the market.” Furthermore, the court determined that while both parties agreed that a plaintiff can support a securities fraud claim with expert opinions, the plaintiffs in this case failed to allege that the cybersecurity expert they hired was familiar with, or had knowledge of, the defendants’ specific security setup or that he actually talked to the defendants’ employees about the breach. According to the court, the expert provided an opinion on “what likely would have happened in the event of any breach.”

    Courts Class Action Privacy/Cyber Risk & Data Security Data Breach

    Share page with AddThis
  • District Court: Law firm's professional debt-collection services exempt from MCPA


    On September 17, the U.S. District Court for the District of Maryland partially granted a law firm’s motion for summary judgment in a consolidated debt-collection action concerning alleged violations of the Maryland Consumer Debt Collection Act (MCDCA) and the Maryland Consumer Protection Act (MCPA). The law firm, which collects debts from consumers relating to residential leases, filed breach of contract actions against four plaintiffs seeking damages resulting from residential lease breaches. According to two of the plaintiffs, the law firm violated the FDCPA, the MCDCA, and the MCPA when it charged a 10-percent post-judgment interest rate, 4 percent higher than the applicable statutory rate legally allowed. The other two plaintiffs alleged violations of the FDCPA and the MCDCA. In 2018, following the court’s decision to certify the question of law to the Maryland Court of Appeals, the appeals court found that “a post-judgment interest rate of six [percent] applies” in circumstances where a trial court enters judgment in a landlord’s favor, including damages for unpaid rent and other expenses.

    The court first addressed the plaintiffs’ FDCPA claims, ruling that the claims are time-barred as the statute of limitations expired prior to the filing of each plaintiff’s complaint. With regard to the plaintiffs’ MCDCA claim, the court concluded that the law firm’s use of a 10-percent post-judgment interest rate is “the type of unauthorized charge proscribed by the MCDCA,” dismissing the law firm’s argument that the interest rate was a “mistake regarding the amount owed on the underlying debt. . .and that a challenge to the amount of interest owed is a challenge to the validity of the underlying debt.” Additionally, the court denied the law firm’s motion for summary judgment on the MCDCA claim because lack of knowledge “‘does not immunize debt collectors from liability for mistakes of law.’”

    However, the court granted the law firm’s motion for summary judgment on the MCPA claim because law firms engaged in professional debt-collection services are exempt from liability under the MCPA, and that exemption does not require a relationship between the parties.

    Courts Debt Collection State Issues FDCPA Interest Rate

    Share page with AddThis
  • CFPB informs two courts its director structure is unconstitutional


    On September 18, the CFPB issued letters in pending litigation to inform the courts that it was changing its position regarding the constitutionality of the for-cause removal provision of the Consumer Financial Protection Act (CFPA). As previously covered by InfoBytes, the DOJ and the CFPB filed a brief with the U.S. Supreme Court arguing that the for-cause restriction on the president’s authority to remove the Bureau’s single Director violates the Constitution’s separation of powers. The brief was filed in response to a petition for a writ of certiorari by a law firm contesting the May decision by the U.S. Court of Appeals for the Ninth Circuit, which held that, among other things, the Bureau’s single-director structure is constitutional. The brief noted that, since the appellate opinion was issued, “the Director has reconsidered that position and now agrees that the removal restriction is unconstitutional.” The Bureau has now issued letters (available here and here) to the 9th Circuit in two cases noting that the Bureau will no longer defend the constitutionality of the for-cause removal restriction. The Bureau also submitted a similar letter with the U.S. District Court for the District of Utah. In each letter, the Bureau argues that, while it now believes the for-cause removal provision is unconstitutional, this does not change its position with regard to the judgments made in any of the cases, noting that the provision should be severed from the rest of the CFPA.

    Courts CFPB Single-Director Structure Dodd-Frank CFPA Ninth Circuit Appellate U.S. Supreme Court DOJ

    Share page with AddThis
  • District Court dismisses suit claiming banks evading Iran sanctions


    On September 16, the U.S. District Court for the Eastern District of New York dismissed an action alleging 10 financial institutions (defendants) conspired to evade U.S. sanctions on financial and business dealings with Iran, resulting in the direct and indirect material support for terrorism. According to the opinion, the plaintiffs—a group of veterans who served in Iraq from 2004 to 2011 and were injured or killed by terrorist attacks during that time—alleged that the defendants conspired with the Government of Iran, and multiple state-affiliated and private Iranian entities that work with the Islamic Revolutionary Guard Corps’s (IRGC) and Hezbollah’s terrorist activities, to evade U.S. sanctions and conduct illicit trade-finance transactions, which helped to facilitate Iran’s provision of material support to terrorist activities. The defendants moved to dismiss the action and, in July 2018, a magistrate judge issued a Report and Recommendation (R&R) recommending that the motions be denied in their entirety.

    On review, the district court declined to adopt the R&R and granted the defendants’ motion to dismiss. The court noted that the plaintiffs’ allegations indicate that Iran conspired to provide material support to the terrorist organizations, but failed to establish that the defendants “agreed to provide illegal financial services to Iranian financial and commercial entities . . . with the intent that those services would ultimately benefit a terrorist organization.” Moreover, the court reasoned that “it is up to Congress, and not the judiciary, to authorize terrorism victims to recover damages for their injuries from financial institutions that conspire with state sponsors of terrorism like Iran to evade U.S. sanctions under circumstances such as those presented in this case.”

    Courts Sanctions Department of Treasury OFAC Class Action Iran Of Interest to Non-US Persons

    Share page with AddThis


Upcoming Events