InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
9th Circuit says number generator does not violate TCPA
On November 16, the U.S. Court of Appeals for the Ninth Circuit upheld a district court’s dismissal of a proposed TCPA class action, holding that in order for technology to meet the definition of an “automatic telephone dialing system” (autodialer), the system must be able to “generate and dial random or sequential telephone numbers under the TCPA’s plain text.” Plaintiff claimed he began receiving marketing texts from the defendant after he provided his phone number to an insurance company on a website. Plaintiff sued alleging violations of the TCPA and asserting that the defendant used a “sequential number generator” to select the order in which to call customers who had provided their phone numbers. This type of number generator qualifies as an autodialer under the TCPA, the plaintiff contended, referring to a footnote in the U.S. Supreme Court’s ruling in Facebook v. Duguid (covered by a Buckley Special Alert), which narrowed the definition of an autodialer under the TCPA and said “an autodialer might use a random number generator to determine the order in which to pick phone numbers from a preproduced list.” Defendant countered, however, that its system is not an autodialer, and “that the TCPA defines an autodialer as one that must generate telephone numbers to dial, not just any number to decide which pre-selected phone numbers to call.”
The 9th Circuit was unpersuaded by the plaintiff’s argument, calling it an “acontextual reading of a snippet divorced from the context of the footnote and the entire opinion.” The appellate court pointed out that nothing in Facebook suggests that the Supreme Court “intended to define an autodialer to include the generation of any random or sequential number.” The 9th Circuit further explained that “[u]sing a random or sequential number generator to select from a pool of customer-provided phone numbers would not cause the harms contemplated by Congress.”
District Court says university is a financial institution exempt from state privacy law
On November 4, the U.S. District Court for the Northern District of Illinois granted a defendant university’s motion to dismiss Illinois’ Biometric Information Privacy Act claims (BIPA), ruling that because the defendant participates in the Department of Education’s Federal Student Aid Program, it is a “financial institution” subject to Title V of the Gramm-Leach-Bliley Act (GLBA) and therefore exempt from BIPA. Plaintiff sued the defendant claiming the university used technology to collect biometric identifiers to surveil students taking online exams. According to the plaintiff, the defendant’s use of this technology violated students’ biometric privacy rights because the defendant did not obtain students’ written consent to collect and use that data, failed to disclose what happens with the data after collection, and failed to adhere to BIPA’s retention and destruction requirements.
The court disagreed and dismissed the putative class action. The court explained that the defendant’s direct student lending and participation in the Federal Student Aid Program allows it to qualify as a “financial institution,” defined by the GLBA as “any institution the business of which is engaging in financial activities.” As such, it is expressly exempt from BIPA. The court rejected plaintiff’s argument that the defendant did not fit within this definition because it is in the business of higher education rather than financial activities because at least five other courts that have also concluded that “institutions of higher education that are significantly engaged in financial activities such as making or administering student loans” qualify for exemption. The court also referred to a 2000 FTC rule issued when the Commission had both enforcement and rulemaking authority under the GLBA. The rule considered colleges and universities to be financial institutions if they “appear to be significantly engaged in lending funds to consumers,” which the court found to be “particularly persuasive because it evidences longstanding, consistent, and well-reasoned interpretation of the statute that it had been tasked to administer.”
District Court preliminarily approves $2.35 million settlement for card data breach
On November 8, the U.S. District Court for the Northern District of Texas issued an order accepting a magistrate judge’s report preliminarily approving a consolidated class action settlement related to a restaurant chain’s payment card data breach. Class members alleged that hackers gained unauthorized access to the restaurant chain’s computer servers and payment card environment between April 2019 and October 2020, resulting in hundreds of thousands of consumers’ financial information, including credit and debit card numbers, expiration dates, cardholder names, and internal card verification codes, being compromised. Hackers then allegedly advertised the stolen information for sale on the dark web. Several lawsuits were filed alleging violations of numerous state laws that were eventually consolidated with this action. The parties negotiated a settlement prior to class certification, which would require the restaurant chain to provide a $2.35 million all-cash non-reversionary qualified settlement fund and adopt several data-security measures. Class members also would be able to file claims for out-of-pocket losses, elect for a cash payments, and request credit monitoring services.
The magistrate judge’s report recommended that the proposed class settlement be preliminarily approved as it “will likely be found fair at the final approval stage” and the offered relief “is both procedurally and substantively adequate.” The magistrate judge disagreed with objections raised by certain plaintiffs who argued, among other things, “that the proposed settlement is ‘substantively inadequate’ because the amount of funds available per potential class member is ‘far too low.’” However, according to the magistrate judge’s report, when compared to other settlements approved in other data breach cases, it is “clear that the proposed settlement is at least in line with if not better than what any proposed plaintiff could have expected coming into the litigation.” The magistrate judge also refuted the objecting plaintiffs’ assertion that the proposed settlement treats class members differently by providing plaintiffs who can establish out-of-pocket losses with up to $5,000, California residents without losses with $100, and non-California residents without losses with $50. “The Settling Plaintiffs have adequately demonstrated why this extra recovery for California class members [is] equitable, if not equal. Namely, class members from California could bring California state law claims which provide for $100-$750 in statutory damages,” the report said, adding that “class members from California have a stronger basis for damages than do class members from outside the state—who may only be able to show nominal or incidental damages as a result of [the restaurant chain’s] breach of contract—and so their modestly increased recovery is justified.”
Mortgage servicer must pay $4.5 million in payment service fee suit
On November 7, the U.S. District Court for the Southern District of West Virginia granted final approval of a class action settlement, resolving allegations that a defendant mortgage servicer charged improper fees for optional payment services in connection with mortgage payments made online or over the telephone. The plaintiffs' memorandum of law in support of its motion for final approval of the settlement alleges the defendant engaged in violations of the West Virginia Consumer Credit Protection Act, breach of contract, and unjust enrichment with respect to the fees. According to the memorandum, before deduction of attorneys’ fees and expenses, administrative costs, and any service award, the $4.5 million settlement fund represents approximately $216 per fee paid to the defendant by the putative class members. The court also approved $1.5 million in attorney’s fees, plus $4,519.20 in expenses, along with a $15,000 service award for the settlement class representative.
District Court approves $14 million wireless rates settlement
On November 8, the U.S. District Court for the Northern District of California granted final approval to a $14 million settlement resolving allegations that a telecommunications company made misleading claims regarding its administrative fees. According to the plaintiffs’ memorandum of points and authorities in support of motion for preliminary approval of class settlement, current and former wireless-service customers of the defendant (plaintiffs) with post-paid wireless service plans were charged an improper administrative fee. The plaintiffs alleged, generally, that the defendant’s representations and advertisements regarding the monthly price of its post-paid wireless service plans were misleading because the prices did not include the administrative fee, and that the defendant implemented and charged the administrative fee in a deceptive and unfair manner. According to the terms of the $14 million settlement agreement, $3.5 million of the award will cover attorney fees and costs, with additional funds allocated to cover litigation expenses.
District Court certifies class in FDCPA suit
On November 4, the U.S. District Court for the District of New Jersey granted a plaintiffs’ motion for class certification in an FDCPA suit related to credit reporting language used in collection letters. According to the opinion, the plaintiffs received collection letters from the defendant with a statement that read: “Our records indicate there is still a balance on this past due account. Please respond to this letter within seven days or we may take additional collection efforts. The creditor shown above has authorized us to submit this account to the nationwide credit reporting agencies. As required by law, you are hereby notified that a negative credit report reflecting your credit record may be submitted to a credit reporting agency if you fail to fulfill the terms of your credit obligations.” The plaintiffs alleged FDCPA violations against the defendant, claiming that the letters constituted false and misleading collection efforts because the defendants did not intend to report the debts to credit reporting agencies within seven days of the letters’ receipt, as the defendant’s policy was to report debts “approximately sixty (60) days from placement absent contract instructions from its client.” The court noted that the collection letter in question was sent to 984 individuals, meeting the numerosity component for class certification. The court also held that, because all members of the class share the same FDCPA claim, the commonality and predominance components of certification were satisfied. The court also ruled that typicality, adequacy, ascertainability, and superiority components were met, and certified the class.
District Court preliminary approves $4.3 million data breach settlement
On November 4, the U.S. District Court for the Eastern District of Michigan granted preliminary approval of a $4.3 million class action settlement regarding a data breach, following the filing of the plaintiffs’ unopposed motion for preliminary approval of class action settlement. After a plaintiff consolidated her suit with other similar lawsuits, the plaintiff class sued the defendant for negligence, unjust enrichment, and breach of contract, alleging their personal information was stolen from the defendant during a malware attack due to lack of cybersecurity measures. The settlement provides for, among other things, three years of free credit-monitoring services for the plaintiff class, up to $2,500 per member to cover out-of-pocket expenses related to the breach, up to $80 per member to cover lost time remedying issues related to the breach, $75 per member for California residents for claims under state statutes, and a year of password-managing services. The plaintiffs are seeking service awards of $1,500 for each of the 15 representative plaintiffs. The motion also noted that class counsel will ask the court for just over $1.4 million in attorneys’ fees to be deducted from the settlement fund.
4th Circuit vacates $10.6 million judgment, orders district court to reevaluate class standing
On October 28, the U.S. Court of Appeals for the Fourth Circuit remanded a $10.6 million damages award it had previously approved in light of the U.S. Supreme Court’s decision in TransUnion LLC v. Ramirez. As previously covered by InfoBytes, in January, the Supreme Court vacated the judgment against the defendants and ordered the 4th Circuit to reexamine its decision in light of TransUnion (which clarified the type of concrete injury necessary to establish Article III standing, and was covered by InfoBytes here). Previously, a divided 4th Circuit affirmed a district court’s award of $10.6 million in penalties and damages based on a summary judgment that an appraisal practice common before 2009 was unconscionable under the West Virginia Consumer Credit and Protection Act (covered by InfoBytes here). During the appeal, the defendants argued that summary judgment was wrongfully granted and that the class should not have been certified since individual issues predominated over common ones, but the appellate court majority determined, among other things, that there was not a large number of uninjured members within the plaintiffs’ class because plaintiffs paid for independent appraisals and “received appraisals that were tainted.” At the time, the 4th Circuit “concluded that the ‘financial harm’ involved in paying for a product that was ‘never received’ was ‘a classic and paradigmatic form of injury in fact.’” On remand, the 4th Circuit considered questions of standing and ultimately determined that TransUnion requires the district court to reevaluate the standing of class members.
7th Circuit affirms dismissal of NSF fees action
On October 25, the U.S. Court of Appeals for the Seventh Circuit affirmed a district court’s ruling dismissing a putative class action alleging an internet credit union improperly charged account holders non-sufficient funds (NSF) fees. Plaintiff claimed she signed an account agreement with the credit union, which required the use of a ledger-balance method when assessing NSF fees, and that only one NSF fee is permitted per transaction. According to the plaintiff, the credit union breached its contract by charging her a $25 NSF fee when she attempted to pay a $6,000 bill, even though her account’s ledger balance was $6,670.94 at the time. She further claimed the credit union charged multiple NSF fees for the same item. The credit union maintained, however, that the contract allowed it to use the “available-balance method” to assess such fees instead. The opinion explained that the ledger-balance method calculates a balance based on posted debits and deposits (and does not incorporate transactions until they are settled), whereas the available-balance method considers holds on deposits and transactions that have been authorized but not yet settled when calculating a customer’s balance. The district court granted the credit union’s motion to dismiss, rejecting the plaintiff's account balance theory by “explaining that ‘the plain, unambiguous language states that a member needs sufficient available funds’ and reasoning that [plaintiff’s] proposed reading would render [the contract’s] use of the word ‘available’ meaningless.” The district court also maintained that the plural use of the word “fees” permitted the credit union to charge multiple fees when a merchant presented the same transaction more than once.
On appeal, the 7th Circuit agreed with the district court that the agreement did not prohibit the credit union from “charging multiple NSF fees for a transaction that is presented and rejected several times.” While recognizing that the credit union “could have drafted the [a]greement more clearly than it did,” the appellate court determined that the credit union never promised “not to use the available-balance method to assess NSF fees or not to charge multiple fees when a transaction is presented to it multiple times,” and upheld the dismissal of plaintiff’s breach-of-contract claim.
District Court approves data scrape settlement
On October 20, the U.S. District Court for the Northern District of California granted final approval to a class action settlement resolving claims that a social media platform (defendant) scraped consumer data for advertising purposes. According to the plaintiffs’ motion for preliminary approval, the defendant allegedly scraped a group of mobile company users’ call and text logs without consent by exploiting a vulnerability in the permission settings for the defendant’s message application. In its third amended complaint, the plaintiffs argued that consumers granted the defendant permission to access their phones’ contact lists, but did not consent to scraping their call and text logs, which included the date and time of phone calls, the phone numbers dialed, the names of the individuals called and the duration of each call, as well as whether each call was incoming, outgoing or missed. The plaintiffs further alleged that the defendant did not explicitly notify them that their data was being collected prior to the vulnerability being patched in October 2017, when the defendant ceased its scraping practice. The settlement requires the defendant to delete all call and text history data that it is not legally obligated to preserve, and provides for a $1.08 million attorney fee request and $1,500 incentive awards for class representatives.