The Consumer Financial Protection Bureau (CFPB) has proposed a new rule to regulate payday lending and auto-title loan companies. Right now, it is merely a proposal, meant to undergo the notice and comment period until September 14, 2016. But if the rule goes into effect, it would be a significant imposition on the lending business.
The CFPB has been studying the effects of payday lending on consumers for years and found that many consumers struggle. They cannot repay their loans, so they take out new ones and incur significant penalties and fees. Or, they default on repayment altogether. The new rule tries to reduce this by regulating the people who issue those loans.
In theory, the rule would affect two types of loans: those with a term of 45 days or less, and those with a term of more than 45 days but with certain specifications, like an all-in annual percentage rate above 36% and a consumer’s bank account or vehicle for collateral. Before issuing either loan, a lender would have to determine if the borrower can repay it without re-borrowing in the following 30 days. To determine this, a lender would assess the borrower’s income, debt obligations, and housing costs; project them over the life of the loan; and forecast non-housing living costs.
The rule would also restrict how lenders can collect repayment. Today, lenders are allowed unlimited tries to withdraw from an indebted borrower’s bank account, but the new rule would stop them after the second attempt that fails due to insufficient funds.
Because the rule has not been approved yet, affected borrowers and lenders can speak out against or in favor of it. Richard Cordray, the director of the CFPB, has promised that the Bureau “will continue to listen and learn” as comments come in. Sourcing from the industry is the best way to create a rule that protects consumers and helps lenders continue to provide so vital a lifeline.
Recently, I wrote about the CFPB’s plans to issue new regulations restricting arbitration clauses in certain consumer contracts. Today, the agency announced those new rules and CFPB Director Richard Cordray is expected to discuss them at the agency’s field hearing in Albuquerque, New Mexico. As expected, the new rules eliminate the use of class action waivers and otherwise restrict the availability of arbitration in consumer contracts, including those involving credit transactions, automobile leases, debt relief services, consumer depository accounts, check cashing, credit monitoring/reporting, and debt collection. The CFPB admits that it intends to “incentivize” greater legal compliance through the “in terrorem” deterrent impact of the new rules. In other words, the CFPB wants the prospect of increased class action litigation to scare companies into treating consumers better.
The new proposed rules are available at the CFPB’s website along with over 350 pages of supplementary information explaining the proposed rulemaking. The CFPB proposal prohibits “companies from putting mandatory arbitration clauses in new contracts that prevent class action lawsuits.” See Proposed § 1040.4(a). Companies would still be able to include arbitration clauses in their contracts, but could not restrict access to class litigation and the arbitration provisions must include specific language provided by the CFPB.
In addition, in practical terms, the CFPB has just designated itself as the overseer of U.S. arbitral bodies in direct contrast to existing laws and rules that provide very limited court oversight and review of arbitration decisions. The proposed rules would require covered companies to submit detailed information about any of their consumer arbitrations to the CFPB. See Proposed § 1040.4(b). The CFPB states that it will gather, and may publish, this data so that it may gain “insight into whether companies are abusing arbitration or whether the process itself is fair.” Although the rule provides for redaction of personal information, this new practice threatens to undermine the confidential nature of arbitrations and thereby limit one of arbitration’s principle benefits. It is not yet clear how the CFPB might conclude that consumer arbitrations are “unfair” or what they might do in response to such a determination.
Regardless of whether the proposed regulations will succeed in scaring companies into greater legal compliance, if the rules become effective, companies should expect a marked increase in consumer class action litigation. The newly announced regulations are not final, however, and interested parties will have an opportunity to comment before the rules become effective. Interested parties have 90 days from the publication of the proposed rule in the Federal Register to comment and we expect multiple objections from the financial industry this summer. The comments likely will include practical examples of the benefits of consumer arbitration provisions, critiques of the agency’s study of consumer arbitration that formed the basis of the proposed regulations, and proof of the detrimental impact that an increase in class actions will have on the business community, especially on smaller businesses. Any potentially covered company should consider commenting on the CFPB proposed regulations, either directly or through trade associations.
Once the rules are final, companies will only need to comply with the new regulations prospectively; the provisions of the Dodd-Frank Act authorizing the CFPB to regulate arbitration provide that any new rules will be binding 180 days after their effective date. So any arbitration agreement entered into prior to, or within six months of, the new rule’s effective date is not subject to the new restrictions. This gives potentially covered companies some breathing space to review and, if necessary, modify their existing contracts.
Although many in Congress do not support the newly proposed rules, given current political realities, there are unlikely to be any legislative changes to the proposed rules or the CFPB’s authority. As a result, we expect that something close to the proposed rule will become effective later this year. Following that, there likely will be multiple court challenges to the new rules and the CFPB’s authority to issue them. In the meantime, all potentially affected companies should:
- Review their existing contracts and arbitration programs to determine whether their existing contract forms would violate the proposed regulations;
- Prepare alternative contract language if existing forms will no longer be permitted; and
- Consider whether their existing pricing structure and litigation positions make sense in the coming world.
Whatever the goal, companies are unlikely to be scared into greater legal compliance; most companies already strive to comply with the law. We anticipate that the CFPB’s proposed rules will have many unintended consequences. In the short term, the increase in class action litigation will be a boon for many lawyers. Consumers with legitimate claims, however, may find that the class action process results in smaller payouts over which they have less control. And as companies adjust to this new environment, they will pass on the increased costs of increased class litigation to customers and likely will further tighten credit standards and product availability to reduce potential claims.
* * *
 Under Section 9 of the Federal Arbitration Act, a court must confirm an arbitration award unless it is vacated, modified, or corrected in accordance with Sections 10 and 11.5 of the FAA, i.e. where the award was procured by corruption, fraud, or undue means or there was an evident material miscalculation or mistake in the award.
 For example, companies may wish to withdraw from the American Arbitration Association’s Consumer Clause Registry. For that matter, the AAA and similar arbitral organizations are sure to lose significant business as the consumer arbitration market is sure to shrink significantly if the new rules become effective.
In March 2015, I wrote about the ongoing dispute between the FTC and LabMD, an Atlanta-based cancer screening laboratory, and looked at whether the FTC has the authority to take enforcement action over data-security practices alleged to be insufficient and therefore “unfair” under section 5(n) of the Federal Trade Commission Act (“FTCA”). On November 13, 2015, an administrative law judge ruled that the FTC had failed to prove its case.
In 2013, the FTC filed an administrative complaint against LabMD, alleging it had failed to secure personal, patient-sensitive information on its computer networks. The FTC alleged that LabMD lacked a comprehensive information-security program, and had therefore failed to (i) implement measures to prevent or detect unauthorized access to the company’s computer networks, (ii) restrict employee access to patient data, and (iii) test for common security risks.
The FTC linked this absence of protocol to two security breaches. First, an insurance aging report containing personal information about thousands of LabMD customers was leaked from the billing manager’s computer onto peer-to-peer file-sharing platform LimeWire, where it was available for download for at least eleven months. Second, Sacramento police reportedly discovered hard copies of LabMD records in the hands of unauthorized individuals. They were charged with identity theft in an unrelated case of fraudulent billing and pleaded no contest.
Incriminating as it all might seem, Administrative Law Judge D. Michael Chappell dismissed the FTC’s complaint entirely, citing a failure to show that LabMD’s practices had caused substantial consumer injury in either incident.
Section 5(n) of the FTCA requires the FTC to show that LabMD’s acts or practices caused, or were likely to cause, substantial injury to consumers. The ALJ held that “substantial injury” means financial harm or unwarranted risks to health and safety. It does not cover embarrassment, stigma, or emotional suffering. As for “likely to cause,” the ALJ held that the FTC was required to prove “probable” harm, not simply “possible” or speculative harm. The ALJ noted that the statute authorizes the FTC’s regulation of future harm (assuming all statutory criteria are met), but that unfairness liability, in practice, applies only to cases involving actual harm.
In the case of the insurance aging report, the evidence showed that the file had been downloaded just once—by a company named Tiversa, which did so to pitch its own data-security services to LabMD. As for the hard copy records, their discovery could not be traced to LabMD’s data-security measures, said the ALJ. Indeed, the FTC had not shown that the hard copy records were ever on LabMD’s computer network.
The FTC had not proved—either with respect to the insurance aging report or the hard copy documents—that LabMD’s alleged security practices caused or were likely to cause consumer harm.
The FTC has appealed the ALJ’s decision to a panel of FTC Commissioners who will render the agency’s final decision on the matter. The FTC’s attorneys argue that the ALJ took too narrow a view of harm, and a substantial injury occurs when any act or practice poses a significant risk of concrete harm. According to the FTC’s complaint counsel, LabMD’s data-security measures posed a significant risk of concrete harm to consumers when the billing manager’s files were accessible via LimeWire, and that risk amounts to an actual, substantial consumer injury covered by section 5(n) of the FTCA.
The Commissioners heard oral arguments in early March and will probably issue a decision in the next several months. On March 20th, LabMD filed a related suit in district court seeking declaratory and injunctive relief against the Commission for its “unconstitutional abuse of government power and ultra vires actions.”
In the past few years, many organizations such as Capital One, Bass Pro Outdoor, and the Cosmopolitan Hotel have faced class actions alleging violations of California’s call recording law. This week, California’s Attorney General demonstrated that her office, working with state prosecutors, will also vigorously enforce the law under the state’s criminal statutes. Attorney General Harris announced an $8.5 million dollar settlement with Wells Fargo Bank, N.A. over the alleged failure to provide call recording announcements to California consumers.
The complaint alleged violations of Sections 632 and 632.7 of California’s Penal Code, including the purported failure of Wells Fargo’s employees to “timely and adequately disclose the recording of communications with members of the public.” These laws form part of California’s Invasion of Privacy Act. Section 632 makes it illegal to eavesdrop (monitor) or record a “confidential communication” without the consent of all parties. The statute defines a “confidential communication” as including “any communication carried on in circumstances as may reasonably indicate that any party to the communication desires it to be confined to the parties thereto.“ The law specifically excludes communications in circumstances “in which the parties to the communication may reasonably expect that the communication may be overheard or recorded. “ Section 632.7 bars the recording of cell phone conversations, without the consent of all parties.
Wells Fargo Bank settled the case, agreeing in a stipulated judgment to the $8.5 million settlement and certain compliance requirements. Specifically, Wells Fargo must make a “clear, conspicuous, and accurate disclosure” to any consumer in California of the fact that Wells Fargo is recording the call. The settlement requires that this disclosure occur “immediately at the beginning” of the call, but allows Wells Fargo to precede the disclosure with an introductory greeting identifying the customer service representative and the entity on whose behalf the call is made (presumably, a Wells Fargo-affiliated entity). Wells Fargo also committed to a compliance program for one year and periodic internal testing of its employees’ and agents’ compliance with the call disclosure requirement. The bank agreed to appoint an officer or supervisor with specific oversight responsibility for compliance with the settlement obligations. Within a year following the stipulated judgment, Wells Fargo must provide the Attorney General with a report summarizing the testing.
Interestingly, the Attorney General previously pursued a similar action against home improvement platform Houzz Inc. for allegedly failing to notify all parties of its recording of incoming and outgoing telephone calls. In that case, Houzz agreed to appoint a Chief Privacy Officer to oversee Houzz’s compliance, a first for a California Department of Justice settlement.
As we have advised before, all organizations recording calls – whether inbound or outbound – should immediately disclose to called parties that the call is being recorded. The disclosure should occur at the outset of the call. One type of introduction could be, “This is Michelle, calling on behalf of XYZ Company. This call is being recorded and/or monitored.” Some companies may wish to announce the option of a non-recorded line, available via a key press. It is also important to time the recording to begin after the announcement, to avoid potential liability based on even a few seconds of a recorded call before an announcement is given.
A few important reminders are worth repeating:
- The announcement requirement applies to inbound and outbound calls, including requested return calls.
- Recording announcements apply to all types of calls – not just sales calls.
- Maintain proof of the announcement.
- Implement a short, written call recording policy.
- Train customer service representatives to understand the call recording policies.
- Periodically “test” call recording procedures.
- Promptly investigate any call recording complaints and take appropriate corrective action.
- Have customer service representatives sign an acknowledgment that they understand they are being monitored and/or recorded.
The recording of customer service and other calls is an important component to prevent fraud, fulfill legal requirements and augment customer service, among other reasons. Companies can implement call recording effectively, but must comply with announcement requirements and should take proactive measures, such as training and testing, to protect against civil and criminal liability and to safeguard consumer goodwill.
Since the Federal Arbitration Act (FAA) of 1925, the United States has had a policy preference for arbitration, even when an arbitration provision includes language barring class action litigation. We saw this most recently in December 2015 when the Supreme Court reversed a decision by a California Court of Appeal to invalidate a class-arbitration waiver within a service agreement between DirecTV and its customers. But not everyone thinks arbitration is so great a thing. Encouraged by consumer groups and trial lawyers, federal regulators are pushing for limits on arbitration provisions in consumer contracts.
At its core, the debate is about whether companies may compel consumers to arbitrate rather than litigate disputes and – perhaps more significantly – bar consumers from class action remedies as part of the arbitration requirement. Critics of mandatory arbitration say that it restricts consumer redress and is tantamount to a deceptive trade practice because the arbitration provisions are usually contained in the “fine print” of a contract. The new rules being proposed reportedly are designed to eliminate mandatory arbitration provisions and facilitate class action litigation.
Despite the criticisms of consumer groups, arbitration often is cheaper and more effective for both individual consumers and companies. By interfering with Americans’ freedom of contract to prevent the use of mandatory arbitration, the government could severely damage U.S. business interests by exposing them to a marked increase in expensive class action litigation. In turn, that would result in more limited choices and increased costs for consumers.
The government’s efforts to eliminate mandatory arbitration provisions in consumer-related contracts have been highlighted in several recent agency actions. In its list of near-term goals, the Bureau of Consumer Financial Protections (CFPB) said that new rules to govern arbitration in consumer contracts would be a priority in 2016. The Department of Education announced that it, too, was reviewing mandatory arbitration provisions in college enrollment contracts. And despite multiple appellate decisions to the contrary, the National Labor Relations Board (NLRB) again concluded that class action waivers in arbitration agreements infringe on an individual’s rights under Section 7 of the National Labor Relations Act.
All of this has happened in the space of three months, indicating a clear effort by the government to diminish businesses’ ability to require arbitration that shields them from often frivolous and costly class action litigation. The acts of some Congressmen have made this agenda even more transparent. In February 2016, Senator Patrick Leahy introduced a bill that would modify the scope of the FAA and curtail the use of mandatory arbitration. The bill is unlikely to pass in the current Republican Congress, but Congress previously empowered federal agencies to curtail the use of mandatory arbitration provisions on a significant, but more limited, basis.
The CFPB’s current actions were authorized by the 2010 Dodd-Frank Act, which barred the use of arbitration clauses in certain mortgage contacts and gave the SEC power to ban or restrict the use of arbitration in other disputes. Deepak Gupta, then the CFPB’s senior counsel for enforcement strategy, stated that prohibiting or restricting mandatory arbitration would be “the single most transformative thing the bureau can do” for consumers. In March 2015, the CFPB released a 728-page study of arbitration in consumer contracts, which was criticized by some academics and trade groups for misstating the impact of mandatory arbitration provisions on consumers. Since then, members of Congress have engaged in deeply partisan squabbling over the need for additional rulemaking on consumer arbitration or to limit class action litigation in other ways.
Despite the criticism and opposition, CFPB director Richard Cordray reiterated the agency’s plans to release new rules aimed at banks and other financial firms. Earlier comments by the agency confirm that the new rules will be designed to prevent arbitration clauses from restricting class action remedies. We think such changes would quickly spread to encompass telephone, Internet, and other commonplace consumer agreements.
American companies should be concerned with how executive agencies, e.g., the CFPB, the Department of Education, and the NLRB, will carry out their plans to introduce regulations that restrict the use of arbitration clauses in a broad range of consumer contracts. We will not be surprised to see some companies restrict their consumer offerings or increase prices to account for these new rules. If you work in American business, we urge you to take notice of these changes and review how to protect your company from undue litigation in future contracts. Among other options, you should analyze the inclusion of non-mandatory arbitration provisions, the separation of class-action waivers from arbitration provisions, and the option of raising prices to contend with increased litigation.
 Id. § 1414.
 Carter Dougherty, CFPB Finds Arbitration Harms Consumers, Presaging New Rules, BLOOMBERG BUS., March 10, 2015, available at http://www.bloomberg.com/news/articles/2015-03-10/cfpb-finds-arbitration-harms-consumers-in-study-presaging-rules.
The Office of the Inspector General, which enforces Health and Human Services, has long been averse to referral services that don’t meet certain criteria. To get protection against a possible enforcement action, the referral service can’t exclude anyone from participating in the service, and payments for referrals have to be reasonable and cannot be tied to the volume or value of the referrals that are made. All this complexity doesn’t simply keep referral services from earning a legitimate living; it denies patients access to superior healthcare options.
In a time when patients gravitate toward online resources, the OIG’s restrictions on medical referrals appear horribly out of date. Generally, when people want to find a pharmacy, lab, or doctor, they ask a friend or family member. In many circumstances, though—such as moving to a new city and not knowing anyone—people are likely to go online. Here they will find numerous referral services that can steer them to many reputable providers, who are often happy to pay for the hookup. This type of commercialized referral happens all the time in privatized industries—but because the government pays for healthcare (in the case of Medicare and Medicaid), it gets to set the rules for that space. Many of these rules are legitimately designed to protect against fraud and misuse of public funds, but that shouldn’t make them impervious to revision.
Thankfully, this has not escaped the notice of referral services and even the OIG, which has issued some enlightened opinions on the matter; case in point, No. 11-18. In 2011, a web-based provider of billing, electronic record, and patient messaging services asked if it could offer a coordination service whereby physicians could pay a transmission fee for connecting to other providers in order to share patient information, provider numbers, and clinical data. In response, the OIG determined that this service would not be afforded protection under the safe harbor, but it would not necessitate enforcement action either. In this instance, and many others in today’s marketplace, the referral service isn’t a health care provider that bills the government, but a third party provider of software and services. What would be the harm of facilitating the transmission of information between referring providers so that a patient can receive care? Here the OIG acknowledged that the fee structure was fair market value, that it would be assessed whether or not a patient followed through, and that it was unlikely to influence a provider’s decision to refer to any particular person or entity.
When the referral services safe harbor was drafted it made some sense for the OIG to suspect that an online referral service could charge a fee to steer patients to a particular provider, thereby exploiting federally reimbursed services and products. However, in most cases, online referral services are there simply to expand access to care, allow patients to have more choices, and help them find options that best suit their needs. In any other industry it makes perfect business sense for a referral service to charge its users a fee in order to recoup the cost of implementation (if any) and achieve a profit. It’s high time the OIG gives medical referral services the air they need to do the same. Modifying the safe harbor could take a lot of time and effort, but the OIG can take it upon itself to revise its interpretation of the safe harbor’s requirements without having to turn a blind eye to the law.
On March 15, 2016, national retailer Lord & Taylor agreed to settle FTC charges that it “deceived consumers by paying for native advertisements.” The settlement is the first of its kind following the December 2015 guidance memorandum, Native Advertising: A Guide for Businesses, issued by the FTC. Under the terms of the settlement, Lord & Taylor is prohibited from “misrepresenting that paid ads are from an independent source, and is required to ensure that its influencers clearly disclose when they have been compensated in exchange for their endorsements”.
On the day the settlement was announced, the FTC also published a copy of the underlying complaint. The complaint alleges that Lord & Taylor developed plans to promote a clothing line for women which included a comprehensive social media campaign of blog posts, photos, native-advertising editorials in online fashion magazines, and a team of “influencers” recruited for their fashion sense and audience on social media. The FTC alleged that Lord & Taylor edited, pre-approved, and paid for a favorable Instagram post that was uploaded to the account of a fashion magazine called Nylon. The regulatory agency further alleged that Lord & Taylor reviewed, pre-approved, and paid for a favorable article in Nylon. In both cases, however, Lord & Taylor failed to disclose its commercial arrangement with Nylon. Similarly, the FTC alleged that Lord & Taylor gifted a dress from the clothing line to fifty “influencers” who were paid between $1,000 and $4,000 to post favorable photos and comments about the dress on social media. Again, Lord & Taylor did not disclose or require influencers to disclose that they had been paid for their posts. Based on Lord & Taylor’s alleged misrepresentations and failure to disclose, the FTC accused Lord & Taylor of engaging in unfair or deceptive acts or practices in violation of the Federal Trade Commission Act.
What is Native Advertising?
Native advertising, also known as sponsored content, is designed to fit in with original online content in a seamless, non-intrusive manner. It allows advertisers to directly reach online consumers, without severely interrupting the original content on the publishing website, video game, or mobile app. In the past few years, this advertising has reached all corners of the internet.
FTC Concerns With Native Advertising
As native advertising has grown, so have the FTC’s concerns about the possibility of deceiving consumers. Therefore, at the close of 2015, the FTC released the guidance memorandum, Native Advertising: A Guide for Businesses, which provides details and illustrative examples for businesses that use native advertising as part of their online marketing campaigns.
Native advertising creates a particular challenge for advertisers. Advertisers want to design an advertisement that appears native to the original content, but must do so without potentially confusing the consumer, who may mistake the advertisement for non-advertising content.
To assist advertisers in complying with these rules, the FTC issued its December 2015 guidance memorandum with examples and tips to ensure advertisers remain compliant. Most of the memorandum focuses on seventeen examples of advertising, including on news sites, in videos, through content recommendation widgets, and in video games. These examples illustrate how and why consumers might be confused by certain native advertising tactics. Most of the examples show how a native advertisement might bear too much similarity to the original content, which means the consumer might not understand that what they are viewing is, in fact paid-for, sponsored content.
Complying With FTC Native Advertising Requirements
The take-away from the Lord & Taylor settlement is that advertisers should avoid placing paid ads that appear to be independent editorial content. Put simply, advertisers must choose between control and disclosure. In other words, advertisers who want to make use of native advertising and “influencers” on social media must either relinquish influence or control over the advertising content or disclose the nature of the marketing arrangement. Bottom Line: Paid advertising must be identifiable as advertising.
The FTC’s December 2015 memorandum provides a variety of tips on how to appropriately disclose native advertising. The disclosures should be three things: (1) placed near the advertising; (2) prominent; and (3) clear. By ensuring that native advertising follows these disclosure guidelines, companies will avoid misleading consumers into thinking their native advertisement is non-sponsored, publisher content.
Finally, the memorandum specifically notes who is affected by these disclosure rules. The enforcement is not limited to just the sponsoring advertiser. Advertising agencies and operators of affiliate advertising networks are also obligated to adhere to the FTC’s disclosure requirements.
Put simply, if a reasonable consumer might see your native advertising and believe it to be non-advertising content, the FTC will likely take issue with your native advertising tactics. This is exactly what we saw in the Lord & Taylor settlement.
Despite not being explicitly mentioned in the Constitution, the Supreme Court has firmly held that a right to privacy for all Americans is found in several amendments to the Constitution, with almost 100 years of case law providing precedent for many personal privacy rights that have become a cornerstone of American culture. However, in this new digital age of rapid technology change, with real-time access to information and the global exchange of information at the push of a button, new privacy protection questions arise almost daily. The extent to which an individual’s private information shared online is subject to privacy protection varies depending on which side of the pond you stand.
European nations generally take a more restrictive approach than the U.S. as to how companies can use personal data. EU nations often go head-to-head with U.S. digital companies over differing interpretations of privacy rights. Both Google and Microsoft have faced multiple investigations outside the United States.
Facebook seems to be a particularly popular target. As the world’s largest social network with 1.6 billion monthly users, Facebook earns its revenues from advertising aimed at users, after gathering information from the users’ social connections and activities in their posts. Late last month, a German court fined Facebook 100,000 Euros for failing to follow an order issued by a German court four years ago that required the social media site to revise a clause in its terms regarding any intellectual property content posted by users on or in connection with Facebook. The German court had found that the clause in the terms violated consumer rights. While Facebook modified the wording slightly for German users, the German court found that the revised wording still maintains the same underlying message as the original wording. Europe’s highest court also recently successfully challenged Facebook as to the way that data was transferred between the European Union and the United States. And just yesterday, a German court ruled that domestic websites could not transfer user data to Facebook via its “like” button without the specific consent of the user.
In a novel link between privacy protection and antitrust, the German competition authority known as the Federal Cartel Office (BKA) opened an investigation on March 2 into whether Facebook abused its dominant position in social networking in order to collect its users’ digital information, including placing unfair constraints on the users, who were forced to sign complicated terms and conditions in order to use the network. The investigation seeks to discover whether Facebook users were properly informed about how their personal data would be obtained through the site, including the type of data collected, as well as the extent of the data collected.
One might ask why the BKA would get involved with this novel approach to linking privacy protection to antitrust law. First, under antitrust law, the maximum fines are much greater than those under privacy law. For a company tech giant like Facebook, the fines imposed by data protection authorities can seem negligible, even for the most egregious cases, while antitrust fines pose a much more significant deterrent. Second, Facebook has claimed that it falls only within the jurisdiction of the data protection authority in Ireland, where its international headquarters are situated. By bringing the investigation under the auspice of the antitrust authority, this argument is avoided. The President of the BKA, Andreas Mundt, remarked that, “[d]ominant companies are subject to special obligations,” and he went on to say that such obligations include adequate terms of service, as far as they are relevant to the market. He also noted the importance of user data where Internet services are financed by advertising. The BKA noted, “. . . if there is a connection between infringement and market dominance, it could constitute an abusive practice under competition law.”
While some question the BKA’s position as ambitious and vague, others fear that this case could open the door to other investigations and cases using data protection violations to claim antitrust violations. Whether the BKA is successful or not, this should be a forewarning to other big U.S. technology companies: it is probably not enough to rely on U.S. privacy rules when playing in a global arena.
In the age of handheld banking apps, private funds transfer systems, and digital currencies, ensuring that new products are fair to consumers and compliant with existing – and sometime archaic – regulations are difficult tasks. The Bureau of Consumer Financial Protection (“CFPB”) recently finalized a new policy for providing “no-action letters” (“NALs”) to companies seeking to introduce new consumer finance products and technologies. Although the CFPB’s stated goal was to ensure transparent and efficient markets that “facilitate access and innovation,” it has failed to hit that target. The CFPB’s new policy is a step in the right direction, but the benefits of the new policy are limited and applicants will run commercial and legal risks in seeking the limited shelter offered by the agency.
Not only will NALs offer limited protection, they will be available only in exceptional circumstances where there is both regulatory confusion and a new product. The CFPB said that it is devoting only limited resources to this program and expects to issue only two or three NALs per year. The restrictive nature of this policy will minimize the value of the agency’s much-needed guidance. The limited scope of the new policy stands in contrast to the SEC’s no-action policy, where NALs are important tools for market participants and their counsel in conducting business. Although NALs are rare in the bank regulatory context, the SEC has recognized that many issuers and securities law practitioners closely monitor such letters, and often view them as “the most comprehensive secondary source on the application of [the federal securities] laws.” (1)
There is considerably less guidance as to CFPB regulations and a more robust no-action policy would provide much needed clarity for market participants and innovators. Under the new policy, market participants considering bringing a new product to market may request a “no action letter” (“NAL”) from the agency. The request for a NAL must contain 15 categories of information, including: a description of the new product (including how it functions); the product’s timetable, an explanation of its substantial benefit to consumers; a “candid explanation” of the potential consumer risks posed by the product; an explanation of the source(s) of the regulatory uncertainty to be addressed by the NAL; and a promise to share data about the product’s impact on consumers. Examples of products that might qualify for a NAL include the early intervention credit counseling program proposed by Barclays PLC and Clarifi (a consumer credit counseling service), which was an early CFPB Project Catalyst research pilot.
The benefit from any NAL issued by the CFPB will be limited. The proposed relief offered is a statement that the CFPB “staff has no present intention to recommend initiation of an enforcement or supervisory action against the requester in respect to the particular aspects of its product…” This amounts to “we won’t take action – unless we do.” While the CFPB is unlikely to take enforcement action with respect to a new product shortly after issuing a no-action letter, the proposed letters are in no way binding and offer little more protection than the existing process of informal consultation. This weakness may be ameliorated over time as courts have an opportunity to weigh in on the impact of CFPB no-action letters and the agency develops a track record for its handling of these issues.
Submitting a request for a NAL could create commercial or regulatory risk for an applicant. From a cost standpoint, preparation of such an application will be a significant undertaking, especially for smaller companies. Because the process is only available for products that are close to market ready, potential applicants will have invested significant sums to prepare their new product. A company in this position may not want to run the risk that the CFPB denies the NAL request, which might delay or prevent it from bringing the new product to market altogether. The publication of the NAL might also give competitors a chance to duplicate or improve on the innovation before or shortly after it reaches the market.
The process also entails legal risks. The NAL application process requires the company’s lawyers to explain why they think the legality of the proposal is “substantially uncertain” but nonetheless should be resolved in the company’s favor. If the CFPB determined that the product is not in compliance with any pertinent law or regulation, the application effectively will be converted to an admission of wrongdoing that would bar the product from the market. (2)
Because the CFPB will publish each NAL that it issues, the non-binding letters also may highlight potential compliance issues to other regulators (and potential consumer litigants), none of which will be bound by the NAL.
By creating such a restrictive process, the CFPB has offered innovators little opportunity to save costs if their product is deemed non-compliant, and no real protection if it is. In many instances, it is questionable that the new no-action policy offers substantially more comfort to a market participant than they could already obtain through informal discussions with the agency. But because there is little existing guidance on CFPB regulations, the new process is welcome, even if limited. The new policy will be particularly useful for companies introducing products at the edge of current law. Deciding whether to seek a NAL will require careful consultation with a company’s lawyers to navigate the potential legal and business risks.
(1) Expedited Publication of Interpretative, No-Action and Certain Exemption Letters, Securities Act Release No. 6764, [1987-1988 Transfer Binder] Fed. Sec. L. Rep. (CCH) 84,228, at 89,053, 89,054 (Apr. 7, 1988). 10 Thomas P. Lemke, The SEC No-Action
(2) The CFPB limited its new policy to new services and technologies. It would make little sense to seek guidance for existing products where the application itself could be seen to be an admission of wrongdoing.
Every year, the Consumer Electronics Show in Las Vegas proves to be one of the more interesting conventions to attend. 2016 did not disappoint: companies showed off cool innovations in displays, robotics, and integrated smart technology across the consumer products platform.
Adding to the excitement at this year’s CES was the dramatic appearance of uniformed officers. We don’t mean the sultry high-heeled look-alikes you’d more likely expect at a Vegas show. These were U.S. Marshals and they were the real McCoys (although we are unsure of their actual names or heritage). The marshals were there to execute a court order and seize product from one of the convention’s participants, Changzhou First International Trade Company.
The China-based company had a booth at CES to promote its Surfing Electric Scooter, a one-wheeled hoverboard. The scooter might be considered a dream machine for many an adolescent skater. The only problem is that it is remarkably similar to Future Motion Inc.’s patented Onewheel (at only about a third the price).
Future Motion was granted a patent on Onewheel’s self-stabilizing technology only recently (within the last month), but it did not waste any time to defend its rights in U.S. District Court. Future Motion requested the federal court grant it a temporary restraining order to, among other things, seize Changzhou First International’s scooter from CES.
Two of the more interesting aspects of the district court’s actions in this matter are (1) the speed at which the judge granted the requested relief and (2) the extent of the relief that the judge granted. The court issued a TRO on the same day that Future Motion filed the request. The following day, the marshals were in the Vegas convention hall seizing scooters and generating a lot of attention.
But the court didn’t limit its TRO to seizing product locally. It granted Future Motion’s request to halt manufacture and sales. The court also ordered web hosts and domain name registrars to “take any and all action necessary to remove the infringing products from websites having content controlled by Defendant, or alternatively to disable access to the website.” Halting sales and manufacture and seizing the company domain name is a pretty impressive order to execute on an expedited basis, and based exclusively on arguments presented by plaintiffs. It’s further impressive considering that the scooter is Changzhou First International’s only advertised product on its website. Closing down this channel is effectively closing down the company’s operations. Is Future Motion’s patented technology really the heart of Changzhou First International’s scooter? A cursory review might suggest yes, but it’s a complex question that should be decided after a proper hearing. Granting a TRO to make a point at the CES convention is one thing, shuttering a business is another.
It doesn’t appear that the part of the order requiring domain name seizure has been executed yet. As of January 14, 2016, Changzhou First International’s website is still active, full of images of its Surfing Electric Scooter. Moreover, the product appears to continue to be sold on Alibaba. This may be because parties have ten days from notice to comply, which isn’t yet up. It may also be based upon some subsequent stipulation by the parties: it is possible that Future Motion does not want to be on the hook financially should the court ultimately find against it (as the order in the case acknowledges, Future Motion would be responsible for damages, i.e. economic loss, for any wrongful seizure).
We shall see in the coming weeks what’s to become of the Surfing Electric Scooter. The next hearing (for preliminary injunction) is scheduled for mid-February. At that hearing, Changzhou First International will have the opportunity to present its arguments demonstrating why its scooter does not infringe on Future Motion’s patents. Although, who would be surprised if a U.S. district court found that a Chinese product infringed on someone else’s intellectual property?