Sears Petitions FTC to Reopen and Modify 2009 Order Concerning Online Browsing Tracking

The Federal Trade Commission (FTC) is seeking public comment on a petition by Sears Holding Management requesting that the FTC reopen and modify a 2009 FTC order settling charges that Sears failed to disclose adequately the scope of consumers’ personal information it collected via a downloadable software app.

For more information, click here to see our complete WSGR Alert.

To Disclose or Not To Disclose: The FTC’s Dueling Concurrences over Deceptive Omissions in Lenovo

On September 5, 2017, the Federal Trade Commission (FTC) announced that it and 32 state attorneys general had settled charges with Lenovo, Inc., regarding the company’s practice of pre-loading advertising software on its laptops that compromised consumers’ cybersecurity and privacy.1 In many respects, the case was reasonably straightforward: the facts as alleged were clear, and the terms of the settlement were not unusual. But what makes this case interesting are the dueling concurrences issued by Acting Chairman Ohlhausen and Commissioner McSweeny regarding the FTC’s authority to challenge omissions. These concurrences continue a debate that has been stirring on and off at the FTC for more than 30 years, and they raise important questions about the agency’s future enforcement priorities. Continue Reading

Northern District of California Drops FTC Unfairness Claim Against D-Link Systems

The U.S. District Court for the Northern District of California recently issued a mixed ruling on D-Link Systems’ motion to dismiss in FTC v. D-Link Sys., Inc.1 D-Link sells routers and Internet protocol (IP) cameras that it markets as having good data security, including “the latest wireless security features to help prevent unauthorized access” and “the best possible encryption.”2 The Federal Trade Commission (FTC) filed a complaint against D-Link, alleging that the company’s products were in fact subject to “widely known and reasonably foreseeable risks of unauthorized access,” and that, among other things, D-Link failed to deploy “free software, available since at least 2008, to secure users’ mobile app login credentials.”3 The complaint alleges five claims for deceptive marketing practices and one count for unfair practices under Section 5 of the FTC Act. Continue Reading

Class Action Standing and Data Breaches: When Is There an Injury-in-Fact?

The biggest question looming over every class-action case filed in response to a data breach is: Will the plaintiffs have standing? The answer has divided courts in recent cases across the country.

Last year, the U.S. Supreme Court held in Spokeo, Inc. v. Robins that Congress could not confer standing to plaintiffs based on a violation of a statute alone.1 Instead, the Court held that, even if a statute has been violated, plaintiffs must prove they have an injury-in-fact and that the injury is both concrete and particularized. Spokeo added a new layer of complexity in pleading standing in data breach cases. Previously, the Supreme Court held in Clapper v. Amnesty International USA that “conjectural” or “hypothetical” injuries were insufficient to confer standing and that harm must be “certainly impending.”2 What Spokeo and Clapper mean in practice for data-breach cases is far from settled.

Continue Reading

Starting Up the CFPB’s No-Action Letter Program

The expanding use of mobile technologies, cloud computing, and the Internet of Things has greatly increased the amount of available consumer data. The ability to efficiently process this information has the potential to provide countless consumer benefits. Nevertheless, companies must navigate an ever-expanding patchwork of domestic and foreign laws and uncertainty regarding the application of existing laws to new technologies. In addition, although regulators have commended the advancement and development of new consumer lending technologies, they also have warned that these new tools “carry the risk of disparate impact in credit outcomes and the potential for fair lending violations[.]” For companies under the authority of the Consumer Financial Protection Bureau (CFPB), the CFPB’s no-action letter (NAL) program offers a potential tool to help navigate these challenges. As described in the following article, however, the tool is not without risk for companies seeking regulatory guidance.

Continue Reading

Post-Spokeo Jurisdictional Divide Continues as Northern District of California Rejects TransUnion’s Lack of Standing Argument

Last year, the U.S. Supreme Court issued a decision in Spokeo Inc. v. Robins, holding that a plaintiff bears the burden of establishing Article III standing by alleging an injury in fact that is concrete, particularized, and actual or imminent.1 The Court stated that “Article III standing requires a concrete injury even in the context of a statutory violation,” and that a plaintiff cannot “allege a bare procedural violation, divorced from any concrete harm, and satisfy the injury in fact requirement of Article III.”2

Following Spokeo, courts across the nation have been grappling with how to interpret and apply the decision. In particular, a jurisdictional divide has arisen regarding courts’ interpretations of the standing issue in Fair Credit Reporting Act (FCRA) consumer protection class actions. Courts in the Seventh and Eighth Circuits, for example, have tended to find no standing in FCRA cases.3 Conversely, the Ninth Circuit has leaned toward plaintiff-friendly findings of standing in FCRA cases.4 Thus, the post-Spokeo FCRA class action jurisprudence demonstrates the criticality of forum in determining a defendant’s likelihood of success in challenging standing.

Continue Reading

LexBlog