Articles Posted in Consumer Law

Class certification can be a complicated issue that does not just rely on fulfilling the usual requirements. For example, in Gass v Best Buy Co., Inc., an issue of fact had to be determined in order to confirm the class action certification.

What was the court’s decision in Gass v. Best Buy Co., Inc.?

Gass v. Best Buy Co., Inc. was a class action that failed due to the way plaintiffs’ claim was brought.  In this case, multiple parties brought separate lawsuits against Best Buy claiming that its practices were against the Song-Beverly Credit Card Act. The claimants then merged their claims. The “class” claimed to be representing [a]ll persons from whom Defendant requested and recorded personal identification information in conjunction with a credit card transaction… and a subclass of those who were asked for their information relating to the pre-enrollment . . . in Defendant’s Reward Zone program in conjunction with a credit card transaction.” The Song-Beverly Credit Card Act says that companies may not request or require, as a condition to accepting the credit card, the cardholder to provide personal identification information. The practices in question were: (1) when employees asked customers for additional information if they agreed to be in the Rewards program; (2) when customers were asked for their phone number if they forgot their member cards; and (3) if a card failed to swipe on a charge over $100, the customer would be asked for a zip code in order to look up his/her information. First, the court determined that these requests for identification were not illegal. Second, since the requests for information were not a violation, the court ruled that plaintiffs could not be certified as a class. This was because the definition of those affected was overbroad and included customers who may not have suffered any violation. The court ruled that, if the plaintiffs wished to pursue a specific violation, each could proceed individually.

The CAN-SPAM Act is the federal act that preempts state anti-spam laws. In response to this federal statute, California, and many other states have passed similar anti-spam laws. Do you have a new company that needs to market to a broader community? Will your company create an email list to reach out to new users, customers, or clients? Then you should be aware of the federal and state laws and how they can create liability.

What is the CAN-SPAM Act?

The CAN-SPAM Act mostly focuses on unsolicited commercial email. It stands for Controlling the Assault of Non-Solicited Pornography and Marketing. This federal law prohibits any commercial email that is fraudulent or deceptive and requires all email messages to include an opt-out option for the recipients. Although, the law is focused on companies that disguise the source or purpose of the email, the impetus for passing the bill was the growing cost problem for those receiving mass amounts of emails such as non-profit companies, educational facilities, and other businesses with limited server space. However, this law “only provides a private cause of action to internet service providers that have been adversely affected by prohibited commercial e-mails, and does not extend a cause of action to the recipients of such e-mails.” See Hypertouch, Inc. v. ValueClick, Inc., 192 Cal. App. 4th 805, 123 Cal. Rptr. 3d 8 (2011). Therefore, it is up to the states to determine whether individual recipients of spam can bring suit against companies or individuals.

In an online penny auction, participants purchase bids for a fee, with each bid placed on a particular item increasing the price of the item by a small increment (e.g., one penny) and extending the bidding period for that item by a few seconds. The last participant to place a bid before the bidding period ends pays the website the final price for the item. Unlike traditional online auction websites like eBay, all penny auction participants must pay to play. Thus, it is common for losing bidders to spend significant amounts of money, but receive nothing of value. In this sense, critics have likened penny auctions to gambling.

Are Penny Auctions Considered Gambling?

In general, bid fees are paid to the penny auction website, rather than pooled and awarded to the winner, so a bid is not technically a “bet” or “wager.” As such, existing gambling legislation probably does not apply, so consumers are protected from illegal gambling charges. Moreover, under California law, whether online gambling is an illegal “lottery” depends in part on the degree of chance involved—specifically, whether the game is “dominated by chance.” While penny auctions involve chance, the element of strategic bidding, based on factors like remaining time to bid and expected website traffic, weighs against finding that the auctions constitute illegal lotteries.

In these days, many people spend time on their electronic devices to become members of internet dating services. Many companies are now providing online dating services to their members. In general, the online dating services require their members to submit a profile, which may include personal information (e.g., name, email address, date-of-birth, and photos). As a result, the internet dating service may be sued by its members or third parties for various legal claims.

What Are the Typical Legal Claims Against Internet Dating Services?

In recent years, the internet dating services have been targets of lawsuits.  In some cases, the internet dating service may facilitate sexual encounters between its members, which can lead to its member being arrested for having sex with a minor.  In other cases, the members defame, harass, stalk, or bully each other.  In these cases, the courts have enforced or dismissed the civil claims against the internet dating service for various reasons.  The typical claims against the internet dating service may be for breach of contract, negligence, deceptive trade practice, Lanham Act violation, failure to warn, invasion of privacy, defamation, or fraud.  It is important to note that each of the aforesaid claims requires specific elements and supporting evidence to pass muster in court.  See The Perils and Pitfalls of Online Dating for more information.

The purchase of commercial general liability and umbrella insurance policies are ways to protect your business from liability. However, these types of policies have not adapted to protect policyholders from certain types of cyber liability.  This issue was recently exposed in a case against Urban Outfitters, Inc., and its subsidiary, Anthropologie, Inc. (collectively “Urban Outfitters”). Urban Outfitters found itself with no suitable insurance coverage when facing several lawsuits for privacy infringement that resulted from credit card transactions. Many businesses collect customer data and infringements of customer privacy may not be covered by traditional insurance policies. Do you run a business that collects consumer data? Are you unsure how far your insurance coverage extends in protecting against consumer data breaches? If so, then you may contact us to speak to an attorney about whether you should obtain cyber liability insurance.

What Was the Issue in the Urban Outfitters Case?

In OneBeacon America Insurance Company v. Urban Outfitters, et al., Urban Outfitters was sued in three different states for consumer privacy breaches. Urban Outfitters was sued because of its practice of collecting consumer zip code information when processing credit card transactions. This practice violated multiple consumer privacy laws. Urban Outfitters then looked to its insurance company to defend the multiple lawsuits. However, the insurance company claimed that its general liability policy did not cover that kind of privacy breach. The federal court in Pennsylvania agreed, and held that the insurance company was not obligated to defend Urban Outfitters in any of the lawsuits. The general liability policy only covered “oral or written publication of material that violates a person’s right of privacy,” and even though Urban Outfitters violated consumer privacy, it never published that material.

In recent years, social media has allowed users to instantly communicate with each other. Social media also provides a low cost and high-yield forum for communications. Because of these effects, social media is becoming the preferred way for advertisers to reach customers. A marketing campaign that includes social media can greatly enhance a company’s brand exposure.  However, there are several legal and regulatory issues that arise when using social media for advertising. When using social media tools like hashtags and facebook pages, advertisers should monitor their copyrights and trademarks and comply with state and federal regulations.  Is your company beginning a new social media advertising campaign? Are you trying to brand your company with hashtags and handles?  If so, then you should contact us to discuss the legal issues.

What is a Hashtag and How Is It Used in Advertising?

A hashtag is a form of metadata made up of a word or phrase that is prefixed with the symbol “#” used by a social media site to create a searchable keyword. Hashtags are commonly used to direct potential customers to others discussing the same hashtag. Any user could create a hashtag with your company’s name or one that infringes on your intellectual property. Most social networks have policies that prohibit trademark and copyright infringement. Be sure to check these policies and the procedures for reporting abuses. Yet, not every third-party use of a trademark is necessarily an infringement if done under the fair-use standard. If a third-party is using a hashtag or handle that refers to your trademark, it may not be an infringement if used only to join a conversation, and that user is not claiming to be the owner of the trademark. Further, you can actually trademark a hashtag with the United States Patent and Trademark Office for additional protection. A mark including the “#” symbol can be registered as a trademark if it functions as an identifier of a good or service.

As mobile technology improves, we all do more on our mobile devices—e.g., banking, shopping, and gaming are just a few examples.  The Wall Street Journal estimates the mobile apps market as a $25 billion industry.  New businesses and entrepreneurs may want to jump into this growing market. When new developers enter the market they must consider the privacy rights of users.  The law protects consumers and their privacy from intrusion, and there are even stricter guidelines for apps used by children.  Are you interested in starting a mobile app business?  Are you ready to begin marketing your new mobile app?  If so, then there are steps you must take to ensure you are in compliance with the law and respecting the privacy rights of your customers.

What Is a Mobile Application?

A mobile application is software that can be downloaded and accessed using a mobile device, such as a smartphone or tablet. Apps can be paid or free.  Developers of free apps usually make a profit through advertisements, in-app purchases, and/or paid versions that offer more features than a free trial or “lite” version. Further, apps may collect data from the user.  Apps can access a user’s contacts, call logs, internet data, calendar, and device location.  Usually, this data is collected so that the app can perform what it is designed to do, such as make a bank transfer or direct the user to a destination through GPS.  Data collection must conform to consumer protection guidelines and developers will be held responsible to those guidelines.

Computers are learning to do it all—even surf the Web. These computers, or programs, explore the World Wide Web, gathering information and processes for use in other forums. This technology, which is known as “web scraping” may also threaten website and consumer privacy concerns. Indeed, websites have a proprietary interest in their content and others are not authorized to access and reuse this information. Consumer information that is available online is not necessarily available for any use.  As such, web scraping has become a concern as regulators attempt to outline the parameters. Do you operate a website? Are you a consumer with personal information available over the Internet—such as your name, address, salary, or work history?  Do you have an interest in gathering information from various sites for your personal use? Do you wish to revise your terms of service in light of these advancements? If so, web scraping is relevant to your business and privacy concerns.

What Is Web Scraping?

Web scraping is the process of using computer software to extract information from websites. Usually, this type of software simulates web browsing that is performed by a human. This technique is used to automatically gather information from various websites. This is an effective tool in several fields such as online price comparisons. Often, the aggregate website will have agreements with other websites allowing web scraping to gather pricing data. Additionally, web developers often use this technique to copy website content and reuse it when designing a new site. However, this process can also be used in ways that press against privacy concerns. For example, web scraping can be used to gather a consumer’s personal information. This includes contact information, personal websites, and professional histories. Web scraping can also gather an online user’s comments on discussion boards. All such information is valuable to businesses that want to know how consumers feel about their products or services. Web scraping has increased drastically over the last few years. In 2013, web scraping made up 23% of all online browsing traffic.

Where you visit online seems to say a lot about you. Online privacy has been in the spotlight recently, as consumers come to terms with the reality that their online tracks define who they are to marketers and government agencies.  By studying this data, third parties can paint a picture about consumers—i.e., where they go, what they do, their preferences, and even any illegal conduct.  Now, data brokers can also compile and study large bodies of data to find patterns in behavior. While this carries huge potential for technological advancement, it also comes with greater threats to consumer privacy.

What Is Data Mining?

Data mining is the intricate process whereby data brokers collect, store, and study large sets of data for patterns.  The data includes everything from shopping habits, healthcare records, online practices, and public records (e.g., court and property records). This data is then used in a variety of fields, including intelligence gathering, statistics, database systems, and machine learning. Usually, data mining is used to compile lists for targeted marketing purposes—such as lists of diabetics, smokers, and political affiliations. However, recent reports indicate that data mining has been used to compile more personal lists—rape victims, addicts, and AIDS victims. The U.S. government has used data mining in various surveillance projects. These projects were ultimately terminated because of rising concerns that they violate the Fourth Amendment protection against unreasonable searches and seizures. It is most shocking that the subjects never know they are victims to data mining. At a glance, most of these categories seem harmless. However, the underlying threat is that data brokers conduct mining projects without notifying consumers and without obtaining consent.

In recent years, consumers have received numerous emails from merchants, all trying to sell a service or a product. While marketing and commercial activity is central to the American economy, the recipients of these emails must also enjoy their privacy. In an effort to protect against these disruptive emails, the California Legislature passed anti-spam laws in order to regulate commercial email activity. In addition, a recent district court opinion further clarified the types of emails that are implicated by these statutory standards.

What Are California’s Anti-Spam Laws?

In general, California’s anti-spam laws are codified under Business & Professions Code sections 17529 et seq. First, commercial email advertisements must come from a domain name registered to the sender. Commercial email advertisements include any email sent for the specific purpose of selling or advertising a product or service. The purpose of these laws is to limit promotional emails with false or misleading subject information. These laws apply to any U.S.-based company that sends emails to California consumers. It does not matter whether the sender is located in California. In fact, it may not even matter whether the sender knew the recipient was in California. Furthermore, California’s anti-spam laws provide a greater degree of protection than their federal equivalent—i.e., Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (“CAN-SPAM”). For example, CAN-SPAM requires that each email contain an “opt-out” option that allows consumers to quickly unsubscribe from future emails. The sender must comply with such a request within ten business days. In California, there are no such requirements. Indeed, the recipient can collect these emails and sue the sender for up to $1,000 per email.  So, the charges can quickly add up. If the sender of commercial emails is faced with a lawsuit, it bears the burden of proving that it was in compliance with both the state and federal standards.