On August 9, 2018, the United States District Court for the Northern District of Alabama agreed with the Second Circuit Court of Appeals decision in Reyes v. Lincoln Auto. Fin. Servs., 861 F.3d (2d Cir. 2017), which held that contractual consent to be contacted by an automatic telephone dialing system (“ATDS”) could not (and cannot) be unilaterally revoked because the consent formed part of a bargained-for exchange in the contract. The Second Circuit’s ruling was favorable for companies seeking clarification on consent revocation issues that exist with respect to claims brought under the Telephone Consumer Protection Act (“TCPA”).
The TCPA continues to generate significant case law nationwide. Since our last published update on June 5, 2018, there have been several significant decisions that all TCPA defense practitioners should be aware of. As always, we will continue to keep you apprised of developments going forward. The decisions are listed by issue category in alphabetical order.
Continue Reading TCPA Case Law Review (Vol. 3)
Just when you thought it was safe to open your e-mail again without being inundated with updated privacy policies, here comes the California Consumer Privacy Act of 2018 (“CCPA”). The new law, which goes into effect on January 1, 2020, will expand the privacy rights of California residents and bring some of the EU’s widely discussed General Data Protection Regulation (“GDPR”) to the United States. There will be lots to talk about over the next year and a half as companies gear up for compliance, but here are some key features to be aware of:
Clients regularly ask: If we win this putative class action, can the opposition just file another one on behalf of another as-yet-unidentified putative class representative? Until June 11, the answer was “Maybe?” Now, the answer is clearly no.
In a unanimous decision, the Supreme Court (in reversing the Ninth Circuit) clarified that the tolling recognized under American Pipe applies only to successive individual actions, not successive putative class actions. China Agritech v. Resh, 2018 U.S. LEXIS 3502, *23 (U.S. 2018). According to the opinion authored by Justice Ginsburg: “We hold that American Pipe does not permit a plaintiff who waits out the statute of limitations to piggyback on an earlier, timely filed class action. The ‘efficiency and economy of litigation’ that support tolling of individual claims . . . do not support maintenance of untimely successive class actions.” Id. at *13-*14.
In her concurrence in the judgment, Justice Sotomayor wrote she would limit the holding to cases under the PSLRA. Id. at *24. But she was alone in that view. Id.
We applaud the U.S. Supreme Court in continuing to recognize the inherent limits of class action procedure, and we look forward to similar opinions in the future.
In case there was any doubt that TCPA cases continue to flood federal court dockets nationwide, we recently reviewed the nearly 300 decisions referencing the TCPA that have been published since mid-December. Some of them have obviously made big headlines, like ACA v. FCC or the dueling interpretations of the ACA decision in Reyes v. BCA Fin. Servs. and Herrick v. GoDaddy.com, LLC. But many lesser-known decisions also could prove useful in defending TCPA cases. The decisions are listed by issue category in alphabetical order.
For more than 30 years, the Kansas City Media and the Law Seminar has been at the forefront of important discussions in the media bar. As this year’s committee chair, I may be a bit biased, but I think the focus of the seminar coming up on May 3-4 is one of the most important topics we have tackled to date: The impact of technology, culture, and politics on media freedoms. There’s no doubt that our media and political climate has changed dramatically over the past few years, and technology continues to push the envelope as laws struggle to keep up. It’s fascinating to think that at least half of this year’s panels involve topics that didn’t even exist when this seminar started — things like “social media,” “fake news,” and “Tweets.” Continue Reading Join Vedder Price at the 31st annual Media and the Law Seminar
On April 10, 2018, the Federal Financial Institutions Examination Council (the “FFIEC”), an interagency body composed of the Board of Governors of the Federal Reserve System, Consumer Financial Protection Bureau, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency and the State Liaison Committee, issued guidance to assist financial institutions in analyzing the use of cyber insurance in an effective risk management program (the “Guidance”).
Overview of the Ruling
On March 16, 2018, just before tip-off in the first round of the NCAA tournament, the D.C. Circuit provided the TCPA defense bar with a new playbook of sorts, in the form of a decision that will surely change the game for TCPA litigation. The case, of course, is ACA International v. FCC, and the ruling came down nearly 18 months after oral arguments. ACA Int’l et al. v. FCC, No. 15-1211, Doc. No. 1722606 (D.C. Cir. Mar. 16, 2018). It appears to be worth the wait as the D.C. Circuit slam dunked the former definition of automated telephone dialing equipment (“ATDS”) and the “one-call safe harbor” rule for reassigned numbers.
What Is GDPR?
The EU General Data Protection Regulation (GDPR),—described as “the most important change in data privacy regulation in 20 years”—becomes enforceable by law on May 25, 2018. After four years of preparation and debate, GDPR was approved by the EU Parliament in April 2016 to replace the Data Protection Directive 95/46/EC. According to the EUGDPR.org, the overarching purpose of GDPR is to “harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.” Expected to comply are organizations located within the EU; that offer goods or services to, or monitor the behavior of, EU data subjects; and all companies processing and holding the personal data of data subjects residing in the EU.
A North Carolina bill designed to strengthen the state’s data breach notification statute could radically change incident response. Through the Act to Strengthen Identity Theft Protections, North Carolina could quickly become one of the strictest jurisdictions for data security in the country. The text of the bill has not yet been made public, but a fact sheet released earlier this month indicates that North Carolina may take drastic steps to address the fact that 5.3 million North Carolinians were impacted by data breaches in 2017. Continue Reading Data Breach Notification Revisions in North Carolina Would Bring Radical Change