In This Issue
Netflix Goes on the Offensive, Challenges VPPA
Facing class actions and an inability to integrate with Facebook due to the Video Privacy Protection Act (VPPA), Netflix is going on the offensive against the law.
Under the VPPA, videotape service providers must destroy customers’ personally identifiable information “as soon as practicable, but no later than one year from the date the information is no longer necessary for the purpose for which it was collected.”
Netflix had hoped for an integration with Facebook where users could share information about their video selections, but faced running afoul of the 23-year-old law. Now, the company has thrown its support behind H.R. 2471, a bill that would amend the Act “to clarify that a video tape service provider may obtain a consumer’s informed, written consent on an ongoing basis and that consent may be obtained through the Internet.”
Under the proposed legislation, consumers could provide advance consent for a set period, or until their consent is affirmatively withdrawn, for their information that will be maintained by a videotape service provider.
The bill, sponsored by Rep. Robert Goodlatte (R-Va.), was recently approved by the House Judiciary Committee. It now moves to the full House for consideration.
In a recent blog post, Netflix asked interested consumers to e-mail Congress to “urge them to pass this modernizing legislation.”
On a related front, Netflix filed an answer in the consolidated class action suits alleging that the company violated the VPPA.
The suits claim that the company created a “veritable digital dossier” by keeping consumers’ personal information, like credit card numbers and rental histories, for longer than necessary – in some cases, after the plaintiffs canceled their accounts.
In its answer, Netflix said it plans to argue that the VPPA does not provide a private right of action to consumers and that the statutory damages scheme set forth in the Act is “unconstitutionally excessive, barred by the Fifth and/or Eighth Amendments to the Constitution, and violates due process.”
The suit seeks statutory damages of $2,500 per violation under the VPPA.
To read H.R. 2471, click here.
To read Netflix’s answer in In Re: Netflix Privacy Litigation, click here.
Why it matters: The approval by the House Committee of the legislation was a victory for Netflix, but the passage of the bill is far from a fait accompli. Given the current push to pass privacy legislation in Washington, lawmakers could be hesitant to back a law that – albeit with consent – actually works to decrease a consumer’s privacy.
back to top
Companies Can Be Liable for Consumer Costs of Security Breach
A business could be liable for the “reasonably foreseeable” costs incurred by customers who sought to mitigate the hacking of their credit and debit card numbers, the First Circuit has ruled.
Hackers breached the electronic payment processing system of the Hannaford Brothers grocery store chain in 2007 and obtained the credit and debit card numbers of an estimated 4.2 million customers.
Twenty-six separate class actions against the chain were consolidated, with groups of plaintiffs alleging various types of damages. Some sought reimbursement for the costs associated with credit monitoring, for the amount of replacement card fees or the costs of obtaining a new card, for their inability to earn reward points during the transition, emotional distress and the time and effort spent reversing unauthorized charges and protecting against further fraud.
Hannaford argued that the plaintiffs’ injuries were too speculative, and a U.S. District Court entered judgment for the chain.
But on appeal, the First Circuit reversed.
While some of the plaintiffs’ claims – like those for lost reward points and emotional distress – were not recoverable, the court said the plaintiffs could pursue their negligence and implied breach of contract claims for the costs of mitigating the theft of their information.
Some financial institutions immediately canceled customers’ cards and issued new ones, which was evidence of the reasonableness of issuing replacement cards as a form of mitigation, the court said.
“It was foreseeable, on these facts, that a customer, knowing that her credit or debit card data had been compromised and that thousands of fraudulent charges had resulted from the same security breached, would replace the card to mitigate against misuse of the card data,” the court said. “Similarly, it was foreseeable that a customer who had experienced unauthorized charges to her account . . . would reasonably purchase insurance to protect against the consequence of data misuse.”
To read the decision in Anderson v. Hannaford Bros., click here.
Why it matters: While other courts have denied damages for plaintiffs in data breach cases, the First Circuit emphasized that the case at hand did “not involve inadvertently misplaced or lost data which has not been accessed or misused by third parties.” Because the hackers were sophisticated and more than 1,800 instances of fraud resulting from the theft were reported, the financial losses to consumers to mitigate their own potential damages were reasonable and foreseeable, the court determined, and therefore cognizable under Maine law.
back to top
NAD Reviews Allegra Ad Claims
Reviewing advertising claims for over-the-counter allergy relief medication Allegra, the National Advertising Division recommended that manufacturer Chattem modify certain claims.
The case involved a challenge brought by competitor Merck, maker of Claritin.
According to the NAD, consumers could take a message of exclusive superiority from Allegra’s claim that it “Combines Fast, Non-Drowsy, 24-Hour Relief With The Power To Relieve Your Toughest Allergy Symptoms,” a claim not supported by the evidence submitted by Chattem.
A television commercial used the phrase “only Allegra” during the voiceover, which also listed allergy symptoms onscreen – like “sneezing,” “sniffling,” and “itchy, watery eyes” – and was immediately followed by an express efficacy claim that Allegra is “proven effective even at 8x high pollen levels.”
In recommending that Chattem modify the claim, the NAD concluded that “the fact that the ‘combination’ claim is immediately followed by an express efficacy claim reinforces the implied message that Allegra is the only allergy medicine with the power to relieve the toughest allergy symptoms.”
The NAD also evaluated Allegra’s claims about the speed of its relief and found the substantiation sufficient.
Based on the total net impression of the product’s commercials, the NAD said that consumers would not likely take away a message of immediate relief, but rather would understand the commercials as conveying the message that Allegra works “fast.”
Chattem provided a reasonable basis for its claim “Before Allegra, I waited hours for my allergy medicine to work. After Allegra, I get fast relief,” the NAD said.
But to avoid potential consumer confusion as to Allegra’s onset of action, the NAD recommended that Chattem clarify its disclosure that Allegra “starts working at hour one” by including the statement itself or by increasing its size and prominence in televised spots. In addition, while the NAD determined that the advertiser could distinguish itself from other allergy relief medication by being “fast,” it must do so “by modifying such claims to clearly and conspicuously disclose that this applies to the first dose only.”
Finally, the NAD determined that Chattem could support the claim that Allegra has been “Proven Effective Even at 8x High Pollen Levels” by the use of single-dose chamber studies, which it said were competent and reliable scientific evidence.
Why it matters: The decision serves as a reminder that advertisers must substantiate all claims that may be reasonably conveyed to consumers in the context of the advertising as a whole. Although Chattem noted in its advertiser’s statement that it disagreed with the NAD that reasonable consumers would take away the implied claim of Allegra’s exclusive superiority and that no such claim was intended, the company said it would incorporate the NAD’s recommendations.
back to top
Fiber = Processed Fiber for Ad Purposes
Can an advertiser claim a product is “Fiber Plus” when the fiber is processed?
In dismissing a consumer class action, the Seventh Circuit said “yes.”
An Illinois resident filed suit against General Mills and Kellogg, alleging that the defendants falsely advertised their “Fiber Plus” chewy bars because they contained processed or non natural fiber.
Despite the name of the product, the principal fiber by weight in the bars is inulin, a form of fiber extracted from chicory root, according to the complaint. The Fiber Plus packaging does not state that its principal fiber comes from inulin, but does list “chicory root extract” first and “inulin from chicory root” in the list of the product’s ingredients.
Inulin provides fewer benefits than non extracted fiber, such as lowering cholesterol and promoting the regularity of bowel movements, according to the plaintiffs, and actually produces negative results in some people, like stomach problems and harm to pregnant or breast-feeding women.
But the Seventh Circuit ruled that the suit was preempted by the Nutrition Labeling and Education Act of 1990.
Under the Act, states may not impose requirements in the label or labeling of food that are not identical to those in the Food, Drug, and Cosmetic Act.
Federal law imposes just one requirement on the labeling of dietary fiber, the court said, which is that companies state “the amount of . . . dietary fiber . . . contained in each serving size or other unit of measure,” a requirement met by the defendants’ Fiber Bars.
In affirming dismissal of the suit, the court said, “The disclaimers that the plaintiff wants added to the labeling of the defendants’ inulin-containing chewy bars are not identical to the labeling requirements imposed on such products by federal law, and so they are barred. The information required by federal law does not include disclosing that the fiber in the product includes inulin or that a product containing inulin produces fewer health benefits than a product that contains only ‘natural’ fiber, or that inulin from chicory root should not be consumed by pregnant or lactating women.”
To read the decision in Turek v. General Mills, click here.
Why it matters: “It is easy to see why Congress would not want to allow states to impose disclosure requirements of their own on packaged food products, most of which are sold nationwide,” the Seventh Circuit observed in its decision. “Manufacturers might have to print 50 different labels, driving consumers who buy food products in more than one state crazy.”
back to top
Second Circuit: State Law Provides Time Limits for TCPA Suits
The Second Circuit recently ruled that state law – not the four-year general statute of limitations under federal law – provides the time limit in a class action brought pursuant to the Telephone Consumer Protection Act.
A Connecticut-based plaintiff filed suit alleging that he received unsolicited fax advertisements from a New York business. He claimed he was one of 10,000 who received such ads.
The defendant argued that the suit was time-barred under Connecticut’s two-year statute of limitations, and the court agreed.
Despite the fact that federal law contains a catch-all provision with a four-year statute of limitations, the court said that state law governed the suit.
The TCPA authorizes claims “only as ‘otherwise permitted’ by state law,” the court said, which gives states the authority to determine the time period in which such actions will be recognized.
The Connecticut law that specifically recognizes a cause of action for statutory damages for the transmission of unsolicited fax communications contains the two-year limit.
The TCPA does not expressly provide a statute of limitations for the private cause of action it authorizes, the court said, and Congress chose to make suits under the Act the “ ‘functional equivalent of state law,’ applicable only as otherwise permitted by state law and court rules.”
“If a claim for the transmission of an unsolicited commercial fax is no longer ‘permitted’ by a state statute of limitations, it cannot be maintained under the TCPA,” the court said.
Therefore, because Connecticut law contains an express requirement that such suits be filed within two years of transmission of the unsolicited fax, the plaintiff’s claim was untimely, the Second Circuit held, affirming dismissal of the suit.
To read the decision in Giovanniello v. ALM Media, click here.
Why it matters: The decision provides guidance to defendants facing TCPA suits to look to state law for a determination of whether a suit has been timely filed. However, in a concurring opinion, Senior Circuit Judge J. Clifford Wallace of the Ninth Circuit noted that the majority’s opinion “adds to a growing split” among the state and federal courts on the issue of TCPA statute of limitations claims.
back to top