Ad Law Access Updates on advertising law and privacy law trends, issues, and developments Tue, 14 Nov 2023 13:47:35 -0500 60 hourly 1 SharkNinja Faces Heat Over Temperature and Non-Stick Claims Thu, 19 Oct 2023 08:00:00 -0400 In 1985, Bon Jovi released their second studio album, 7800° Fahrenheit. As a good New Jersey resident with good taste in music, I bought the album. I remember learning that the title supposedly referred to the melting point of rock, though I don’t remember if I ever attempted to verify that fact. (I also don’t remember how people verified facts before the advent of the internet.)

About 35 years later, SharkNinja released a line of cookware that is purportedly manufactured at 30,000° Fahrenheit. New Jersey resident Patricia Brown purchased two of the pans. She later used the internet to attempt to verify the claims and learned that 30,000° F is three times the surface temperature of the sun and that the melting point of aluminum is 1,220° F. That made her suspicious.

You may ask – as eventually did Ms. Brown – why you’d buy a pan with maximum manufacturing temperature of 30,000° F when you could buy one with a maximum manufacturing temperature of 900° F for less money. SharkNinja has an answer: “the difference is in the degrees,” and unlike cookware that is manufactured at cooler temperatures, theirs “never sticks, chips, or flakes.”

(You may also ask – as immediately did I – whether you could use a SharkNinja pan to melt rocks. SharkNinja has an answer to that, too: the pan is only “oven safe to 500° F,” so probably not. In that case, it’s best to leave melting rocks to professionals, like Jon and the band.)

Ms. Brown filed a lawsuit arguing that SharkNinja’s claims are false and that the claims violate (a) the laws of New Jersey and (b) “the laws of physics and thermodynamics.” (Only the former have a private right of action.) In support of her allegations, Ms. Brown cites a 2021 case in which NAD reviewed SharkNinja’s “never stick” claims. The temperature claims weren’t part of the challenge.

NAD had several concerns with the company’s test methodology. For example, SharkNinja only conducted tests with one food: scrambled eggs. NAD determined that SharkNinja “did not provide sufficient support that scrambled eggs are representative of all the types of foods that consumers typically cook in nonstick pans.” Although NAD didn’t opine on how many foods or variables had to be tested, one was not enough. Accordingly, NAD recommended that SharkNinja drop the comparative claims.

We’ll have to wait to see whether SharkNinja uses the same protocols to support its comparative claims in this lawsuit or whether it has expanded its testing to address NAD’s concerns. It’ll be interesting to see whether the court relies on the 2021 NAD decision when evaluating those tests. It’ll also be interesting to see whether the court delves into the substantiation for the 30,000° Fahrenheit claims. Otherwise, unless Bon Jovi uses that for a new album title, we may never know.

In Your Face: Connecticut District Court Denies Motion To Dismiss in Coppertone “FACE” Sunscreen False Ad Case Mon, 28 Aug 2023 00:00:00 -0400 Two-Faced? Coppertone Case Tests Whether Factually True Claims Are Deceptive Tue, 09 May 2023 15:12:06 -0400 Can claims that are factually true still be deceptive? This is the question before a Connecticut federal court. Last summer, Tonya Akes, a consumer, sued Beiersdorf, Inc., maker of Coppertone sunscreen, alleging that Beiersdorf engaged in deception because it sold the SPF 50 Coppertone Sport Mineral Face sunscreen, which she alleges she believed was “specifically designed” for use on the face based on the front-of-pack claims, at twice the price as the regular Coppertone Sport Mineral sunscreen, despite the formulas being identical.

In January 2023, Beiersdorf moved to dismiss the amended complaint. The company concedes that the formulas are the same. However, the company asserts, among other things, that the product claims are true and therefore the complaint fails because there is no deception. That is, Ms. Akes cannot succeed on her claims because the claims that she points to as the basis for her understanding that the product was specifically designed for facial use, i.e., the use of “FACE”, “oil free” and “won’t run into eyes” are, in fact, true. Beiersdorf points out that Akes does not allege that she looked at the regular version of Coppertone Sport Mineral prior to purchasing the “FACE” version and, therefore, her argument amounts to little more than regret over paying more than she would have liked. The court’s ruling is pending.

Courts have been skeptical of arguments that brands necessarily deceive consumers by packaging the same product at varying price points, e.g., rejecting arguments that infant acetaminophen is deceptively marketed when sold at a higher price as compared to children’s acetaminophen because there was nothing about the packaging that suggested that the products had different formulations. Here, had Akes looked at the 5 oz version, she presumably would have seen that the active ingredient in both was zinc oxide and would have also seen that the ingredient listings and Drug Facts were identical. But, courts are also skeptical of requiring consumers to actually read ingredient lists.

So, what’s a marketer to do? Beiersdorf rightly points out that “[t]here is nothing deceptive about emphasizing different but equally true aspects of a product to different market segments or pricing products differently when sold to different market segments or in different retail channels. This happens every day.” When confronting this issue, companies should keep in mind that differences in branding, packaging, merchandising (store and shelf placement) and other factors can help establish a valid legal basis to support an argument that, even if two products have the same formula, one rightly commands a higher price point.

Hurried Woman Sues Over Cook Time Instructions Tue, 29 Nov 2022 06:00:03 -0500 Time is money, and when you’re hungry for mac-and-cheese, a few seconds can be worth millions of dollars. Or at least that’s what a Florida woman suggests in her class action lawsuit against Kraft Heinz over a claim on single-serve cups of Velveeta Shells & Cheese stating that the product can be “ready in 31/2 minutes.”

Alas, life isn’t always that easy, and a close look at the instructions reveals that 31/2 minutes is just the amount of time it takes for the product to cook in the microwave. You also need to do things like remove the lid, add water, and stir. That takes extra time, so our woman in Florida argues that the claim on the front of the package is false and misleading.

Velveeta Package

(The woman doesn’t say how long it took her to complete these extra steps, but in our tests, a person with moderate culinary skills can manage them in under 60 seconds. You may quibble and say that if I had waited for the cheese to thicken, it would have taken longer. But I’d tell you that if I didn’t have two dogs underfoot, I could have moved faster. So let’s call it 60 seconds.)

The extra 60 seconds may not be a big deal to some, but the plaintiff argues that underestimating cook time “offends established public policy and is immoral, unethical, oppressive, and unscrupulous to consumers.” It has shaken her faith not only in the instructions for this particular product, but also for “other similar products that claim they are ready in a specific amount of time.”

The plaintiff claims that she and other class members who endured extra minutes of hunger have suffered over $5 million in damages. But the case isn’t just about the money. The plaintiff also wants the court to order Kraft Heinz to “engage in a corrective advertising campaign” to inform consumers that the product takes longer than 31/2 minutes to be ready for consumption.

What can you learn from this suit? If you’re a business, review claims to make sure they are as precise as possible. Even though Kraft Heinz will likely win this case, a slight change in wording may have helped them avoid it, in the first place. If you’re a consumer who is pressed for time, review cooking instructions before you buy something. Five seconds up-front could save you 60 seconds of frustration later.

Coca-Cola Scores Second Win over Green Claims in One Month Sun, 27 Nov 2022 06:00:37 -0500 This month, the DC Superior Court dismissed a lawsuit brought by Earth Island Institute against Coca-Cola, alleging that the company falsely represents itself as “a sustainable and environmentally friendly company, despite being one of the largest contributors of plastic pollution in the world.” The court held that many of the challenged statements are aspirational and do not include anything that can be measured to determine whether they are true or false.

Just two weeks later, Coca-Cola scored a second victory, this time in a case brought by the Sierra Club and a group of consumers over claims that certain water bottles were “100% recyclable.” The plaintiffs alleged that the claims were false and misleading because most plastic bottles are not recycled. Plaintiffs argue that most bottles end up in landfills or incinerators due to a lack of recycling capacity and a lack of demand for recycled plastics.

In a short opinion, a California federal court determined that “no reasonable consumer would understand ‘100% recyclable’ to mean that the entire product will always be recycled or that the product is ‘part of a circular plastics economy in which all bottles are recycled into new bottles to be used again.’” Instead, the court held that “recyclable” simply means that a product is capable of being recycled. The plaintiffs’ interpretation of the word ran counter to common sense, the FTC’s Green Guides, and California law.

This decision is good news for Coca-Cola and any other company that wants to advertise that a product is “recyclable.” Had the plaintiffs prevailed, that could have resulted in a standard that would require companies to foresee whether a product will actually be recycled before advertising that it can be recycled. Not only is that standard unworkable, if companies were prohibited from informing consumers that a product can be recycled, it’s likely that even fewer products would be recycled.

We’re likely to see a lot more activity in this area over the coming months, both in terms of litigation and (eventually) in terms of the FTC’s eagerly-awaited update to the Green Guides. Stay tuned.

Coca-Cola Beats False Advertising Suit Over Aspirational Claims Wed, 16 Nov 2022 20:30:53 -0500 Last year, we posted about Earth Island Institute’s lawsuit against Coca-Cola, alleging that the company falsely represents itself as “a sustainable and environmentally friendly company, despite being one of the largest contributors of plastic pollution in the world.” While many lawsuits involving green claims focus on claims about past or present results (which can usually be proven or disproven), this lawsuit focused on aspirational and forward-looking statements (which are inherently harder to prove or disprove).

The DC Superior Court determined that many of the challenged statements are aspirational and do not including anything that can be measured to determine whether they are true or false. For example, phrases such as “a more sustainable future for our communities and our planet” and “help develop more effective recycling systems” are extremely vague. “[W]hile they point to a general theme of sustainability and corporate improvement, there is not a measurable standard to apply as to whether or not Defendant has met these general goals.”

Other statements – including statements about the company’s plan “to help collect and recycle a bottle or can for every one we sell globally by 2030” – were more specific. However the court determined that “a consumer would not be able to determine if the goal has yet been met in 2022 as it is set significantly in the future.” Moreover, “the inclusion of the word ‘help’ muddles the promise, such that the enforceability, even in 2030, appears to be somewhat uncertain.” Bottom line:

As future, aspirational goals, these statements cannot successfully create a valid claim under the [Consumer Protection Procedures Act (or “CPPA”)] until they have been found to be inaccurate or misleading.

Although this decision suggests that advertisers may have some breathing room to make aspirational statements, it’s worth noting that the case could have ended up differently had it been brought in a different venue. For example, in cases such as this one, NAD has held that “an advertiser must be able to demonstrate that its goals and aspirations are not merely illusory and to provide evidence of the steps it is taking to reach its stated goal.”

Man Sues Bass Pro Over Lifetime Guarantee on Socks Wed, 20 Jul 2022 13:17:15 -0400 As heat waves spread across the country, many men are looking for opportunities to go without socks. (To those men, I might suggest a good pair of no-show socks but, like with other grooming tips, that’s beyond the scope of this post.) The point is that, despite the heat, one Missouri man wants more socks, even though they appear to be thick and rather warm. In fact, he filed a $5 million class action against Bass Pro Shops for failing to give him more of those socks under the company’s lifetime guarantee.

Bass Pro Socks

Bass Pro sells a product called “RedHead® Lifetime Guarantee All-Purpose Socks.” As the name suggests, the company prominently advertises that the socks are subject to a lifetime guarantee and that “if they wear out, they get replaced.” In a YouTube video, a store manager elaborates on that, saying: “If anything ever happens — if the dryer steals one of them on you — you bring the other one in, and we give you a brand new pair of socks.”

Whether or not our man in Missouri had socks stolen by his dryer we may never know, but we do know that he took advantage of the lifetime guarantee a number of times since 2015, “typically 2-4 pair at a time.” Each time, Bass Pro replaced the socks with new socks that were subject to the same lifetime guarantee. That changed last year, though, when he attempted to exchange four pairs of socks. This time, he was given “distinctively-marked 60-Day Socks.”

(If you’re not sure what you’re wearing, glance down towards your calves. If you see a “distinctive stripe pattern” on your socks, that could be a warning that they’re just 60-Day Socks. Tread carefully.)

The lawsuit alleges that Bass Pro has engaged in false advertising and that it failed to honor its warranty. Although it’s too early to tell how this case will turn out, this lawsuit is worth contemplating for any company that is considering a lifetime warranty. A lifetime warranty may be a big selling point but, as the saying (sort of) goes: “With big selling points come big responsibilities.” Absent any clear disclosures, those responsibilities could last a lifetime.

YouTube Faces Suit Over Automatic Renewal Practices Thu, 09 Jun 2022 12:31:18 -0400 Last month, plaintiffs filed a class action lawsuit against YouTube (and its parent company Google), alleging that the company violates Oregon laws by automatically renewing paid subscriptions to premium music, television, and video streaming services without adequately disclosing the offer terms or getting consent.

Specifically, the complaint alleges that the company violated Oregon’s automatic renewal law by:

  • failing to present the automatic renewal offer terms in a clear and conspicuous manner and in visual proximity to the request for consent;
  • charging consumers without first obtaining their affirmative consent; and
  • failing to provide an acknowledgment that includes the offer terms, cancellation policy, and information on how to cancel in a manner that can be retained by the consumer.
The plaintiffs also allege that YouTube made it “exceedingly difficult and unnecessarily confusing” for consumers to cancel their subscriptions.

We expect that suits involving automatic renewals are likely to increase, so if you offer subscription services, you should take steps to assess your level of compliance. Even if you don’t offer subscriptions, it’s worth noting how the allegations in this suit fits into some of the broader trends we’ve written about recently.

For example, the complaint accuses YouTube of using “dark patterns,” a topic that is receiving increased attention from federal and state regulators. And it questions the effectiveness of the company’s disclosures, a topic about which the FTC intends to issue new guidelines.

Food + Personal Care Litigation and Regulatory Highlights – January 2022 Thu, 17 Feb 2022 16:28:33 -0500 Food + Personal Care Litigation and Regulatory Highlights – January 2022Welcome to our 2022 inaugural issue of Food and Personal Care Litigation and Regulatory Highlights, where we explore trends and developments from around these industries. It’s fair to say that the year has started off very busy in both the courtroom and the regulatory arena. On this chilly winter day, our first stop is in California.

Prop 65

Our friends at Kelley Green Law Blog get the starting position for this issue by highlighting a precipitous uptick in the number of Prop 65 filings over the prior year. While the Covid-19 pandemic caused all sorts of disruptions to society and the economy, at least one area of business has thrived over the last two years: private plaintiff enforcement of California Proposition 65. In 2020-2021, over 40% more Prop 65 actions were brought by private plaintiff “bounty hunters” than in the two years prior to the pandemic (2018-2019). Compared to a decade ago, private plaintiff groups now initiate three times more Prop 65 actions each year, and five times more than in 2008. Learn more here about the most frequently cited chemicals and those that are emerging, including PFAS.

Notable Dishes From the Food Court

The close of 2021 included two notable class action decisions for the food industry. In the first, Bolden v. Barilla America, Inc., the Northern District of Illinois denied a motion to dismiss various state law consumer fraud and express warranty claims alleging that Barilla deceptively labeled its pasta sauces as containing no preservatives, even though the products contain the known preservative citric acid. However, the court granted Barilla’s motion to dismiss the implied warranty claim for lack of privity, and as also dismissed the negligent misrepresentation claim because it was barred by the economic loss doctrine. The court also denied the plaintiffs’ request for injunctive relief, ruling that they could avoid Barilla’s allegedly deceptive products by purchasing other branded sauces.

In the second, Warren v. Whole Foods Market Group, Inc., the Eastern District of New York dismissed claims that Whole Foods Markets tricked consumers into believe its instant oatmeal product was sugar-free or low in sugar by using allegedly misleading phrases such as “dehydrated cane juice solids” and displaying picture of fresh raspberries on the label. The court found that, in the absence of any express claim that the product was sugar-free or low in sugar, consumers are “trained to look” to the ingredient list, which disclosed the use of dehydrated cane juice solids, and found it “improbable” that reasonable consumers would gloss over the words “Sugar 11 g,” which were prominently displayed in the nutrition panel immediately next to the ingredient list and, in the court’s view, “hard to miss.”

In January, the Southern District of New York followed the overwhelming number of courts that dismissed “vanilla” claims throughout 2021. In this most recent case, Santiful v. Wegmans Food Markets, Inc., the plaintiffs had alleged that the use of the words “vanilla” and “naturally flavored” on the label of Wegmans’ Gluten Free Vanilla Cake Mix misled consumers into believing that the product was flavored mainly from vanilla beans when it allegedly contained artificial flavors. The court disagreed, finding that the vanilla representations conveyed to consumers the flavor of the product rather than the specific ingredients used to impart that flavor. As to the artificial flavoring aspect of the complaint, the court held that that because the ingredients that contributed to the vanilla flavoring (ethyl vanillin, vanillin, maltol and piperol) can be artificial or natural depending on how they are derived, the plaintiffs were required to allege exactly how these ingredients were derived for this product. Because they had not done so, the court dismissed the complaint but permitted the plaintiffs to file an amended complaint.

Food Filings Trends

Furthering one of the growing trends of the last year, 2021 ended and 2022 started with a number of new “ingredient” class actions, including three suits challenging the use of non-dairy ingredients in “fudge”-based products, as well as others challenging the use (or rather, lack of use) of real cinnamon in cinnamon-flavored cereal, the lack of butter in “butter snaps pretzels,” and the minimal use of whole grains in various cracker products. We also saw a number of new “natural” and “preservative-free” lawsuits, and multiple new lawsuits challenging “healthy” marketing claims and protein content claims.

Hot Tip: For those reviewing or refreshing food labels, here are a couple of practical watch-outs:

  • Terms that are subject to a “standard of identity,” i.e., a regulatory definition for what must be in a product to bear a particular name. Using defined names without meeting the regulatory definitions is increasingly drawing scrutiny.
  • Multi-function ingredients such as malic acid, citric acid or fumeric acid, which can perform multiple functions in a product in conjunction with claims such as “preservative free”. Even if not acting as a preservative, courts have been reticent to dismiss claims of false advertising where the product include a multi-function ingredient and a claim that directly relates to one of those functions.
National Advertising Division

What’s in a name? NAD determined that Goli Nutrition had a reasonable basis for use of the name Apple Cider Vinegar (ACV) Gummies but also found that the advertiser could not substantiate that the gummies provided the health benefits typically associated with ACV and thus recommended that the advertiser qualify the use of ACV – including in the product name – to avoid conveying unsupported health benefit claims.

In a challenge brought by Bragg Live Food Products, maker of a competing apple cider vinegar shot, Bragg took issue with Goli’s use of “apple cider vinegar” in the product name, alleging that they do not contain enough acetic acid to qualify as apple cider vinegar or an ACV supplement. As such, Bragg also alleged that Goli's use of the term "vinegar" in the product name and labeling runs afoul of FDA labeling requirements and Goli’s gummies have little chemical similarity to apple cider vinegar or a true ACV supplement.

More specifically, Bragg alleged that Goli’s gummies did not have sufficient acetic acid to be labeled “vinegar” per FDA’s regulations and also fell short of the 5% naturally occurring acetic acid concentration found in traditional ACV. Goli countered that its ingredient is made from dehydrated apple cider vinegar. In support of its argument, Goli submitted Specification and Cook Sheets indicating that the apple cider vinegar powder component contained 5.88% acetic acid along with multiple laboratory tests demonstrating acetic acid at 25-33 mg. Based on this, NAD determined that Goli had established a reasonable basis for its product name.

NAD then examined Goli’s advertising for its ACV product, which “created a powerful connection between the product and the expected health benefits of ACV” based on the combination of visual imagery and product scenes featured in ads. In evaluating the substantiation for those claims, NAD noted that the accepted threshold dose of liquid apple cider vinegar is one tablespoon, which delivers 750 mg of acetic acid. When consumed as directed or even at a modified dose, NAD found that the Goli gummies provided far less than 750 mg of acetic acid and that the advertiser did not provide support for a health benefit below that level. As such, NAD recommended that Goli discontinue or modify its advertising to avoid conveying the unsupported message that the amount of ACV contained in its gummies are associated with the health benefits of traditional liquid ACV. NAD noted that this includes modifying or qualifying the use of “Apple Cider Vinegar,” “ACV,” or “Vinegar” including in its product name when in the context of the challenged advertising so as to avoid conveying an unsupported implied health message.

Unsurprisingly, Goli is appealing the decision to the NARB. Given the popularity of ACV and gummies generally, this is one to watch.


Across the pond, the UK’s ASA roasted Oatly’s climate-friendly claims for conveying messages beyond the limits of the substantiation. If you aren’t already following the trends regarding green claims and false advertising litigation, check out these posts to help get up to speed on related NAD decisions regarding sustainability in the fashion industry, a new California recycling law, and litigation around corporate aspirational environmental statements. These trends are only going to continue.


The big news at FDA is that the agency finally has a confirmed commissioner after over a year without one. Dr. Robert Califf was narrowly confirmed by the Senate earlier this week.

In a sign of things getting back to “normal,” FDA also announced that it will be resuming in-person inspections for domestic facilities.

FDA released a list of guidance topics that the FDA Foods Programs expects to publish by the end of December 2022, which includes the following:

  • Labeling of plant-based milk alternatives
  • Labeling of plant-based alternatives to animal-derived food
  • Multiple guidance documents relating to hazard analysis for various food types
  • Three guidance documents relating to heavy metal levels in foods
  • Two guidance documents relating to the new dietary ingredient process
  • Guidance relating to testing methods for asbestos in cosmetic products that contain talc
Separately, BPA is again popping up as it has periodically for the last decade or so. A coalition of scientists, medical experts and environmental groups filed a petition with FDA asking the agency to restrict the use of BPA in food contact plastics. The petition cites findings published recently by the European Food Safety Authority (EFSA), which found that harmful impacts from BPA exposure can occur at levels 100,000 times lower than previously assumed. Many manufacturers have already moved away from BPA in their packaging materials


The FTC and State AGs

The FTC and state attorneys general are also hard at work. Companies that offer a subscription service or autoship options will want to pay attention to guidance and enforcement regarding allegedly deceptive practices, now branded as “dark patterns”. See here and here for our expert analysis on these topics.

And finally, in-house counsel should check on whether their marketers may be cherry-picking reviews in a way that could be deceptive. The FTC’s settlement with Fashion Nova regarding failure to post negative reviews is a helpful lesson for any company that curates reviews, whether manually or by algorithm.


We’ll see you next month with more developments. In the meantime, check out Ad Law Access, Cannabis Law Update, and Kelley Green Law blogs for regular updates.

Noom to Pay Over $60M to Cancel Automatic Renewal Suit Tue, 15 Feb 2022 12:38:13 -0500 Noom to Pay Over $60M to Cancel Automatic Renewal SuitIn several recent posts and a webinar, we’ve talked about how the FTC and state AGs are focusing on automatic renewals. A series of new laws and investigations show that this continues to be a hot topic for both lawmakers and regulators. But a new settlement involving Noom’s automatic renewal practices for its weight loss program serves as a reminder that class action attorneys are also paying attention and that the costs of getting things wrong can be very high.

Noom allows customers to try its weight loss coaching program “risk free” for two weeks.Renewal Button After that period, Noom automatically enrolls customers in a program and begins charging membership fees. The problem, according to the complaint, is that Noom fails to adequately disclose material terms of the offer or get explicit consent to the renewal. (Although a screen shot in the complaint shows that Noom does disclose the automatic renewal terms, plaintiffs claim the disclosure isn’t sufficiently clear.)

The lawsuit also takes issue with Noom’s cancellation system. To cancel their memberships, customers would have to send a message to their “coach,” who is actually a bot. (We’ve warned about the dangers of bots before.) The bot would then provide instructions to cancel on the iTunes App Store or Google Play Store. According to complaints filed with the BBB and on other sites, many consumers were frustrated when they were not able to avoid charges or get refunds.

According to the proposed settlement, Noom will substantially enhance its auto-renewal disclosures, as well as require consumers to take a separate action through a check box or digital signature to accept auto-renewal. The company will also include a “cancel” button on a customer’s account page to allow for easier cancellation. In addition to these (and other) changes, the company has agreed to pay $56 million, and provide an additional $6 million in subscription credits.

If you haven’t taken a look at your automatic renewal disclosures or your cancellation process recently, it may be time to take a fresh look. Simply having disclosures or cancellation process isn’t enough, as recent lawsuits are targeting just how clear disclosures are or just how easy it is to cancel. (Read our posts on dark patterns to see how this may play out in a state AG investigation.) It’s also a good idea to take a look at your complaints, especially on public sites. There’s a good chance that regulators and class action attorneys are looking at them, too.

The Pink Tax: A Litigation and Legislation Update Tue, 01 Feb 2022 07:47:38 -0500 The Pink Tax: A Litigation and Legislation UpdateWe previously reported on an emerging legislative and litigation trend relating to the “pink tax” – a gender-based pricing phenomenon that allegedly results in higher prices for goods and services marketed towards women as compared to substantially similar alternatives marketed towards men. As predicted, the last two years have shown an uptick in litigation (which has been largely unsuccessful) and legislative action (some finalized and some pending).


Last year, we discussed an early blow to the pink tax theory of liability in Schulte v. Conopco, d/b/a Unilever, et al. In Schulte, the plaintiffs alleged that various personal care manufacturers and retailers violated the Missouri Merchandizing Practices Act (MMPA) by charging more for deodorants marketed for women than allegedly similar deodorants marketed for men. The product lines at issue contained similar, but not identical, ingredients, came in different sizes, and were available in different scents (fifteen “feminine” scents in the line marketed for women and five “masculine” scents in the line marketed for men). The Eastern District of Missouri dismissed the complaint, ruling that “Missouri law does not compel identical products to be sold at the same price” and that the plaintiff’s remedy “lies with legislation, not litigation.” The Eighth Circuit affirmed on the grounds that the plaintiff mistook “gender-based marketing for gender discrimination.” In order to state a claim, the court ruled that the plaintiff would have to allege that the only difference between the products was the price and the intended target of the marketing. Here, because the plaintiff conceded that the products were, in fact, different, thus dismissal was appropriate.

In Lowe v. Walgreens Boots Alliance, Inc., et al., the Northern District of California dismissed another pink tax putative class action, albeit on different grounds. In Lowe, the plaintiffs alleged that the price of Walgreens’ hair regrowth treatment for women (a generic alternative to Rogaine) was almost 1.5 times higher than the male-marketed alternative. The plaintiff alleged that the products had identical active ingredients, and that the only differences were the dosing instructions and the price tag. The court’s justification for the dismissal was twofold. First, the court ruled that the plaintiff’s state consumer protection claims were preempted because, under the Federal Food, Drug Cosmetic Act (“FDCA”), Walgreens’ generic product labels were required to exactly mirror the brand-name label. Thus, to the extent the plaintiff claimed that the products labels were deceptive, such claims were preempted. The court also dismissed the plaintiff’s claim under California’s Unruh Act because the statute does not apply to goods, but rather to “accommodations, advantages, facilities, privileges, or services.” Lowe has appealed the decision to the Ninth Circuit.

While California’s Unruh Act seems to be a dead end for product pricing discrimination claims (at least for now), courts have applied the Unruh Act to claims alleging gender-based pricing discrimination in services. For example, in Department of Fair Employment and Housing v. M&N Financing Corp., et al., the plaintiff alleged that M&N Financing purchased retail installment contracts from used car dealerships, and that the gender of the purchaser of the car factored in to how much M&N would pay for the contract. The Court of Appeal found that this practice was a “per se” violation of the Unruh Act warranting statutory damages even though the plaintiff had not demonstrated actual injury.

State Legislation

In September 2020, New York passed a law prohibiting individuals and entities, including retailers, suppliers, manufacturers, or distributors, from charging a different price for two “substantially similar” goods or services based on the gender for whom the goods or services are marketed. As in the litigation context, this concept of “substantial similarity” is the key. Substantially similar goods are defined as two goods that exhibit no substantial differences in the materials used in production, intended use of the good, the functional design and features of the good, and the brand of the good, and substantially similar services are defined as two services that exhibit no substantial difference in the amount of time to provide the service, the difficulty in providing the service, and the cost in providing the service. An individual or entity charged with violating the law can avoid liability by proving that any price difference is based upon a number of gender-neutral factors including, but not limited to, the additional time or cost of manufacturing such goods or providing such services. While the new law does not provide a private right of action to consumers, it permits the attorney general to obtain an injunction against such prohibited sales, as well as restitution for consumers and civil penalties.

New Jersey also recently proposed a bill that prohibits discriminatory pricing with respect to substantially similar services and consumer products. The definition of “substantially similar” is, on its face, almost identical to the one adopted under the New York law. Under the proposed law, certain services providers (including tailors, barbers, hair salons, and dry cleaners) would be required to clearly and conspicuously disclose to the customer in writing the pricing for each standard service provided, along with a clearly visible sign notifying customers that gender-based price discrimination is prohibited under New Jersey law. This bill is currently under review by the Assembly Consumer Affairs Committee.

A similar bill was introduced in Massachusetts creating a 15-member working group on gender equity regarding the pricing of items marketed towards women in Massachusetts. The group will report its findings and recommend any changes in current law by the end of 2022.

Federal Legislation

In June 2021, California Congresswoman Jackie Speier reintroduced the Pink Tax Repeal Act, a bipartisan bill that seeks to end gender discrimination in the pricing of goods and services. The bill would prohibit the sale of substantially similar goods or services that are priced differently based on gender, allow the Federal Trade Commission to take enforce violations, and permit State Attorneys General to take civil action on behalf of wronged consumers. Currently the bill is before the Subcommittee on Consumer Protection and Commerce.

* * *

We will be following this issue closely in 2022, and will report on new developments as they occur.

The Pink Tax: A Litigation and Legislation Update

StubHub Agrees to Pay $9.5 Million to End Refund Investigation Thu, 16 Sep 2021 13:45:13 -0400 Last year, we posted about how some companies had retroactively changed their refund policies after COVID-19 hit, and we noted some of the potential pitfalls associated with that strategy. Lawsuits and regulatory investigations soon followed, and many have been working their way through the system. This week, ten states and DC announced that StubHub had agreed to pay over $9.5 million in refunds to end one such investigation.

Before the pandemic, StubHub offered consumers cash refunds for tickets to events that were later canceled. As we noted in our post, StubHub later changed its policy to state that “if the event is canceled and not rescheduled, you will get a refund or credit for use on a future purchase, as determined in StubHub’s sole discretion (unless a refund is required by law).” Other communications omitted that parenthetical, suggesting that all consumers would get a coupon.

Although StubHub argued that it was forced to change its policy due to a near complete loss of revenue during the pandemic, regulators didn’t think that justified a retroactive application of the changes in a manner that shifted StubHub’s burden to consumers. For example, the Virginia Attorney General said that “the COVID pandemic should not be used as an excuse to withhold refunds owed to customers for cancelled events.”

If events over the past year have made you rethink whether your cancellation policy still makes sense, it’s fair to consider making changes to the policy, even if those changes limit consumers’ rights. But while those changes can be applied to future purchases, you generally should not apply them to purchases that were made while the previous policy was in effect.

Allbirds Faces Lawsuit Over Green Claims Fri, 10 Sep 2021 15:58:41 -0400 This summer, a plaintiff filed a class action lawsuit against Allbirds, alleging (among other things) that the company’s environmental claims – including claims about its “sustainable” practices, the “low carbon footprint” of its shoes, and its other “environmentally friendly” initiatives – are false and misleading.

The complaint – which is based largely on a PETA article – alleges that the life cycle assessment tool Allbirds uses to identify the carbon footprint of its products does not assess the environmental impact beyond the manufacturing of the shoes. Because it excludes things like the impact of wool production on the environment, it understates the environmental impact. Moreover, the complaint alleges Allbirds bases its carbon footprint figures on “the most conservative assumption for each calculation,” so that it can make more aggressive claims.


The plaintiff also argues that Allbirds makes “misleading animal welfare claims,” including by advertising “happy sheep” that live the “good life.” Based on the PETA article, the plaintiff alleges that the sheep may not be quite so content.

Although the FTC’s Green Guides provide guidance on various types of environmental claims, there isn’t a lot of clarity on the types of claims mentioned in this complaint. It’s too early to predict how this case will turn out, but this case and others like it – such as the lawsuit against Coca-Cola we wrote about this summer – suggest that plaintiffs will take advantage of that lack of clarity and continue to challenge ESG initiatives.

Jessica Rich and Laura Riposo VanDruff, Two Former Senior FTC Officials, Join Kelley Drye’s Privacy and Advertising Practices Wed, 08 Sep 2021 13:33:07 -0400 Jessica L. Rich and Laura Riposo VanDruff, Two Former Senior FTC Officials Further Bolstering Kelley Drye’s Privacy and Advertising PracticesWe are thrilled that Jessica Rich and Laura Riposo VanDruff have joined the firm’s Privacy and Advertising practice groups. Both attorneys are former top officials at the Federal Trade Commission (FTC), with Rich having served as Director of the Bureau of Consumer Protection (BCP) and VanDruff as an Assistant Director in BCP’s Division of Privacy and Identity Protection (DPIP).

Jessica and Laura join our impressive list of former FTC officials, including the firm’s managing partner, Dana Rosenfeld, who served as Assistant Director of BCP and attorney advisor to FTC Chairman Robert Pitofsky, former Bureau Directors Bill MacLeod and Jodie Bernstein, as well as Aaron Burstein, having served as senior legal advisor to FTC Commissioner Julie Brill.

Jessica served at the FTC for 26 years and led major initiatives on privacy, data security, and financial consumer protection. She is credited with expanding the FTC’s expertise in technology and was the driver behind FTC policy reports relating to mobile apps, data brokers and Big Data, the Internet of Things, and federal privacy legislation. She also directed the agency’s development of significant privacy rules, including the Children’s Online Privacy Protection Rule and Gramm-Leach-Bliley Safeguards Rule. She is a recipient of the FTC Chairman’s Award, the agency’s highest award for meritorious service and the first-ever recipient of the Future of Privacy Forum’s Leadership Award. Jessica is also a fellow at Georgetown University’s Institute for Technology Law & Policy. Prior to joining Georgetown, she was an Independent Consultant with Privacy for America, a business coalition focused on developing a framework for federal privacy legislation.

Laura also brings significant experience to Kelley Drye. As Assistant Director for the FTC’s Division of Privacy & Identity Protection, Laura led the investigation and prosecution of matters relating to consumer privacy, credit reporting, identity theft, and information security. Her work included investigation initiation, pre-trial resolution, trial preparation, and trial practice relating to unreasonable software security, mobile operating system security update practices, and many other information privacy and identity protection issues. She joins the firm from AT&T where she served as an Assistant Vice President – Senior Legal Counsel advising business clients on consumer protection risks, developing and executing strategies in response to regulatory inquiries, and participating in policy initiatives within the company and across industry.

Jessica and Laura are an impressive duo and are sure to be an asset to our clients as they prepare for the future of privacy and evolving consumer protection law.

* * *

Subscribe here to Kelley Drye’s Ad Law News and Views newsletter to see another side of Jessica, Laura and others in our second annual Back to School issue. Subscribe to our Ad Law Access blog here.

New ESG Lawsuit Targets Aspirational Statements Tue, 22 Jun 2021 17:33:44 -0400 Earlier this month, the nonprofit Earth Island Institute filed a lawsuit against Coca-Cola, alleging that the company falsely and deceptively represents itself as “a sustainable and environmentally friendly company, despite being one of the largest contributors of plastic pollution in the world.”

These types of lawsuits aren’t new. As more companies have started to develop Environmental, Social, and Governance (“ESG”) goals and to make claims about their progress towards achieving those goals, we’ve seen more suits challenging the accuracy of those claims. But this lawsuit is a little different.

While most lawsuits target claims about past or present results (which, in many cases, can be proven or disproven), the current lawsuit targets many aspirational and forward-looking statements (which are inherently harder to prove or disprove).

Here are a few examples of the claims Earth Island Institute cites in their complaint:

  • “Our planet matters. We act in ways to create a more sustainable and better shared future. To make a difference in people’s lives, communities and our planet by doing business the right way.”
  • Coca-Cola plans to “make 100% of our packaging recyclable globally by 2025.”
  • “Scaling sustainability solutions and partnering with others is a focus of ours."
  • “Part of our sustainability plan is to help collect and recycle a bottle or can for every one we sell globally by 2030.”
  • “We’re using our leadership to achieve positive change in the world and build a more sustainable future for our communities and our planet.”
Earth Island Institute alleges that Coca-Cola’s campaign is misleading because “the company is far from what consumers would understand to be a sustainable business.” As evidence, the complaint cites the company’s current plastic production and casts doubts about how much of an impact the company’s sustainability plans will have in the future.

It’s too early to tell how this case will turn out, but companies that make claims based on future ESG goals will want to pay attention. If the court allows the case to go forward, it could suggest that companies will have to take greater care when talking about future goals.

Key Developments in CCPA Litigation for Q1 2021 Tue, 04 May 2021 16:20:37 -0400 Key Developments in CCPA Litigation for Q1 2021As we move deeper into the second year of CCPA litigation, the substantive issues continue to develop and we remain focused on the patterns and implications of recent filings and rulings. In this post, we highlight notable developments in three cases that occurred in the first quarter of 2021. These cases raise significant issues regarding judicial interpretation of the private right of action in the CCPA, the definition of a “data breach,” and CCPA plaintiffs’ ability to access pre-complaint discovery.

CCPA Claim Dismissed For Lack Of Data Breach Allegations

On August 5, 2020, Plaintiff filed a class action complaint against Defendants Alphabet, Inc. and Google, LLC in the Northern District of California. Plaintiff alleged that Defendants monitored and collected Android Smartphone users’ sensitive personal data without those users’ consent when they interacted with non-Google applications on their smartphones. Plaintiff’s CCPA cause of action was based on Defendants’ failure to disclose these activities in violation of Cal. Civ. Code § 1789.100(b). Plaintiff’s proposed class definition included “All Android Smartphone users from at least as early as January 1, 2014 through the present.”

On September 30, 2020, Defendants moved to dismiss the CCPA claim, arguing that (1) Plaintiff failed to allege that his information was subject to a data breach; and (2) Plaintiff, as a New York resident, had no standing under the CCPA, which only provides relief to California residents.

On February 2, 2021, the court dismissed the CCPA claim with prejudice, finding that the complaint did not allege that any personal information was subject to unauthorized access as a result of a security breach. The court reasoned that the CCPA only conferred “a private right of action” for violations related to “personal information security breaches,” and that Plaintiff was therefore unable to state a claim. The court also observed that Civil Code § 1798.150(c) explicitly states that “[n]othing in this title shall be interpreted to serve as the basis for a private right of action under any other law.” McCoy v. Alphabet, Inc., No. 20-CV-05427-SVK, 2021 WL 405816 (N.D. Cal. Feb. 2, 2021).

On February 16, 2021, Plaintiff filed an Amended Complaint that alleges a violation of California’s Unfair Competition Law (“UCL”) using the alleged CCPA violation as a predicate. It will be relevant to follow how the court addresses Plaintiff’s attempt to transform his dismissed CCPA claim into a UCL claim, in light of the court’s observation that the CCPA does not provide a basis for a private right of action under other laws.

McCoy v. Alphabet, Inc. et al., 5:20-cv-05427 (N.D. Cal.).

Plaintiffs Allege Numerous, Individualized “Data Breaches”

On April 1, 2021, Plaintiffs filed a Consolidated Class Action Complaint against Bank of America in the Northern District of California. Plaintiffs allege that Bank of America issued Visa debit cards containing public benefit disbursements to recipients, including Plaintiffs and other members of the class, that were purportedly prone to breaches because the cards utilized outdated magnetic stripe technology, rather than the EMV chips that have allegedly become the industry standard due to improved security features. Plaintiffs’ CCPA cause of action alleges that as a result of the inadequate security safeguards, the cardholders suffered unauthorized access and disclosure of their personal information that resulted in their funds being stolen through unauthorized transactions.

The statutory language of the CCPA indicates that a claim must be connected to a data breach. Cal. Civ. Code § 1789.150. Unlike most cases, Plaintiffs do not allege that a single, centralized data breach occurred. Instead, Plaintiffs allege that individual data breaches of each cardholder were permitted by Bank of America’s card design. This theory raises questions about what qualifies as a data breach under the CCPA and whether the design of a consumer product that renders the product vulnerable to breach, followed by actual breaches, qualifies. A judicial determination of this issue could help determine the scope of similar consumer actions.

Yick v. Bank of America, N.A., 3:21-cv-376 (N.D. Cal.).

Defendant Compelled To Disclose Information Related To Data Breach Investigations

On April 16, 2021, Plaintiffs filed a redacted Consolidated Class Action Complaint against Blackbaud, Inc. in the District of South Carolina. Plaintiffs allege that Blackbaud provides data security services for sensitive information, and that Plaintiffs and the class members are Blackbaud’s clients. Plaintiffs’ CCPA cause of action alleges that as a result of a data breach, cybercriminals stole the sensitive private information that Plaintiffs entrusted to Blackbaud.

Of note, the early proceedings in this case have included the forced production of Blackbaud’s forensic report on the data breach. The report was apparently compiled independent of the litigation and, upon learning of the report, the Court ordered Blackbaud to immediately produce the forensic report and allowed Plaintiffs to use that report in drafting a consolidated complaint. This is an issue that we’ve explored previously (here and here). Companies need to be vigilant and deliberate in how they approach the issue of internal investigations concerning data breaches where litigation could arise.

In re Blackbaud, Inc., Customer Data Breach Litigation¸ 3:20-mn-02972-JMC, MDL No. 2972 (D.S.C.).

As these and other CCPA-related cases progress through the litigation stages, we will continue to provide updates. Our prior summaries of CCPA-related litigation can be found in our CCPA Litigation Round-ups for: Q1 2020, Q2 2020, and Q3 & Q4 posts. We will continue to report on relevant developments in CCPA litigation and provide updates in our CCPA Litigation Tracker.

If you have any questions about defending and/or preparing for a potential privacy consumer class action, please reach out to our team, and if you have questions on your privacy compliance strategy, please reach out to our privacy compliance team.

On the latest episode of the Ad Law Access Podcast, Kelley Drye Partner Alysa Hutnik and Robert Cunningham, Head of Legal, at Ketch discuss the state of privacy, tracking, compliance technology and tools, and strategies privacy lawyers and others can use to help do their jobs. As you would expect, there are some practical tips to take away. Listen here or wherever you get your podcasts.

FTC Files First BOTS Act Cases Mon, 25 Jan 2021 15:05:35 -0500 On Friday, January 22, 2021, the Federal Trade Commission settled charges with three ticket brokers for violating the Better Online Ticket Sales (BOTS) Act, which was passed in 2015. These are the first case brought under the Act. In them, the Commission alleged that three brokers “used automated software to illegally buy up tens of thousands of tickets for popular concerts and sporting events, then subsequently made millions of dollars reselling the tickets to fans at higher prices.” According to the Commission, the brokers acquired 150,000 tickets “using automated ticket-buying software to search for and reserve tickets automatically, software to conceal their IP addresses, and hundreds of fictitious Ticketmaster accounts and credit cards to get around posted event ticket limits.” Judgments against the three amounted to about $31 million of which the defendants will pay $3.7 million. The Commission sued both the companies and the individuals who ran the companies.

These cases are notable because they are the first cases but also because it took the Commission over 5 years to bring the first leaving the Act completely unenforced for years. While the release suggests the investigation was complex, detection was likely easy. Brokers are usually fairly visible to the public. The Commission likely found them online, subpoenaed their records and software, and hired a forensic specialist to peel apart the code. These cases raise serious issues for brokers who use automated purchasing software to purchase tickets for resale although it remains to be seen whether these enforcement actions will be a one-off signal to brokers that the Commission is watching or something more common. Acting Chair Slaughter’s concurring statement would seem to suggest that there will be more during her tenure.

For more information on the FTC, advertising, marketing, and privay law, subscribe to Kelley Drye's Ad Law Access blog and podcast and visit the Advertising and Privacy Law Resource Center. Additional Kelley Drye resources can be found here.

Consumer Litigation Under the CCPA: A Year in Review Fri, 22 Jan 2021 16:59:43 -0500 Private consumer litigation in 2020 was significantly impacted by the California Consumer Privacy Act (CCPA) which took effect on January 1, 2020. Whether asserted as a standalone CCPA violation claim or as a predicate act for other causes of action, including under California’s Unfair Competition Law (“UCL”), the volume of CCPA litigation has not abated. While some claims have already been resolved (by motion or agreement), others are just hitting their litigious stride and with a full year of experience, certain trends have started to develop.

Over the course of the year, we have reported and summarized filed cases in our CCPA Round-Ups (Q1, Q2, Q3/4). Now, with the first year of CCPA litigation behind us, this post (1) highlights emerging trends across the docket of cases; and (2) introduces Kelley Drye’s new CCPA Litigation Tracker, which is designed to provide an ongoing reference guide for updates on key cases involving consumers asserting CCPA-related claims.

CCPA Litigation Round-Up: Q3 & Q4 2020 Fri, 22 Jan 2021 14:48:29 -0500 It has been a full year since the California Consumer Privacy Act (“CCPA”) took effect at the top of 2020. In the cases filed in the second half of the year, the complaints more frequently assert a violation of the CCPA as a standalone cause of action, though it remains common for a CCPA violation to be asserted as a predicate to support a separate cause of action, such as a violation of California’s Unfair Competition Law (“UCL”).

In this post, we include our round-up of representative cases filed in the third and fourth quarters of the year. Our prior summaries of CCPA-related litigation filed last year can be found in our Q1 2020 CCPA Litigation Round-Up and CCPA Litigation Round-Up: Q2 2020. We have separately analyzed trends emerging from the 2020 CCPA litigation landscape. Going forward into 2021, we will continue to report on relevant developments in CCPA consumer litigation, and also provide updates in our CCPA Litigation Tracker chart.

  1. Cases Filed in Q3/Q4 2020 Alleging Direct Violation of CCPA
Shadi Hayden v. The Retail Equation, Inc. et al., No. 8:20-cv-01203 (C.D. Cal.)

On August 3, a class action amended complaint was filed by thirteen named plaintiffs against The Retail Equation, Inc. (“TRE”) and a variety of retailers: Sephora USA, Inc., Advance Auto Body Parts, Inc., Bed Bath & Beyond, Inc., Best Buy Co., Inc., Buy Buy Baby, Inc., Caleres, Inc., CVS Health Corporation, Dick’s Sporting Goods, Inc., L Brands, Inc., Stein Mart, Inc., The Gap, Inc., The Home Depot, Inc., and The TJX Companies, Inc. (the “Defendant Retailers”) in the District Court for the Central District of California. Plaintiffs’ CCPA claim alleges that the Defendant Retailers, without their customers’ knowledge or consent, collect large amounts of data about their retail customers, including: (1) “Consumer Commercial Activity Data,” which includes “the unique purchase, return, and/or exchange histories of individuals consumers”; and (2) “Consumer ID Data,” which includes “the unique identification information contained on or within a consumer’s driver’s license, government-issued ID card, and/or passport” such as “the consumer’s name, date of birth, race, sex, photograph, complete street address, and zip code.” Plaintiffs allege that this data is shared with TRE as non-anonymized, individual data sets, which TRE processes to create consumer reports and a risk score for each customer. The risk score is allegedly used to advise the retailer about whether a customer’s attempted return or exchange is fraudulent or abusive. The amended complaint alleges that “Defendants’ policies and practices failed to hold plaintiffs’ and Class members’ personal information secure by, for example, [the Retailer Defendants’ sharing of] the personal information . . . in an unsecured, unrestricted manner with TRE to create consumer reports and generate a ‘risk score’ that TRE then shared with other Defendant Retailers alongside other personal information.”

McCoy v. Alphabet, Inc. et al., 5:20-cv-05427 (N.D. Cal.)

On August 5, 2020, plaintiff Robert McCoy filed a class action complaint against defendants Alphabet Inc. and Google LLC for monitoring and collecting the sensitive personal data of Android Smartphone users when they interact with non-Google applications on their smartphones, without obtaining consent. This personal data includes the duration of time spent on non-Google apps and how frequently those apps are opened. Plaintiff’s CCPA cause of action alleges that defendants failed to disclose that they collect the class members’ personal data and the true purpose for collecting the data, which plaintiff alleges is to gain a competitive edge over rival companies. Plaintiff’s proposed class definition includes “All Android Smartphone users from at least as early as January 1, 2014 through the present.”

On September 30, 2020, Google filed a Motion to Dismiss, including arguments that the CCPA claim fails because (1) plaintiff fails to allege his information was subject to a data breach; and (2) relief is only available to a consumer, which is defined as a “California resident,” and plaintiff is a New York resident.

Guzman v. RLI Corp. et al., No. 2:20-cv-08318 (C.D. Cal.)

On September 10, 2020, plaintiff Jose Guzman filed a class action complaint against defendants RLI Corp. and RLI Insurance Company alleging that defendants, through the Pacer filing service, disclosed the login credentials to computer systems containing personal and confidential information of class members. Plaintiff alleges that as a surety, defendants requested access to the records of Libre by Nexus, which secures bonds for detained undocumented immigrants. Plaintiff alleges that, in a separate suit, defendants disclosed Libre’s login credentials by filing them publicly, giving anyone with a Pacer login access to class members’ personal and confidential information including dates of birth, names of minor children, home address, Social Security Numbers, and taxpayer identification numbers and financial account information.

On October 22, 2020, defendants filed a Motion to Dismiss, including arguments that the CCPA claim fails because: (1) defendants’ access was court-authorized and therefore not unauthorized; (2) plaintiff failed to establish that there was a “violation of the duty to implement and maintain reasonable security procedures and practices”; and (3) plaintiff did not comply with the mandatory 30-day notice and cure provision. On November 6, 2020, the action was voluntarily dismissed without prejudice.

Gardiner v. Walmart Inc. et al., 4:20-cv-04618 (N.D. Cal.)

On July 10, 2020, plaintiff Lavarious Gardiner filed a class action complaint against retailer Walmart alleging that vulnerabilities on Walmart’s website led to breaches of Walmart’s systems, allowing hackers to steal customers’ personally identifiable information (including full names, addresses, financial account information, and credit card information), and allowed hackers to attack Walmart’s customers’ computers directly as well. The CCPA cause of action alleges that Walmart violated its duty to implement and maintain reasonable security procedures and practices appropriate to the nature of the personal information. On October 29, 2020, the Parties stipulated to a briefing schedule on defendant’s Motion to Dismiss which is scheduled to be completed by February 3, 2021.

Flores-Mendez et al v. Zoosk, Inc. et al., 3:20-cv-04929 (N.D. Cal.)

On July 22, 2020, plaintiffs Juan Flores-Mendez and Amber Collins filed a class action complaint against Zoosk, Inc., an online dating site, and its parent company, Spark Networks SE, alleging that cybercriminals hacked and obtained 30 million of Zoosk’s user’s records, containing their name, email, date of birth, and password, due to Zoosk failing to maintain reasonable security controls and systems. Plaintiffs only sought injunctive and equitable relief but alleged that if Zoosk could not cure the breach within 30 days of its July 14 notice letter, they intended to amend to seek actual and statutory damages. On October 30, 2020, plaintiffs filed an Amended Complaint.

Warshawsky et al v. cbdMD, Inc et al., No. 3:20-cv-00562 (W.D.N.C.)

On October 9, 2020, plaintiffs Michael Warshawsky and Michael Steinhauser filed a class action complaint against cbdMD Inc., and CBD Industries, LLC. Plaintiffs allege that due to two data breaches, hackers accessed consumers’ names, credit card numbers, CVV security codes, credit card expiration dates, addresses, email addresses, and bank account numbers. Plaintiffs’ CCPA cause of action alleges that defendants’ computer systems and data security practices were inadequate to safeguard its customers’ personal information.

Diczhazy et al v. Dickeys Barbecue Restaurants Inc. et al., No. 3:20-cv-2189 (C.D. Cal.)

On November 9, 2020, plaintiffs Ross Diczhazy and Wesley Etheridge II filed a class action complaint against Dickey’s Barbecue Restaurants Inc. and Dickey’s Capital Group, Inc. for their alleged failure to secure and safeguard the names, payment card numbers and security codes of proposed class members in a data breach in violation of the CCPA. The complaint purports two classes: (a) All California residents who made a purchase from Dickey’s using a payment card, or otherwise disclosed payment card information to Dickey’s, since January 1, 2020, and whose personal information was compromised including as part of the Joker’s Stash BlazingSun data set; and (b) All persons who made a purchase from Dickey’s using a payment card, or otherwise disclosed payment card information to Dickey’s, since January 1, 2018, and whose personal information was compromised including as part of the Joker’s Stash BlazingSun data set.

Marquez v. Dickey's Barbecue Resturants, Inc. et al., No. 3:20-cv-2251 (S.D. Cal.)

On November 18, 2020, plaintiff Jose Luis Marquez also filed a class action complaint against Dickey’s Barbecue Restaurants Inc. and Dickey’s Capital Group, Inc. for their failure to secure and safeguard their customers’ personal identifying information. As in Diczhazy (above), there is a nationwide class as well as a California subclass alleged: (a) All persons residing in the United States who made a credit or debit card purchase at any affected Dickey’s Barbecue Pit restaurant during the period of the Data Breach; and (b) All persons residing in the State of California who made a credit or debit card purchase at any affected Dickey’s Barbecue Pit restaurant during the period of the Data Breach.

Gitner v. U.S. Bank National Association et al., No. 0:20-cv-02101 (D. Minn.)

On November 20, 2020, plaintiff Barry Gitner filed a first amended class action complaint in the District of Minnesota against U.S. Bank National Association and U.S. Bancorp for their alleged failure to secure and safeguard the confidential, personally identifiable information of thousands of consumers, including names, account numbers, Social Security Numbers, driver’s license numbers, and dates of birth. Specifically, plaintiffs allege that a computer server with consumer information was stolen from defendants’ corporate offices. Under the CCPA cause of action, plaintiffs seek injunctive or other equitable relief but reserve their rights to amend the complaint to seek actual and statutory damages if the breach is not cured within 30 days. On January 13, 2021, the Court stayed the action pending arbitration of Plaintiff’s individual claims, after defendants’ Motion to Compel Arbitration was unopposed.

Schaubach v. Hotels.Com, LP et al., No. 8:20-cv-2370 (C.D. Cal.)

On December 17, 2020, plaintiff Lauren Schaubach filed a class action complaint against defendants, L.P. (“HLP”), Expedia Group, Inc. (“Expedia”) and Amazon Web Services, Inc. (“AWS”) after a Cloud Hospitality server hosted by Defendant AWS and containing information for customers of Defendant HLP and Defendant Expedia was hacked and tens of millions of data records were exposed, including full names, email address, ID numbers, phone numbers, credit card numbers, security codes and expiration dates. Plaintiff seeks to represent a class of “all consumers in California whose personally identifiable information was compromised in the Breach.” On December 17, 2020, the action was voluntarily dismissed without prejudice.

  1. Cases Filed in Q3/Q4 2020 Alleging CCPA Violations As a Predicate For UCL Causes of Action
Pygin v. Bombas, LLC et al., No. 4:20-cv-04412 (N.D. Cal.)

On July 1, 2020, plaintiff Alex Pygin filed a class action complaint against defendants Bombas, LLC, Shopify (USA) Inc. and Shopify, Inc., alleging that sock and apparel retailer Bombas uses an ecommerce platform supplied by Shopify to take customers’ personal and payment information (including name, billing, shipping and email addresses, along with credit card numbers, expiration dates, and security codes) and that the customers’ information was compromised during a data breach due to defendants’ negligent and/or careless acts and omissions and failure to protect the data.

While plaintiff brings no claim under the CCPA, he alleges that class members have suffered injury including “deprivation of rights they possess under . . . the California Consumer Privacy Act” by “failing to maintain reasonable security procedures and practices appropriate to the nature of the personally identifiable information.” As part of its causes of action for negligence and violation of the UCL, plaintiff alleges that defendants: (i) had a duty to take reasonable steps and employ reasonable methods of safeguarding the personally identifiable information of class members, as required under the CCPA; (ii) failed to maintain those reasonable security procedures and practices by storing the information in an unsecure electronic environment; and (iii) failed to disclose the data breach to class members in a timely and accurate manner as required by the CCPA.

Currently pending before the Court is Shopify’s Motion to Dismiss for (1) lack of personal jurisdiction, (2) violation of FRCP 8 for failing to distinguish among defendants and adequately allege that Shopify caused harm, and (3) failure to state a claim, based partially on the argument that the CCPA does not “create any private right of action under any other law.”

Calixte et al. v. Dave, Inc., 2:20-cv-07704 (C.D. Cal.)

On August 24, 2020, five plaintiffs filed a class action complaint against defendant Dave Inc. alleging that its users’ names, emails, date of birth, physical address, phone numbers and social security numbers were compromised as a result of a cyberattack against a former third party service provider of Dave Inc. The complaint alleges that the hackers’ ability to pivot from a third-party vendor’s system to the defendant’s systems without detection demonstrates the lack of controls and cybersecurity measures in use at Dave Inc. to prevent such unauthorized use.

Plaintiffs only allege violations of the CCPA as a predicate to their UCL violation cause of action based on Dave Inc.’s alleged failure to implement and maintain reasonable security measures. The proposed nationwide class is defined as “All persons whose PII was compromised as a result of the Data Breach announced by Dave Inc. in July and August of 2020.” The Parties are currently briefing defendant’s Motion to Compel Arbitration. On November 9, 2020, the action was voluntarily dismissed without prejudice.

Wesch v. Yodlee, Inc. et al., No. 3:20-cv-05991 (N.D. Cal)

On August 25, 2020, plaintiff Deborah Wesch filed a class action complaint against defendants Yodlee, Inc. and Envestnet, Inc. (who acquired Yodlee) alleging that Yodlee sells highly sensitive financial data, such as bank balances and credit card transaction histories, collected from software products that it markets and sells to financial institutions. Plaintiffs allege that when individuals connect their bank accounts to Paypal, they upload their banking credentials using Yodlee’s system. Yodlee then allegedly stores a copy of the credentials on its own system and exploits them, contrary to the disclosed use of the information.

Plaintiff’s UCL cause of action is predicated upon alleged violations of the CCPA, including that defendants: (i) disclose before or at the point of collection, the category of information to be collected and how it will be used; and (ii) refrain from collecting additional information for additional purposes without providing notice.

Plaintiff filed an Amended Complaint on October 21, 2020 and the parties have stipulated to briefing schedule on plaintiff’s anticipated Motion to Dismiss.

Conditi v. Instagram, LLC et al., No. 3:20-cv-06534 (N.D. Cal.)

On September 17, 2020, plaintiff Brittany Conditi brought a class action complaint against defendants Instagram LLC and Facebook Inc. alleging that Instagram constantly accesses users’ smartphone camera feature and monitors users without permission when they are not interacting with the camera feature, which goes beyond the services it promises to provide. Plaintiff alleges that Instagram does this to collect valuable personal data to increase their advertising revenue.

Plaintiff’s UCL cause of action is based upon allegations that defendants violated the CCPA by failing to disclose that they monitor users through their smartphone cameras, while not in use, to collect personal information. Plaintiff proposes the following class definition: “All Instagram users whose smartphone cameras were accessed by Instagram without their consent from 2010 through the present (the ‘Class Period’).”

You can follow developments in CCPA-related cases by referring to our new CCPA Litigation Tracker. If you have any questions about defending and/or preparing for a potential privacy consumer class action, please reach out to our team.

Up & Up & Out. Structure/Function Claims Preempted by the FDCA Fri, 22 Jan 2021 13:00:21 -0500 Last week, in a substantial win for the dietary supplement industry, the Ninth Circuit Court of Appeals upheld the Northern District of California’s grant of summary judgment to Target, ruling that state law false advertising challenges to permissible structure/function claims are preempted by the Federal Food, Drug and Cosmetic Act (“FDCA”).

Plaintiff Todd Greenberg alleged that he bought a bottle of Up & Up Biotin, a private label vitamin sold by Target, as part of his battle with hair loss. Up & Up Biotin’s label states that biotin “helps support healthy hair and skin.” The label also states that “[t]his statement has not been evaluated by the Food and Drug Administration. This product is not intended to diagnose, treat, cure, or prevent any disease.” Greenberg conceded that biotin is a nutrient that supports healthy hair and skin, but nevertheless claimed the label was misleading because most people obtain all the biotin they need from their diet, rendering the vitamin superfluous to all but a tiny percentage of people who have a biotin deficiency.

Under the FDCA, dietary supplement labels are required to be truthful and not misleading. The statute also authorizes certain categories of statements, including structure/function claims, provided they are adequately substantiated. As a general matter, structure/function claims “describe the role of a nutrient or dietary ingredient intended to affect the structure or function in humans or that characterizes the documented mechanism by which a nutrient or dietary ingredient acts to maintain such structure or function[.]” 21 C.F.R. § 101.93(f). Statements suggesting an ingredient’s ability to “strengthen,” “improve,” or “protect” a structure or function in the human body are structure/function claims so long as they do not suggest disease prevention or treatment. The FDCA was intended to establish a national and uniform labeling standard for dietary supplements, expressly preempting any state law labeling requirement “that is not identical to” the labeling requirements in the FDCA.

The Ninth Circuit affirmed the District Court’s ruling that Up & Up Biotin’s label satisfied all of the statutory requirements for a structure/function claim under the FDCA, namely that: (1) there was substantiation for the claim, (2) the label included the proper disclosures, and (3) the label did not suggest the product could treat diseases. More specifically, and in contrast to a disease claim, the FDCA “only requires substantiation for the ingredient’s function on the human body, not the health impact of the product as a whole.” In other words, “manufacturers may make structure/function claims about a nutrient’s general role on the human body without disclosing whether the product will provide a health benefits to each consumer.”

Accordingly, the Court found that the plaintiff’s state law false advertising claims “essentially s[ought] to impose an additional requirement that dietary supplement labels can make structure/function claims only if consumers are likely to benefit from the product.” Because this requirement “is not identical to” the labeling requirements in the FDCA, the claims were preempted.

Dietary supplement companies are often targeted by class action plaintiffs asserting various theories about how carefully-drafted label claims are nevertheless deceptive to the proverbial “reasonable consumer.” This decision brings a new level of comfort to the industry that if a structure/function claims complies with the FDCA, it is less likely to be challenged (at least in the Ninth Circuit).