$140 Million Jury Verdict in Favor of Kaiser in Neurontin Off-Label Marketing Case Upheld

This posting was written by Jody Coultas, Contributor to Wolters Kluwer Antitrust Law Daily.

The U.S. Court of Appeals in Boston affirmed verdicts of over $140 million, reached by both a jury and trial court, in favor of Kaiser Foundation Health Plan, Inc. for injuries suffered as a result of Pfizer, Inc.’s fraudulent scheme to market its epilepsy drug Neurontin for off-label uses (Kaiser Foundation Health Plan, Inc. v. Pfizer, Inc., April 3, 2013, Lynch, S.).

Neurontin was approved by the FDA as an adjunctive therapy in the treatment of partial seizures in adults with epilepsy, with a maximum dose at 1800 mg/day. Pfizer’s marketing of Neurontin for off-label uses resulted in over $2 billion in sales, with only about ten percent of Neurontin prescriptions filled for on-label uses.

Kaiser alleged that Pfizer and its subdivision Warner-Lambert Company, LLC violated the federal RICO law and the California Unfair Competition Law (UCL) by fraudulent marketing Neurontin for off-label uses. Pfizer was found to have misrepresented Neurontin's effectiveness for off-label uses directly to doctors, sponsored misleading informational supplements and continuing medical education programs, suppressed negative information about Neurontin, and published articles in medical journals that reported positive information about Neurontin's off-label effectiveness.

RICO Violation

The court found that Kaiser presented sufficient evidence of causation to support a RICO claim. Pfizer argued that Kaiser failed to show proximate causation because there were too many steps in the causal chain connecting its misrepresentations to the injury to Kaiser because the injury was based on the actions of independent actors -- the prescribing doctors.

Courts look at three factors to determine whether proximate cause exists under RICO: the less direct an injury is, the more difficult it becomes to ascertain the amount of damages attributable to the violation; claims of the indirectly injured would force courts to adopt complicated rules apportioning damages among plaintiffs removed at different levels of injury to avoid the risk of multiple recoveries; and the societal interest in deterring illegal conduct and whether that interest would be served in a particular case.

In cases where the plaintiffs did not receive the misrepresentations at issue, courts may still find proximate causation. Pfizer’s argument that Kaiser could not show causation because its misrepresentations went to prescribing doctors was, therefore, dismissed. Kaiser was a foreseeable victim of Pfizer's scheme to defraud, and Kaiser’s injury was a natural consequence of the scheme. Pfizer was obviously aware that doctors would not be the ones paying for the drugs they prescribed, and that its revenues stemmed from payments by insurance and health care plans such as Kaiser.

But-For Causation

Kaiser submitted sufficient evidence to demonstrate but-for causation between Pfizer’s conduct and its injury, according to the court. Pfizer argued that its evidence at trial rendered Kaiser's theories of causation false. Kaiser presented evidence that its employees directly relied on Pfizer's misrepresentations in preparing monographs and formularies, which, in turn, influenced doctors' prescribing decisions, and Pfizer's fraudulent off-label marketing directed to physicians caused PMG doctors to issue more Neurontin prescriptions than they would have absent such marketing. Pfizer's evidence did not, as a matter of law or of evidence, "falsify" Kaiser's theory of reliance upon Pfizer's misrepresentations. The testimony of some doctors who did not view Pfizer’s statements that prescribed Neurontin for off-label uses did not defeat the inference that this misinformation had a significant influence on prescribing decisions which injured Kaiser.

The statistical evidence submitted by Kaiser’s expert was sufficient and admissible, according to the court. Pfizer argued that some of the evidence Kaiser presented to prove but-for causation was inadmissible based on the methodology used. However, regression analysis, used by Kaiser’s expert, is a recognized and scientifically valid approach to understanding statistical data. Pfizer also argued that the expert failed to account for other factors that may have led doctors to prescribe Neurontin for off-label use. The court found that the district court was well within its discretion to admit Kaiser’s evidence.

Kaiser presented sufficient evidence for the jury and district court to find that Neurontin was not effective for the four off-label conditions, according to the court. Pfizer argued that the court applied an erroneous burden of proof and an erroneous medical standard in making its findings as to Neurontin's effectiveness. However, the court did not but the burden on Pfizer of proving Neurontin’s effectiveness. Kaiser presented sufficient evidence on the topic, and Pfizer was unable to overcome it.

The court also dismissed Pfizer’s challenges to the amount of damages awarded by the jury and court. The district court did not err in accepting Kaiser’s methodology for calculating damages.

Supplement Manufacturer May Be Liable for Nutrition Claims Under California Consumer Protection Law

This posting was written by Jody Coultas, Editor of CCH State Unfair Trade Practices Law.

A supplement purchaser stated California consumer protection law claims against a supplement manufacturer for allegedly making false and misleading advertising statements, the federal district court in Oakland, California, has held.

The majority of the purchaser’s first amended complaint that the manufacturer falsely advertised its Muscle Milk Ready–To-Drink and Muscle Milk Bars was dismissed (CCH State Unfair Trade Practices Law ¶32,442).

The court found that the manufacturer’s use of the term “healthy” in its advertising was difficult to define and there was no evidence that the products actually contained unhealthy amounts of fat.

Healthy Energy, Good Carbohydrates

In the amended complaint, the purchaser presented statements made on the manufacturer’s products and website and television advertisements, specifically that the products contained healthy energy and good carbohydrates.

The second amended complaint contained allegations that relied on the Food, Drug, and Cosmetic Act and Food and Drug Administration (FDA) regulations. The borrowing from the regulations did not impose any unfair burden on the manufacturer and were allowed.

Statements made by the manufacturer that its products contained “Healthy, Sustained Energy” and “25g PROTEIN for Healthy, Sustained Energy” were actionable, according to the court. Although a healthy product is hard to define, the purchaser provided objective standards, such as the FDA requirements, that could be used as evidence that certain contents in the product were not healthful.

However, the statements “good carbohydrates” and “0g Trans Fat” were not actionable. There was no evidence that added sweeteners and sugar were not good carbohydrates or that the amount of trans fats was not in fact 0 grams.

The purchaser also met the reliance requirements of the consumer protection statutes by alleging that she saw and relied on the alleged misrepresentations on the manufacturer’s website and in its television ads.

The decision is Delacruz v. Cytosport, Inc., CCH State Unfair Trade Practices Law ¶32,500.

Apple’s Collection of iPhone Data Could Violate California Law

This posting was written by Thomas A. Long, Editor of CCH Privacy Law in Marketing.

Users of mobile applications (“apps”) on Apple’s “iOS” devices (iPhone, iPad, and iPod Touch, etc., or “iDevices”) could go forward with claims under California’s Consumers Legal Remedies Act and Unfair Competition Law against Apple for violating their privacy rights by unlawfully allowing third-party apps that run on the devices to collect and make use of personal information, for commercial purposes and without users’ knowledge or consent, the federal district court in San Jose, California has ruled.

The court dismissed the users’ claims against Apple and mobile app developers for violations of the Stored Communications Act, the Wiretap Act, the Computer Fraud and Abuse Act, and California’s constitutional right to privacy.

Two Putative Classes

The users’ amended consolidated complaint asserted claims with respect to two putative classes of individuals. The first class, referred to as “the iDevice Class,” contended that Apple-approved apps created by third-party companies (Admob, Inc., Flurry, Inc., AdMarval, Inc., Google, Inc., and Medialets, Inc., collectively, “Mobile Industry Defendants”) unlawfully collected information about the users, including their addresses and current whereabouts, gender, age, zip code, time zone, and information about which functions the users performed on the app. They alleged that Apple violated its express privacy policy by allowing the Mobile Industry Defendants to design apps with the capability to track and collect data about their app use or other personal information.

The second class, referred to as the “Geolocation Class,” consisted of iDevice purchasers who alleged that they “unwittingly, and without notice or consent transmitted location data to Apple servers.” They alleged that, starting in July 2010, Apple began intentionally collecting data on their precise geographic location and storing that information on the iDevice in order to develop a database about the geographic location of cellular towers and wireless networks. They asserted that Apple continued collecting geolocation information about them even after they switched off the location services settings on their iDevices, despite the fact that Apple had represented that they could prevent the collection of such data in that way.

Article III Standing

Both the iDevice Class and the Geolocation Class users alleged sufficient injury to have standing to sue under Article III of the U.S. Constitution, the court decided. In their initial complaint, the users had relied on a theory that collection of personal information itself created a particularized issue for purposes of standing, which the court rejected (CCH Privacy Law in Marketing ¶60,676).

In their amended complaint, the users’ allegations had been significantly developed to allege particularized injury, in the court’s view. The users articulated additional theories of harm beyond their theoretical allegations that personal information has independent economic value. In particular, they alleged actual injury, including diminished and consumed iDevice resources, such as storage, battery life, and bandwidth; increased, unexpected, and unreasonable risk to the security of sensitive personal information; and detrimental reliance on Apple’s representations regarding the privacy protection given to users of iDevice apps.

In addition, the users described the specific iDevices used, the specific defendants that allegedly accessed or tracked their personal information; which apps they downloaded that accessed their personal information; and what harm resulted from the access or tracking of their information. They also identified the types of information collected, such as their home and workplace locations, gender, age, zip code, terms searched, and ID and password for specific app accounts.

The users also identified an additional basis for Article III standing, the court said. The injury required by Article III may exist by virtue of statutes creating legal rights, the violation of which creates standing. The users alleged violations of their statutory rights under the Wiretap Act and the Stored Communications Act. The alleged injuries were fairly traceable to the actions of the defendants. The Geolocation Class asserted that Apple intentionally designed its software to retrieve and transmit geolocation information located on its customers’ iPhones to Apple’s servers.

The iDevice Class alleged that Apple designed its products and App Store to allow individuals to download third-party apps and that Apple represented to users that it took precautions to safeguard their personal information. The app developers were accused of accessing personal information without users’ knowledge or consent. These allegations were sufficient to establish standing, the court concluded.

Stored Communications Act

The users’ claims under the Stored Communications Act (SCA) failed because the SCA was not applicable to the alleged conduct by Apple and the Mobile Industry Defendants, the court determined. Stating an SCA claim requires an allegation that the defendants accessed without authorization a “facility through which electronic communication service is provided.” The users’ mobile devices did not meet the SCA’s definition of “facility.” The users’ iDevices did not provide an electronic communications service simply by virtue of enabling use of electronic communication services.

In addition, the storage of real-time location information and other data on the iDevices did not qualify under the SCA as “electronic storage,” the court said. The iDevices stored location data for up a year; such storage did not constitute the type of temporary, intermediate storage of data incidental to the transmission of the data.

Wiretap Act

The users asserted that Apple’s collection of precise geographic location data from WiFi towers, cell phone towers, and GPS data on users’ devices constituted “interceptions” of data prohibited by the Wiretap Act. However, such data was not “content” covered by the Wiretap Act, the court said. Data automatically generated about a telephone call did not constitute “content” because it contained no information about the substance of the communication. The geolocation data was generated automatically and was not part of the information intentionally communicated by the users.

Computer Fraud and Abuse Act

The court also rejected the users’ Computer Fraud and Abuse Act (CFAA) claims. Apple had the authority to access iDevices and to collect geolocation data as a result of the voluntary installation of software by the users and, therefore, could not have violated the CFAA. In addition, the users failed to allege damage or “impairment” to their devices or an interruption of service.

California Constitutional Right to Privacy

Collection of the users’ data by Apple and the Mobile Industry Defendants did not violate the users’ right to privacy under the California Constitution, the court found. The alleged disclosure of device identifier numbers, personal data, and geolocation information from the users’ iDevices—even if transmitted without their knowledge or consent—was not an egregious breach of social norms, as required to state a claim for invasion of privacy. Rather, it was routine commercial behavior, according to the court.

California Consumer Legal Remedies Act

Apple could be liable for violating California’s Consumer Legal Remedies Act (CLRA), the court determined. The users sufficiently alleged that they sustained harm as a result of the alleged data collection practices. With respect to geolocation data, the users alleged that Apple had stored such data on the users’ iDevices for Apple’s own benefit, at a cost to the users, and the that if Apple had disclosed the true cost of the geolocation features, the value of the iDevices would have been materially less than what the users paid.

In addition, the users contended that because of Apple’s failure to disclose its practices with regard to collection of personal data via apps, the users overpaid for their iDevices. At the pleadings stage, the users sufficiently alleged that they were consumers under the CLRA, and their allegations related to the purchase of goods, the court said.

California Unfair Competition Law

The court also decided that the users could go forward with their claims under the California Unfair Competition Law (UCL). The users had standing under the UCL because they alleged that they paid more for their iDevices than they would have if Apple had disclosed its privacy practices. Apple’s conduct could be illegal under the Consumers Legal Remedies Act and therefore covered by the UCL. In addition, the conduct could be “unfair,” for purposes of the UCL. The users met their burden of pleading fraud with particularity, according to the court.

The decision is In re iPhone Application Litig., CCH Privacy Law in Marketing ¶60,775.

Further details regarding CCH Privacy Law in Marketing appears here.

Rejection of Lanham Act Juice Blend Labeling Challenge Upheld; California Law Claims Revived

This posting was written by William Zale, Editor of CCH Advertising Law Guide.

Pom Wonderful, a seller of pomegranate juice and juice blends, was precluded from asserting Lanham Act false advertising claims based on Coca Cola's naming and labeling of “Pomegranate Blueberry Flavored Blend of 5 Juices,” the U.S. Court of Appeals in San Francisco ruled yesterday. The product contained about 99.4% apple and grape juices, 0.3% pomegranate juice, 0.2% blueberry juice, and 0.1% raspberry juice, according to the court.

A ruling that Pom Wonderful failed to assert an injury in fact under the California Unfair Competition Law (UCL) and False Advertising Law (FAL) was vacated and remanded for further proceedings. Not considered on Pom’s appeal from the decision of the federal district court in Los Angeles (CCH Advertising Law Guide ¶63,889) was a ruling that Pom can pursue Lanham Act claims that consumers were confused by Coca Cola's intentionally misleading marketing and advertising (apart from naming and labeling) of the pomegranate-blueberry flavored blend.

Food Labeling Regulation

Pom’s challenge to the name “Pomegranate Blueberry Flavored Blend of 5 Juices” would create a conflict with Food and Drug Administration regulations and would undermine the FDA’s apparent determination that so naming the product is not misleading, the court determined. As to labeling, Pom apparently wanted to force Coca-Cola to alter the size of the words on its label so that the words “Pomegranate Blueberry” would no longer appear in larger, more conspicuous type on Coca-Cola’s label than did the words “Flavored Blend of 5 Juices.”

Congress and the FDA had considered and spoken to what content a label must bear, and the relative sizes in which the label must bear it, so as not to deceive. Despite speaking extensively to how prominently required words or statements must appear, the FDA had not required that all words in a juice blend’s name appear on the label in the same size or that words hew to some other standard. Coca-Cola’s label presumptively complied with the relevant FDA regulations and thus accorded with the judgments the FDA had so far made, the court held.

California Law

In rejecting the claims under California law, the district court had interpreted statutory “lost money or property” language to require a plaintiff to show that it is entitled to restitution from the defendant—even if the plaintiff seeks only injunctive relief. That was error in light of California Supreme Court rulings making it clear that standing under UCL Section 17204 of the Unfair Competition Law and FAL Section 17535 did not depend on eligibility for restitution, the court concluded.

The May 17 decision in Pom Wonderful LLC v. Coca-Cola Co., No. 10-55861, will be reported at CCH Advertising Law Guide ¶64,708 and CCH 2012-1 Trade Cases ¶77,892.

Supplement’s “Healthy Fats” Labeling Could Be Deceptive

This posting was written by Jody Coultas, Editor of CCH State Unfair Trade Practices Law.

A supplement purchaser sufficiently alleged that a supplement manufacturer’s packaging of its protein drinks and bars was misleading in violation of the California Unfair Competition Law (UCL), False Advertising Law (FAL), and Consumer Legal Remedies Act (CLRA), the federal district court in Oakland, California, has held.


The manufacturer’s “Muscle Milk Ready-to-Drink” and “Muscle Milk Bars” were advertised as “an ideal blend of protein, healthy fats, [and] good carbohydrates.” These statements on the label were allegedly false and deceptive because the products actually contained 11 grams of total fat, 8 grams of saturated fat, almost no vitamins or minerals, and some unhealthy ingredients.

A reasonable consumer was likely to believe that the product contained healthy, unsaturated fats rather than saturated fats and was more similar to a nutritional shake, according to the court.

Deceptive Product Labeling

To state California consumer protection law claims based on deceptive product labeling, the purchaser needed to allege that a reasonable consumer was likely to be deceived by the label. The claims on the packaging went beyond claiming the supplement was healthy. Although “healthy” is difficult to define, a reasonable consumer would assume that “healthy fats” and “nutritious snack” referred to unsaturated fats rather than saturated fats. The nutrient label did not negate the finding that the labeling was misleading because the packaging contained affirmative misrepresentations, and manufacturers cannot rely of the small-print nutritional label to contradict and cure that misrepresentation.

The purchaser’s claims that other statements were misleading were denied, as they were not specific enough to meet the heightened pleading standard of Federal Rule of Civil Procedure 9(b).

Loss of Money or Property

In order to state UCL and FAL claims, the purchaser needed to show she lost money or property as a result of the violations. The purchaser alleged that she was denied the benefit of her bargain based on paying more for the supplement than a healthier, less expensive product because of the misrepresentations.

The purchaser also needed to show that she would not have purchased the product but for the misrepresentations on the product’s label. There was sufficient evidence that the purchaser read and relied on the misleading label on the packaging and that she suffered economic harm, according to the court.

The court held that the California Supreme Court would adopt the approach to unfairness under the UCL that the consumer injury must be substantial, the injury must not be outweighed by any countervailing benefits to consumers or competition, and it must be an injury that could not have been avoided. Misleading labels may qualify as unfair business practices if found to be misleading and the injury to the consumer class was substantial.

The decision is Delacruz v. Cytosports, Inc., CCH State Unfair Trade Practices Law ¶32,442.

Nationwide Class Certification of California Ad Claims Vacated

This posting was written by William Zale, Editor of CCH Advertising Law Guide.

Certification of a nationwide class was vacated by the U.S. Court of Appeals in San Francisco in an action under California law asserting that Honda’s advertisements misrepresented the characteristics of a braking system.

California Unfair Competition Law, False Advertising Law, and Consumers Legal Remedies Act could not be applied to the entire nationwide class, and all consumers who purchased or leased an Acura RL automobile could not be presumed to have relied on the advertisements, the court held.

Variances in State Consumer Laws

The law of multiple jurisdictions applied to any nationwide class of purchasers or lessees, according to the court. Variances in state consumer laws overwhelmed common issues and precluded predominance for a single nationwide class.

Reliance on Advertising

Even if the class was restricted only to those who purchased or leased their car in California, common issues of fact would not predominate in the class as currently defined because it almost certainly included members who were not exposed to, and therefore could not have relied on, Honda’s allegedly misleading advertising, the court determined.

Honda’s product brochures and TV commercials fell short of the “extensive and long-term [fraudulent] advertising campaign” at issue in In re Tobacco II Cases (Cal. S. Ct. 2009), CCH Advertising Law Guide ¶63,423.

In the absence of a massive advertising campaign, the relevant class had to be defined in such a way as to include only members who were exposed to advertising that was alleged to be materially misleading, the court concluded.

The decision is Mazza v. American Honda Motor Company, Inc., CCH Advertising Law Guide ¶64,536.

Former Comcast Subscribers Lacked Standing to Bring California Class Action

This posting was written by Jody Coultas, Editor of CCH State Unfair Trade Practices Law.

Putative class representatives lacked standing to bring California Unfair Competition Law (UCL) and Consumer Legal Remedies Act (CLRA) class action claims against Comcast because they lacked the requisite injury in fact, according to the federal district court in Fresno, California.

The representatives were former subscribers to Comcast’s telephone services who alleged the company adopted deceptive policies and practices relating to post-cancellation billing of consumers who seek to port their telephone number to another service provider, provided unclear and inaccurate billing statements, and used arcane and confusing final billing statements. The class representatives received a refund of funds deducted from the representatives’ accounts via direct payments.

Injury in Fact

To have standing under the UCL, the representatives needed to show an injury in fact stemming from an unfair business practice. The CLRA required the representatives to show a tangible increased cost or burden resulting from an alleged unlawful practice. Because the representatives received refunds, there was no evidence of an injury in fact or economic loss. The representatives’ argument that the refund was inadequate was too speculative to plead a concrete injury.

None of the putative class members suffered an injury in fact, according to the court. Although class members need not submit evidence of personal standing, a class must be defined in a way that anyone within it would have standing. There was no evidence that the refund calculation was incorrect or otherwise resulted in an injury.

Common Issues

Even if the class representatives had standing to pursue the UCL and CLRA claims, the class did not meet the requirements of Federal Rule of Civil Procedure 23. Rule 23(a)(2) requires questions of law or fact common to the class. In Wal-Mart v. Dukes, 131 S.Ct. 2541 (2011), the Supreme Court held that class representatives are required to identify how common points of facts and law will drive or resolve the litigation. The representatives failed to properly articulate common issues, according to the court.

The decision is Gonzales v. Comcast Corporation, CCH State Unfair Trade Practices Law ¶32,387.

Further information about the CCH State Unfair Trade Practices Law appears here.

Yelp! Not Liable for Unfavorable Business Reviews, Ratings on Website

This posting was written by Cheryl Beise, Editor of CCH Guide to Computer Law.

Businesses that received unfavorable reviews and “star ratings” on Yelp.com were barred by the Communications Decency Act from asserting civil extortion and California Unfair Competition Law claims based on Yelp!’s alleged manipulation of reviews, the federal district court in San Francisco has ruled.

The court dismissed with prejudice a third amended consolidated class action complaint alleging that Yelp! unlawfully manipulated reviews in order to induce businesses to pay for advertising in exchange for better ratings and higher ranking of favorable reviews.

Content Creation

Section 230(c) (1) of the Communications Decency Act (CDA) shields an interactive service provider from liability for publishing third-party content. The businesses argued that Yelp! did not qualify for CDA immunity because it participated in creating unlawful content on its site.

They alleged that approximately 200 employees and others acting on behalf of or paid by Yelp! authored negative reviews of businesses that refused to purchase advertising from Yelp!. Such allegations, however, were speculative, failing to “raise more than a mere possibility” that Yelp! had authored or manipulated reviews of the businesses, the court found.

Manipulation of User Reviews

The court also held that the CDA protected Yelp! from liability in connection with its alleged manipulation of user-generated reviews.

Decisions regarding whether to publish, exclude, promote, or rank user reviews were part of the “traditional editorial function” recognized under Sec. 230(c)(1). Therefore, the businesses’ allegations of extortion based on Yelp!’s alleged manipulation of their review pages—by removing certain reviews and publishing others or changing their order of appearance—fell within the conduct immunized by the CDA.

“Star Ratings”

CDA immunity also extended to Yelp!’s aggregate “star ratings” appearing at the top of each business’s review page, the court determined. The ratings did not constitute editorial content created by Yelp!, as the businesses contended. The ratings were based on the aggregation of user-generated data. Decisions regarding which reviews to include in calculating aggregate star ratings were within Yelp!’s editorial discretion, according to the court.

Moreover, Sec. 230(c) (1) of the CDA did not prevent a service provider from making editorial decisions in bad faith or with nefarious motives. This conclusion was supported by Sec. 230(c) (2), the so-called “good Samaritan” provision, in which Congress inserted a “good faith” requirement to qualify for content-blocking immunity.

“Although the Court is sympathetic to Plaintiffs’ complaint, the sweep of Sec. 230(c)(1) as a matter of text and legislative purpose is broad,” the court noted. Therefore, even if Yelp! had made an extortionate threat by manipulating user reviews, it nevertheless would be immune from suit under Sec. 230(c)(1), the court said.

The October 26 decision in Levitt v. Yelp! Inc., appears at CCH Guide to Computer Law ¶50,290 and CCH Advertising Law Guide ¶64,491.

Federal Courts Differ Over Arbitrability of California Consumer Claims

This posting was written by William Zale, Editor of CCH Advertising Law Guide.

Two federal district courts in California have reached opposite conclusions on the question of whether claims for injunctive relief under California false advertising and consumer protection statutes are subject to arbitration.

Nelson v. AT&T Mobility LLC

The federal district court in San Francisco held that the Federal Arbitration Act preempted California Supreme Court decisions barring arbitration of claims for injunctive relief under the state’s consumer statutes, in Nelson v. AT&T Mobility LLC, No. C10-4802 THE, (ND Cal. Aug. 18, 2011).

An AT&T wireless customer asserted class action claims under the California Unfair Competition Law (UCL) and Consumers Legal Remedies Act (CLRA) seeking injunctive relief to bar AT&T from continuing to engage in business practices including alleged overbilling by improperly calculating surcharges on monthly bills.

The court held that the U.S. Supreme Court’s April 27, 2011 decision in AT&T v. Concepcion (CCH Advertising Law Guide ¶64,265) compelled arbitration of Nelson’s claims.

Ferguson v. Corinthian Colleges

The federal district court in Santa Ana expressly declined to follow the Nelson decision in Ferguson v. Corinthian Colleges, Nos. SACV 11-0127 DOC (AJWx) and SACV 11-0259 (AJWx), (CD Cal. Oct. 6, 2011).

Students asserted class action claims under the UCL, CLRA, and the California False Advertising Law (FAL) alleging that Corinthian used fraudulent misrepresentations to entice prospective students to enroll. Through Corinthian’s various websites, the students claimed they were deceived about federal financial aid, the true cost of attending the programs, the value of Corinthian’s accreditations, and the employment prospects and career placement services that students could expect.

The court denied Corinthian’s Motion to Compel Individual Arbitration, holding that the statutory purpose of the injunctive relief provisions of the UCL, FAL, and CLRA and the public interest concerns in this case likely could not be met through arbitration. The court found no apparent conflict with the Federal Arbitration Act and noted that Concepcion did not take a position on the arbitrability of public injunction actions.

These conflicting decisions highlight the unresolved tension between state consumer protection law and the policies favoring arbitration of disputes embodied in the Federal Arbitration Act.

The opinions in Nelson v. AT&T Mobility LLC and Ferguson v. Corinthian Colleges will be reported in CCH Advertising Law Guide.

Contact Lens Solution False Ad Claims Preempted by Food, Drug, and Cosmetic Act

This posting was written by Jody Coultas, Editor of CCH State Unfair Trade Practices Law.

Class action claims that a contact lens solution manufacturer used misleading advertising in violation of the California Unfair Competition Law (UCL) and False Advertising Law (FAL) were preempted by the Medical Devices Amendments of 1976 (MDA), an amendment to the Food, Drug, and Cosmetic Act (FDCA), according to the U.S. Court of Appeals of San Francisco.

The manufacturer advertised its contact lens disinfectant and cleaner as effective when in fact it caused many users to suffer infections, and the purchaser argued that the manufacturer knew its product was a poor disinfectant compared to other products. The solution was eventually recalled by the Food and Drug Administration.

Standing

A district court found that the purchaser lacked standing to bring the UCL and FAL claims because the purchaser and the class members never suffered an injury, were not forced to throw away unused solution by the recall, and did not lose money.

To have standing to bring a UCL claim, the purchaser needed to show an injury in fact and lost money as a result of the unfair competition.

Because class members paid money for a product based on advertising found to be false, the court held that they had standing to bring the claim. Class members would not have been willing to pay as much as they did for contact solution had they not been deceived by the advertising.

Preemption

While the trial court erred in its finding of standing, the claims were nonetheless dismissed as federally preempted. The claims were preempted by the Medical Devices Amendments of 1976 (MDA) to the Food, Drug, and Cosmetic Act (FDCA) because the UCL and FAL would impose a requirement that differed from the federal law.

State laws are preempted where a federal requirement was imposed on a device under the FDCA and the challenged state rule would impose a requirement that differed from, or added additional obligations to, the federal requirement. The application of California laws to this case would have imposed additional requirements separate from the federal requirements.

The decision is Degelmann v. Advanced Medical Optics Inc., CCH State Unfair Trade Practices Law ¶32,337.

Further details regarding CCH State Unfair Trade Practices Law appear here.

Internet Provider’s Fast Service Claims Did Not Violate State Unfair Trade Practice Laws

This posting was written by Jody Coultas, Editor of CCH State Unfair Trade Practices Law.

A New York Internet subscriber could not state a New York deceptive business practices law claim against Time Warner Cable for allegedly misrepresenting the speed of its “Road Runner” Internet service, according to the federal district court in New York City.

A California Internet subscriber also failed to state a California Unfair Competition Law (UCL) claim based on violations of the California False Advertising Law (FAL) and Consumer Legal Remedies Act (CLRA).

Time Warner advertised its Road Runner Internet service as having “blazing speed,” being “always on connection,” and the “fastest, easiest way to get online.” These representations allowed Time Warner to charge up to more than 100% of the fees charged by competitors, according to the subscriber.

However, Time Warner failed to disclose that it interfered with and limited subscribers’ access to their Internet connections and their attempts to engage in peer-to-peer communications.

New York and California subscribers sought to represent a class of all Road Runner service customers.

In response, Time Warner argued that the service agreement included express provisions permitting the network management practices at issue. The company further argued that the statements at issue were mere puffery and not actionable under either the New York or California laws.

To state a claim under the New York law (New York General Business Law Sec. 349), the subscriber had to show that the challenged advertising was directed at consumers, the advertising would mislead a reasonable consumer in a material way, and that the subscriber suffered an injury as a result of the advertising. To state a UCL claim under the unlawful prong, the subscriber needed to show that the company violated another law.

While some of the statements were puffery, others could be actionable. However, the claims failed because there was no evidence that the Internet connection was not always available or that the speed of the service was slower than competing services, according to the court.

The decision in Fink v. Time Warner Cable will appear at CCH State Unfair Trade Practices Law ¶32,322.

Further information about CCH State Unfair Trade Practices Law appears here.

Online Ticket Buyers Get Another Try at Class Certification in “Rewards” Cases

This posting was written by William Zale, Editor of CCH Advertising Law Guide.

Class certification was improperly denied in cases brought by online ticket purchasers asserting California consumer protection law claims that Ticketmaster participated in a deceptive Internet scheme to lull and induce ticket purchasers into unwittingly signing up for a fee-based “rewards” program, the U.S. Court of Appeals in San Francisco has ruled.

The operator of the Entertainment Rewards program, Entertainment Publications LLC, allegedly charged amounts to the ticket purchasers’ credit cards or directly deducted amounts from their bank accounts, all without specific authorization. Members of the program can download printable coupons for discounts at retail establishments.

Unfair Competition Law

Class certification was improperly denied on the theory that individualized proof of reliance and causation would be required to establish California Unfair Competition Law (UCL) claims, the court held. Relief under the UCL was available without individualized proof of deception, reliance, and injury, according to the court.

Each member of the proposed class would have suffered a concrete and particularized injury by being relieved of money in the alleged transactions, and the alleged loss was traceable to the actions of the defendants, the court determined. The denial of class certification as to the UCL claims was reversed and remanded. A ruling that two individuals who were not deceived into joining the rewards program could not act as class representatives was affirmed.

Consumers Legal Remedies Act

California Consumers Legal Remedies Act (CLRA) claims were improperly dismissed because the statutory 30-day notice provided by ticket purchasers setting forth the nature of the dispute and intent to seek damages did not expressly state that class action relief would be sought. The statute did not state that the threat of class action must be set forth, according to the court.

Dismissal of the CLRA claims was affirmed in two of the actions on appeal in which the proposed class of ticket purchasers was so broadly defined that material misrepresentations to the whole class could not be shown.

The August 22 opinion in Stearns v. Ticketmaster Corp. appears at CCH Advertising Law Guide ¶64,386.

Class Certified in False Labeling Action Against Sunscreen Manufacturer

This posting was written by Jody Coultas, Editor of CCH State Unfair Trade Practices Law.

A trial court erred by refusing to certify a sunscreen purchaser’s California Unfair Competition Law (UCL) and Consumers Legal Remedies Act (CLRA) claims against a sunscreen manufacturer for false labeling, according to a California appellate court.

The purchaser sought to certify a class of all California residents who purchased sunscreen from the manufacturer in the class period based on alleged misrepresentations of the sunscreen’s UVA protection and waterproof properties.

Specifically, the purchasers claimed:

(1) The sunscreen was labeled as “UVA/UVB sunblock” but provided insignificant protection from the sun’s UVA rays;

(2) The sunscreen claimed to be waterproof but was not impenetrable to or unaffected by water; and

(3) The sunscreen was not “ultra sweatproof” as labeled.

The trial court found that the class was ascertainable and the purchaser’s UCL claims were typical of the class, but that individual issues predominated because all class members would need to prove they relied upon, were deceived by, and suffered damages as a result of the manufacturer’s conduct.

With regard to the CLRA claims, the trial court also found that individualized issues concerning reliance, causation, and damages predominated. Specifically, the trial court declined to presume reliance because the alleged misrepresentations were uniform but not material.

The UCL does not require individualized proof of deception, reliance, or injury, and the purchaser need only show that members of the public were likely to be deceived by the false labeling, the appellate court held.

To establish common damages, the purchaser may establish the measure of restitution to which class members are entitled by use of survey evidence and expert testimony. In this case, damages would be based on the difference between what was paid and the value of what was actually received.

Courts should presume reliance where a reasonable man would have relied on the misrepresentations and the misrepresentations were significant in the consumer’s purchase decision, according to the court. The label claims were material to a reasonable person because the protection provided by sunscreen is extremely important to a purchaser. Because the same labeling misrepresentations were made to all class members, the misrepresentations were material and a presumption of reliance should have been applied.

The August 9 decision is Gaston v. Schering-Plough Corp., CCH State Unfair Trade Practices Law ¶32,301.

Privacy Claims Proceed Against Google for “Street View” Data Interception

This posting was written by Cheryl Beise, Editor of CCH Guide to Computer Law.

Putative class action plaintiffs could pursue federal wiretapping claims against Google, Inc. for allegedly intercepting data from their wireless home networks during the course of its “Street View” mapping project, the federal district court in San Francisco has held.

The court, however, dismissed claims under various state wiretapping statues as preempted and under the California Unfair Competition Law for lack of standing.

Capture of Streamed Data

Google Street View featured panoramic views of various positions along streets using photos taken by vehicles equipped with nine directional cameras to capture 360 degree views of the streets and 3G/GSM/Wi-Fi antennas with custom-designed software for the capture and storage of wireless signals and data, commonly known as “wireless sniffers.”

Google’s wireless sniffers secretly captured data packets as they streamed across Wi-Fi connections, stored them on digital media, and later decoded them using crypto-analysis or a similarly complicated technology. The content of the captured data packets (payload data) included SSID information (Wi-Fi network names), MAC addressed (Wi-Fi network hardware ID numbers), usernames, passwords, and personal e-mails.

Federal Wiretapping Claim

The Wiretap Act, enacted as Title I of the Electronic Communications Privacy Act (ECPA) of 1986, establishes a private right of action against interceptors of an “electronic communication,” but creates an exception for interceptions of communications that are “readily accessible to the general public.” It also exempts an enumerated list of “radio communications,” none of which applied in the instant case.

While the statute does not define the term “radio communication,” an unrelated provision of statute stated that “readily accessible to the general public” with regard to a “radio communication” included a communication that was not “scrambled or encrypted.”

Google argued that its conduct was an exempt radio transmission because the plaintiffs did not plead that their Wi-Fi networks were scrambled or encrypted, and therefore their transmissions were “readily accessible to the general public.” The court disagreed. Both the various provisions within the ECPA, when read together, and the statute’s legislative history evidencing Congressional intent in passing the statute in 1986 supported the conclusion that the exemption for “radio communications” did not include wireless Internet networks.

Unlike traditional radio services transmissions, communications sent via Wi-Fi technology were not designed or intended to be accessible to the general public. Wi-Fi transmissions were more akin to private cellular telephone communications, a radio communication technology that existed in 1986 and purposely was left out of the ECPA’s radio communications exemption, according to the court.

State Wiretapping Claims

The court also held that the federal Wiretap Act preempted various state wiretapping statutes. While the ECPA contained no express preemptive statement, the statute was intended to comprehensively regulate the interception of electronic communications such that the scheme left no room for further regulation by the states, in the court’s view. The statute struck a balance between the right to the privacy of one’s electronic communications against the ability of radio technology users to inadvertently intercept communications.

Additional state regulation could upset that balance and could obscure the legislative scheme surrounding innovative communications technologies that Congress intended to clarify through the Act, the court reasoned. Further, the ECPA’s civil and criminal penalties provided broad protections for unlawful interceptions.

California Unfair Competition Law

The plaintiffs’ Unfair Competition Law claims were dismissed for failure to allege cognizable injury. The plaintiffs' allegations that they “suffered injury in fact and lost property as a result of the unfair and unlawful business practices” failed to meet minimal standing requirements.

Allegations of loss of personal information and invasion of privacy were insufficient to establish standing, according to the court. Intercepted data packets did not qualify as “lost property” for purposes of UCL standing. Attorneys’ fees and expenses incurred in litigation also could not be used to invoke standing.

Stay Pending Appeal

In a separate order, the court granted Google’s motion to stay the case pending immediate interlocutory appeal of the court’s interpretation of the term “radio communication” in the Wiretap Act; specifically, whether the term encompasses data packets transmitted from a wireless home network.

Certification was justified because the issue presented a novel question of statutory interpretation, involved a controlling question of law as to which there is a credible basis for a difference of opinion, and its resolution would materially advance the ultimate outcome of the litigation.

Two recent decisions in the case—In re Google, Inc. Street View Electronic Communications Litigation—are reported at CCH Guide to Computer Law ¶50,215 and ¶50,221. The decisions also will appear in CCH Privacy Law in Marketing.

Labeling, Advertising Food as “Healthy” Could Violate California Law

This posting was written by William Zale, Editor of CCH Advertising Law Guide.

Advertising Nutella® hazelnut spread as a “tasty yet balanced breakfast” was not mere puffery, and purchasers satisfied the reasonable consumer test under California consumer protection statutes in a suit against the food manufacturer Ferrero U.S.A., Inc., the federal district court in San Diego has ruled.

In a class action complaint, the purchasers alleged that Ferrero misleadingly labeled and advertised Nutella as healthy and beneficial to children, when in fact it contained dangerous levels of fat and sugar.

The purchasers’ complaint provided detailed lists of the challenged representations, the sections of the Consumers Legal Remedies Act (CLRA) that Ferrero allegedly violated, and a statement of how each section was violated. The purchasers stated a claim of unlawful conduct under the Unfair Competition Law (UCL) based on alleged violations of the False Advertising Law and the CLRA. The purchasers stated a claim of unfair conduct under the UCL by alleging that the misleading labeling of Nutella was immoral, unscrupulous, and offensive to public policy, and that the utility of the advertising and labeling was outweighed by the harm suffered by the purchasers.

Preemption

Federal law preempted an allegation that Ferrero deceptively omitted from its Nutella labeling the fact that it contained artificial flavoring, the court held. Food labeling was governed by the federal Food, Drug, and Cosmetic Act, as amended by the Nutrition Labeling and Education Act. Because Nutella’s label stated the fact that it contained vanillin, an artificial flavor, the label complied with the federal disclosure requirements, the court said.

Ferrero did not argue that the purchasers’ allegations regarding statements from its television advertisements were preempted.

Standing to Challenge Website Statements

The purchasers lacked standing to challenge statements on the Nutella website because, according to the purchasers’ allegations, they did not actually rely on the website statements before making their purchases, the court decided. The purchasers alleged that they only relied on representations from Nutella’s label and television advertisements in purchasing the product, and they admitted in their briefing that they had not visited the website.

The purchasers argued that they did not have to rely on individual website misrepresentations because the representations were part of a long-term, multifaceted advertising campaign, but the purchasers did not allege this in their complaint, the court noted. The purchasers were given 30 days to cure deficiencies in the complaint.

The June 30, 2011 opinion, In re Ferrero Litigation, 11-CV-205 H (CAB), will be reported at CCH Advertising Law Guide ¶ 64,349.

iPad Data Plan Fraud Claims Proceed Against Apple and AT&T

This posting was written by William Zale, Editor of CCH Advertising Law Guide.

Purchasers of 3G-enabled iPads can pursue claims of common law fraud against Apple and AT&T Mobility, but the purchasers failed to state claims under California consumer protection statutes, the federal district court in San Jose has ruled.

Apple’s and AT&T’s advertising, including statements by Apple CEO Steve Jobs, allegedly led the purchasers to believe that they would have the flexibility of switching in and out of an unlimited data plan based upon their monthly needs.

Apple began selling 3G-enabled iPads on or around April 30, 2010, and the firms’ allegedly promoted the flexible and unlimited data plan options up to June 2, 2010, when they announced that as of June 7, 2010, they would no longer provide an unlimited data plan.

Consequently, purchasers who initially opted for the limited data plan no longer have the option to switch in and out of an unlimited plan. Purchasers who had signed up for the unlimited plan were allowed to maintain it, but if they discontinued it they would not be allowed to switch back.

Bait and Switch

The purchasers asserted a classic “bait and switch” fraud scheme and claimed that they would not have purchased 3G-enabled iPads had they known that the firms would pull the flexible unlimited data option.

Contrary to AT&T’s contention, the purchasers alleged the “who, what, when, where, and how” of the fraud with the particularity required by the Rule 9(b) of the Federal Rules of Civil Procedure. The court found that the complaint set forth specific information that AT&T allegedly concealed—that it would almost immediately be canceling the unlimited plan and denying customers flexible access to such a plan, and that this was its intention all along.

The purchasers pleaded the element of reliance by repeatedly alleging that both Apple's and AT&T's statements were material to them and had they known that there would be no flexible unlimited data plan, they would not have purchased their iPad 3Gs, according to the court. The purchasers claimed that AT&T was aware of Apple's alleged misrepresentations, but did nothing to counter the statements, and even endorsed them, the court added.

California Consumer Protection Laws

The purchasers failed to allege a proper basis for restitution under the California Unfair Competition Law and False Advertising Law with regard to excess data plan charges incurred after the unlimited data plan was replaced. A damages claim under the California Consumers Legal Remedies Act was rejected because a required 30-day advance notice of violation was sent to Apple but not to AT&T. In addition, non-California residents who purchased their iPads outside of California lacked standing to assert claims under the statutes.

The purchasers’ claims under the California consumer protection statutes were dismissed with leave to amend.

The July 18 opinion in In re Apple and AT&T iPad Unlimited Data Plan Litigation will be reported at CCH Advertising Law Guide ¶64,337.

Further information regarding CCH Advertising Law Guide appears here.

Consumer Suit Proceeds Against Donald Trump and Trump University

This posting was written by William Zale, Editor of CCH Advertising Law Guide.

Individuals who paid $35,000 apiece to enroll in Trump University seminars, hoping to “Learn from the Master,” can pursue common law fraud and California consumer protection law claims against Donald Trump and Trump University, the federal district court in San Diego has ruled.

The court separately addressed claims against Trump and the university in two opinions issued the same day.

Fraud

The fraud claims against Trump himself focused on the allegation that he lied about “hand picking” instructors. Trump maintained that the named plaintiffs in the class action complaint did not sustain any damages in reliance on the alleged misrepresentation.

To the extent that the plaintiffs did rely on Trump’s alleged misrepresentations, they may have sustained damages of up to $35,000 apiece, the court determined and declined Trumps motion to dismiss.

In claims against the university, three of four named plaintiffs stated claims of fraud by alleging that they signed up for seminars in reliance on university speakers’ statements that included a misrepresentation about providing exclusive access to a list of properties handpicked by Donald Trump.

False Advertising, Consumer Protection Laws

One plaintiff stated a claim of false advertising under California law by alleging that she purchased a $35,000 seminar based on misleading statements at a $1,500 seminar made for the purpose of inducing her purchase, according to the court.

California Unfair Competition Law (UCL) and Consumers Legal Remedies Act (CLRA) claims based on the fraud allegations survived, although the court dismissed the California statutory claims brought by two of the four named plaintiffs who were not California residents. Claims under the New York deceptive acts and practices statute were rejected because none of the plaintiffs took classes in New York.

Puffery

The court agreed with Trump’s contention that his alleged statement “no course offers the same depth of insight, experience and support as the one bearing my name” constituted mere puffery and thus could not support claims under the UCL or CLRA.

The May 16 opinions in Makaeff v. Trump University LLC will be reported in CCH Advertising Law Guide.

Further information about CCH Advertising Law Guide appears here.

Facebook Users’ Privacy Claims Dismissed

This posting was written by Cheryl Beise, Editor of CCH Guide to Computer Law.

The federal district court in San Jose has dismissed claims filed by a putative class of Facebook users who alleged that the social networking website unlawfully transmitted their personal information to third-party advertisers without their consent.

The users’ California Legal Remedies Act (CLRA), Unfair Competition Law (UCL), and unjust enrichment claims were dismissed with prejudice, but the users were granted leave to amend claims alleging that Facebook violated its privacy policy, the federal Wiretap Act and Stored Communications Act (SCA), and the California computer crimes and civil fraud statutes.

The users alleged that, during a four or five month period in early 2010, a redesign of Facebook’s website caused it to transmit to a “referral header” to third-party advertisers when a user clicked on a banner advertisement. The referral header allegedly reported the user ID or username of the user who clicked on an advertisement, as well as information identifying the webpage the user was viewing prior to clicking on the ad.

Federal Wiretap and SCA Claims

The Wiretap Act prohibits electronic communication services providers from divulging the contents of a communication to any person or entity “other than an addressee or intended recipient of such communication.” The SCA provides that an electronic communication service provider “shall not knowingly divulge to any person or entity the contents of a communication while in electronic storage by that service.”

Under both statutes, an electronic communication service provider may divulge the contents of a communication to an addressee or intended recipient of such communication.

The court discerned that the users’ allegations were subject to two interpretations. Under the first view, when a Facebook user clicked on a banner advertisement, that click constituted an electronic communication from the user to Facebook. The contents of the communication were a request for Facebook to send the electronic communication to the advertiser. Under the second interpretation, clicking on an advertisement constituted an electronic communication from the user directly to the advertiser.

According to this interpretation, Facebook served merely as a conduit for transmitting the communication to its intended recipient, the advertiser. Neither scenario would support a violation of the SCA or the Wiretap Act, according to the court.

California Computer Crimes Law

The court also held that the Facebook users failed to state a claim under California’s computer crimes statue. To state a violation under most subsections of Cal. Penal Code §502, a plaintiff must show that the defendant’s actions were taken “without permission.” A defendant may only be subjected to liability for acting “without permission” under §502 if the plaintiff can prove that the defendant “circumvented…technical barriers” that had been put in place to block the defendant’s access to the plaintiff’s website.

The users did not allege that Facebook circumvented technical barriers to gain access to a computer, computer network, or website. To the contrary, they alleged that Facebook caused “nonconsensual transmissions” of their personal information as a consequence of Facebook’s “re-design” of its website.

Facebook could not have acted “without permission” as there were no technical barriers blocking access to its own website. To the extent the users’ §502(c) claims alleged that Facebook acted “without permission,” they were dismissed with prejudice.

The court noted that Cal. Penal Code §502(c)(8) created liability for any person who “knowingly introduces any computer contaminant into any computer, computer system, or computer network.” Unlike the other sections of Cal. Penal Code §502(c), subsection (8) does not require that a defendant act “without permission.” Although the users failed to state a claim under §502(c)(8), they were granted leave to amend their claim.

California CLRA, UCL Claims

To assert an unfair competition claim under the California UCL, a private plaintiff must have “suffered injury in fact and . . . lost money or property as a result of the unfair competition.” A violation of the CLRA can only be alleged by an individual consumer who “purchases or leases any goods or services for personal, family, or household purposes.”

The users did not allege that they lost money as a result of Facebook’s conduct. Nor did they allege that they paid fees for Facebook’s services. The users only alleged that Facebook unlawfully shared their “personally identifiable information” with third-party advertisers.

An alleged loss of personal information did not constitute a loss of “property” that could form the basis for a UCL claim, the court held. With regard to their CLRA claim, the users failed to provide any legal support for their assertion that their personal information constituted a form of “payment” to Facebook for its services.

Breach of Contract Claim

To maintain an action for breach of contract under California law, an aggrieved party is required to show “appreciable and actual damage.” Allegations of nominal damages and speculative harm did not amount to legally cognizable damages. The users’ unsupported conclusory statement that they “suffered injury” as a result of Facebook’s breach of its privacy policy was insufficient.

The court advised the users to allege “specific facts showing appreciable and actual damages in support of their claim.” Because the users alleged the existence of a valid contract with Facebook, they could not maintain a claim for unjust enrichment.

The decision is In re Facebook Privacy Litigation., CCH Guide to Computer Law ¶50,183.

Further information about CCH Guide to Computer Law is available here.

Data Security Breach Supported Contract, Negligence Claims

This posting was written by Thomas A. Long, Editor of CCH Privacy Law in Marketing.

An individual could have sustained an injury in fact from the failure of a publisher and developer of online services and applications for use with social networking sites (“RockYou”) to secure and safeguard its users' sensitive personally identifiable information (PII), sufficient to support contract and negligence claims brought under California common law, on behalf of himself and a purported class of similarly situated persons, according to the federal district court in Oakland.

The individual failed, however, to allege actionable injuries in support of his claims that RockYou violated the California Unfair Competition Law, Computer Crimes Law, and Consumer Legal Remedies Act. The statutory claims were dismissed with prejudice.

Collection, Storage of Personal Information

The individual—a registered user who had given RockYou his e-mail address and password in order to sign up to use a photo sharing application—asserted that RockYou collected and stored millions of users' PII in a large-scale commercial database, in “clear” or “plain” text, with no form of encryption, so that the PII was readily accessible to anyone with access to the database.

RockYou allegedly was negligent by failing to store passwords in a “hashed” form or to use any other common and reasonable method of data protection.

In December 2009, RockYou disclosed to users that one or more hackers had illegally breached its database and acknowledged that, at the time of the breach, the hacked database had not been up to date with industry-standard security protocols.

Contract and Negligence Claims

With regard to the contract and negligence claims, the individual sufficiently alleged a general basis for the requisite injury or harm by alleging that the breach of his PII caused him to lose some ascertainable but unidentified value or property right inherent in the PII, the court said.

The claims were not automatically precluded by a provision of RockYou's privacy policy, which stated that RockYou assumed no liability for third-party breaches of its secure servers. The individual asserted that RockYou's servers were not, in fact, secure.

The individual's allegations did not, however, rise to the level of stating a breach of the implied covenant of good faith and fair dealing, the court decided. The alleged misconduct did not involve conscious or deliberate actions by RockYou.

Unfair Competition Law

Although the breach of his PII could constitute a general form of “harm,” the individual failed to allege any loss of money or property as a result of RockYou's conduct, as required for a claim under the California Unfair Competition Law, the court determined.

The individual's contention that his PII constituted “currency” strained the acceptable boundaries of injury under the Act. To the extent that the individual claimed that his PII was “property,” he could not establish that his PII was “lost,” for purposes of the Act. His e-mail login and password did not cease to belong to him or pass beyond his control.

Computer Crimes Law

RockYou’s alleged failure to secure and safeguard its users' sensitive personally identifiable information (PII) would not violate California’s Computer Crimes law, in the court’s view. The statute prohibited any person from knowingly and without permission accessing or providing a means for another to access a computer system or network.

RockYou was not a proper defendant under this provision, the court said. RockYou's alleged failure to utilize reasonable data security methods did not constitute “providing a means” for third-party hackers to illegally access RockYou's database.

Consumer Legal Remedies Act

The individual failed to allege that he was a “consumer” within the meaning of the California Consumer Legal Remedies Act. He did not “purchase or lease” any goods or services from RockYou, as required for CLRA standing. There was no authority supporting the individual's contention that the CLRA covered intangible forms of payment, such as the individual's PII, the court said.

The decision is Claridge v. RockYou. Inc., CCH Privacy Law in Marketing ¶60,620.

Web Users Fail to Allege Injury in Fact from Installation of “Flash Cookies”

This posting was written by Thomas A. Long, Editor of CCH Privacy Law in Marketing.

A purported class of web users bringing claims against online third-party advertising network Specific Media for installing “Flash cookies” on their computers without their knowledge or consent failed to allege an “injury in fact” resulting from Specific Media’s conduct, the federal district court in Los Angeles has ruled.

The users brought claims under the federal Computer Fraud and Abuse Act and California’s Computer Crimes law, invasion of privacy statute, Unfair Competition Law, and Consumer Legal Remedies Act.

The term “Flash cookies” refers to data called “local shared objects,” which are stored on a user’s computer and used by Adobe Flash Player media software. Such data files allegedly circumvent the privacy and security controls of users who had set their web browsers to block or to periodically delete conventional cookie files.

Economic Loss?

The complaining users asserted that Specific Media’s placement of Flash cookies on their computers caused them to sustain economic loss, in that their personal information had “discernible value.”

However, the users did not allege that Specific Media actually tracked their online activity, the court said. They asserted only that they believed the Flash cookies could be used as substitutes for previously deleted standard cookies and to “re-spawn” previously deleted cookies. Therefore, the users did not allege that they were specifically injured by Specific Media’s practices.

Even if they could allege that they were affected by Specific Media’s installation of Flash cookies, the users made only conclusory allegations of harm, according to the court. The argument that Specific Media’s practices caused the users to sustain damage to the economic value of their personal information was potentially valid in the abstract. However, the users would have to provide particularized details of the harm suffered.

For example, the users would have to explain how Specific Media’s conduct deprived them of the opportunity to engage in a “value-for-value exchange” for their information and how that deprivation caused the economic value of the information to be diminished.

Harm to Computers

To the extent that the users alleged that the Flash cookies caused harm to their computers, such harm would be de minimis and insufficient to confer Article III standing, the court said.

The court also expressed skepticism that the users could allege an injury involving the requisite $5,000 minimum in economic damages to support a Computer Fraud and Abuse Act claim, even in the aggregate.

Specific Media’s motion to dismiss the complaint was granted, with leave to amend.

The April 28 decision in La Court v. Specific Media Inc. will appear in CCH Privacy Law in Marketing.