FDA and FTC Joint Warning Letters Target Amazon Affiliates Making False COVID-19 ClaimsEarlier this week, federal regulators continued their efforts to combat the spread of products featuring allegedly false and misleading claims that products can diagnose, treat, cure, or prevent COVID-19.  In warning letters issued to CBD Gaze, Alternavita, Musthavemom.com, and Careful Cents LLC, the agencies identify the respective recipients as participants in the Amazon Affiliate program.  Amazon Affiliates are marketers who earn commissions by promoting products sold on Amazon.  The letters state that the products at issue, which include essential oils, grapefruit seed extracts, cod liver oil, and others, feature false treatment and prevention claims such as the following:

  • CBD Gaze:  “Find the best CBD Oil to help fight Coronavirus.”
  • Alternavita:  “4 Proven Ways To Protect Yourself Against Coronavirus,” you represent that “Everyone is concerned about Coronavirus and looking for ways to protect themselves,” and then state the following:

“Grapefruit Seed Extract If you want a little extra daily protection GSE is a safe antibiotic . . . [Amazon associate link].”

  • Musthavemom.com:  “NATURAL REMEDIES FOR CORONAVIRUS. . .There are plenty of things you can do to boost your immune system and fight off any virus including coronavirus. Here are a few!”  … “2. Vitamin D . . . This important vitamin plays a crucial role in immune health. Being deficient in Vitamin D can increase your risk of infection. I recommend this brand of Vitamin D [Amazon associates link] and starting at a minimum dose of 5,000 IU.” [from your website https://musthavemom.com/coronavirus-prevention-treatment-plan/]
  • Careful Cents LLC:  “How to Boost Your Immune System Naturally With Essential Oils to Fight Coronavirus” you state: “Can you use essential oils to boost your immune system and fight coronavirus? Yes! Essential oils are one of the best tools to strengthen your immune system naturally . . .”

The letters state that the products are unapproved new drugs and misbranded pursuant to the Food Drug and Cosmetic Act.  Causing the introduction or delivery for introduction of these products into interstate commerce is prohibited under sections 301(a) and (d) of the FD&C Act, 21 U.S.C. § 331(a) and (d).  The letters also state that “it is unlawful under the FTC Act, 15 U.S.C. 41 et seq., to advertise that a product can prevent, treat, or cure human disease unless you possess competent and reliable scientific evidence, including, when appropriate, well-controlled human clinical studies, substantiating that the claims are true at the time they are made.  For COVID-19, no such study is currently known to exist for the product identified above.  Thus, any coronavirus-related prevention or treatment claims regarding such product are not supported by competent and reliable scientific evidence.”

What’s the lesson?  The difference between these letters and the warning letters that FDA and the FTC issued earlier this year is that these are targeted not to the company making the product or even the retail platform on which they are sold.  They were sent to the middleman marketer, who likely does not produce or possess the product, but who is promoting and profiting from its sale.  This is consistent with the FTC’s letters to product influencers in other marketing contexts but is a departure from FDA’s typical enforcement approach.  Although we have seen FDA pursue retailers (particularly online ones), FDA has not made pursuit of marketing affiliates a priority.  Clearly, regulators want affiliate marketers (Amazon or otherwise) to understand that they are not immune from enforcement if they are making aggressive or unsubstantiated health claims.

Ad Law Access Podcast


Ad Law Access Podcast - Operationalizing CCPACCPA compliance is a cross-functional exercise that requires active participation and buy-in from business units across the organization to tackle data mapping, work flows and employee training. On the latest episode of the Ad Law Access Podcast, special counsel Tara Marciano and associates Carmen Hinebaugh and Alexander Schneider discuss the ongoing challenges of operationalizing CCPA compliance focusing broadly on two areas: rights requests and vendor agreements.

Listen on Apple,  SpotifyGoogle Podcasts,  Soundcloud or wherever you get your podcasts.

For more information on CCPA and other topics, visit:

Advertising and Privacy Law Resource Center - Operationalizing the California Consumer Privacy Act (CCPA)

Green Marketing PodcastAs we have written about extensively on this blog, consumers continue to grow more environmentally conscious and demand products that reflect this concern. To meet consumer demands and as part of social responsibility initiatives, companies are increasing their “sustainable” practices, recycling materials, upcycling other products, and working to reduce waste and environmental harms.  As companies look to communicate their efforts to consumers, they must proceed with caution to avoid allegations of “greenwashing” or overstating the environmental benefits.

On the latest episode of the Ad Law Access Podcast, Advertising and Marketing practice Christie Thompson and associate Lee Baumgardner discuss the key regulatory requirements (the FTC’s “Green Guides”) and practical tips for companies to consider when engaging in green marketing in the United States.

Listen on AppleSpotify, Google PodcastsSoundcloud or wherever you get your podcasts.

For more information on these and other topics, visit:

Advertising and Privacy Law Resource Center Green Marketing

Despite the lack of a private right of action to enforce the U.S. Federal Food, Drug and Cosmetics Act (“FDCA”), the plaintiffs’ bar continually tries to use the FDCA to support other causes of action, and more often than not class actions, challenging the marketing or labeling of cosmetics.  A recent decision by the Southern District of California, where many of these cases are filed, will hopefully deter this practice.  See Franz v. Beiersdorf Inc. et al., Case No. 3:14-cv-02241, (S.D. Cal. Apr. 15, 2020).

The FDCA defines cosmetics as “articles intended to be rubbed, poured, sprinkled, or sprayed on, introduced into, or otherwise applied to the human body… for cleansing, beautifying, promoting attractiveness, or altering the appearance.”  Drugs, by contrast, are articles “intended to affect the structure or any function of the body of man.”  While a seller must seek approval from the FDA before selling a drug, there is no pre-approval requirement for cosmetics, and Congress gave FDA the sole authority to police violations of the FDCA.

The original complaint in Franz, filed in 2014, alleged that Beiersdorf’s Nivea Skin Firming Hydration Body Lotion (the “Lotion”) claimed on its label that it provided skin firming hydration, improved skin’s firmness in as little as two weeks, and was proven to firm and tighten skin’s surfaces in as little as two weeks.  According to the plaintiff, because the Lotion was marketed to affect the structure or function of the skin, it was a drug (not a cosmetic), and should have gone through FDA’s pre-approval process.

After an amended complaint and two motions to dismiss, as well as an appeal to the Ninth Circuit, the Defendant filed a third motion to dismiss, arguing that the complaint failed to state a claim that the Lotion was, in fact, a drug.  The Court denied the motion.  Beiersdorf then filed a motion for summary judgment arguing that the plaintiff was preempted by the FDCA from privately enforcing the federal pre-market approval process for drugs and, in the alternative, asked the court to find that the Lotion was a cosmetic as a matter of law.

The Court granted Beiersdorf’s motion, explaining that claims seeking to enforce the FDCA must thread a “narrow gap” to escape preemption – the plaintiff must be suing for conduct that violates the FDCA, but not because the conduct violates the FDCA.  The plaintiff failed to meet this standard because she repeatedly referenced provisions of the FDCA and specifically alleged that “Defendant engaged in illegal conduct by unlawfully making skin firming representations about [the Lotion] that resulted in its being deemed a drug under FDA regulations, but did so without obtaining required FDA approval through the FDA NDA [New Drug Approval] process.”  Because there was “no reasonable way to construe this allegation except as an attempt to privately enforce the FDCA,” the claim was preempted.

Interestingly, the Court noted that because the relevant facts were not in dispute and because the motion largely turned on a question of law, a motion to dismiss would have been the better procedural vehicle for resolving the issue.  Cosmetics companies should always consider whether they have valid preemption arguments at the motion to dismiss stage.  This decision (from one of the more plaintiff-friendly jurisdictions in the country no less) is hopefully another tool to resolve costly class actions litigation at an early stage.

The decision was appealed to the 9th circuit on May 18, 2020.

The Virginia Governor recently signed into law amendments to the Virginia Telephone Privacy Protection Act that significantly increase the exposure of businesses that place marketing calls or text messages to Virginia residents.

The amendments take effect July 1, 2020, and address four topics: (1) the definition of a “telephone solicitation call,” (2) caller identification, (3) the private right of action, and (4) Attorney General enforcement.

  1. Telephone Solicitation Call: The amendments clarify that the definition of a “telephone solicitation call” includes text messages, in addition to calls to landline and wireless numbers. Notably, the definition is drafted broadly. First, the Act will apply to calls and text messages to any number with a Virginia area code, regardless of whether that number belongs to a consumer or a business, potentially introducing another point of exposure for alleged do-not-call violations for B2B calls. Second, it will apply to numbers with non-Virginia area codes that are registered to a natural person who is a resident of Virginia. Identifying state of residence is already a difficult task, particularly if businesses do not collect address information, and relying on area code alone will no longer be sufficient once the amendments take effect.
  2. Caller Identification: The amendments will expressly prohibit telephone solicitors from “engaging in any conduct that results in the display of false or misleading caller identification information.” While the Act will retain language that allows telephone solicitors to display the name and telephone number of the person or entity on whose behalf the call or text is being made, provided the telephone number displayed is that entity’s customer service number, these amendments introduce a new source of liability for businesses – particularly those that contract with third-party service providers to send text messages (often from short codes).
  3. Private Right of Action: The amendments will significantly increase the damages individuals may recover for violation of the Act, including the new caller identification provisions, as well as the existing do-not-call and call abandonment provisions – from $500 per violation under the current law, to $500 for a first violation, $1,000 for a second violation, and $5,000 for each subsequent violation under the amendments. The increased liability is based on calls and texts received in violation, regardless of any intent or actual damages. A single call or text message constitutes a violation, so these payments can add up quickly, particularly if Virginia state law claims are allowed in addition to claims under the Telephone Consumer Protection Act (which also provides for up to $500 per violative call or text message) for a single call or text message.
  4. Attorney General Enforcement: The amendments will similarly increase the penalties that the Attorney General can seek on behalf of aggrieved individuals – from $500 per violation under the current law, to $500 for a first violation, $1,000 for a second violation, and $5,000 for each subsequent violation under the amendments. A court may also assess up to $5,000 in civil penalties for each willful violation of the Act (even if it is the first or second violation).

Telemarketing remains a high-risk area, in part due to the varying requirements at the federal and state levels, which states continue to update. Consumers and plaintiffs’ attorneys also recognize the potential for high-dollar payouts, and we expect that these amendments, and the increased penalties available, could make Virginia an appealing forum. These amendments also emphasize the benefits of relying on valid consent to place marketing calls and text messages, as well as ensuring compliance with federal and state requirements throughout the lead flow process. If you have questions about specific campaigns or practices, please do not hesitate to reach out to us for guidance.

Advertising and Privacy Law Resource Center

Democrats Release Their Own COVID-19 Privacy LegislationFollowing the Republican-sponsored COVID-19 Consumer Data Protection Act of 2019, Democratic legislators recently introduced the Public Health Emergency Privacy Act. Senators Richard Blumenthal and Mark Warner of Connecticut and Virginia, respectively, and a group of Democratic Representatives, including Jan Schakowsky of Illinois and Anna Eshoo of California, introduced the measure.

While both measures similarly require “affirmative express consent” prior to most processing of personal information for COVID-19 purposes, notice prior to using the data, reporting requirements, and destruction after data use, the bills vary in many other respects. Some differences between the Republican and Democratic bills include preemption, enforcement authority, and civil and voting rights protections.

Perhaps the most material distinctions focus on preemption and enforcement – a common theme in federal privacy legislation. These areas continue to be sticking points between the parties in discussions regarding privacy legislation. While both measures allow for FTC and state attorney general enforcement, the Democrats’ bill also provides for a private cause of action, which would allow for damages between $100 and $1000 per negligent violation, and $500 and $5000 per reckless, willful, or intentional violation. And while the Republican measure expressly preempts any similar state measure, the Democratic measure expressly does not.

The Democratic measure also addresses other concerns regarding using health data for COVID-19 purposes where the Republican bill is silent. Specifically, the Democrats’ bill expressly prohibits the use of emergency health data for advertising or discriminatory purposes. The bill also requires the Secretary of Health and Human Services to work with both the U.S. Commission on Civil Rights and the FTC to submit a report examining how the collection, use, and disclosure of COVID-19 health information impacts civil rights issues.

In addition, the Democrats’ bill prevents government entities from restricting the right to vote based on an individual’s: (1) participation or non-participation in a program to collect emergency health data; (2) medical condition; or (3) emergency health data itself.

As with Congress’s debate over comprehensive federal privacy legislation, COVID-19 privacy legislation may come down to similar disputes over enforcement and preemption. Whether the parties will be able to agree on these issues as they apply in a more limited capacity remains to be seen.

Advertising and Privacy Law Resource Center

The Proof Is In The Product:  NAD Recommends CBD Company Discontinue Claims

On April 29, the National Advertising Division (“NAD”) recommended that Talyoni Professional, LLC and its affiliate, Ecoco, Inc. (collectively “Talyoni”) discontinue express claims that the companies’ cosmetic and wellness products contain CBD, as well as product performance claims based on the presence of CBD in the products.  For those who may be unfamiliar, NAD, part of the Better Business Bureaus National Programs, is a self-regulatory forum where consumers, competitors, and NAD can challenge national advertising.  If a challenged advertiser refuses to participate, or if NAD recommends that an advertiser modify or discontinue advertising claims and the advertiser refuses to comply, NAD refers the matter to the appropriate regulatory agency.

NAD found that Talyoni failed to provide adequate substantiation that its products contained CBD.  NAD based its inquiry on the following claims displayed on Talyoni’s product packaging and online advertising:

Express Claims:

  • “The Talyoni Labs Cannabis Sativa collection is a comprehensive approach to personal care featuring the time-honored therapeutic benefits of CBD Oil.”
  • “A lush, refreshing, CBD-infused shampoo that smooths hair and hydrates with shea butter, olive & flaxseed oils.”
  • “Deeply nourishes, repairs and strengthens with CBD, olive and flaxseed oils.”

Packaging Claims:

  • Talyoni products contain 850MG per ounce of CBD.
  • Ecoco products contain 25 PPM of CBD.

As substantiation, Talyoni provided a certificate of analysis (“COA”) for the CBD oil ingredient used in its products, a description of the manufacturing specifications for the CBD oil, and a COA for a bottle of its CBD-infused shampoo showing it contained 0.0245% THC and 0.826% CBD.  Despite this evidence, NAD determined there was inadequate substantiation for the challenged express claims.

NAD explained that Talyoni could not rely on ingredient tests alone to support claims about its finished product. While the information provided by the supplier could provide a reasonable basis that the supplier’s CBD oil contained CBD, this was insufficient to show Talyoni’s finished product contained CBD.  Second, the NAD found that the results of one test for CBD on a single bottle of one product could not be imputed on the wide variety of products Talyoni markets.

So what’s the takeaway? Businesses marketing CBD products should have current COAs for their finished products, not just the CBD oil being added.  Moreover, it is crucial to have information regarding where tested product is sourced, whether it was obtained from inventory or from a store shelf, when it was produced, or any other data that would support the representativeness of the test.  As we’ve chronicled here, we anticipate that advertising challenges regarding CBD claims and content will only continue.  Companies that maintain proper documentation in the regular course of business will be best prepared to reduce risk of such challenges and respond when they happen.

While the Copyright Act has a three-year statute of limitations, most courts follow the “discovery rule,” pursuant to which “an infringement claim does not ‘accrue’ until the copyright holder discovers, or with due diligence should have discovered, the infringement.” See, e.g., Psihoyos v. John Wiley & Sons, Inc., 748 F.3d 120, 124  (2d Cir. 2014) (quoting 17 U.S.C. § 507(b)). It is the defendant’s burden to prove whether the plaintiff knew or should have known about the alleged infringement more than three years before it filed suit. Therefore, it is often difficult to dismiss a copyright infringement claim on statute of limitations grounds prior to costly discovery. This has presented a significant advantage to a plaintiff who raises a claim for infringement more than three years after the allegedly-infringing behavior has ceased. Yesterday, the Second Circuit issued a decision which more evenly balances the equities in late-filed copyright infringement claims.

In Sohm v. Scholastic Inc., No. 18-2110, 2020 WL 2375056 (2d. Cir. May 12, 2020), the Court found, among other things, that monetary damages in a copyright infringement suit are limited to those incurred in the three years preceding the commencement of suit.

In Sohm, professional photographer Joseph Sohm and one of his agencies sued Scholastic Inc. in the Southern District of New York for, among other things, alleged copyright infringement of 89 of his photographs. The district court granted in part and denied in part the parties’ cross-motions for partial summary judgment. On appeal, Sohm and Scholastic each raised various challenges to the district court’s order. Most significantly, Scholastic argued that the district court erred in: (1) applying the “discovery rule,” and not the “injury rule,” to determine when the plaintiffs’ claims accrued under the statute of limitations; and (2) allowing damages that accrued more than three years prior to the date that plaintiffs filed the copyright infringement suit.

In deciding the statute of limitations issue, the district court applied the “discovery rule” and found the action was timely filed because Scholastic had failed to show any reason that Sohm should have discovered the infringing acts more than three years prior to the date it filed the complaint. The Second Circuit affirmed, rejecting Scholastic’s argument that two recent Supreme Court decisions, SCA Hygiene Prods. Aktiebolag v. First Quality Baby Prods., LLC, 137 S. Ct. 954 (2017) and Petrella v. Metro-Goldwyn-Mayer, Inc., 572 U.S.663 (2014), cast doubt on the “discovery rule’s” applicability, because in both cases the Supreme Court specifically declined to rule on the applicability of the rule.

The Second Circuit reversed the district court’s decision regarding recovery of damages for infringement. It agreed with Scholastic that regardless of whether the discovery rule or injury rule applies for purposes of accrual of a claim, the Supreme Court’s decision in Petrella clearly held that the Copyright Act limits a plaintiff’s recovery to damages incurred in the three years prior to filing suit. There, the Supreme Court explained that “[u]nder the Act’s three-year provision, an infringement is actionable within three years, and only three years, of its occurrence” and “the infringer is insulated from liability for earlier infringements of the same work.” Petrella, 572 U.S. at 671. Thus, “a successful plaintiff can gain retrospective relief only three years back from the time of suit” and that “[n]o recovery may be had for infringement in earlier years.” Id. at 677.

This decision will be well-received by defendants in the Second Circuit who are faced with claims of copyright infringement more than three years after the allegedly-infringing behavior has ceased, such as a fashion company who is faced with an infringement claim regarding a product it has not sold for many years.

Unfortunately, since the Supreme Court’s ruling in Petrella, most circuits, including the Ninth Circuit, have not yet squarely addressed whether copyright infringement damages should be limited to those incurred in the three years preceding suit. Some district courts in the Ninth Circuit have since suggested that damages incurred more than three years prior to suit should be permitted so long as the plaintiff had no reason to know about the infringement prior to the three-year limitations period. See, e.g., Johnson v. UMG Recordings, Inc., 2019 U.S. Dist. LEXIS 184455 (C.D. Cal. Oct. 23, 2019). This presents a potential split among the circuits with respect to the availability of damages for copyright infringement outside the three-year statute of limitations.

Advertising and Privacy Law Resource Center

Companies continue to reel from business disruptions caused by the spread of coronavirus, and in many cases have struggled to navigate the swiftly changing landscape in which they are required to operate (or not operate).  At the end of the first full month of the crisis, as infections appear to plateau in epicenters like New York City, class actions seeking to remedy consumers’ losses during the pandemic are spreading rapidly.

As of April 30, 2020, more than 150 class actions have been filed directly relating to or stemming from the pandemic. Tens of millions of individuals have filed for unemployment, and the plaintiffs’ bar is eager to “help.”   No amount of social distancing, and no impending treatment or vaccine, can insulate companies from the threat of class litigation.

While the specific factual circumstances underlying these claims are novel, the types of claims being asserted – and the jurisdictions where such actions are being filed – are not.  Companies should stay on top of the following pandemic-related class action trends and, wherever possible, get ahead of or try to prevent the additional strain of a class action during these already difficult times.

Pandemic-Related Refunds

Millions of people throughout the United States hope to receive refunds for events and services that have been cancelled or postponed as a result of coronavirus-related bans on large gatherings, stay-at-home orders and travel restrictions.  The strength of these cases will ultimately turn upon the specific cancellation, force majeure and limitation of liability clauses in the relevant contracts, with courts turning to common law doctrines of impossibility and impracticability where the contracts do not address these specific issues.

Rapid and widespread event cancellations have understandably tested companies’ abilities to fulfill their obligations.  For many companies that act as intermediate platforms for transactions—such as tickets to events and rental of vacation properties—handling refunds on such a scale is not manageable or even possible given that money consumers pay is often forwarded to venues, festival promoters and other clients, who often control potential rescheduling.  These circumstances have led to a series of class action lawsuits against ticket sellers, educational institutions, subscription fitness, sport, and health companies, and ski areas and theme parks who offer season ticket memberships.

Getting there can be difficult too.  While air travel has not been suspended entirely, cancellations and postponements, and general advisories against “non-essential” travel, have stretched airlines’ cancellation policies.  There has been a surge of litigation against nearly every major airline concerning refund policies during the pandemic.

Companies not only must navigate how to deal with existing liability, but how to reopen their business and charge their customers who return balancing compliance with written policies, supporting their customers and maintaining a good public image, and remaining financially solvent.  Examination of potential ways to maintain cash-flow, through government incentives, customer credits against future transactions, and other means, is an important first step.

Negligence in Addressing the Threat of Coronavirus

Class actions have also been filed alleging negligence and inaction to respond to and prevent harm arising from the coronavirus pandemic.  Thus far, these actions have largely been focused on cruise lines, alleging that the ships maintained business as usual despite increasing knowledge of the danger posed to passengers and crew, but it is easy to imagine additional lawsuits against companies that continued operations as the coronavirus spread (or were forced to continue throughout the shutdown).  It is also expected that similar allegations will arise as the economy reopens and people resume their normal activities.  Companies must design and implement a careful plan to minimize risk when they resume operations—by not opening too soon, providing adequate protective equipment and training to staff, and effectively warning customers of ongoing risks despite the business reopening.

False Advertising of Health Benefits

With consumers anxiously seeking products that can help them protect themselves during this public health crisis, it is important that companies are mindful of claims that may potentially overstate the effectiveness of a given product in treating or preventing the virus.  A number of companies have already seen warning letters from federal agencies or class action lawsuits concerning the alleged lack of evidence that hand sanitizers can effectively prevent the spread of disease, including coronavirus.  These lawsuits, asserting claims for consumer warranty and unfair competition, will likely spread from hand sanitizers to other products.  It is unclear how courts will evaluate the objective “reasonable consumer” under present circumstances.  Thus, companies should closely examine their existing advertising claims (both express and implied) to ensure they are not misleading in light of the “new normal.”

Price Gouging

Another area where class actions have been slow to file, but are expected to increase, is price gouging.  The pandemic has caused sharp spikes in demand for disinfecting products, basic necessities, and essential food staples and empty shelves—both in brick and mortar stores as well as online shops—have increased consumer’ willingness to pay a premium for these types of products.  While there is no federal law with strict guidelines for price gouging, more than half of the states have laws the prohibit charging excessive prices on certain products after a triggering event, such as a declaration of a state of emergency.  Companies should closely monitor the prices they charge, both during the crisis and after it resolves, to ensure that any increases to their prices comply with applicable law.  And while third party sellers like Amazon may be able to pass liability through to the ultimate seller in certain circumstances, it may be wise to actively monitor the pricing activities of their sellers and try to curb price gouging activity before getting hit with litigation.


To alleviate the pains of social distancing, companies, schools, and families have turned to video conference apps to stay connected.  As usual, with increased popularity comes increased scrutiny and, unfortunately, increased litigation.

Popular videoconferencing apps Zoom and Houseparty have already been hit with several class actions challenging their privacy practices.  Not surprisingly, these actions have been filed in California, where the California Consumer Privacy Act (“CCPA”) went into effect earlier this year.  While the CCPA only provides for a private right of action under limited circumstances, these actions demonstrate consumers’ ability—or at least attempt—to use other provisions of the CCPA as underlying statutory violations to support other California consumer protection claims, such as California’s Unfair Competition Law.

Technology companies whose platforms have seen a surge in popularity during the pandemic should closely monitor potential vulnerabilities and reexamine privacy protections that may no longer be adequate in this new virtual economy.

Securities Class Actions

Shareholder class actions have also been filed challenging both affirmative representations and omissions relating to the pandemic.  These include actions against cruise lines that allegedly downplayed the risk of coronavirus to investors, pharmaceutical companies that allegedly overstated their ability to develop a treatment or vaccine, and technology companies that allegedly withheld privacy concerns that have come to light with increased use.  These early cases illustrate why publicly traded companies must exercise great care when discussing their products and business both to the public and to their investors.  It remains to be seen how defenses deflecting blame for decreases in stock prices to the pandemic (similar to those asserted in the wake of the mortgage crisis) will play out.


With court closures and delays throughout the country, the evolution of class action litigation relating to the coronavirus may take some time to come into focus.  We expect the above described categories of cases to proliferate, and expand in scope as different issues arise from the reopening of the economy.  We will continue to monitor these cases and provide regular updates as to the types of claims being asserted and any decisions that come out. For a more in-depth treatment of these cases and for a comprehensive collection of case citations, click here.

Advertising and Privacy Law Resource Center

In light of concerns associated with attempts to use personal data to track the spread of COVID-19, a group of Republican Senators, led by Mississippi Senator Roger Wicker, introduced the COVID-19 Consumer Data Protection Act of 2020 today.

The bill imposes specific requirements on entities seeking to process precise geolocation data, proximity data, persistent identifiers, and personal health information (together, “covered data”) in association with COVID-19 mitigation efforts. Among other things, the Act would require:

  • Notice/Consent: Prior notice and affirmative express consent for the collection, processing, or transfer of covered data to track COVID-19, monitor social distancing compliance, or for COVID-19 contact tracing purposes;
  • Opt Out Rights: Giving individuals the right to opt out of such processing;
  • Deletion Rights: Deleting or de-identifying all covered data once the entity is no longer using it;
  • Data Processing Restrictions: A public commitment to limit the processing of the data, unless certain exceptions apply;
  • Notice: Posting a clear and conspicuous privacy policy within 14 days of the Act’s enactment that provides information about data transfers, data retention practices, and data security practices; and
  • Accountability: During the public health emergency, providing a bi-monthly public report identifying the aggregate number of individuals from whom the covered entity has collected, processed, or transferred covered data for COVID-19 purposes with additional detail about how and why that information was used.

The bill also requires covered entities to engage in data accuracy (including allowing the individual to report inaccuracies), data minimization, and data security practices. The FTC has enforcement authority under the bill and would also be required to release data minimization guidelines in relation to COVID-19 processing.

Separately, the bill explicitly exempts covered entities from requirements under the Communications Act or regulations in relation to this processing. The bill also preempts any similar state law, although state attorneys general have enforcement authority along with the FTC.

Whether Congress will pass the measure is unclear, as Democrats and public interest organizations have voiced concerns about the bill. Still, assuming Congress can agree, it’s worth monitoring to see whether the measure may be included in any upcoming COVID-19 relief bill.

Advertising and Privacy Law Resource Center