We’ve posted about how the FTC, FDA, and EPA have each targeted companies for making unsubstantiated claims about how their products can treat or cure the coronavirus. Now, we’ll add another acronym to the list – NAD.

NAD recently issued a decision involving a video by the owners Your Superfoods, promoting the company’s Immunity Bundle. But the claims in this video are a little different than the ones recently targeted by the federal agencies. Here’s the relevant part of the video:

With all that’s going on, with the coronavirus there is [sic] a lot of things you cannot control. However, there Superfoods Screen Shotis a piece that we can control, and that is our own health and building our immune system because its depends on what we eat…. It’s super important to have a lot of micronutrients now, so Superfoods can help. We have this amazing immunity bundle – Super Greens to up your green, Mellow Yellow which really reduces your stress because stress actually reduces your immunity, and then we also have immunity boosting mushrooms in our Magic Mushroom mix.

Notice that the owners don’t actually say their products can treat or cure the coronavirus. (Not even their magical mushrooms.) Instead, the only reference to the coronavirus is the true statement in the first sentence. Here, NAD was likely concerned that following that sentence with other sentences about how the products can help consumers build immune systems could lead viewers to believe that the immunity extended to the coronavirus, itself.

Whether you are talking about health or something more mundane, this case should serve as a reminder that ads can be deemed misleading, even if the individual claims in the ads are literally true. What matters is how reasonable consumers will interpret the claims in context. Make sure you view your ads through their eyes and that you can substantiate all likely interpretations.

Amid the flurry of products making coronavirus-related claims, some without legal approval or scientific support, one class of products raises unique questions:  so-called “pesticide devices,” like ozone generators and ultraviolet (UV) lights, which are instruments that claim to control pests — including viruses and other germs — through physical or mechanical means.  Unlike chemical pesticides, such devices are not required to be registered by EPA and, therefore, are not scrutinized by the agency to ensure they are safe to use or work as intended.

Accordingly, EPA recently issued an advisory that cautions:

Please note that ozone generators, UV lights and other pesticide devices may not be able to make claims against coronavirus where devices have not been tested for efficacy or safety for use against the virus causing COVID-19 or harder-to-kill viruses.

Pesticide devices, unlike some existing surface disinfectant products that have data on file with EPA showing effectiveness against similar viruses, are not eligible under the agency’s Emerging Pathogens Policy to make claims related to the coronavirus/SARS-CoV-2 or for inclusion on EPA’s “List N” of products deemed to be effective against the virus.

Pesticide devices, though not subject to registration, are subject to other EPA requirements.  For example, while devices will not have an “EPA Registration Number,” they are required to be labeled with an “EPA Establishment Number” to identify the facility at which the device was produced.  In particular, any claims made for devices may not be false or misleading, and, therefore, manufacturers should have data on file to substantiate any claims.  It is possible, therefore, that a device could be effective against coronavirus, and legally could make such claims, though companies should be prepared to defend the statements.  To do so, companies should look carefully at the criteria for claim approval in EPA’s Emerging Pathogens Policy.

EPA is actively pursuing enforcement in regard to illegal coronavirus claims, further information on which can be found at https://www.epa.gov/enforcement/covid-19-enforcement-and-compliance-resources.

Advertising LawEPA issued another in a series of recent advisories aiming to clarify for consumers and companies what they need to know about disinfectant products claiming to kill the coronavirus.  EPA is actively investigating the numerous tips and complaints it continues to receive concerning products marketed with possibly false and misleading coronavirus/COVID-19 related claims.

For some of these products, those claims have not been reviewed or accepted by EPA and, therefore, may present a risk to consumers, and healthcare providers in particular.

Products that claim to disinfect and kill or otherwise inhibit viruses, bacteria and other germs must be registered with EPA before they can be sold.  A disinfectant cannot make legal claims of effectiveness against a particular pathogen, such as SARS-CoV-2, unless EPA has specifically approved the claim as part of the registration process. Registration requires that any claim be supported by valid test data and an EPA determination that the product works as intended and is safe to use.

Earlier this year, EPA issued a list of disinfectants (“List N”) that meet the agency’s criteria for use against the coronavirus (SARS-CoV-2, the strain of coronavirus that causes COVID-19).  While the surface disinfectant products on List N have not been tested specifically against SARS-CoV-2, they are expected to work against the virus because they demonstrate efficacy against other viruses that are deemed harder-to-kill or another similar strain of coronavirus.

Please note that just because the product label states that it kills “99.5% of viruses,” this does not necessarily mean that it will kill coronavirus.

Consumers are reminded to follow the label directions for approved disinfectants — particularly regarding the amount of time the product must remain wet on the surface — to ensure effectiveness in killing the virus.  Use of a disinfectant in a manner inconsistent with label directions can pose safety risks, both from contact with the pesticide and from a false belief that the surface has been cleaned of the pathogen.

See my prior post on EPA enforcement activity in this area, as well as a more detailed description of EPA’s approval policy for products deemed effective against SARS-CoV-2.

EPA’s advisory is available here.  List N can be found at:  www.epa.gov/ListN.

Companies continue to reel from business disruptions caused by the spread of coronavirus, and in many cases have struggled to navigate the swiftly changing landscape in which they are required to operate (or not operate).  At the end of the first full month of the crisis, as infections appear to plateau in epicenters like New York City, class actions seeking to remedy consumers’ losses during the pandemic are spreading rapidly.

As of April 30, 2020, more than 150 class actions have been filed directly relating to or stemming from the pandemic. Tens of millions of individuals have filed for unemployment, and the plaintiffs’ bar is eager to “help.”   No amount of social distancing, and no impending treatment or vaccine, can insulate companies from the threat of class litigation.

While the specific factual circumstances underlying these claims are novel, the types of claims being asserted – and the jurisdictions where such actions are being filed – are not.  Companies should stay on top of the following pandemic-related class action trends and, wherever possible, get ahead of or try to prevent the additional strain of a class action during these already difficult times.

Pandemic-Related Refunds

Millions of people throughout the United States hope to receive refunds for events and services that have been cancelled or postponed as a result of coronavirus-related bans on large gatherings, stay-at-home orders and travel restrictions.  The strength of these cases will ultimately turn upon the specific cancellation, force majeure and limitation of liability clauses in the relevant contracts, with courts turning to common law doctrines of impossibility and impracticability where the contracts do not address these specific issues.

Rapid and widespread event cancellations have understandably tested companies’ abilities to fulfill their obligations.  For many companies that act as intermediate platforms for transactions—such as tickets to events and rental of vacation properties—handling refunds on such a scale is not manageable or even possible given that money consumers pay is often forwarded to venues, festival promoters and other clients, who often control potential rescheduling.  These circumstances have led to a series of class action lawsuits against ticket sellers, educational institutions, subscription fitness, sport, and health companies, and ski areas and theme parks who offer season ticket memberships.

Getting there can be difficult too.  While air travel has not been suspended entirely, cancellations and postponements, and general advisories against “non-essential” travel, have stretched airlines’ cancellation policies.  There has been a surge of litigation against nearly every major airline concerning refund policies during the pandemic.

Companies not only must navigate how to deal with existing liability, but how to reopen their business and charge their customers who return balancing compliance with written policies, supporting their customers and maintaining a good public image, and remaining financially solvent.  Examination of potential ways to maintain cash-flow, through government incentives, customer credits against future transactions, and other means, is an important first step.

Negligence in Addressing the Threat of Coronavirus

Class actions have also been filed alleging negligence and inaction to respond to and prevent harm arising from the coronavirus pandemic.  Thus far, these actions have largely been focused on cruise lines, alleging that the ships maintained business as usual despite increasing knowledge of the danger posed to passengers and crew, but it is easy to imagine additional lawsuits against companies that continued operations as the coronavirus spread (or were forced to continue throughout the shutdown).  It is also expected that similar allegations will arise as the economy reopens and people resume their normal activities.  Companies must design and implement a careful plan to minimize risk when they resume operations—by not opening too soon, providing adequate protective equipment and training to staff, and effectively warning customers of ongoing risks despite the business reopening.

False Advertising of Health Benefits

With consumers anxiously seeking products that can help them protect themselves during this public health crisis, it is important that companies are mindful of claims that may potentially overstate the effectiveness of a given product in treating or preventing the virus.  A number of companies have already seen warning letters from federal agencies or class action lawsuits concerning the alleged lack of evidence that hand sanitizers can effectively prevent the spread of disease, including coronavirus.  These lawsuits, asserting claims for consumer warranty and unfair competition, will likely spread from hand sanitizers to other products.  It is unclear how courts will evaluate the objective “reasonable consumer” under present circumstances.  Thus, companies should closely examine their existing advertising claims (both express and implied) to ensure they are not misleading in light of the “new normal.”

Price Gouging

Another area where class actions have been slow to file, but are expected to increase, is price gouging.  The pandemic has caused sharp spikes in demand for disinfecting products, basic necessities, and essential food staples and empty shelves—both in brick and mortar stores as well as online shops—have increased consumer’ willingness to pay a premium for these types of products.  While there is no federal law with strict guidelines for price gouging, more than half of the states have laws the prohibit charging excessive prices on certain products after a triggering event, such as a declaration of a state of emergency.  Companies should closely monitor the prices they charge, both during the crisis and after it resolves, to ensure that any increases to their prices comply with applicable law.  And while third party sellers like Amazon may be able to pass liability through to the ultimate seller in certain circumstances, it may be wise to actively monitor the pricing activities of their sellers and try to curb price gouging activity before getting hit with litigation.


To alleviate the pains of social distancing, companies, schools, and families have turned to video conference apps to stay connected.  As usual, with increased popularity comes increased scrutiny and, unfortunately, increased litigation.

Popular videoconferencing apps Zoom and Houseparty have already been hit with several class actions challenging their privacy practices.  Not surprisingly, these actions have been filed in California, where the California Consumer Privacy Act (“CCPA”) went into effect earlier this year.  While the CCPA only provides for a private right of action under limited circumstances, these actions demonstrate consumers’ ability—or at least attempt—to use other provisions of the CCPA as underlying statutory violations to support other California consumer protection claims, such as California’s Unfair Competition Law.

Technology companies whose platforms have seen a surge in popularity during the pandemic should closely monitor potential vulnerabilities and reexamine privacy protections that may no longer be adequate in this new virtual economy.

Securities Class Actions

Shareholder class actions have also been filed challenging both affirmative representations and omissions relating to the pandemic.  These include actions against cruise lines that allegedly downplayed the risk of coronavirus to investors, pharmaceutical companies that allegedly overstated their ability to develop a treatment or vaccine, and technology companies that allegedly withheld privacy concerns that have come to light with increased use.  These early cases illustrate why publicly traded companies must exercise great care when discussing their products and business both to the public and to their investors.  It remains to be seen how defenses deflecting blame for decreases in stock prices to the pandemic (similar to those asserted in the wake of the mortgage crisis) will play out.


With court closures and delays throughout the country, the evolution of class action litigation relating to the coronavirus may take some time to come into focus.  We expect the above described categories of cases to proliferate, and expand in scope as different issues arise from the reopening of the economy.  We will continue to monitor these cases and provide regular updates as to the types of claims being asserted and any decisions that come out. For a more in-depth treatment of these cases and for a comprehensive collection of case citations, click here.

Advertising and Privacy Law Resource Center

Data is helping governments, researchers, and companies across the world track the spread of the novel coronavirus, monitor cases and outcomes of COVID-19, and devise ways to halt the virus’s spread.  As part of these efforts, raw data, software tools, data visualizations, and other efforts are providing the public and policymakers with insights into the growth of the pandemic.

Personal information — some of which may be highly sensitive — is key to many of these efforts.  Although some regulators in the U.S. and abroad have made it clear that privacy laws and the exercise of enforcement discretion provide leeway to process personal information in connection with COVID-19, they have also made it clear that privacy laws continue to apply.  Federal Trade Commission (FTC) Chairman Joe Simons advises that the FTC will take companies’ “good faith efforts” to provide needed goods and services into account in its enforcement decisions but will not tolerate “deceiving consumers, using tactics that violate well-established consumer protections, or taking unfair advantage of these uniquely challenging times.”  And, with many eyes on the California Attorney General’s Office in light of recent requests to delay enforcement of the California Consumer Privacy Act (CCPA), an advisor to Attorney General Xavier Becerra was quoted as stating: “We’re all mindful of the new reality created by COVID-19 and the heightened value of protecting consumers’ privacy online that comes with it. We encourage businesses to be particularly mindful of data security in this time of emergency.”

Devoting some thought to privacy issues at the front end of COVID-19 projects will help to provide appropriate protections for individuals and address complications that could arise further down the road.  This post identifies some of the key privacy considerations for contributors to and users of COVID-19 resources.

1. Is Personal Information Involved?

Definitions of “personal information” and “personal data” under privacy laws such as the CCPA and the EU’s General Data Protection Regulation (GDPR) are broad.  Under the CCPA, for example, any information that is “reasonably capable of being associate with, or could reasonably be linked” with an individual, device, or household is “personal information.”  This definition specifically includes “geolocation data.”  Although some data sources provide COVID-19-related information at coarse levels of granularity, e.g., county, state, or national level, the broad definition of “personal information” under the CCPA, GDPR, and other privacy laws makes it worth taking a close look at geographic and other types of information to determine whether the data at issue in fact reasonably qualifies as “personal information,” or if it is sufficiently anonymized to meet privacy definitions of de-identified and/or aggregate data.  CCPA, HIPAA, and other privacy laws provide examples of what safeguards are expected to reasonably treat data as anonymized, and employing such standards can help avoid unnecessary privacy mishaps despite well-intentioned efforts.

2. What Level(s) of Transparency Are Appropriate About the Data Practices?

Although some COVID-19 tools may be exempt from statutory requirements to publish a privacy policy (e.g., the provider of the tool is not a “business” under the CCPA), there are still reasons for providers to explain what data they collect and how they plan to use and disclose the data:

  • Disclosures help individuals to reach informed decisions about whether they want to provide their data, e.g., by downloading an app and allowing it to collect their location and other information. If business practices and consumer expectations are not reasonably aligned around the data practices, the failure to provide an appropriate privacy notice could be deemed an unfair or deceptive practice, inviting the scrutiny of the FTC or State Attorneys General.
  • Developing a privacy policy (or other disclosure) can help provide internal clarification on what types of personal information (or not) an app or service needs and collects. A granular understanding of such data practices can help providers to identify and mitigate privacy and data security risks associated with such data practices.
  • Developing a disclosure about a provider’s data collection and usage can help clarify the decision-making structure among multiple stakeholders so that the group is better equipped to handle data governance decisions over the lifecycle of a project.

3. How to Address Government Requests/Demands for Personal Information?

Although much remains to be seen in how federal, state, and local governments will use personal information (if at all) to develop and implement strategies to slow the spread of coronavirus, it is not unreasonable to expect that government agencies will seek information from providers of COVID-19-related tools.  The extent to which a provider can voluntarily provide information to the government — as well as the procedures that the government must follow to compel the production of information (and maintain the confidentiality of it in personally identifiable form) — depends on several factors, including what kind of information is at issue and how it was collected.  Becoming familiar with the rules that apply to voluntary and compelled disclosures, and safeguards to help prevent such data from being subject to broad freedom of information laws,  before a request arrives can help save valuable time down the road.  In many of these scenarios, for example, aggregate or pseudonymous data may be sufficient.

4. What Considerations Are There for Licensing COVID-19-Related Personal Information?

Finally, any licensing of personal information in connection with COVID-19 tools deserves careful consideration, particularly if the CCPA applies.  The CCPA imposes notice and opt-out requirements on entities that “sell” personal information. “Sell” is defined to include disseminating, disclosing, or otherwise “making available” personal information to for-profit third parties in exchange for “monetary or other valuable consideration.”  Several types of open source licenses require users to accept certain restrictions on their use and/or redistribution of licensed data or software.  For example, the Creative Commons Attribution-NonCommercial 4.0 International license requires licensees to agree (among other conditions) not to use licensed content for commercial purposes.  Obtaining this promise in exchange for personal information could constitute “valuable consideration” and give rise to a “sale” under the CCPA.   In addition, while not a “sale,” sharing personal information with a government authority would qualify as a disclosure under CCPA and would need to be accurately disclosed in the privacy policy.

Neither the California Attorney General nor the courts have interpreted the CCPA in the context of open source licenses.  Until more authoritative guidance becomes available, it makes sense to think through the potential obligations and other consequences of applying and accepting specific license terms to COVID-19-related personal information.

Bottom line:  Personal information has a key role to play in shaping responses to the novel coronavirus.  Privacy laws remain applicable to this information.  Applying privacy considerations to COVID-19 related practices involving data collection, sharing, and analysis will help mitigate unnecessary harms to consumers, aside from those presented by the virus itself.

For other helpful information during this pandemic, visit our COVID-19 Resource Center.

This post updates an earlier post relating to marketing around the coronavirus.

We noted a couple news items this week that help add context to the pervasiveness of and risks related to price gouging enforcement.  In this story, the New York Times reported on a merchant who was selling hand sanitizer and related protective gear on Amazon, at profit levels that corresponded with the growing public concern. Amazon removed his listing along with hundreds of thousands of others and suspended thousands of sellers’ accounts for price gouging.  He’s now left with 17,700 bottles of hand sanitizer.

The California, Washington, and New York attorneys general offices are investigating price gouging complaints.  The New York AG issued multiple cease and desist letters last week relating to exorbitant prices on hand sanitizer and disinfectant spray.  The California AG issued a consumer alert regarding price gouging following announcement of a state of emergency.  The Washington AG issued a similar alert calling on consumers to report price gouging and scam products.

On the advertising claims front, the New York AG announced enforcement against Alex Jones, who operates the InfoWars website. TheCoronavirus Advertising-Related Enforcement Ongoing AG alleged that Jones was marketing and selling toothpaste, dietary supplements, and creams as treatments to prevent and cure the coronavirus.  The NY AG also issued cease and desist letters to Dr. Sherill Sellman, who was selling colloidal silver as a coronavirus cure, and to disgraced televangelist, Jim Bakker, for featuring claims that Sellman’s colloidal silver product could “eliminate [coronavirus] within 12 hours.”  The State of Missouri has also brought enforcement action against Mr. Bakker.

So, what’s the lesson?  In our prior coronavirus marketing post, the lessons were to know and understand the pricing laws and to avoid overstating the benefits of any product.  The follow-on issue is one of ethics and brand management:  We’re in a public health crisis.  Brands and platforms that demonstrate that they are working to comply with the law and take proactive consumer protection measures may forego short term profits, but they stand to gain long term consumer trust and maybe even generate some goodwill with regulators.

In addition to retail platforms, advertising and social media platforms may want to take note.  CDA Section 230 is alive and well but does any platform want to go to bat for advertising allegedly scam products?  The Washington AGs office stated that they will use their consumer protection laws to sue platforms or sellers even if they aren’t in Washington, as long as they were trying to sell to Washington residents.  Every other state AG undoubtedly agrees with this approach.

And finally for some comic relief…for some insightful advice from John Oliver, check out this link at the 17-minute mark.


Join us for our next webinar, covering influencer issues, on March 24 by signing up here.


Advertising and Privacy Law Resource Center

Before You Market Around CoronavirusUntil recently, most consumers likely associated anything starting with “Corona” with a sunny beach and a lime wedge.

Not anymore.

The public is rightly concerned about coronavirus and how to avoid catching it.  And where the public has questions, marketers will have answers.  Here are a couple things to think about before rushing that next campaign out the door.

State and Local Laws Prohibit Price Gouging

As hand sanitizer has become scarce, some who have it have sought to capitalize on consumer demand and no small amount of fear.  We noticed this story about Amazon cracking down on third-party merchants selling coronavirus products at inflated prices.

Many states have laws governing price gouging.  New York’s law prohibits merchants from taking unfair advantage of consumers by selling goods or services that are “vital to the health, safety or welfare of consumers” for an “unconscionably excessive price” during an abnormal disruption of the market place or state of emergency.

New York’s price gouging law does not specifically define what constitutes an “unconscionably excessive price.”  However, per the NY AG, the statute provides that a price may be “unconscionably excessive” if:  the amount charged represents a “gross disparity” from the price such goods or services were sold or offered for sale immediately prior to the onset of the abnormal disruption of the market.  Merchants may provide evidence that justifies their higher prices were justified by increased costs beyond their control.

California’s law is more prescriptive.  California’s anti-price gouging statute, Penal Code Section 396, prohibits raising the price of many consumer goods and services by more than 10% after an emergency has been declared.  There may also be local laws that prohibit price gouging.

State attorneys general and CA district attorneys have reported receiving price gouging complaints.  Companies that fail to comply will risk being enforcement targets.

Be Careful Not To Oversell

The FTC and FDA issued warning letters to seven companies allegedly selling unapproved products that may violate federal law by making deceptive or scientifically unsupported claims about their ability to treat coronavirus.  Both agencies issued statements indicating that they are prepared to take further enforcement action to prevent the public from being misled.

An equally concerning scenario is the marketer who sees an opportunity to market around coronavirus with a product that has value but not to the degree that it would be an effective prevention tool.  For example, dust masks are not the same as N95 face masks.  Hand wipes without alcohol will not kill the same germs as those with alcohol.  Tito’s Handmade Vodka is not hand sanitizer.  It would be potentially misleading and deceptive to market dust masks, hand wipes without an effective sanitizer, or even Tito’s Handmade Vodka hand sanitizer as effective coronavirus prevention tools.  It’s also a waste of good vodka.  But, we digress.

The lesson is this:  The rush to meet consumer demand should not overcome the legal clearance process or common sense.  Rules still apply even in – and maybe especially in – times of public health emergency.

Stay tuned.  We’ll update this post as the situation evolves.


Advertising and Privacy Law Resource Center

Seven months after being called upon by members of Congress to investigate Zoom’s data security practices, a divided FTC announced on November 9 a settlement with the videoconferencing platform.

The FTC’s five-count administrative complaint alleges that Zoom deceived users about several of its security features and harmed users by circumventing security and privacy controls provided by their operating systems and browsers.  The proposed consent order requires Zoom to make changes to its data security practices, implement a comprehensive information security program, and obtain independent assessments of its program for 20 years after entry of the order – but does not require the company to pay monetary relief.  In separate dissents, Commissioners Chopra and Slaughter argue that the proposed relief does not go far enough.

Companies watching the FTC’s data security enforcement trends will want to take note of two main takeaways: claims about the strength of security protections in products and services warrant close scrutiny, and software deployments that weaken or circumvent other security controls on users’ devices will likely receive a tough reception from the FTC.

Allegations in the FTC’s Complaint

Deception.  Although Zoom has grown rapidly during the coronavirus pandemic, much of the FTC’s complaint focuses on conduct that predates the massive shift to videoconferencing as a substitute for in-person family, business, social, and religious gatherings.  Specifically, the FTC alleges that Zoom misrepresented several features of its service through blog posts, user documentation, and other publicly available statements:

  • End-to-end encryption: Zoom asserted that it used end-to-end encryption (i.e., encryption that only the parties to a communication can decipher) but did not disclose that, for most versions of its service, Zoom stored encryption keys that would also allow Zoom to decrypt users’ communications.
  • Level of encryption: Zoom claimed to use 256-bit encryption keys but apparently used 128-bit keys.
  • Unencrypted storage: Zoom stored meeting recordings in unencrypted form for 60 days before moving them to encrypted storage.
  • Disguised updates: A software update billed as providing “minor bug fixes” did not disclose that it would install a web server on users’ devices.

Unfairness.  In addition, the FTC alleges that Zoom unfairly harmed users’ privacy and security interests by installing a “secret” web server as part of a 2018 update to its app for Apple Mac computers.  According to the complaint, this update worked around privacy and security protections in the Safari browser and exposed Zoom users to potential phishing, denial of service, and remote code execution vulnerabilities.  The complaint notes that Zoom users share health, financial, proprietary and other sensitive information but does not describe actual breaches involving such information.

Proposed Order Provisions

The Zoom order is generally consistent with recent changes in FTC data security orders, which reflect the agency’s efforts to ensure that its orders are specific enough to be enforceable, set tighter standards for security program assessments, and impose requirements for managerial oversight and order compliance.  Along these lines, key requirements in the Zoom order are as follows:

  • Comprehensive Information Security Program.  Zoom’s security program that Zoom must, at minimum, meet 10 families of requirements, most of which consist of multiple sub-requirements.
  • Independent Assessments.  Zoom must obtain independent security assessments every other year during the order’s 20-year term.  Among other requirements, the assessor must identify the evidence obtained to support its conclusions and may not rely on “primarily on assertions or attestations” by the company.
  • Annual Certifications.  A “senior corporate manager” must file an annual certification stating that the company has met the requirements of the order and is not aware of any “material noncompliance” that has not been corrected or disclosed to the FTC.
  • Incident Reporting.  Finally, Zoom must report to the FTC instances of unauthorized access to or acquisition of recorded or livestream video or audio content within 30 days of discovering such an incident, unless the incident affects fewer than 500 users or meets other exceptions.

Dissents:  A Preview of the Next FTC?

Consistent with their dissents in a string of major privacy and data security cases (e.g., YouTube and Facebook), Commissioners Chopra and Slaughter criticize the Zoom settlement for falling short in the relief provided to consumers and the changes required in Zoom’s business practices.

Perhaps most significantly in light of the potential changes in store for the FTC under a Biden-Harris administration, Commissioners Chopra and Slaughter endorse a list of seven recommendations to “restore credibility” (in Commissioner Chopra’s words) and “improve the effectiveness” of the FTC’s enforcement efforts:

  1. Strengthen orders to emphasize more help for individual consumers and small businesses, rather than more paperwork.
  2. Investigate firms comprehensively across the FTC’s mission.
  3. Diversify the FTC’s investigative teams to increase technical rigor.
  4. Restate existing legal precedent into clear rules of the road and trigger monetary remedies for violations.
  5. Demonstrate greater willingness to pursue administrative and federal court litigation.
  6. Increase cooperation with international, federal, and state partners.
  7. Determine whether third-party assessments are effective.

With respect to Zoom in particular, Commissioner Slaughter argues that the company’s practices harmed consumers’ privacy interests and that a “more effective order” would require Zoom to address privacy and security risks in its services.  Despite the greater specificity in the Zoom order compared to FTC data security orders of a few years ago, Commissioner Chopra criticizes this settlement as a “status quo approach” that does not provide for direct notice or relief for Zoom’s customers.

For more information on the FTC and other topics, visit:

Advertising and Privacy Law Resource Center


In a series of orders issued earlier this month, Judge Dale S. Fischer of the Central District of California dealt two strikes to putative class claims against ticket merchants Ticketmaster/LiveNation and StubHub that seek refunds for Major League Baseball games cancelled or “postponed” in the wake of the coronavirus pandemic.  See Ajzenman, et al. v. Office of the Commissioner of Baseball, et al., No. 2:20-cv-03643 (C.D. Cal. Apr. 20, 2020).

In April, fans hit the MLB, 30 MLB teams and the ticket merchants with a proposed class action lawsuit alleging that the postponement of games (as opposed to the cancellation of games) was a conspiratorial decision to avoid paying refunds to fans for their tickets.

Of the initial eight named plaintiffs in the suit, just three purchased tickets directly from the ticket merchants—one from Ticketmaster/LiveNation, and two from StubHub.  Judge Fisher compelled all three of these plaintiffs to arbitrate their claims.  Relying on Lee v. Ticketmaster LLC, 817 F. App’x 393 (9th Cir. 2020) and related caselaw, Judge Fisher determined that these plaintiffs entered into enforceable modified or “hybrid” clickwrap agreements with Ticketmaster/LiveNation and StubHub because the companies adequately made their terms and conditions—including an arbitration agreement—available by a sufficiently prominent hyperlink on registration, sign-in, and purchase pages.

The ticket merchants also moved to dismiss the claims of the five remaining plaintiffs who purchased their tickets from the MLB defendants, on the grounds that they failed to sufficiently allege a conspiracy.  Judge Fisher noted that many of the conspiratorial allegations in the complaint were vague, and that the more specific allegations were irrelevant to Ticketmaster/LiveNation and StubHub.  Still further, the court found that Ticketmaster did not have the power to cancel baseball games, and thus plaintiffs’ theory that all the defendants formed a conspiracy to cancel games was implausible.

Judge Fisher gave the fans one last chance to amend their allegations, suggesting that if plaintiffs’ theory was that “all Defendants formed a conspiracy not to give refunds rather than not to cancel games in order to avoid refunds, they must allege it in their complaint.”

The MLB defendants similarly filed motions to compel arbitration and motions to dismiss, which are still pending.

The court’s skeptical view of the plaintiff’s alleged conspiracy will likely mean that this refund class action will end up in individual arbitration—like most refund class actions with plaintiffs who agreed to terms in connection with their purchase.  Plaintiffs will be hard pressed to hold parties liable unless they purchased their tickets directly from them.



After gyms closed in mid-March due to the coronavirus pandemic, LA Fitness was among the many fitness facilities faced with unforeseeable closures, outraged members, and class action litigation.  Last Thursday, a Florida federal judge ruled that a gym member did not have Article III standing to maintain a class action because he had already received a full refund of membership dues, and another gym member was bound to arbitrate his claims.  See Barnett v. Fitness International, LLC, No. 20-cv-60658 (S.D. Fla. Mar. 30, 2020).

On March 30, 2020, Plaintiff Kip Barnett filed a putative class action for negligence and unjust enrichment against Fitness International, LLC d/b/a LA Fitness, alleging that it had voluntarily closed its fitness facilities around the country and kept millions of dollars in unearned membership fees for the month of March.  This filing came after LA Fitness told members that it was suspending all billing beginning on April 1, and offered to either extend memberships for longer than the duration of the closure or provide a complimentary three-month membership for a friend or family member.  LA Fitness also started providing refunds to all members “in good standing who [] made such a request instead of choosing the other benefits offered to them.”

LA Fitness moved to compel arbitration based on an arbitration agreement in Plaintiff Barnett’s personal training agreement, as there was no such clause in his general membership contract.

Shortly thereafter, Plaintiff Barnett filed an amended complaint, adding a second plaintiff (Samuel Enzinna) who had not signed an arbitration agreement.  However, at the time of this amended filing, Plaintiff Enzinna had already received a full refund of his March dues.

LA Fitness then moved to dismiss the amended complaint and the Court granted its motion as to both plaintiffs in different orders.  First, the Court ruled that Plaintiff Barnett had agreed to arbitration and dismissed his claims without prejudice.  Second, the Court found that, because Plaintiff Enzinna had been fully compensated for his alleged loss, he lacked Article III standing.  The court also rejected Enzinna’s request for injunctive relief in the form of a guarantee that LA Fitness will not charge membership fees at some future time during the pandemic, finding the argument to be “unduly conjectural and hypothetical” given that LA Fitness had already suspending its billing.

Refund cases make up a majority of COVID-19 class action filings, ranging from suits involving universities, monthly memberships, travel cancellations, and sporting events.  This case—one of the earliest decided—suggests that companies that took prompt action to remedy their customers’ injuries may be spared from the time and expense of lengthy class action litigation.