CJEU Orders the European Commission to Pay Damages for Data Transfers to the U.S.
On January 8, 2025, the General Court of the Court of Justice of the European Union (“CJEU”) issued its judgment in the case of Bindl v Commission (Case T-354/22), ruling that the European Commission (the “Commission”) must pay damages to a German citizen whose personal data was transferred to the U.S. without adequate safeguards.
Background
The case concerned the Commission’s website for the “Conference on the Future of Europe,” which offered users the ability to register for events by signing in using their Facebook account, among other sign-in options.
The claimant, a citizen living in Germany, alleged that selecting this option caused his personal data—including his IP address and browser details—to be transferred to U.S.-based Meta Platforms, Inc. In addition, the claimant asserted that his personal data had been transferred to Amazon Web Services via the Amazon CloudFront content delivery network used on the website. He argued that the transfer posed risks, as the U.S. did not ensure an adequate level of data protection under EU law and that the data could potentially be accessed by U.S. intelligence services. At the time of the transfer in March 2022, the Commission had not yet finalized a new adequacy decision regarding the U.S., following the invalidation of the EU-U.S. Privacy Shield Framework by the CJEU in the Schrems II case.
The claimant sought €400 in damages for the non-material harm he allegedly suffered due to the transfers and €800 for an alleged infringement of his right of access to information. He also sought a declaration that the Commission acted unlawfully in failing to respond to his request for information and annulment of the data transfers.
Anyone who believes the European Union (through one of its institutions) is responsible for non-contractual liability can file a claim for damages. For such liability to apply, three conditions must be met: (1) a serious violation of a law that gives rights to individuals; (2) actual damage; and (3) a direct connection between the unlawful actions and the harm caused.
The Findings
The General Court issued a mixed ruling in this case:
The General Court dismissed the claim regarding the transfer of data to Amazon Web Services, finding insufficient evidence that the transfer had occurred unlawfully. During one of the individual’s connections to the website in question, the General Court found that data was transferred to a server in Munich, Germany, rather than the U.S. In the case of another connection, the individual was responsible for redirecting the data via the Amazon CloudFront routing mechanism to servers in the U.S. Due to a technical adjustment, the individual appeared to be located in the U.S.
The General Court also rejected the claims related to the alleged infringement of the claimant’s right to access information, ruling that no harm had been demonstrated.
Further, the General Court dismissed the annulment application as inadmissible and found no need to adjudicate the claim of failure to act.
However, the General Court held the Commission responsible for enabling the transmission of the claimant’s personal data―specifically, the claimant’s IP address―to Meta Platforms, Inc. via the “Sign in with Facebook” The General Court found that the Commission had not implemented appropriate safeguards to legitimize such transfer and had therefore committed a sufficiently serious breach of a rule of law that is intended to confer rights on individuals. In this case, the claimant argued that he had suffered non-material damage due to uncertainty about how his personal data, especially his IP address, was being processed. The General Court found that there was a sufficiently direct causal link between the Commission’s violation and the harm sustained by the individual. As a result, the General Court granted the complainant damages and ordered the Commission to pay €400.
An appeal addressing only legal issues may be filed within two months and ten days of receiving the General Court’s decision.
Read the judgment.
French Insider Episode 38: Securing the Future: Cybersecurity & Data Privacy in the Trump Era with Jonathan Meyer, Liisa Thomas and Carolyn Metnick of Sheppard Mullin [Podcast]
In this episode of French Insider, Sheppard Mullin partners Jonathan Meyer, Liisa Thomas and Carolyn Metnick join host and French Desk Co-Chair, Valérie Demont, to explore the evolving landscape of cybersecurity and privacy under a new Trump administration.
What We Discussed in This Episode:
What is CISA and what is its role in cybersecurity?
What can we expect from the Trump administration regarding cybersecurity?
Could we see less regulation but greater enforcement?
Might there be more stringent regulation with respect to cyber attacks and private ransomware?
Where does the United States currently stand in terms of privacy law?
What is the current status of state and federal privacy laws in relation to the healthcare industry?
In terms of privacy, where could enforcement be headed under the incoming administration?
How do the various state attorneys general and federal agencies coordinate on enforcement?
What enforcement trends should businesses be aware of, and what do they need to focus on?
What specific enforcement trends are we seeing in the healthcare space?
Generally speaking, what types of penalties could result from enforcement actions?
Could a company’s officers and directors face personal liability, either criminal or civil?
How might class action litigation originate from a cybersecurity or privacy incident?
What should businesses prioritize in terms of cybersecurity and privacy compliance?
Do Tenants Have a Right to Ring Cameras? Courts Are Weighing In
Certain amenities in a dwelling have evolved from being considered luxuries to becoming essential, exemplified by the increased reliance on technology in the home. One particular technology that has grown in popularity is the doorbell camera, which has raised questions of how much a homeowners’ association (HOA) may regulate their implementation and use. While related legal actions have been few in number, it may be the tip of the proverbial iceberg.
There are a number of video doorbell camera companies on the market, but Ring, which is owned by Amazon, is probably the best-known. These doorbell cameras record audio and video after the motion sensor is triggered, and the owner can then hear and watch the events at their front door on their smart phone. There are various reasons that these doorbell cameras have become popular, from the convenience of knowing what is going on outside one’s home to believing that having a Ring camera will make them feel safer. However, in connection with these doorbell recordings, concerns are being raised about privacy as well, including the ability to post clips of their footage to show others in the community. See Samantha Shamhart, “The Mosaic Theory: How the Interest of Mass Surveillance and Facial Recognition Is Provoking an Orwellian Future,” Capital University Law Review, 51 Cap U.L. Rev 504 (2023).
The issue of maintaining community harmony is one of the issues that HOAs try to regulate through their own bylaws and rules. As articulated in the Third Restatement of Property, a homeowners’ association has the “implied power to adopt reasonable rules to (a) govern the use of the common property and (b) govern the use of individually owned property to protect the common property.” Section 6.7. When evaluating such rules under the Fair Housing Act, courts have focused on whether these HOA rules and regulations are facially neutral and whether they have an adverse or disproportionate impact on one group of residents. See, e.g., Morris v. W. Hayden Est. First Addition Homeowners Ass’n, 104 F. 4th 1128 (9th Cir. June 17, 2024). In addition, in “reviewing the reasonableness of [an HOA’s] exercise of its rule-making authority, absent claims of fraud, self-dealing, unconscionability or other misconduct, the court should apply the business judgment rule and should limit its inquiry to whether the action was authorized and whether it was taken in good faith and in furtherance of the legitimate interests of the [HOA].” Fields Enters. Inc. v. Bristol Harbour Vil. Assn, Inc., 217 A.D. 3d 1433 (NY App 4th Dep’t June 9 2023).
Action in the CourtsWhile there have been a couple of recent challenges on discrimination grounds to HOA rules about doorbell cameras, it seems that courts are allowing such rules to be enforced. In the case of Byrd v. Fat City Condo Owners Ass’n, the plaintiff alleged that the condo association was racially discriminating against her by fining her for installing a Ring camera on her condominium door based on the condo association rules regarding exterior door modifications. 2023 US Dist Lexis 208792 (WD NC Nov 21 2023). While the court dismissed the plaintiff’s claims for breach of fiduciary duty and for intentional infliction of emotional distress, the court did find that there were questions of fact with respect to the plaintiff’s section 1981 claim. The court in Byrd noted that the plaintiff raised instances of some of the condo board knowing about modifications to the doors of other units, but did not “fine white residents for these violations.” The Byrd case went to trial, and on June 20, 2024, the jury found in favor of the defendants, noting that there was no discrimination, that the plaintiff had breached the contract, and that the defendant had complied with the North Carolina Condominium Act in levying fines that totaled $73,000.
In Ricks v. DMA Companies, the claim of disability discrimination focused on the alleged declination by the property management company of the plaintiff’s request, among other things, for a specific model of Ring camera. 2024 U.S. Dist Lexis 170140 (WD TX Sept. 19 2024). In the court’s September 2024 decision, which addressed issues of discovery and claims against certain defendants under the ADA, the court found that the plaintiff’s “newly discovered evidence does not demonstrate that [real estate agent defendant] owns, leases, or operates a place of public accommodation; that it took an adverse action against Ricks based on his disability; or that it failed to make reasonable modifications that would accommodate Ricks’s disability without fundamentally altering the nature of the public accommodation.” The court in Ricks has not yet ruled as to whether the denial of the request for a specific type of Ring camera was discriminatory in nature. This case is set for trial in June 2025.
Another such action is Deborah Reiner v. Dickens House II Homeowners Ass’n, et al., which was filed in the U.S. District Court, Central District of California (23-cv-10050). In the Reiner case, which seeks injunctive relief under the federal and California Fair Housing Act, one item that the plaintiff is challenging is the denial by the board of the homeowners association of her request to install a Ring camera, where the board denied the request based on “potential invasion of privacy.” The board had implemented a rule that reads: “Residents are not permitted to install or place any audio or video recording devices on the exterior of a unit, including but not limited to front and back doors and anywhere in the common areas. This includes but is not limited to video doorbells.” The plaintiff is alleging that her request for permission to have security cameras on her door constitutes a request for a reasonable accommodation based on her alleged disability. The Reiner case, which was filed in November 2023, recently settled and was dismissed by the court on November 15, 2024.
Another case involving a doorbell camera is Angelina Navarro, et al. v. Palmer Ontario Properties, LP, et al., which is pending in California State Court, San Bernardino County (CIV-SB-2400185). The Navarro case is pled as a mass action by a number of residents of the property who are alleging that the defendants “participated in a common scheme by failing to provide habitable living conditions,” including that the building “has been unsafe.” The claims against the defendants include contractual tortious breach of implied warranty of habitability and tortious breach of the covenant of quiet enjoyment. While most of the allegations focus on complaints about the physical building, two residents have made claims about the security on the property being unsafe. It is alleged that in connection with the building not providing adequate security, two of the residents purchased Ring cameras, but in response were served with notices to remove them. The Navarro action, which was filed in January 2024, is still pending.
ConclusionThese recently filed cases involving doorbell cameras reflect on the ongoing societal debate over privacy versus security, leading to challenges to housing providers’ right to regulate certain aspects of the residence. The residents are requesting that Ring systems be installed for their own security on the property in keeping with a growing use of such surveillance technology overall in society as it has become more widely accepted. However, some of the opposition has explicitly involved concerns about the privacy of other residents, particularly those who reside in units across the hall from residents with such cameras. This is reflected in the passage of more privacy laws, in particular with regard to the collection of biometric and electronic data. It does not appear likely that the growing use of doorbell cameras will be curbed, but how they are regulated by housing providers remains to be determined.
At the very least, housing providers that prohibit the use of doorbell cameras on their properties should ensure that the rule is applied to all residents consistently to avoid allegations of differential treatment based on residents’ membership in various protected classes.
Sleeping Defendant: Plaintiff Secures Win for Class Certification and Damages Discovery
Hey TCPAWorld!
Bringing you a quick (painful and avoidable) ruling out of the Middle District of Florida in Ownby v. United 1st Lending, LLC., 2025 WL 81344 (M.D. Fla, Jan. 13, 2025).
By way of background, Plaintiff filed this action against United 1st Lending back in September 2024, alleging violations of the Telephone Consumer Protection Act (TCPA) and the Florida Telephone Solicitation Act (FTSA).
And what did United First Lending do in response? Nothing. So, Plaintiff secured a clerk’s default.
While Defendant sleeps, Plaintiff is on the move! And not just any Plaintiff’s counsel, local South Floridian Manny Hiraldo from TCPA’s Power Rankings of the most dangerous Plaintiff’s Firms.
In the underlying ruling, Plaintiff filed a Motion for leave to conduct class certification and damages-related discovery.
Again, what did United First Lending do in response? Nothing. Absolutely Nothing. Unbelievable.
The court, in a brief order, reiterated that district courts have broad discretion when it comes to class certification. According to Federal Rule 23, plaintiffs must meet certain criteria to get the class certified. Rule 23 mandates that a plaintiff demonstrate (1) the putative class is so numerous that joinder of all members is impracticable; (2) there are questions of law or fact common to the putative class; (3) the claims or defenses of the representative parties are typical of the claims or defenses of the putative class; and (4) the representative parties will fairly and adequately protect the interests of the putative class. Fed. R. Civ. P. 23(a). The 11th Circuit recognizes that sometimes, even when a defendant defaults, plaintiffs might need a bit of discovery to nail down that certification. This case is no different.
Plaintiff anticipates the class could be massive—hundreds, if not thousands, of members—and he needs evidence like call logs to prove it.
The court found these assertions convincing enough to grant the motion, giving Plaintiff another win and granting his Motion for class certification and damages-related discovery. Just painful!
And now, United 1st Lending is about to experience the full brunt of class discovery—a grueling process that delves into records, logs, and everything else. One of my favorite parts of litigation. Somebody wake up United 1st Lending?!
If you’re a defendant, you never want to ignore a complaint. Respond! Do something! But lying down like a sleeping dog is a surefire way to get walked all over.
If you need assistance, don’t hesitate to reach out to Troutman Amin, LLP – we are awake and ready to help!
Til next time, Countess!!!
NYDFS Urges Companies to Exercise Caution Due to Threats Posed by Remote Workers with Ties to North Korea
The New York Department of Financial Services (“NYDFS”) recently cautioned regulated entities to be aware of individuals applying for remote technology-related positions due to an increase in reported threats from North Korea. Threat actors have repeatedly attempted to access company systems and illegally generate revenue for North Korea under the guise of seeking remote Information Technology jobs at U.S. companies.
According to the NYDFS, these applicants often pose as individuals from the U.S. and other countries, using false and stolen identities and proxy accounts that belong to U.S.-based individuals, some of whom may knowingly sell their identities, assist with account creation, and participate in required pre-employment drug screening tests. Applicants use a variety of other tactics to hide their location and/or identity, such as using virtual private networks (“VPNs”) to make it appear that they originate and reside in U.S.-based locations when applying for telework positions, avoiding video or in-person conferencing, and asking for devices to be shipped to different locations pre-employment.
The NYDFS urged companies to take several steps to protect their systems from threat actors, including:
Raising awareness of this threat among senior executives, information security personnel third-party service providers, and human resources through targeted training;
Conducting due diligence during the hiring process by implementing stringent background checks and identity verification procedures;
Utilizing technical and monitoring controls, including procedures to track and locate corporate laptops and cellphones to ensure that they are delivered and remain at the initially reported residence, and flagging events related to location (e.g., change of address);
Limiting remote employees’ access to systems and data necessary to perform their jobs; and
Notifying the FBI’s Internal Crime Complaint Center if the company suspects that a remote worker is engaging in a fraudulent remote work scheme.
The NYDFS guidance provides additional detail and examples for implementing each of these steps. Federal agencies are also pursuing the IT worker threat, including the U.S. Departments of State and Treasury, and the Federal Bureau of Investigation.
CPPA Extends Public Comment Period from January 14, 2025, to February 19, 2025; Public Hearings for Interested Parties to be Held January 14, 2025, and February 19, 2025
The California Privacy Protection Agency (CPPA) published a Notice of Extension of Public Comment Period and Additional Hearing Date on Friday, January 10, 2025, informing that the CPPA is extending the formal public comment period for the proposed updates to the California Consumer Privacy Act regulations regarding cybersecurity audits, risk assessments, automated decision-making technology (ADMT), and insurance companies to ensure all Californians, including those affected by the devastating wildfires in Southern California, have the opportunity to participate. More information regarding public comments and the new deadline can be found here.
The CPPA will also be hosting two public hearings to provide all interested parties an opportunity to present oral and written statements or arguments regarding the proposed regulations. The first session will be tomorrow, January 14, 2025. More information can be found here. The second session will be held on February 19, 2025, with more information regarding the date, time, and location to be published.
Otherwise, the substance of the proposed updates to the regulations did not change. Our team provided a summary of the key updates from the November 8th CPPA Board meeting, including regarding the proposed updates to the regulations, here.
Reform to Mexico’s Federal Labor Law Related to Digital Platforms
Go-To Guide:
Mexico updates its Federal Labor Law to regulate digital platforms, ensuring standardized labor conditions and rights for gig economy workers.
The amendments introduce new definitions and rules, including flexible work schedules, digital contracts, and algorithmic management transparency.
Employers must provide social security, profit sharing, and training, while workers gain union rights and protection against discrimination.
Non-compliance with the new regulations may result in fines, with a phased implementation.
On Dec. 24, 2024, Mexico published amendments to its Federal Labor Law regarding digital platforms. These changes take effect 180 days after publication.
This GT Alert highlights significant modifications to the law and details the new definitions, penalties, and implementation timelines.
I.
Purpose
The amendments seek to establish a regulatory framework for digital platforms in Mexico that standardizes labor conditions for the employees working through these platforms. This includes compensation, effective access to social security, provision of benefits, implementation of security measures, and profit sharing. The regulation seeks to ensure that digital platform employees’ labor rights are protected under a legal framework.
The initiative focuses on regulating the “gig economy” platforms, meaning income generation outside a traditional work scheme. Nonetheless, these regulations have implications for other similar business models operating under unconventional work schemes. The regulation seeks not only to standardize working conditions for employees working for these types of platforms, but also to potentially apply to any company with a similar business model, ensuring wider labor protection within the digital industry.
II.
New Definitions
Chapter IX B is incorporated into the Federal Labor Law, which addresses the topic of work on digital platforms, along with the following definitions related to this modality:
1.
Digital platform: Computer systems that assign tasks or services to workers for third parties using information technologies as defined in article 330-A of the Federal Labor Law.
2.
Work on digital platforms: A subordinate employment relationship where workers provide physical services managed by a person or company through a digital platform.
3.
Employee: An individual who works on digital platforms, earning at least one monthly minimum wage in Mexico City.
4.
Effective working time: The period from when a worker accepts a task until they complete it. Employees who do not generate a monthly net income exceeding the amount specified in the preceding paragraph will be considered independent contractors.
5.
Algorithm: Automated decision-making systems that control and supervise digital platform workers.
III.
Changes
Employment Contract: Employers must use approved contract templates and can sign them digitally. Employers must submit the contract template to the Federal Center for Conciliation and Labor Registration for approval.
The contract should establish the equipment and work supplies provided, the percentage and amount the employer will pay the employee for each task service, work, or job, any bonuses that may be applicable, and health and safety obligations, among others.
Work Schedule: Schedules are flexible and discontinuous, with employment existing only during effective working time.
Salary: Pay is set per task and includes proportional amounts for rest days, vacations, and bonuses.
Social Security: Tips that individuals generate on digital platforms will not be considered part of the base salary for social security purposes. Employers must cover occupational risks during effective working time.
Profit Sharing: Workers with over 288 annual hours can participate in profit sharing.
Union Freedom: Workers can form or join unions.
Algorithmic Management: Employers must inform workers about how algorithms affect their employment.
Employer Obligations: Special obligations are included for digital platform employees, as well as for employers and individuals who manage or operate services through digital platforms.
Review Mechanisms: Digital platforms must provide employees with mechanisms to review decisions affecting their access to or connection with the platform. Autonomous personnel, not algorithms, must manage these mechanisms.
Special Causes of Termination: New reasons for justified termination include:
–
submitting false data and;
–
compromising user security;
–
engaging in acts of dishonesty or misconduct, acts of violence, threats, insults, harassment, and/or sexual harassment, mistreatment, discriminatory acts, or other similar acts during and due to work; and
–
repeatedly failing to comply with the accepted tasks, services, works, jobs, or work-related instructions without justified cause.
Training: Employers must provide necessary training and tools.
Gender Perspective: Companies must protect workers from gender-based discrimination and violence.
IV.
Fines
Violations will be subject to additional fines calculated based on the Unidad de Medida y Actualizacion (Unit of Measurement and Update UMA), which is the economic reference in pesos used to determine the amount of payments for obligations and scenarios outlined in federal laws, state laws, and any legal provisions arising from them. For 2025, the UMA is valued at $113.14 Mexican pesos.
2,000-25,000 UMAs for failing to register contracts before the Federal Center for Conciliation and Labor Registration.
1,000-25,000 UMAs for failing to issue or report modifications in the algorithmic management policy document.
250-5,000 UMAs for violating the provisions of Article 291-K concerning administrating and managing services through digital platforms.
500-25,000 UMAs for failing to implement the mechanisms outlined in Article 291-P regarding actions related to autonomous personnel rather than algorithms.
V.
Implementation Deadlines
This regulation will be implemented gradually.
The law becomes enforceable 180 days after its publication in the OGF.
Before being enforceable, the Mexican Social Security Institute and the National Housing Fund Institute for Employees will issue guidelines through a mandatory pilot test to be conducted five days after the law takes effect. The guidelines will establish general rules on employers’ contributions for employees hired through digital platforms.
The Mexican Social Security Institute will have 180 days from the rules’ publication date, to consider the results of the pilot test prepare additional compliance initiatives, which will be presented to the Legislative Branch for discussion.
The Ministry of Labor must, within five days of the rules’ effective date, establish the general provisions governing the net income calculation for employees, which is currently determined by tasks, services, or work performed.
Read in Spanish/Leer en español.
FTC’s “Click to Cancel” Rule to Simplify Subscription Cancellations Becomes Effective
The final text of the amended Negative Option Rule, featuring the new “Click to Cancel” program, goes into effect this week on Wednesday, January 15, 2025, and should become enforceable approximately four months later on Wednesday, May 14, 2025. The FTC believes that this rule will help the FTC get money back to people who are misled by sellers who don’t tell the truth or leave out necessary information, people who get billed when they didn’t agree to pay, and sellers who make it hard, or impossible, to cancel. According to FTC Commission Chair Lina M. Khan, “Too often, businesses make people jump through endless hoops just to cancel a subscription. The FTC’s rule will end these tricks and traps, saving Americans time and money. Nobody should be stuck paying for a service they no longer want.”
This rule is part of the FTC’c ongoing review of its 1973 Negative Option Rule, which the agency is modernizing to combat unfair or deceptive practices related to subscriptions, memberships, and other recurring-payment programs in an increasingly digital economy where it’s easier than ever for businesses to sign up consumers for their products and services.
What is a negative option?
Negative options refer to transactions that include automatic renewals, continuity plans, and free- or fee-to-pay conversion offers where a buyer’s silence or failure to affirmatively act to either reject a good or service or to cancel the transaction is interpreted as continuing acceptance of the plan or offer. In other words, if the buyer does not cancel or take action to suspend the transaction’s recurring nature, they will continue to be periodically charged for the goods and services they may not have intended to purchase.
Scope of the amended rule
The amended rule applies to sellers of nearly all negative option programs (regardless of whether they originated online, via phone, or in-person), and the rule applies to both business-to-business and business-to-consumer transactions.
What does the Negative Option Rule prohibit?
The rule prohibits: (1) misrepresentations of any material fact made while marketing using negative option features; (2) requires sellers to provide important information prior to obtaining consumers’ billing information and charging consumers; (3) requires sellers to obtain consumers’ unambiguously affirmative consent to the negative option feature prior to charging them; and (4) requires sellers to provide consumers with simple cancellation mechanisms to immediately halt all recurring charges.
One of the biggest concerns of the FTC is for sellers that give free-trial subscriptions to consumers and then those consumers complain that they didn’t know the details of the subscription obligations and/or the consumers have been unable to cancel the subscription. The rule requires important information to be truthful, clear, and easy to find. Consumers have to know what they’re agreeing to before they are signed up. Sellers have to be able to show that the consumers knew what they agreed to before they signed up. The rule requires there be a way to cancel any subscription that is as quick and easy as it was to sign up.
Potential enforcement
The rule indicates that violators can be held responsible for redress and other civil penalties. Sellers can expect litigation over the following allegations involving negative options for: 1) misrepresenting any material fact made while marketing goods or services; 2) failing to clearly and conspicuously disclose material terms prior to obtaining a consumer’s billing information; 3) failing to obtain a consumer’s express informed consent before charging the consumer; and, 4) failing to provide a simple mechanism to cancel and immediately halt charges. The rule requires sellers to implement a framework that prevents the aforementioned, and violations can result in not just having to refund the consumer’s fees, but also being held responsible for civil penalties.
Rule is not popular with everyone
The rule faces multiple overlapping legal challenges across the country, such as in the Fifth Circuit Court of Appeals. The rule also faces a change in administration, and one of the most relevant concerns may be the sharp dissent from recently appointed FTC Commissioner Melissa Holyoak.
Remember the state rules
In addition to the FTC rule, negative option sellers should be mindful that automatic renewals remain a priority for state regulators. California, for example, updated its specific requirements four times in the last 14 years, the latest text of which explicitly applies to “free-to-pay conversions” of the type regulated in the updated federal rule, among other textual similarities. The state’s recent stringent update to the law will become effective on July 1, 2025, and mirrors, and in some aspects goes beyond, the FTC rule.
Listen to this post
Telecom Alert: 6th Circuit Net Neutrality Decision; Updated Application Fees; January Open Meeting; Rip and Replace Funding; RMD Filing Requirements [Volume XXII, Issue 2]
6th Circuit Overturns Net Neutrality Order
The 6th Circuit issued an opinion on January 2nd rejecting FCC arguments to uphold its statutory authority to impose net-neutrality policies and declaring that commercial broadband providers are not “telecommunications services” subject to Title II regulations under the Communications Act. The Court, relying on “the traditional tools of statutory construction,” instead classified broadband providers as offering an “information service” which escapes common-carrier regulations. The Court also rejected once long-standing deference to the FCC’s technical and policy expertise under the Chevron doctrine, citing the recent Loper Bright decision which permits courts to use their own judgment to interpret laws.
FCC Announces 2025 Application Fee Schedule
The FCC adopted rule changes to its Schedule of Application Fees at the end of the year to reflect Consumer Price Index (CPI) changes in even-numbered years. Commissioner Carr noted that the CPI increased by 17.41% since the last adjustment in 2022, which in part was related to rising inflation. While the rule changes do not implement proposed fee alterations in open rulemakings, the Order raised fees for Section 214 authorizations and cable landing licenses, wireless and experimental licensing, among other applications.
FCC Announces January Open Meeting
FCC Chairwoman Rosenworcel announced the Commission will hold an Open Meeting on January 15, 2025. In contrast to past meetings, the upcoming Open Meeting will have four panels attended by different bureaus, each providing summaries on their accomplishments over the past administration, as well as goals for the future. Topics from the bureaus will include expanding connectivity and access, competition in the marketplace, national security and public safety initiatives, and the future of communications.
FCC Proposes Auction Rules to Fund Rip and Replace Program
Following the passage of the National Defense Authorization Act, the FCC now has authority to fully fund its Rip and Replace Program, designed to reimburse companies for replacing equipment and services manufactured by entities deemed threats to national security. Within the NDAA, the Spectrum and Secure Technology and Innovation Act allows the FCC to borrow up to $3.08 billion to fund the program. To repay the borrowed funds, Chairwoman Rosenworcel hopes the Commission will expedite consideration of a Notice of Proposed Rulemaking updating the competitive bidding rules for the AWS-3 spectrum bands, whose proceeds will be directed to the Rip and Replace Program.
FCC Adopts New Filing Requirements for Robocall Mitigation Database
In efforts to combat illegal robocalls on voice service provider networks, the FCC has adopted new filing requirements for providers on its Robocall Mitigation Database (RMD). The RMD is an extensive public database which tracks provider compliance with STIR/SHAKEN and robocall mitigation rules. The new rules now require providers to annually re-certify the accuracy of their mitigation plans and pay a $100 filing fee. Additionally, a new reporting mechanism for deficient filings as well as enhanced two-factor authentication will be implemented and managed by the Wireline Competition Bureau.
Casey Lide, Thomas B. Magee, Tracy P. Marshall, Sean A. Stokes, and Wesley K. Wright also contributed to this article.
WRONG PERSON: Arbitration Denied in TCPA Suit As Camping World Looks to Have Texted a Reassigned Number– But Why?
Another day, another difficult TCPA ruling involving an online webform submission.
This time arbitration was denied in a putative TCPA class action arising out of a webform submission on campingworld.com.
In Conrad v. Camping World Holdings, 2025 WL 66689 (N.D. Al. Jan, 9, 2025) the defendant moved to compel arbitration contending Plaintiff had signed up for a recurring text program on its website, supplied his phone number and agreed to arbitration in the process.
Just one little problem– the Plaintiff claims he did not even own the phone number at the time the form was submitted. So–in his view–it would be impossible for him to have filled out the form.
The Court agreed and determined given camping world’s lack of evidence that Conrad himself filled out the form arbitration must be denied. (This also means any consent disclosure on the website would also not apply to Plaintiff!)
Conrad once again highlights the trouble with online web submissions– you never really know who is filling out the form. But the Camping World flow apparently did not collect the name of the submitted party–just relying on a double opt in to assure TCPA compliance. That is a somewhat risky maneuver.
The real risk, however, is in reassigned numbers. The number was subscribed onto the text program in 2022 but plaintiff received the texts after he obtained the number in September, 2023. This suggests to me the number changed hands and the texts went to the wrong number.
The simply way to avoid such issues is just to use the FCC’s reassigned numbers database!
If you are sending text messages on a recurring basis to numbers you obtained more than 90 days ago you simply must be using this database to avoid inevitable TCPA risk when numbers change hands.
SEC Priorities for 2025: What Investment Advisers Should Know
The US Securities and Exchange Commission (SEC) recently released its priorities for 2025. As in recent years, the SEC is focusing on fiduciary duties and the development of compliance programs as well as emerging risk areas such as cybersecurity and artificial intelligence (AI). This alert details the key areas of focus for investment advisers.
1. Fiduciary Duties Standards of Conduct
The Investment Advisers Act of 1940 (Advisers Act) established that all investment advisers owe their clients the duties of care and loyalty. In 2025, the SEC will focus on whether investment advice to clients satisfies an investment adviser’s fiduciary obligations, particularly in relation to (1) high-cost products, (2) unconventional investments, (3) illiquid assets, (4) assets that are difficult to value, (5) assets that are sensitive to heightened interest rates and market conditions, and (6) conflicts of interests.
For investment advisers who are dual registrants or affiliated with broker-dealers, the SEC will focus on reviewing (1) whether investment advice is suitable for a client’s advisory accounts, (2) disclosures regarding recommendations, (3) account selection practices, and (4) disclosures regarding conflicts of interests.
2. Effectiveness of Advisers Compliance Programs
The Compliance Rule, Rule 206(4)-7, under the Advisers Act requires investment advisers to (1) implement written policies reasonably designed to prevent violations of the Advisers Act, (2) designate a Chief Compliance Officer, and (3) annually review such policies for adequacy and effectiveness.
In 2025, the SEC will focus on a variety of topics related to the Compliance Rule, including marketing, valuation, trading, investment management, disclosure, filings, and custody, as well as the effectiveness of annual reviews.
Among its top priorities is evaluating whether compliance policies and procedures are reasonably designed to prevent conflicts of interest. Such examination may include a focus on (1) fiduciary obligations related to outsourcing investment selection and management, (2) alternative sources of revenue or benefits received by advisers, and (3) fee calculations and disclosure.
Review under the Compliance Rule is fact-specific, meaning it will vary depending on each adviser’s practices and products. For example, advisers who utilize AI for management, trading, marketing, and compliance will be evaluated to determine the effectiveness of compliance programs related to the use of AI. The SEC may also focus more on advisers with clients that invest in difficult-to-value assets.
3. Examinations of Private Fund Advisers
The SEC will continue to focus on advisers to private funds, which constitute a significant portion of SEC-registered advisers. Specifically, the SEC will prioritize reviewing:
Disclosures to determine whether they are consistent with actual practices.
Fiduciary duties during volatile markets.
Exposure to interest rate fluctuations.
Calculations and allocations of fees and expenses.
Disclosures related to conflicts of interests and investment risks.
Compliance with recently adopted or amended SEC rules, such as Form PF (previously discussed here).
4. Never Examined Advisers, Recently Registered Advisers, and Advisers Not Recently Examined
Finally, the SEC will continue to prioritize recently registered advisers, advisers not examined recently, and advisers who have never been examined.
Key Takeaways
Investment advisers can expect SEC examinations in 2025 to focus heavily on fiduciary duties, compliance programs, and conflicts of interest. As such, advisers should review their policies and procedures related to fiduciary duties and conflicts of interest as well as evaluating the effectiveness of their compliance programs.
Game On: How the CFPB’s EFTA and Regulation E Changes Could Shape Video Game and Online Marketplace Transactions
The Electronic Fund Transfer Act (EFTA) and Regulation E apply to an electronic fund transfer (EFT) that authorizes a “financial institution” to debit or credit a consumer’s account. While a “financial institution” traditionally refers to a bank, credit union, or savings association, it is well established that “financial institutions” can also include non-bank entities that directly or indirectly hold an account belonging to a consumer, or that issue an access device and agree with a consumer to provide EFT services. Prepaid accounts and “other consumer asset accounts” into which funds can be deposited by or on behalf of the consumer and which have features of deposit or savings accounts, also meet Regulation E’s definition of “account.” Some video game accounts used to purchase virtual items from multiple game developers or players may fall under the definition of “other consumer asset accounts.”
In April 2024, the Consumer Financial Protection Bureau (CFPB) issued a report on the banking and payment services becoming more prevalent in gaming and virtual worlds where consumers spend billions of dollars annually to purchase gaming assets—often by converting U.S. dollars to virtual currencies. The report raised concerns about consumer protections and the uncertain allocation of responsibility for errors or fraud when a customer’s digital currency or assets are lost through hacking, account theft, scams, or unauthorized transactions.
Recent Developments
Following that report, on January 10, 2025, the CFPB issued a proposed interpretive rule that aims to expand the scope of Regulation E’s coverage to video game platforms that hold consumers’ money for personal, family, or household use and treat those game platforms as if they are account holders just like a bank or credit union for Regulation E purposes.
The interpretive rule expands on what constitutes an EFT, particularly for new payment methods such as peer-to-peer payment platforms and digital wallets. This expansion includes transfers initiated through apps and payment systems tied to consumer accounts. The key is whether the funds act like or are used like money, such that they are accepted as a medium of exchange, a measure of value, or a means of payment.
The interpretive rule would also clarify that video game companies operating online marketplaces or otherwise facilitating EFTs would be subject to the consumer protection provisions under Regulation E, namely investigation and error resolution obligations. Additionally, the interpretive rule would require a video game company to disclose the terms and conditions of EFT services.
Next Steps
The CFPB is soliciting comments from the gaming community for this proposed interpretive rule, which must be sent via email to [email protected] on or before March 31, 2025.