Oregon Expands Consumer Privacy Law to Include Auto Manufacturers—and Possibly Their Dealerships
“Our cars know how fast you’re driving, where you’re going, how long you stay there. They know where we work, they know whether we stop for a drink on the way home, whether we worship on the weekends, and what we do on our lunch hours.” OR Representative David Gomberg
The Oregon Legislature recently enacted House Bill 3875, amending the Oregon Consumer Privacy Act (OCPA) effective September 28. 2025, to broaden its scope to include motor vehicle manufacturers and their affiliates that control or process personal data from a consumer’s use of a vehicle or its components.
While this expansion is clear in its application to vehicle manufacturers, it raises important questions for automobile dealerships, particularly those “affiliated”—formally or informally—with manufacturers. Dealerships should consider whether they may now be subject to the full scope of Oregon’s privacy law. Of course, they may be subject directly to the OCPA in their own right.
The Amendment: HB 3875
HB 3875 modifies ORS 646A.572 to extend the OCPA’s privacy obligations to:
“A motor vehicle manufacturer or an affiliate of the motor vehicle manufacturer that controls or processes personal data obtained from a consumer’s use of a motor vehicle or a vehicle’s technologies or components.”
Who Counts as an “Affiliate”?
To determine whether a dealership is subject to these new obligations, one must examine the OCPA’s definition of affiliate:
“Affiliate” means a person that, directly or indirectly through one or more intermediaries, controls, is controlled by or is under common control with another person such that:
(a) The person owns or has the power to vote more than 50 percent of the outstanding shares of any voting class of the other person’s securities;
(b) The person has the power to elect or influence the election of a majority of the directors, members or managers of the other person;
(c) The person has the power to direct the management of another person; or
(d) The person is subject to another person’s exercise of the powers described in paragraph (a), (b) or (c) of this subsection.
This definition introduces some ambiguity for dealerships. Many dealerships operate as independent businesses, even if they sell only one manufacturer’s vehicles and display that brand prominently. While they may be contractually tied to a manufacturer, they may not meet the legal standard of being controlled by or under common control with that manufacturer as described in the definition.
However, certain dealership groups—particularly those owned or operated by manufacturers or holding companies—may clearly fall within the definition of “affiliate.”
Dealerships should evaluate their corporate structure and agreements with manufacturers to determine whether this definition might apply to them.
Why This Matters
Entities subject to the OCPA must comply with a range of privacy requirements, including:
Providing transparent privacy notices
Obtaining consumer consent for data collection and sharing under certain circumstances
Offering consumer rights such as access, correction, deletion, and data portability
Implementing reasonable data security measures
These obligations extend to any personal data collected through vehicle technologies, such as navigation systems, driver behavior analytics, location data, and mobile app integrations.
Federal Context: FTC Enforcement
Dealerships should also remain aware of federal obligations. Under the Gramm-Leach-Bliley Act (GLBA), auto dealers engaged in leasing or financing must follow privacy and safeguard rules enforced by the Federal Trade Commission (FTC).
The FTC has published detailed guidance for auto dealers, including:
FAQs on the Privacy Rule for Auto Dealers
Safeguards Rule updates for information security programs
What Dealerships Should Do Now
Even if a dealership is not legally an “affiliate” under the OCPA or subject to a similar state comprehensive privacy law, the trend toward regulating vehicle-generated data suggests it’s time to proactively review data practices. Dealerships should:
Conduct a data inventory to identify what personal data is collected, especially from connected vehicle systems.
Update privacy notices and practices in accordance with state and federal law.
Review contracts with manufacturers and vendors for data-sharing provisions and compliance obligations.
Train staff on new privacy responsibilities and how to respond to consumer data requests.
DOL Rescinds 2022 Guidance Cautioning Against 401(k) Plan Investments in Cryptocurrencies
On May 28, 2025, the Department of Labor (“DOL”) issued Compliance Assistance Release No. 2025-01 which rescinds the DOL’s prior Compliance Assistance Release No. 2022-1 which had warned 401(k) plan fiduciaries against adding cryptocurrencies as direct investment options under their plans.
The 2022 guidance (described in more detail here) cautioned 401(k) plan fiduciaries to exercise “extreme care” when considering offering direct investments in cryptocurrencies, digital assets or other similar products to a defined contribution plan’s investment lineup. In the 2022 guidance, the DOL noted that these types of investments “present significant risks and challenges to participants’ retirement accounts, including significant risks of fraud, theft, and loss” due to (among other things) the evolving regulatory environment surrounding these investments, their speculative nature, valuation concerns, and the likely inability of the average participant to be able to sufficiently understand the investment and make an informed decision.
In rescinding the 2022 guidance, the DOL takes a more neutral stance towards cryptocurrencies by reverting to its historical approach of neither endorsing nor disapproving of offering cryptocurrency investments in 401(k) plans.
Takeaways for Plan Fiduciaries: The 2025 guidance does not change a plan fiduciary’s duties of prudence, loyalty and diversification when considering whether to add an investment option (cryptocurrency-related or otherwise) to their plan’s investment lineup. Notwithstanding the seemingly warmer approach towards allowing cryptocurrency investments in 401(k) plans, without a safe harbor protecting plan fiduciaries who offer such an investment option, it remains to be seen whether this guidance will actually impact the offering of cryptocurrency in defined contribution plans.
SEC Signals Reevaluation of CAT Reporting Amid Broader Transparency and Regulatory Reform Efforts
Securities and Exchange Commission (SEC) Chairman Paul S. Atkins recently directed SEC staff to conduct a review of the Consolidated Audit Trail (CAT), focusing on the escalating costs, reporting requirements, and cybersecurity risks stemming from sensitive data collection.[1] This directive aligns with Chairman Atkins’ expressed priorities to return to principled regulation, support market innovation and evolution, and reduce unnecessary compliance burdens. Among other things, Chairman Atkins cited CAT’s “appetite for data and computing power,” noting annual costs approaching $250 million, ultimately borne by investors, as the rationale for this reevaluation.[2] He supported Commissioner Mark T. Uyeda’s efforts behind the granting of an exemption from the requirement to report certain personally identifiable information (PII) to CAT for natural persons.[3]
This CAT reevaluation is part of a broader market-friendly agenda at the SEC. For example, Chairman Atkins has identified a goal of his tenure is to develop a rational regulatory framework for crypto asset markets, covering the issuance, custody, and trading of crypto assets all the while discouraging bad actors from violating the law. Chairman Atkins continues to emphasize the importance of regulatory frameworks that are “fit-for-purpose” with “clear rules of the road” for market participants to facilitate capital formation and protect investors.
While no immediate changes to CAT reporting obligations are effective beyond the PII exemption, market participants should prepare for shifts in how the SEC approaches data collection and cost allocation.
Footnotes
[1] Paul S. Atkins, Chairman, SEC, “Prepared Remarks Before SEC Speaks” (May 19, 2025), https://www.sec.gov/newsroom/speeches-statements/atkins-prepared-remarks-sec-speaks-051925.
[2] Id.
[3] Paul S. Atkins, Chairman, SEC, “Testimony Before the United States House Appropriations Subcommittee on Financial Services and General Government” (May 20, 2025), https://www.sec.gov/newsroom/speeches-statements/atkins-testimony-fsgg-052025. See Katten’s Quick Reads post on the exemptive relief for reporting personally identifiable information here.
Foley Automotive Update- May 29, 2025
Trump Administration Trade and Tariff Policies
Foley & Lardner provided an overview for multinational companies regarding the most common False Claims Act risks that may arise from improper management of import operations.
A May 28 ruling from the U.S. Court of International Trade suspended a significant portion of the Trump administration’s tariffs, after the panel determined the executive branch had wrongfully invoked an emergency law to justify the levies. The Trump administration has requested a stay and appealed the ruling.
The Department of Commerce on May 20 issued the “procedures for submission of documentation related to automobile tariffs,” for automobile importers to comply with the process of identifying the amount of U.S. content in each model imported into the United States. The agency stated there were roughly 200 repeat importers of subject automobiles in 2024. The notice indicated there are 13 OEMs with automobile operations in Canada and Mexico, with production spanning 54 vehicle model lines.
The Commerce Department on May 20 announced preliminary determinations that active anode material produced in China is unfairly subsidized by the Chinese government, which could lead to anti-subsidy duties on imports. The agency expects to issue final determinations in countervailing duty (CVD) investigations later this year. Active anode material is a key component in lithium-ion batteries.
China began issuing a limited number of export licenses for certain rare earth magnets, following weeks of uncertainty after the nation imposed trade restrictions over certain rare earth minerals and magnets in early April. The magnets are essential for a range of auto components.
Section 232 tariffs will not help the United States diversify its sources of critical minerals and reduce its reliance on China, according to a recent letter from the National Association of Manufacturers to the Commerce Department. The NAM suggested policymakers should instead pursue permitting reforms, secure favorable trade and investment terms with international allies, and enact strategic incentives to enhance domestic production. China mines roughly 70% of the world’s rare earths, and the nation has a 90% share for the processing of rare earths mined worldwide.
President Trump on May 25 stated the U.S. will delay implementation of a 50% tariff on goods from the European Union from June 1 until July 9, 2025.
Automotive Key Developments
In a May 29 Society of Automotive Analysts Coffee Break webinar, Ann Marie Uetz of Foley & Lardner and Steven Wybo of Riveron provided an overview of the mounting risk of EV programs and the resulting key takeaways for automotive suppliers.
Crain’s Detroit provided an update regarding the status of several ongoing legal disputes between Stellantis and certain suppliers.
MEMA survey data found three-quarters of automotive suppliers expect worse financial performances in 2025 than previously anticipated. In addition, more than half of the trade group’s members are concerned about sub-tier supplier financial distress resulting from higher tariff-related costs, as well as the potential for North American production volumes to fall as low as 13.9 million to 14.3 million this year.
U.S. new light-vehicles sales are projected to reach a SAAR of 15.6 million units in May, according to a joint forecast from J.D. Power and GlobalData. The analysis estimates “approximately 149,000 extra vehicles were sold” in March and April ahead of the expectation for higher prices due to tariffs, and the “re-timed sales will present a headwind to the industry sales pace for the balance of this year.”
The National Highway Traffic Safety Administration submitted its interpretive rule, “Resetting the Corporate Average Fuel Economy Program,” to the White House for review. The Environmental Protection Agency is pursuing parallel vehicle emissions rules.
The U.S. Senate on May 22 approved three House-passed Congressional Review Act resolutions to revoke EPA-granted waivers that allowed California to impose vehicle emissions standards that were stricter than federal regulations.
The “big, beautiful” tax and budget bill passed by the U.S. House on May 22 would terminate several tax credits for EVs after December 31, 2025, including commercial EVs under Section 45W, consumer credits of up to $7,500 for new EVs under Section 30D and up to $4,000 in consumer credits for used EVs under Section 25E, as well as a credit for charging infrastructure under Section 30C. The bill also included a measure to establish annual registration fees of $250 for electric vehicles and $100 for hybrid vehicles to supplement the Highway Trust Fund.
Companies that collect and store personal data will soon have to comply with a Department of Justice rule that restricts sharing bulk sensitive personal data with persons from China, Russia, Iran, and other countries identified as foreign adversaries. The Data Security Program implemented by the National Security Division (NSD) under Executive Order 14117 took effect April 8, 2025. However, the DOJ will not prioritize enforcement actions between April 8 and July 8, 2025 if a company is “engaging in good faith efforts” towards compliance.
While President Trump expressed approval for a “planned partnership” between Nippon Steel and U.S. Steel, questions remain about the timeline for the proposed $14 billion merger first announced in December 2023. The deal may involve a so-called “golden share,” allowing the U.S. federal government to weigh in on certain company decisions, according to unconfirmed reports.
The University of Michigan predicted U.S. vehicle prices could rise 13.2% on average, or by $6,200 per vehicle, due to tariffs and retaliatory trade policies.
OEMs/Suppliers
Plante Moran’s annual North American Automotive OEM – Supplier Working Relations Index® (WRI®) Study found supplier relationships improved with Toyota, Honda and GM, and declined with Nissan, Ford and Stellantis compared to last year’s study. Toyota gained 18 points for its highest WRI score since 2007, while Stellantis dropped 11 points and remains in last place.
Stellantis named Antonio Filosa as CEO, effective June 23. Filosa currently serves as chief operating officer for the Americas and chief quality officer.
GM will invest $888 million to produce next-generation V-8 engines at its Tonawanda Propulsion plant near Buffalo, NY, representing the largest single investment the automaker has ever made in an engine plant. The automaker canceled a $300 million investment to retool the plant to manufacture EV drive units.
Toyota will revise its supply chain process to provide 52-week forecasts using cloud-based forecasting tools.
Bosch has a goal for North America to represent 20% of its global sales by 2030.
Toyota is reported to be considering a compact pickup truck for the U.S. market to compete with the Ford Maverick and Hyundai Santa Cruz.
Market Trends and Regulatory
Ford will recall over one million vehicles in the U.S. due to a software error that may cause the rearview camera image to delay, freeze, or not display.
Installations of industrial robots in the automotive industry in 2024 rose 11% year-over-year to 13,700 units, and roughly 40% of all new industrial robot installations in 2024 were in automotive, according to preliminary analysis from the International Federation of Robotics. Deployments of automation technologies and robotics are expected to increase at U.S. factories in response to high tariffs and trade uncertainty.
Seventy-six percent of respondents in Kerrigan Advisors’ 2025 OEM Survey believe Chinese carmakers eventually will enter the U.S. market, and 70% are concerned about the impact of Chinese brands’ rising global market share.
New orders for heavy-duty trucks in North America fell 48% year-over-year in April to levels not seen since the onset of the Covid pandemic, according to ACT Research.
Autonomous Technologies and Vehicle Software
The Wall Street Journal provided an exclusive report on allegations that now-defunct San Diego-headquartered autonomous truck developer TuSimple shared sensitive data with various partners in China. The former CEO of TuSimple recently founded Houston-based self-driving truck developer Bot Auto.
Amazon’s Zoox plans to expand testing of its autonomous driving technology in Atlanta. Waymo offers driverless rides in Atlanta in partnership with Uber, and Lyft plans to roll out ride-hail services in the area with May Mobility later this year.
Reuters reports a project between Stellantis and Amazon to develop SmartCockpit in-car software is “winding down” without achieving its goals.
The New York Times provided an assessment of the regulatory and market risks that may complicate the rollout of driverless semi trucks in the U.S.
Swedish driverless truck startup Einride is considering a U.S. IPO.
Electric Vehicles and Low-Emissions Technology
Honda reduced its planned all-electric vehicle investments by over $20 billion as part of an electrification strategy realignment that will target 2.2 million hybrid-electric vehicle (HEV) sales by 2030.
Stellantis will delay production of its 2026 base-model electric Dodge Charger Daytona at its plant in Ontario due to uncertainty over market demand and the impact of tariffs.
Cox Automotive estimated inventory levels for new EVs reached a 99 days’ supply industrywide in April 2025, representing a YOY decline of 20% due to efforts by automakers to adjust production in response to consumer demand. The average transaction price (ATP) for a new EV was $59,255 in April, up 3.7% compared to April 2024.
Nissan is considering a deal to procure EV batteries in the U.S. from a joint venture between Ford and South Korea’s SK On, according to unnamed sources in Bloomberg and The Wall Street Journal.
Chinese EV maker BYD plans to establish a European hub in Hungary, with 2,000 jobs to support vehicle sales, after-sales service, testing and development.
Privacy Tip #445 – Apple Users: Update to iOS 18.5
Never underestimate an operating system update from any mobile phone manufacturer. This week, Apple issued iOS 18.5 which provides enhancements to the user experience but also fixes bugs and flaws.
This update fixes over 30 security bugs. The sooner you update to the new version, the better from a security standpoint. The security flaws that the patch responds to includes known and unknown vulnerabilities and zero-days that may or may not be exploited in the wild.
If you haven’t updated to iOS 18.5, plug your phone in now and install it as soon as possible. Not only for the enhancements, but most importantly, for the bug fixes. If you don’t have your phone set to automatic installation, you may wish to add that feature in your setting, as that is a good way to stay on top of new releases in a timely manner.
U.S. Retailers Bracing for Scattered Spider Attacks
Google sent out a warning that the cybercriminal group Scattered Spider is targeting U.S.-based retailers. Scattered Spider is believed to have been responsible for the recent attack on Marks & Spencer in the U.K. A security researcher at Google has posited that Scattered Spider concentrates attacks on one industry at a time and predicts that it will continue to target the retail sector. They have warned that “US retailers should take note. These actors are aggressive, creative, and particularly effective at circumventing mature security programs.”
Mandiant issued a threat intelligence report on May 6, 2025, highlighting Scattered Spider’s social engineering methods and “brazen communication with victims.” It has seen Scattered Spider target specific sectors, such as financial services and food services. Recently, Scattered Spider has been seen deploying DragonForce ransomware. The operators of DragonForce have claimed control of RansomHub.
Mandiant has published recommendations on proactive hardening against the tactics used by Scattered Spider, including prioritizing:
Identity
Endpoints
Applications and Resources
Network Infrastructure
Monitoring / Detections
Although retailers should be on high alert with these warnings, all industries would do well to review Mandiant’s recommendations, as they are timely and effective.
Janie & Jack’s Alleged CIPA Violations Consolidated, Thus Avoiding Over 2,000 Individual Arbitration Claims
This week, the U.S. District Court for the Northern District of California ruled in favor of children’s clothing retailer Janie & Jack, which sought to enjoin over 2,400 individual arbitration claims resulting from alleged violations of the California Invasion of Privacy Act (CIPA). Now, Janie & Jack will confront a single privacy class action suit as opposed to the more than 2,400 individual arbitration claims by its website visitors.
The parties notified the court of their agreement not to pursue arbitration but to rather proceed through a consolidated class action. Janie & Jack voluntarily dismissed its lawsuit in an attempt to avert the numerous claims by consumers.
Website visitors accused Janie & Jack of violating CIPA and the federal Wiretap Act through its website’s information gathering and tracking practices (also known as trap and trace claims). Janie & Jack alleges that such claims are inadequate because they lack allegations that the consumers created any accounts or conducted any transactions on the website or that Janie & Jack had breached any of its online terms.
Further, although Janie & Jack’s website terms include an arbitration clause, it claimed that the claimants never assented to the contract.
In its response, the retailer emphasized its intent to prevent the growing use of arbitration agreements as “weapons” by plaintiffs’ attorneys, thwarting their intended use of an efficient, effective, and timely progression of claims.
This case highlights a common practice: thousands of individuals, all represented by the same counsel, simultaneously file, or threaten to file, arbitration demands with nearly identical claims.
These allegations mark yet another instance of the growing trend of the plaintiffs’ bars’ push for “trap and trace” claims because they can leverage existing wiretap laws (particularly in California under CIPA) to argue that common online tracking technologies like cookies, pixels, and website analytics tools essentially function as trap and trace devices, allowing them to file complaints against companies for collecting user data without proper consent, even though these technologies were originally designed for traditional phone lines, not the internet, opening up a large pool of potential plaintiffs and potentially significant damages.
If you haven’t heard it enough, here it is again: NOW is the time to assess your website’s online trackers and update your cookie consent management platform, website privacy policy, and consumer data collection processes.
This article was co-authored by Mark Abou Naoum
State Data Minimization Laws Spark Compliance Uncertainty
A new wave of state consumer privacy laws focused on limiting data collection is creating anxiety among businesses—and Maryland is leading the charge. The Maryland Online Data Privacy Act (MODPA), set to take effect in October 2025, requires companies to collect only data that is “reasonably necessary and proportionate” to their stated purposes. However, with no official guidance for compliance from the Maryland Attorney General, businesses are left guessing.
Under MODPA’s data minimization requirement, businesses should avoid collecting or processing more data than is necessary to provide a specific product or service to a consumer. In addition to the limited data collection requirement, MODPA also requires:
Stricter Data Collection Practices for Sensitive Data: The data minimization requirements are more stringer for sensitive data, such as health information, religious beliefs, and genetic data.
Ban on the Sale of Sensitive Data: The law prohibits the sale of sensitive data unless it is strictly necessary to provide or maintain a requested product or service.
Explicit Consent: A business may not process personal information for a purpose other than the purpose(s) disclosed to the consumer at the time of collection unless the consumer provides explicit consent.
Limited Retention: A business may not retain consumer data for longer than necessary to fulfill the purpose for which it was collected (i.e., now is the time to update or implement your retention program).
This shift towards data minimization marks a departure from the more familiar “notice and choice” model, pushing companies to operationalize data minimization in ways that may significantly alter their data practices. While some businesses, particularly those already operating under stricter global standards like the European Union’s General Data Protection Regulation (GDPR), may be better prepared, others are weighing whether to reduce data collection or even scale back operations in certain states.
Companies developing or utilizing generative artificial intelligence are especially concerned, as these laws may limit access to large, diverse datasets required to train their models. Still, some see this as an opportunity to innovate with privacy-first technologies, such as synthetic data.
States like Maine, Massachusetts, Connecticut, and Minnesota are considering similar laws, signaling a growing trend. But as businesses await clearer definitions and enforcement standards, the central question remains: Can regulators strike the right balance between protecting privacy and supporting innovation?
Disclosure in England and Wales: A Duty to Use Technology
It is not enough that we do our best; sometimes we must do what is required. This famous line attributed to Britain’s defining war time leader, Sir Winston Churchill, serves as a reminder to parties litigating through the English and Welsh courts that the use of technology is central to the discovery process – it is no longer optional.
Whether parties are operating under either of the two regimes that govern disclosure in England and Wales (Part 31 and Practice Direction (PD) 57AD of the Civil Procedure Rules (CPR)), the disclosure process is a central component that seeks to ensure transparency and fairness. However, burgeoning data volumes have increasingly necessitated the use of technology. This is why PD 57AD, which is the newer of the two regimes and in operation in the Business and Property Courts, places technology on the front line by obligating the parties’ legal representatives to use it.
The Duty
Specifically, under PD 57AD, a party’s legal representative is under a duty to promote the reliable, efficient, and cost-effective conduct of disclosure by using technology (paragraph 3.2(3) of PD 57AD). This duty persists until the conclusion of any proceedings and a failure to discharge this duty may result in sanctions from the court. Those sanctions may include adverse cost orders, or a failure may be dealt with as a contempt of court in appropriate cases.
To facilitate this duty, PD 57AD goes further to encourage and support the use of technology throughout the disclosure process. For example, when dealing with the exclusion of narrative documents (these are documents that are relevant only to the background of a dispute and are not readily disclosable) parties must consider using:
software or analytical tools, including technology-assisted review (TAR);
coding strategies, including to reduce duplication; and
prioritisation and workflows.
In addition, where the court orders Extended Disclosure, requiring parties to search for documents, the court may make specific provisions related to technology use. For example, the court might require parties to use certain software or analytical tools or provide for the use of data sampling.
Why Not?
Blindly applying technology, however, is not sufficient. In order to ensure that technology is used efficiently and effectively when Extended Disclosure is ordered, parties must provide the court and the other parties with information about the data in their control. This includes where and how the data is held and how they propose to process and search that data.
This information is set out in the Disclosure Review Document (DRD). The DRD is a comprehensive document that the parties must complete, seek to agree on, and keep updated. To do this, and despite any trench warfare that may be adopted elsewhere in the litigation, parties must cooperate and constructively engage with each other when it comes to completing the DRD and agreeing to the scope of the disclosure exercise.
Where parties consider the use of technology to facilitate collecting and reviewing any data beyond being reasonable, proportionate, and reliable, they are not obliged to justify its use. Instead, it is the opposite. If they decide not to use technology to aid either process, they should explain why such tools would not be used. The requirement to justify why technology is not being used applies especially if the number of documents that need reviewing is more than 50,000 and what is proposed is simply a manual review exercise.
PD 57AD: Ahead of the Curve
PD 57AD came into effect in October 2022, but it was drafted approximately five years prior to its implementation, meaning it came along well before the technological leap forward in terms of generative AI. However, PD 57AD was drafted to be forward-looking and flexible enough to accommodate technological advances.
Therefore, whilst generative AI is not specifically mentioned in the rules or the DRD, the references to technology throughout are purposefully non-exhaustive. Indeed, while AI is considered an umbrella term, many of the tools that are mentioned and that are already routinely used as part of the disclosure process utilise the machine learning element of AI. Tools, such as continuous active learning models that are used to assess which documents, compared to others, are more likely to be relevant to the underlying dispute, should be reviewed first.
Parties litigating before the English and Welsh courts should look to leverage new technologies, tools, and workflows as part of the disclosure process. In doing so, they are not doing their best – they are doing what is required.
ITS HERE: The First of a Wave of New “Keyword Avoider” SMS Opt Out TCPA Class Actions Has Been Filed and TCPAWorld Will Never Be the Same
An attorney named Jeff Lohman recently narrowly escaped a jury verdict against him on a RICO claim arising out of allegations he had manufactured TCPA claims by encouraging clients to use vague opt out language during phone calls with Navient.
With the FCC’s recent revocation rules now in effect– requiring callers and texters to honor freeform opt out requests— we can expect to see a similar phenomenon. And the first of these cases seem to be rolling in.
The new FCC rules say callers must honor phrases like “stop” and “unsubscribe” but also leave the door open for consumers to opt out in “any reasonable means” that convey a clear intent for calls or texts to stop. The Commission’s ruling is clear that consumers are NOT limited to using just a few key words to opt out.
Yet any businesses– who do not follow TCPAWorld.com ;)– have failed to heed the message (ha) and continue to use SMS settings that can detect only keyword opt out requests.
That’s not going to fly anymore folks.
For instance in a new TCPA class action against American First Finance, the consumer responded with the message “Cease and Desist All Communication.”
Notice that this is a pretty clear request for calls and texts to stop when read by a human but a company’s SMS provider’s software is unlikely to flag this phrase.
And allegedly American First continued to send SMS messages to the consumer leading to a big fat class action here in California.
Now one point of interest, the Plaintiff does not appear to be within his own class definition. The class reads:
All persons within the United States who, within the four years prior to the filing of this lawsuit through the date of class certification, received two or more text messages within any 12-month period, from or on behalf of Defendant, regarding Defendant’s goods, services, or properties, to said person’s residential cellular telephone number, after communicating to Defendant that they did not wish to receive text messages by replying to the messages with a “stop” or similar opt-out instruction.
To my eye “cease and desist all communication” is not “similar” to the elegant “Stop” request we all know and love. But that’s for the court to determine I suppose.
Pretty clear bottom line here– I expect to see a TON of TCPA class actions rolling in focused on companies that might be heeding perfect stop requests but that are missing free form communications received via their SMS channel. HUGE mistake.
These requests need to be heeded and honored– and starting next April need to be treated as complete opt outs across all channels and all purposes.
Complaint here: predocketComplaintFile (22)
Stylish but Generic: ‘VETEMENTS’ Can’t Dress Up as Trademark
The US Court of Appeals for the Federal Circuit affirmed the Trademark Trial & Appeal Board’s refusal to register the mark VETEMENTS for clothing and related retail services, finding that the mark was generic under the doctrine of foreign equivalents. In re Vetements Group AG, Case Nos. 2023-2050; -2051 (Fed. Cir. May 21, 2025) (Prost, Wallach, Chen, JJ.)
Vetements Group AG applied to register the mark VETEMENTS for various clothing items and online retail store services for clothing items. The US Patent & Trademark Office refused registration, finding the mark generic or, in the alternative, merely descriptive without acquired distinctiveness under Section 2(e)(1) of the Lanham Act. The Board affirmed, applying the doctrine of foreign equivalents to translate “vetements” (French for “clothing”) and concluding that the term was generic for the applied-for goods and services pertaining to clothing. Vetements Group appealed.
The doctrine of foreign equivalents is used to evaluate whether a non-English trademark is generic or descriptive for the applied-for goods or services by translating the foreign-language mark into English, then applying the relevant legal tests. The Federal Circuit affirmed that the doctrine applies when the “ordinary American purchaser” would likely “stop and translate” the foreign word into English. The “ordinary American purchaser” includes all US consumers, including those familiar with the foreign language.
The Federal Circuit emphasized that words from modern languages are generally translated unless there is a compelling reason not to do so. It rejected Vetements’ argument that the doctrine should only apply if a majority of US consumers understand the foreign word. Instead, the Court held that it is sufficient if an “appreciable number” of US consumers would recognize and translate the term.
In this case, the Federal Circuit found that French is widely spoken and taught in the United States (the Board found that as of 2010, French was the fifth most spoken non-English language at home and the second most widely taught non-English language in US schools). The Court thus concluded that “vetements” is a common French word meaning “clothing,” and that given the mark’s use on apparel and in connection with clothing-related retail services, translation of the term into English was likely.
Under the doctrine of foreign equivalents, foreign terms used as trademarks are translated into English, then evaluated under the applicable standards, including genericness, descriptiveness, and likelihood of confusion. In assessing whether a term is generic, courts apply a two-part test: identifying the genus of goods or services at issue, and determining whether the relevant public understands the term primarily to refer to that genus.
Here, the genus was clothing and online retail services for clothing. The Federal Circuit agreed with the Board that “vetements,” once translated to “clothing,” directly named the genus of the goods and services. Therefore, the term was generic and ineligible for trademark protection.
Because the mark was found to be generic, the Federal Circuit explained that it did not have to reach the Board’s alternative holding that the VETEMENTS mark was merely descriptive without acquired distinctiveness or secondary meaning. The Court nonetheless stated that it saw no error in the Board’s reasoning that the generic and descriptive nature of the mark prevented it from acquiring distinctiveness, and the Court affirmed the Board’s refusal to register the mark.
Plausibly Alleging Access Requires More Than Social Media Visibility
The US Court of Appeals for the Ninth Circuit affirmed a district court’s dismissal of a copyright action, finding that the plaintiff failed to plausibly allege either that the defendant had “access” to the work in question merely because it was posted on social media, or that the accused photos were substantially similar to any protectable elements of plaintiff’s photographs. Rodney Woodland v. Montero Lamar Hill, aka Lil Nas X, et al., Case No. 23-55418 (9th Cir. May 16, 2025) (Lee, Gould, Bennett, JJ.)
The dispute arose between Rodney Woodland, a freelance model and artist, and Montero Lamar Hill, also known as Lil Nas X, a well-known musical artist. Woodland alleged that Hill infringed on his copyright by posting photographs to his Instagram account that bore a striking resemblance to images Woodland had previously posted. Woodland claimed that the arrangement, styling, and overall visual composition of Hill’s photos closely mirrored his own, asserting that these similarities constituted unlawful copying of his original work.
Woodland’s original images had been publicly shared on his Instagram account, where he maintained a modest following. He did not allege any direct contact or interaction with Hill or his representatives, nor did he claim that Hill had acknowledged or referenced his work. Instead, Woodland’s claim rested on the contention that the similarities between the two sets of photographs were so substantial that copying could be inferred. In his complaint, Woodland asserted that Hill had access to his publicly posted images and that the degree of similarity supported a finding of unlawful copying. The district court dismissed the complaint, holding that Woodland failed to plausibly allege either access or substantial similarity. Woodland appealed.
The Ninth Circuit affirmed, agreeing with the district court that Woodland failed to satisfy the pleading standard necessary to survive a motion to dismiss. The Ninth Circuit explained that to state a viable claim for copyright infringement, a plaintiff must alleged both the fact of copying and the unlawful appropriation of protected expression. The Court found that Woodland failed to establish either element.
The Ninth Circuit considered two principal legal issues:
Whether Woodland sufficiently alleged that Hill had access to Woodland’s copyrighted works
Whether the photographs posted by Hill were substantially similar to Woodland’s photographs in their protectable elements under copyright law
On the issue of access, the Ninth Circuit found that the merely alleging availability of Woodland’s photos on Instagram did not, by itself, plausibly demonstrate that Hill had seen them. The Court noted that in the era of online platforms, “the concept of ‘access’ is increasingly diluted.” And while that might make it easier for plaintiffs to show “access,” there must be a showing that the defendants had a reasonable chance of seeing that work under the platform’s policies. The mere fact that Hill used Instagram and Woodland’s photos were available on the same platform raised only a “bare possibility” that Hill viewed the photos. Woodland had not plausibly alleged that Hill “followed, liked, or otherwise interacted” with Woodland’s posts or other similar accounts – the content merely being of a similar subgenre, even if true, was not sufficient. Without additional factual allegations suggesting that Hill had encountered Woodland’s work, the Court found that there was no reasonable basis to infer access.
Woodland also alleged that Hill copied 12 of Woodland’s photographs, characterizing the case as one of “serial infringement.” The Ninth Circuit rejected these allegations, finding that the number of allegedly copied images did not constitute direct evidence of access, nor was it dispositive of infringement. The Court noted that there was no precedent tilting the scale in Woodland’s favor based solely on the volume of alleged copying. Accordingly, the Court concluded that Woodland failed to plausibly allege a “reasonable possibility” that Hill had viewed his work.
On the issue of substantial similarity, the Ninth Circuit conducted a qualitative comparison of the two sets of photographs and found them lacking in protectable overlap. While both featured similar themes, such as styling, lighting, and pose, these elements were deemed either unoriginal or too general to warrant protection under copyright law. The Court emphasized that copyright does not extend to ideas, concepts, or unoriginal components such as generic backdrops, common poses, or standard photographic techniques. Furthermore, the Court found that the selection and arrangement of elements in the photographs was not sufficiently unique to establish a valid claim for infringement of elements protectable by copyright.