HOTLY LITIGATED: Pennsylvania Court Finds Plaintiff Implicitly Consented to Third-Party Tracking Software
A recent ruling in Popa v. Harriet Carter Gifts, Inc. (W.D. Pa. March 24, 2025) has reaffirmed the role of privacy policies in establishing user consent for online tracking. After being remanded by the Third Circuit, the Pennsylvania District Court considered a motion for summary judgement focused solely on the issue of whether the plaintiff consented to alleged interception of her data under Pennsylvania’s Wiretap Act. Applying the reasonable person standard, the Court ruled that Popa had constructive notice of the website’s privacy policy – contained in a browsewrap agreement – and therefore consented to the use of tracking software.
The Allegations
Plaintiff Ashley Popa brought a class action against Harriet Carter Gifts, Inc. and NaviStone, Inc. alleging that they violated the Pennsylvania Wiretapping and Electronic Surveillance Control Act of 1978 (“WESCA”) by unlawfully intercepting her data while she shopped on Harriet Carter’s website (the “Website”).
WESCA prohibits the interception of electronic communications without the prior consent of all parties to the communication.
The Privacy Policy
The Website had a privacy policy hyperlinked in its footer, which both parties and their experts agreed was a common practice for commercial websites. Interestingly, the parties also agreed that in 2018, it would have been a “reasonable conclusion” for a company to believe that it ought to present the privacy policy in this manner. The hyperlink was labelled “Privacy Statement” and was in white font against a blue background.
Harriet Carter’s privacy policy broadly addressed its data collection and use practices: it stated that Harriet Carter collected customer information (without addressing what information) and explained that cookies were used to keep track of shopping carts and deliver targeted content.
In a separate section titled “Who Else Has Access to the Information I provide to Harriet Carter.com?” the policy also addressed third party access to customer information through use of a cookie or pixel tag – which Harriet Carter deemed “industry standard technology”. The policy noted that no personally identifiable information would be collected through this process, but third parties may pool the information from Harriet Carter’s website with other sources of information that could include the customer’s name and mailing address.
Popa testified that she had never reviewed Harriet Carter’s privacy policy.
The Motions
In 2020, the Defendants filed a motion for summary judgement which was granted by the District Court. The Court held that there was no interception under WESCA because NaviStone, which operated the program that caused the alleged interception, was a direct party to the communications and because the alleged interception occurred outside Pennsylvania and was therefore outside the scope of WESCA. Following an appeal by Popa, the Third Circuit Court of Appeals reversed, holding that there is no sweeping direct-party exception under WESCA and that there was a genuine issue of material fact as to where the interception occurred.
The Third Circuit also noted that the issue of whether Harriet Carter posted a privacy policy and the sufficiency of the privacy policy was not addressed by the District Court and remanded this issue to the Court.
On remand, Defendants filed a second motion for summary judgement, focusing solely on the issue of consent and contending that Popa was on constructive notice of Harriet Carter’s privacy policy and therefore consented to the communications being recorded as described therein.
The Court’s Analysis
In its analysis, the Court noted the objective standard to interpret the consent provisions of WESCA – whether a reasonably prudent person can be deemed to have consented under the circumstances. The Court looked to the decision in Commonwealth v. Byrd, where the Pennsylvania Supreme Court held that actual knowledge that communications may be recorded is not required to satisfy the consent requirement under WESCA.
Notably, the Court took into consideration the ubiquitous use of tracking technologies on the internet and stated that, “when determining whether a reasonable person can be deemed to consent to an interception under WESCA, it must be mindful of the reality of internet communication.” Therefore, it held that while the nature of the internet does not confer blanket implied consent to interception under WESCA, “a reasonably prudent person has a lower expectation of privacy on the internet” than on other technologies (like telephones) which do not use cookies, algorithms, and trackers.
“[A] reasonably prudent person has a lower expectation of privacy on the internet“
Next, the Court considered the scope of Harriet Carter’s privacy policy, looking specifically at whether a reasonable person could have been alerted that third parties, like NaviStone, may access information about consumers’ activities on the Website. The Court answered affirmatively – the privacy policy made clear that the Website used tracking cookies, and that Harriet Carter may share information about users’ activities with third parties. The Court also rejected Popa’s argument that privacy policy was insufficient because it did not contain details about the identity of the third parties or the specific type of cookies used, holding that such “granular details” were immaterial because WESCA focuses on the event of interception rather than the specific means of thereof.
Lastly, the Court considered whether Popa consented to NaviStone’s tracking on the Website. The central question here was not whether Popa had actual knowledge of the alleged interceptions (the record established that Popa never reviewed the privacy policy), but rather, whether a reasonable person in her position could have known of the disclosures in the privacy policy. The Court acknowledged that privacy policy on the Website was in the form of a “browsewrap agreement”, which does not require a user to click or take any affirmative action to consent to its terms. While such agreements are routinely enforced when a user has actual notice, in the absence of actual knowledge the court must look to the visibility and accessibility of the browsewrap agreement to determine whether it placed a user on inquiry notice of its terms.
The Court held that the privacy policy on Harriet Carter’s website was reasonably conspicuous based on the appearance and layout of the Website: it was labelled “Privacy Statement”, located at the center and bottom of each page, the hyperlink was in white font contrasting against a blue background, and a link to the policy could also be found in a drop-down menu on the left side of the website. These factors led the Court to find that a reasonable person in Popa’s position had constructive notice of the terms in the privacy policy, and that Popa constructively consented to the interception described in the policy. Therefore, there was no violation of WESCA.
Popa’ s contention that the presence of NaviStone’s program meant that merely visiting Harriet Carter’s website would give rise to an interception before a reasonable user had a chance to view the privacy policy was rejected. The Court analogized to someone hanging up a phone call after hearing a disclosure that the call was being recorded – there would be no interception under WESCA because WESCA only applies to “contents” of communications. Similarly, to the extent that Popa was concerned about privacy, she could have immediately reviewed the privacy policy and, if concerned, left the page, and this would not lead to the interception of “content” under WESCA.
Takeaways
Though based on a state statute, this ruling signifies a shift in the hotly litigated arena of website tracking software.
For businesses, Popa may offer some respite – while explicit clickwrap agreements remain the gold standard, this case suggests that browsewrap agreements may still hold up in court if they are reasonably conspicuous and sufficiently disclose the use of third party tracking software. As digital privacy law continues to evolve, courts are likely to place greater emphasis on reasonable user expectations, meaning online users may need to be more proactive in understanding how their data is being collected.
Perhaps most interestingly, the Pennsylvania District Court’s willingness to acknowledge the widespread (maybe even indispensable) use of cookies and trackers demonstrates a growing understanding of the “reality of internet communication”. It will be interesting to see whether a similar approach is adopted by courts states such as California, with its particularly stringent privacy laws.
HUMANA IN TROUBLE?: Company Seems to be On The Ropes in TCPA Class Action After Court Refuses to Strike Plaintiff’s Expert
So Anya Verkhovskaya is a nice enough lady.
I deposed her not long ago in connection with a case in which we just defeated certification literally yesterday.
But Humana is seemingly not going to be so lucky–although it is too early to tell.
In Elliot v. Humana, 2025 WL 897543 (W.D. Ky March 24, 2025) Humana moved to disqualify Anya arguing her methodology for identifying class members was not sound.
Her methodology boiled down to the following per the court’s ruling:
(1) Taking a list of phone numbers—identified by Humana’s own records—that received prerecorded calls from Humana but had told Humana that it had the wrong number;
(2) Confirming whether each number is assigned to a cellular telephone using third-party data processors to identify the names of all users associated with those phone numbers;
(3) Employing a historical reverse lookup process to retrieve related data associated with those users/phone numbers;
(4) Obtaining telephone carrier data to filter subscriber information (such as names, addresses, email addresses, subscription dates, and other plan-related information);
(5) Cross-referencing reverse lookup data against bulk telephone carrier data, obtained by carrier subpoena, to identify discrepancies; and
(6) Implementing a notice campaign using mail and email address information.
Ok.
Pretty low impact stuff. I probably would have recommended a rebuttal report (probably)– but I certainly would not wasted time with a Daubert motion here. (If you’re hoping to defeat certification by challenging the notice plan I’ve got news for you– you’re in trouble.)
So it looks like Humana may be in trouble.
The Court looked at Anya’s methodology and found no fault, which is sort of unsurprising because its kind of a straightforward process.
Now court’s have (rightly) rejected Anya’s reports in other cases where she makes a bunch of typos and offers opinions like “I just relied on somebody else to perform a scrub and assume their records were accurate and they did it right.”
Yeah, that’s not going to hold up.
But a process for identifying class members that is essentially just “find cell phone numbers in a file, send subpoenas, wait for results, send emails” is… well, child’s play.
Again, however, that SHOULDN’T be the focus of Humana’s efforts here. But… we’ll just have to wait and see how the bigger battle over certification turns out.
2024 Trends in First Circuit Class Actions
We are pleased to present our final 2024 update to the New England and First Circuit Class Action Tracker, which focuses on class action filings in state and federal courts within the boundaries of the First Circuit in New England.
In 2024, there were 444 total state and federal filings, representing a sustained trend of increased class action filings, and exceeding pre-pandemic levels for the first time. If this trend continues into 2025, historical high points for class action filings in New England may soon become the norm.
Cybersecurity and Data Privacy Litigation Continues to Grow
Federal class action cases in New England reflect a continued onslaught of cybersecurity and data privacy litigation arising from data breaches and the alleged unauthorized disclosure and/or use of consumer information, including TCPA claims.
The most asserted theories underlying data security and privacy class action claims were the exposure of personally identifiable information in a data breach and the receipt of unsolicited telephone calls and text messages.
The vast majority of these cases filed in federal courts have targeted professional services, health care, and retail/manufacturing industries, but there were also a significant number of filings targeting defendants in the technology and biotech/pharma services industries.
These record levels of federal cybersecurity and privacy litigation filings in New England are remarkable, because our totals do not include cases that were transferred and consolidated into the lead case In re: MOVEit Customer Data Security Breach Litigation (1:23-md-03083) pursuant to the transfer order from the Judicial Panel on Multidistrict Litigation dated October 4, 2023 transferring all listed actions to the District of Massachusetts and assigning them to Judge Allison D. Burroughs for consolidated pretrial proceedings.
In 2024 alone, 93 new cases were filed in connection with that multidistrict litigation and are not counted among the 213 federal district court filings in the District of Massachusetts in 2024.
Also notable, but not captured in our 2024 filing totals, is the removal of many previously filed wiretap class actions from Massachusetts state superior court to the District of Massachusetts in late 2024, following the Massachusetts Supreme Judicial Court’s ruling in Vita v. New England Baptist Hospital et al, SJC-13542.
If state court removals and multidistrict litigation filings had been included in our tabulation of cybersecurity and data privacy class actions in 2024, already notable high filing levels would have skyrocketed even more dramatically.
Most Federal Cases Filed in Massachusetts District Courts
The overwhelming majority of federal class action cases in New England filed in 2024—nearly 80%—were filed in the District of Massachusetts, followed by the District of Rhode Island, the District of Maine, and the lowest levels of filings in the District of New Hampshire. This trend is consistent with prior years.
Securities and Antitrust Filings Up Year Over Year
Securities class action filings have increased by 50%, and antitrust class action complaints have nearly doubled over prior years, marking two very active areas of litigation. Securities filings increased most prominently in the District of Massachusetts, while antitrust class action cases rose primarily in the District of Rhode Island.
Industries Targeted are Consistent with Prior Years
As in prior years, the financial/professional services, manufacturing/retail, health care, technology, and pharmaceutical/biotechnology industries continued to be the most frequent targets of class action complaints in the First Circuit throughout 2024.
2025 Likely to Continue as Record Year for Class Action Filings
With 2024 filings at their highest level in years, we expect the class action boom in the First Circuit to continue, along with the trend of class actions against health care and technology industry defendants. As these trends continue, we see the evolution to include the addition of financial, legal, and educational institution defendants. We will continue to monitor these developments as 2025 progresses.
Oregon’s Privacy Law: Six Month Update, With Six Months to End of Cure Period
Oregon’s Attorney General released a new report this month, summarizing the outcomes since Oregon’s “comprehensive” privacy law took effect six months ago. A six-month report isn’t new: Connecticut released a six month report in February of last year to assess how consumers and businesses were responding to its privacy law.
The report summarizes business obligations under the law, and highlights differences between the Oregon law and other, similar state laws. It also summarizes the education and outreach efforts conducted by the state’s Department of Justice. This includes a “living document” set of FAQs answering questions about the law. The report also summarizes the 110 consumer complaints received to-date, and enforcement the Privacy Unit has taken since the law went into effect. On the enforcement side, Oregon reports that it has initiated and closed 21 privacy enforcement matters, with companies taking prompt steps to cure the issues raised.
As a reminder, these actions are being brought during the law’s “cure” period, which gives companies a 30-day period to fix violations after receiving the Privacy Unit’s notice. The Oregon cure provision sunsets on January 1, 2026. Other states with a cure period are Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Tennessee, Texas, Utah, Virginia. (Of these, Minnesota, New Hampshire, New Jersey, Oregon, Delaware, Maryland, and Montana will expire, with varying expiration dates between December 31, 2025 (Delaware) and April 1, 2027 (Maryland). Those without or where the cure period has expired are California, Colorado, Connecticut, and Rhode Island. For an overview of US state “comprehensive” privacy laws, visit our tracker.
Common business deficiencies identified by Oregon in the enforcement notices included:
Disclosure issues: This included not giving consumers a notice of their rights under the law.Also, of concern, has been insufficiently informing Oregon consumers about their rights under the law, specifically the list of third parties to whom their data has been sold.
Confusing privacy notices: By way of example, Oregon pointed to -as confusing- notices that name some states in the “your state rights” section of the privacy policy, but not specifically name Oregon. This, the report posits, gives consumers the impression that privacy rights are only available to people who live in those named states.
Lacking or burdensome rights mechanisms: In other words, not including a clear and conspicuous link to a webpage enabling consumers to opt out, request their privacy rights, or inappropriately difficult authentication requirements.
Putting it into Practice: This report is a reminder to companies to look at their disclosures around consumer rights. It also sets out the state’s expectations around drafting notices that are “clear” and “accessible” to the “average consumer.” Companies have six months before the cure period in Oregon sunsets.
Extinction of the National Institute for Transparency, Access to Information, and Personal Data Protection
As we previously reported in an earlier newsletter, in accordance with the recent constitutional reform dated November 28, 2024, the extinction of seven autonomous agencies was decreed, including the National Institute for Transparency, Access to Information, and Personal Data Protection (INAI).
On Thursday, February 20, 2025, a Decree was published in the Official Gazette, enacting a new Federal Law on the Protection of Personal Data Held by Private Parties, as well as a new General Law on the Protection of Personal Data Held by Obligated Subjects.
These two new laws came into force on March 21, 2025, formalizing the extinction of INAI.
After reviewing these laws, it appears that the personal data protection framework—both for data held by private entities and by public entities of the Mexican Government—remains unchanged. There are no modifications to the rights of data subjects or to the obligations of those who process personal data.
Likewise, no changes have been observed in the legal framework for transparency and access to information.
The main change associated with these new laws is that all functions and powers previously held by INAI have now been transferred to the newly created Ministry of Anti-Corruption and Good Governance.
Another notable change is that the resolutions issued by this new Ministry may now be challenged through an amparo lawsuit before specialized courts in the field. Previously, INAI’s resolutions were challenged before the Federal Court of Administrative Justice.
As we previously warned, the elimination of autonomous agencies that oversee the actions of various federal government entities does not appear positive in a democratic state. Additionally, the concentration of INAI’s former powers—along with oversight and auditing functions—within a single Ministry does not seem advisable and could impact the continuity and effectiveness of the National Transparency Platform, as well as the protection of personal data, among other issues.
It is important to note that all pending matters that were unresolved by INAI will now be handled by the Secretariat of Anti-Corruption and Good Governance. This will likely result in delays in resolution times and may lead to discrepancies in the criteria applied to resolve cases.
Plaintiffs Try Another Bite at the Apple… and Google Too!
In a recent post about legal issues with the social casino sweepstakes model, we indicated that a recent RICO lawsuit against a social casino sweepstakes model, which also named Apple and Google, was dismissed voluntarily by the plaintiff. Plaintiffs are already taking another bite at the Apple.
A new lawsuit was filed against Apple and Google by lead Plaintiff Bargo and two co-plaintiffs. The new complaint alleges that the lawsuit is about “patently illegal gambling software being distributed to the cell phones, desktop computers and other personal electronic devices of individuals throughout New Jersey, New York and beyond, by an unlawful enterprise that includes two of the most successful companies in the world.” This complaint does not name any of the social casino games operators.
Rather, it alleges that the named defendants “willingly assist, promote and profit from” allegedly illegal gambling by: (1) offering users access to the apps through their app stores; (2) taking a substantial percentage of consumer purchases of Game Coins, Sweeps Coins and other transactions within the apps; (3) processing allegedly illicit transactions between consumers and the Sweepstakes Casinos using their proprietary payment systems; and (4) by using targeted advertising to allegedly “shepherd the most vulnerable customers to the Sweepstakes Casinos’ websites and apps” facilitating an allegedly unlawful gambling enterprise.
The legal claims are made under the NJ gambling loss recovery statute, the New Jersey Consumer Fraud Act, Unjust Enrichment, New York’s gaming loss recovery statute, NY consumer protection laws, and the RICO laws.
MASSIVE NEW RISK FOR MARKETERS: Dobronski Nukes SelectQuote and the Whole TCPAWorld Has to Deal With the Fallout
So there’s this guy named Mark Dobronski.
Frequent commenter on TCPAWorld.
Aggressive repeat litigator who is not, at all, afraid to go it alone in TCPA cases and bring suits on his own behalf. He also raises novel and interesting issues.
Here’s one.
47 CFR 64.1601 provides that anyone engaging in telemarketing must transmit either a CPN or ANI, and the name of the telemarketer.
Dobronski alleged SelectQuote didn’t comply with this rule. So he sued.
But SelectQuote moved for summary judgment and won originally with the court determining the CFR provision was promulgated under section 227(e)–the Truth in Caller ID Act–that does not afford a private right of action.
Great, fine. Except one little problem– 64.1601 was promulgated before 227(e) was added to the TCPA.
Oops.
So this creates a mystery: Which section of the TCPA was the CFR section promulgated under?
SelectQuote’s attorneys argued it was pursuant to Section 227(d)–which proscribes technical requirements for prerecorded calls– but Dobronski countered the provisions of 64.1601 apply to all marketing calls, not just prerecorded calls.
As a result the Court defaulted to 227(c) as the statutory section that gave the FCC authority to promulgate the rule. This is so although the court conceded section 227(c) was not a perfect fit either.
So Dobronski just got a court to hold that the provisions of 64.1601 ARE enforceable pursuant to a private right of action.
Eesh.
That means telemarketers–looking at you lead generators–need to make sure either:
The name of the telemarketer is displayed on your caller ID; or
The name of the seller on behalf of which the telemarketing call is placed and the seller’s customer service telephone number.
Hope ya’ll are following along. Because this is a HUGE deal.
Btw– the CORRECT answer here is that the FCC EXCEEDED ITS AUTHORITY in creating 64.1601 as Congress had not yet given it the ability to regulate caller ID until 227(e) was passed. Ta da.
But SelectQuote’s lawyers (apparently) did not raise that argument. So here we are.
And, what a surprise– the lawyers who just got beat by a guy WITHOUT AN ATTORNEY are from, you guessed it!, #BIGLAW!!!
Hire big law. Expect big losses folks.
Luckily you can get out of the biglaw trap for less money but only for another 6 days!
Chat soon.
Case is: Dobronski v. SelectQuote 2025 WL 900439 (E.D. Mich March 25, 2025)
Litigation Minute: Emerging Contaminants: Minimizing and Insuring Litigation Risk
WHAT YOU NEED TO KNOW IN A MINUTE OR LESS
As the scientific and regulatory landscape surrounding various emerging contaminants shifts, so too do the options that companies can consider taking to minimize and insure against the risk of emerging-contaminant litigation.
The second edition in this three-part series explores considerations for companies to minimize that risk and provides consideration for potential insurance coverage for claims arising from alleged exposure to emerging contaminants.
In a minute or less, here is what you need to know about minimizing and insuring emerging-contaminant litigation risk.
Minimizing Litigation Risk
As we discussed in our first edition of this series, regulation of emerging contaminants often drives emerging-contaminant litigation. For example, in emerging-contaminant litigation that alleges an airborne exposure pathway, plaintiffs’ complaints often prominently feature information from the US Environmental Protection Agency’s (EPA’s) National Air Toxics Assessment (NATA) screening tool and its predecessor, the Air Toxics Screening Assessment (AirToxScreen). AirToxScreen, and NATA before it, is a public mapping tool that can be queried by location, specific air emissions, and specific facilities to identify census tracts with potentially elevated cancer risks associated with various air emissions. Despite these tools’ many limitations, their simplicity and the information they provide have served as a foundation for many civil tort claims.
The takeaway: Since NATA and AirToxScreen use the EPA’s National Emission Inventory (NEI) as a starting point, companies with facilities that have emissions tied into NEI should carefully consider the implications of their reported emissions. For example, in some situations for some companies, it could be appropriate to consider whether to examine reported emissions and control technologies to determine whether adjustments can be made to reduce reported emissions to better reflect reality on a going-forward basis. In addition, requests for emerging contaminants sampling and reporting by regulatory agencies may be made publicly available.
Regulatory compliance is not always an absolute defense in tort litigation, but in most situations, compliance with existing regulations will be relevant to whether a company facing emerging-contaminant litigation met the applicable standard of care. Companies should examine applicable regulations against established compliance efforts and, as appropriate and applicable to any given company, consider whether it may be appropriate to closer examine compliance programs for continued improvements or audit established protocols to substantiate safety.
Insurance Coverage Considerations
Policyholders facing potential liability for claims arising out of alleged exposure to emerging contaminants should consider whether they have insurance coverage for such claims.
Commercial general liability insurance policies typically provide defense and indemnity coverage for claims alleging “bodily injury” or “property damage” arising out of an accident or occurrence during the policy period. While some insurers are now introducing exclusions for certain emerging contaminants (and most policies today have pollution exclusions), the underlying claim(s) may trigger coverage under occurrence-based policies issued years or decades earlier, depending on the alleged date of first exposure to the contaminant and the alleged injury process.
These older insurance policies are less likely to have exclusions relevant to emerging contaminants, and policies issued before 1986 are more likely to have a pollution exclusion with an important exception for “sudden and accidental” injuries, or no exclusions at all. In addition, some courts have ruled that pollution exclusions do not apply to product-related exposures or permitted releases of certain emerging contaminants.
In deciding whether there is potential insurance coverage for claims alleging exposure to emerging contaminants, policyholders should also consider whether they have potential coverage for such claims under insurance policies issued to predecessor companies. If insurance records are lost or incomplete, counsel can often coordinate an investigation, potentially with the assistance of an insurance archaeologist, and may be able to locate and potentially reconstruct historical insurance policies or programs.
The takeaway: Do not overlook the possibility of insurance coverage for potential liability regarding claims arising out of alleged emerging contaminant exposure. To maximize access to potential coverage, policyholders should act promptly to provide notice under all potentially responsive policies in the event of emerging-contaminant claims. Our experienced Insurance Recovery and Counseling lawyers can help guide policyholders through this process.
Our final edition will touch on considerations for companies defending litigation involving emerging contaminants. For more insight, visit our Emerging Contaminants webpage.
New York AG Settles with School App
The New York Attorney General recently entered into an assurance of discontinuance with Saturn Technologies, operator of an app used by high school and college students. The app was designed to be a social media platform that assists students with tracking their calendars and events. It also includes connection and social networking features and displayed students’ information to others. This included students’ location and club participation, among other things. According to the NYAG, the company had engaged in a series of acts that violated the state’s unfair and deceptive trade practice laws.
In particular, according to the attorney general, although the app said that it verified users before allowing them into these school communities, in fact anyone could join them. Based on the investigation done by the AG, the majority of users appeared not to have been verified or screened to block fraudulent accounts. In other words, accounts that were not those of students at the school. This was a concern, stressed the AG, as the unverified users had access to personal information of students. The AG argued that these actions constituted unfair and deceptive trade practices.
Finally, the AG alleged that the company did not make it clear that “student ambassadors” (who promoted the program) received rewards for marketing the program. As part of the settlement, the app maker has agreed to create and train employees and ambassadors on how to comply with the FTC’s Endorsements Guides by, among other things, disclosing their connection to the app maker when discussing their use of the app.
Putting It Into Practice: This case is a reminder to review apps directed to older minors not only from a COPPA perspective (which applies to those under 13). Here, the NYAG has alleged violations stemming from representations that the company made about the steps it would take to verify users. It also signals expectations in New York for protecting minors if offering a social media platform intended only for that market.
Listen to this post
BIG LAW LOSS: TCPA Defendant Loses Bifurcation Effort After Terrible Discovery Objections– Is #BigLaw Inexperience to Blame?
Looks like #biglaw inexperience has cost another TCPA defendant big time.
But let’s try to stay positive.
First, I’m fairly certain I invented the concept of seeking bifurcated discovery in TCPA class litigation.
I know I invented seeking “trifurcted” discovery in TCPA class litigation.
Been doing it since 2011.
For a long time no other defense counsel even attempted the maneuver. Recently we have seen quite a bit of it. But like so much else in litigation, its one thing to make the right move– its another thing to win the move. Especially when #biglaw is involved. These guys can’t seem to win anything in TCPAWorld.
So what does bi/trifurcated discovery even mean and why does it matter?
The primary vehicle Plaintiff’s lawyers have to extract large dollar TCPA settlements in class discovery. They serve massively overly broad demands–stuff like, produce records of every call you’ve ever made and every consent record supporting the right to make those calls and every account record for every costumer that signed up as a result of those calls– in an effort to turn a company inside out and drive them to the settlement table.
For smaller companies these sorts of demands are irritating and invasive, but perhaps not crippling. But for large enterprises the idea of extracting millions of confidential/private client files to hand over to a plaintiff’s lawyer is downright insane.
Now the rules typically do not allow for this type of discovery but if defense counsel isn’t VERY careful with objections they may end up waiving critical protections and the court may end up issuing an order compelling production of these materials.
But one way to cut off this entire issue is by asking the court to prevent invasive “merits” discovery into class claims until after class issues are decided. (Type 1 bifurcation.) Or to stay all class discovery pending the outcome of a dispositive motion challenge to the named plaintiff’s claim. (Type 2 bifurcation.) Either one of these is a form of “bifurcation” of discovery.
In Bond v. Folsom Insurance Agency, 2025 WL 863469 (N.D. Tex. March 19, 2025) the Defendant–represented by a #biglaw firm that did NOT make my list of top best TCPA lawyers–attempted Type 2 bifurcation (i.e. they sought to stay class discovery until the Plaintiff’s individual claims were resolved.) Unfortunately the defendant had already lost a discovery battle earlier in the case and the court was not going to allow the belated effort to seek bifurcation bail the defendant out. So it denied the motion.
Get it?
The defense failed to seek bifurcation at the right time. Then the failed to assert proper objections/arguments to prevent the production of class wide information. Instead it asserted ” boilerplate objections” that were rejected by the court.
What a disaster. Shouldn’t have happened.
FTC’s Consumer Protection Agenda Thus Far Under President Trump
As contemplated by FTC defense lawyer in December 2024, the Federal Trade Commission’s operations during the first two months under the second Trump Administration have been chaotic. Unsurprisingly, the policy focus appears to be de-regulation and an enforcement focus on bread-and-butter fraud and deception (for example and without limitation, bogus business opportunity offers, unsubstantiated earnings claims and unlaw debt collection), privacy, telemarketing, big technology moderation and the protection of competition in labor markets.
Last week, President Trump fired the remaining two Democratic commissioners. Both have stated that they believe their termination is unlawful and may challenge the dismissals judicially. Two Republican commissioners remain to make regulatory, investigation and enforcement-related decisions.
The Federal Trade Commission has traditionally been considered an independent agency. However, President Trump recent issued an Executive Order seeking to vest control of various federal agencies and financial regulator within his control, including the FTC. In doing so, the Trump administration seemingly seeks to exert some degree of control over the strategic priorities of the agencies and regulators.
Historically, an FTC commissioner may only be removed by the President for “inefficiency, neglect of duty or malfeasance in office.” In fact, in Humphrey’s Executor v. United States (1935), the Supreme Court ruled that FTC commissioners cannot be removed over policy differences.
Importantly, however, in Selia Law v. CFPB (2019), the Supreme Court held that restricting removal of the Consumer Financial Protection Bureau director to “for cause” only is unconstitutional. Justices Thomas and Gorsuch concurred and criticized the Humphrey’s Executor decision. It is anticipated that, if challenged, the Trump Administration will rely upon the Selia Law decision in support of its position that the removal of the FTC commissioners is constitutional.
Many have noticed a considerable shift in consumer protection investigation and enforcement-related activities. A few new enforcement matters have been initiated in 2025 whilst one or more investigations and lawsuits have been paused. Whether the current slowdown is temporary while the agency aligns its priorities with the new administration’s policies, or is an indication of a more significant long term shift remains to be seen.
Also noteworthy is a brief recently filed in the Eighth Circuit by the FTC defending the “Click to Cancel” Negative Option Rule. Numerous business groups have filed challenges to the rule in federal court. Many have speculated the “Click to Cancel” Rule would face significant challenges by the Trump administration. The “Click to Cancel” Rule’s misrepresentation restrictions are already effective and the remainder of the rule is supposed to become effective in May 2025.
OCC Eliminates “Reputational Risk” Category from Bank Supervision Criteria
On March 20, the OCC announced that it will no longer treat reputation risk as a standalone category in its supervision of national banks and federal savings associations. The decision marks a dramatic shift in the agency’s risk-based examination framework.
Under the updated policy, OCC examiners are instructed to discontinue separate assessments of reputation risk and instead evaluate any such concerns through other established risk areas—such as operational, compliance, or credit risk—when they present a tangible impact to bank safety, soundness, or fair treatment of customers. OCC staff have been directed to revise examination manuals and related documentation to eliminate references to reputation risk. This change follows the Senate’s introduction of proposed legislation that would prohibit all federal banking agencies from considering reputation risk in supervisory exams.
The concept of reputational risk has been around for decades, and involves the risk to current or projected financial condition and resilience arising from negative public opinion. The OCC’s exam manual states that “departure from effective corporate and risk governance principles and practices cast doubt on the integrity of the bank’s board and management. History shows that such departures can affect the entire financial services sector and the broader economy.”
Now, according to the OCC, the revised framework is intended to improve clarity and public confidence in the examination process. The OCC emphasized that removing the term does not reduce expectations for sound risk management, but instead to ensure that supervisory actions are grounded in objective and material risk considerations.
Putting It Into Practice: The OCC’s removal of reputation risk as a standalone category echoes recent comments from Acting Comptroller Hood, who emphasized that the agency will not push banks to debank entire categories of customers without assessing individualized risks (discussed here). We expect further actions from federal regulators as part of a broader shift in supervisory policy and priorities (previously discussed here, here, and here).
Listen to this post