Class Action

TikTok Settles in Class Action Data Privacy Lawsuit – Will Pay $92 Million Settlement

Sarah Nelson, MJLST Staffer

On November 15, 2021, TikTok users received the following notification within the app: “Class Action Settlement Notice: U.S. residents who used Tik Tok before 01 OCT 2021 may be eligible for a class settlement payment – visit https://www.TikTokDataPrivacySettlement.com for details.” The notification was immediately met with skepticism, with users taking to Twitter and TikTok itself to joke about how the notification was likely a scam. However, for those familiar with TikTok’s litigation track record on data privacy, this settlement does not come as a surprise. Specifically, in 2019, TikTok – then known as Musical.ly – settled with the Federal Trade Commission over alleged violations of the Children’s Online Privacy Protection Act for $5.7 million. This new settlement is notable for the size of the payout and for what it tells us about the current state of data privacy and biometric data law in the United States.

Allegations in the Class Action

21 federal lawsuits against TikTok were consolidated into one class action to be overseen by the United States District Court for the Northern District of Illinois. All of the named plaintiffs in the class action are from either Illinois or California and many are minors. The class action comprises two classes – one class covers TikTok users nationwide and the other only includes Tik Tok users who are residents of Illinois.

In the suit, plaintiffs allege TikTok improperly used their personal data. This improper use includes accusations that TikTok, without consent, shared consumer data with third parties. These third parties allegedly include companies based in China, as well as well-known companies in the United States like Google and Facebook. The class action also accuses TikTok of unlawfully using facial recognition technology and of harvesting data from draft videos – videos that users made but never officially posted. Finally, plaintiffs allege TikTok actively took steps to conceal these practices.

What State and Federal Laws Were Allegedly Violated?

On the federal law level, plaintiffs allege TikTok violated the Computer Fraud and Abuse Act (CFAA) and the Video Privacy Protection Act (VPPA). As the name suggests, the CFAA was enacted to combat computer fraud and prohibits accessing “protected computers” in the absence of authorization or beyond the scope of authorization. Here, the plaintiff-users allege TikTok went beyond the scope of authorization by secretly transmitting personal data, “including User/Device Identifiers, biometric identifiers and information, and Private Videos and Private Video Images never intended for public consumption.” As for the VPPA, the count alleges the Act was violated when TikTok gave “personally identifiable information” to Facebook and Google. TikTok allegedly provided Facebook and Google with information about what videos a TikTok user had watched and liked, and what TikTok content creators a user had followed.

On the state level, the entire class alleged violations of the California Comprehensive Data Access and Fraud Act and a Violation of the Right to Privacy under the California Constitution. Interestingly, the plaintiffs within the Illinois subclasswere able to allege violations under the Biometric Information Privacy Act (BIPA). Under the BIPA, before collecting user biometric information, companies must inform the consumer in writing that the information is being collected and why. The company must also say how long the information will be stored and get the consumer to sign off on the collection. The complaint alleges TikTok did not provide the required notice or receive the required written consent.

Additionally, plaintiffs allege intrusion upon seclusion, unjust enrichment, and violation of both a California unfair competition law and a California false advertising law.

In settling the class action, TikTok denies any wrongdoing and maintains that this settlement is only to avoid the cost of further litigation. TikTok gave the following statement to the outlet Insider: “While we disagree with the assertions, we are pleased to have reached a settlement agreement that allows us to move forward and continue building a safe and joyful experience for the TikTok community.”

Terms of the Settlement

To be eligible for a settlement payment, a TikTok user must be a United States resident and must have used the app prior to October of 2021. If an individual meets these criteria, they must submit a claim before March 1, 2022. 89 million usersare estimated to be eligible to receive payment. However, members of the Illinois subclass are eligible to receive six shares of the settlement, as compared to the one share the nationwide class is eligible for. This difference is due to the added protection the Illinois subclass has from BIPA.

In addition to the payout, the settlement will require TikTok to revise its practices. Under the agreed upon settlement reforms, TikTok will no longer mine data from draft videos, collect user biometric data unless specified in the user agreement, or use GPS data to track user location unless specified in the user agreement. TikTok also said they would no longer send or store user data outside of the United States.

All of the above settlement terms are subject to final approval by the U.S. District Judge.

Conclusion

The lawyers representing TikTok users remarked that this settlement was “among the largest privacy-related payouts in history.” And, as noted by NPR, this settlement is similar to the one agreed to by Facebook in 2020 for $650 million. It is possible the size of these settlements will contribute to technology companies preemptively searching out and ceasing practices that may be privacy violative

It is also worth noting the added protection extended to residents of Illinois because of BIPA and its private right of actionthat can be utilized even where there has not been a data breach.

Users of the TikTok app often muse about how amazingly curated their “For You Page” – the videos that appear when you open the app and scroll without doing any particular search – seem to be. For this reason, even with potential privacy concerns, the app is hard to give up. Hopefully, users can rest a bit easier now knowing TikTok has agreed to the settlement reforms.


Robinhood Changed the Game(Stop) of Modern Day Investing but Did They Go Too Far?

Amanda Erickson, MJLST Staffer

It is likely that you have heard the video game chain, GameStop, in the news more frequently than normal. GameStop is a publicly traded company that is known for selling, trading, and purchasing gaming devices and accessories. Along with many other retailers during the COVID-19 pandemic, GameStop has been struggling. Not only did COVID-19 affect its operations, but the Internet beat the company’s outdated business model. Prior to January 2021, GameStop’s stock prices reflected the apparent new reality of gaming. In March 2015, GameStop’s closing price was around $40 a share, but at the beginning of January 2021, it was at $20 a share. With a downward trend like this, it might come as a shock to learn that on January 27, 2021, GameStop’s closing price was at $347.51 a share, with the stock briefly peaking at $483 on the following day.

This dramatic surge can be accredited to a large group of amateur traders on the Reddit forum, r/WallStreetBets, who promoted investments in the stock. This sudden surge forced large scale institutional investors, who originally bet against the stock through short positions, to buy the stock in order to hedge their positions. Short selling involves “borrowing” shares of a company, and quickly selling the borrowed shares into the market. The short seller hopes that these shares will fall in price, so that they can buy the shares back at a potentially lower price. If this happens, they can return the shares back that they “borrowed” and keep the difference as profit. The practice of short selling is controversial. Short selling can lead to stock price manipulation and can generate misinformation about a company, but it can also serve to check and balance the markets. The group on Reddit knew that short sellers had positions betting against GameStop and wanted to take advantage of these positions. This caused the stock price to soar when these short sellers had to repurchase their borrowed shares.

This historic scene intrigued many day traders to participate and place bets on GameStop, and other stocks that this Reddit group was promoting. Many chose to use Robinhood, a free online trading app, to make these trades. Robinhood introduced a radical business model in 2014 by offering consumers a platform that allowed them to trade with zero commissions, and ultimately changed the way the industry operated. That is until Robinhood issued a statement on January 28, 2021 announcing that “in light of recent volatility, we restricted transactions for certain securities,” including GameStop. Later that day, Robinhood issued another statement saying it would allow limited buying of those securities starting the next day. This came as a shock to many Robinhood users, because Robinhood’s mission is to “democratize finance for all.” These events exacerbated previous questions about the profitability model of Robinhood and ultimately left many users questioning Robinhood’s mission.

The first lawsuit was filed by a Robinhood user on January 28, 2021, alleging that Robinhood blocked its users from purchasing any of GameStop’s stock “in the midst of an unprecedented stock rise thereby depriv[ing] retail investors of the ability to invest in the open-market and manipulating the open market.” Robinhood is now facing over 30 lawsuits, with that number only rising. The chaos surrounding GameStop stock has caught lawmakers’ attention, and they are now calling for congressional action. On January 29, 2021, the Securities and Exchange Commission issued a statement informing that it is “closely monitoring and evaluating the extreme price volatility of certain stocks’ trading prices” and expressed that it will “closely review actions taken by regulated entities that may disadvantage investors.” Robinhood issued another statement on January 29, 2021, stating they did not want to stop people from buying these stocks, but that they had to take these steps to conform with their regulatory capital requirements.

The frenzy has since calmed down but left many Americans with questions surrounding the legality of Robinhood’s actions. While it may seem like Robinhood went against everything the free market has to offer, legal experts disagree, and it all boils down to the contract. The Robinhood contract states “I understand Robinhood may at any time, in its sole discretion and without prior notice to Me, prohibit or restrict My ability to trade securities.” Just how broad is that discretion, though? The issue now is if Robinhood treated some users differently than others. Columbia Law School professor, Joshua Mitts, said, “when hedge funds are going to lose from a trading suspension, they don’t face any lockup like this, any suspension, any halt at the retail level, but when retail investors find themselves locked in, they find themselves unable to exit the trade.” This protective action by Robinhood directly contradicts the language in the Robinhood contract that states that the user agrees Robinhood does not “provide investment advice in connection with this Account.” The language in this contract may seem clear separately, but when examining Robinhood’s restrictions, it leaves room to question what constitutes advice when restricting retail investors’ trades.

Robinhood’s practices are now under scrutiny by retail investors who question the priority of the company. The current lawsuits against Robinhood could potentially impact how fintech companies are able to generate profits and what federal oversight they might have moving forward. This instance of confusion between retail investors and their platform choice points to the potential weaknesses in this new form of trading. While GameStop’s stock price may have declined since January 28, the events that unfolded will likely change the guidelines of retail investing in the future.

 


“Football is a Microcosm of America”

Emily Moss, MJLST Staffer

Sunday’s Super Bowl LV had a notably different tone than in any other year. Cardboard cutouts and masked fans filled the stadium, there was no audience on the field during The Weeknd’s halftime performance, and the NFL aired an anti-racism commercial that opened with the line “football is a microcosm of America.” This commercial, which NPR dubbed the “worst hypocrisy from a sports league,” is the most recent in the NFL’s string of racial justice focused actions. Yet the league where Colin Kaepernick has not played since he knelt in protest of police brutality and racial inequality is unwilling to reckon with its own racial injustices. Days before this year’s atypical Super Bowl aired, ABC News reported on emails it obtained, suggesting that clinicians doing evaluations as part of the NFL’s concussion settlement program were required to use different cognitive scales for Black and White players.

Th ABC News report stemmed from a long line of litigation over NFL players’ head injuries. In 2014, faced with growing research about the effects of professional football on players’ brains and a long list of players who committed suicide in a pattern related to brain injuries, the NFL and a class of “roughly 18,000 retired players and their beneficiaries” entered into a settlement agreement. Plaintiffs’ attorneys Sol Weiss and Christopher Seeger stated that the agreement was “an extraordinary settlement for retired NFL players and their families—from those who suffer with neurocognitive illnesses today, to those who are currently healthy but fear they may develop symptoms decades into the future.” Some plaintiffs, however, expressed concern, calling the settlement a “lousy deal” for players whose symptoms would not meet the compensation requirements.

On August 25, 2020, Black NFL retirees Kevin Henry and Najeh Davenport, on behalf of themselves and all others similarly situated, sued the NFL. The complaint claims that “the [NFL concussion] Settlement Agreement is marred by an unacceptable flaw: the National Football League and NFL Properties, LLC (collectively, ‘the NFL’) have been avoiding paying head-injury claims under the Settlement Agreement based on a formula for identifying qualifying diagnoses that explicitly and deliberately discriminates on the basis of race.” Pursuant to the settlement, in order to establish a player’s cognitive function decline, clinicians compare players to a baseline. When determining the baseline, doctors can consider a number of factors, including age, education, and, significantly, race. A scale that uses such “race-norming” assumes that Black players start out with a lower cognitive function baseline than White players. The result is that a Black player may be denied compensation for the same cognitive function that would trigger compensation for a White player. This scheme “is particularly insidious because it presumes Black retirees to be less intelligent than their non-Black fellow retirees.” The complaint thus alleges deprivation of equal rights under 42 U.S.C. § 1981.

The NFL moved to dismiss for failure to state a claim on November 2, 2020. The motion argues that (1) the use of “race-norming” is contemplated by the 2014 judicially-approved settlement to which the plaintiffs were given notice and an opportunity to object, (2) the plaintiffs failed to establish intent to discriminate as required by § 1981, and (3) the plaintiffs failed to establish but-for causation as required by § 1981. The plaintiffs filed a reply in December but the judge has yet not ruled.

In a statement responding to Henry and Davenport’s suit, NFL commissioner Roger Goodell claimed that “[t]he federal court is overseeing the operation and implementation of that settlement, and we are not part of selecting the clinicians, the medical experts, who are making decisions on a day-to-day basis.” However, when Davenport applied for compensation based on a determination from a clinician who did not apply race-norming standards, the NFL appealed his application, claiming “his neuropsychological test scores may have been calculated with improper demographic norm adjustments.” And while the NFL maintains that the settlement program does not require race-norming, according to a recent ABC News report, a neuropsychologist who evaluated NFL players for the settlement program claimed that, in his experience, “when clinicians deviate from the algorithm, there are multiple inquiries levied at them.” Another clinician stated that assessment was “right on target.”

The ABC News investigation supports the lawsuit’s claim that the NFL compensates White and Black players based on different standards. As one clinician put it “[b]ottom line is that the norms do discriminate against Black players . . . [s]o now what? In this time of reckoning, like many professions, I think we need to look closely at the expected and unexpected ramifications of our practices.” While the NFL has not released its settlement statistics, the ramifications of this practice is clear. Black retirees will be denied compensation more than White retirees. In a country where medical racism is prevalent, the NFL is indeed a “microcosm of America.”


Reviewing Interchange Fees: How Fifteen Years of Litigation Partially Explains the Grimace on Your Local Business Owner’s Face When You Pay for a $2.00 Product with a Credit Card

Jesse Smith, MJLST Staffer

Credit and debit cards have become a fundamental part of commerce. It’s hard to beat the perceived simplicity, convenience, and security of using a small piece of plastic or your phone to purchase goods and services. But many forget that when you swipe your card at any business that accepts cards, the merchant does not receive the full amount of the price it charges for the good or service purchased. “Interchange fees” are costs levied against a merchant by the bank that issued the card being used for payment. Until 2010, interchange fees comprised between 1%-3% of the cost of the purchase. Their described purpose is to “cover handling costs, fraud and bad debt costs, and the risk involved in approving the payment.” In recent decades, card issuers have also used interchange fees to fund popular “rewards programs” offered in the form of cashback and points to cardholders.

Interchange fees have been the subject of intense legislative and litigation controversies for the last two decades. They highlight numerous salient issues at the intersection of law, economics, and technology. In 2004, a group of merchants filed a lawsuit against Visa,  Mastercard, and their card issuing banks (In Re Payment Card Interchange Fee and Merchant Discount Antitrust Litigation 827 F.3d 223 (2d Cir. 2016)), alleging anticompetitive practices in how they set interchange fees and the contractual rules required of merchants who accepted their credit cards. The issues addressed in the case span multiple areas of law including corporate structure, antitrust, freedom of speech, and legislative process.

Over a decade later, the lawsuit culminated in one of the largest antitrust class action settlements in the history of the United States. To understand the history and progression of this lawsuit is to understand interchange fees more generally. I spoke to K. Craig Wildfang, a partner at Robins Kaplan LLP, and co-lead counsel for the merchants in the case. Mr. Wildfang’s explanation of the litigation and payment card industry overall provided unparalleled insight into this important aspect of how we conduct transactions in an increasingly tech driven society.

In 2004, Plaintiffs filed claims against Visa and Mastercard (who previously set interchange fee schedules), and the banks that collectively owned these card networks at the time. The lawsuit challenged the “collective setting of interchange fees” by the defendants as antitrust violations, more specifically, as price fixing conspiracies under Sections 1 and 2 of the Sherman Antitrust Act. It also challenged anti-steering rules written into the card networks’ contracts with merchants, which prevented businesses from using discounts, surcharges, or signage to “steer” customers towards use of cheaper methods of payment, including cash or checks.

Soon after the commencement of the lawsuit, Visa and Mastercard restructured their businesses by divesting the banks from their ownership interests and offering IPOs in their companies’ stock. Doing so would cause interchange fee rate setting to resemble the actions of single entities, rather than joint conduct propagated by the banks as owners of the credit card companies. Such restructuring posed a challenge to the merchants suing, as courts historically look at single conduct less skeptically than joint conduct in an antitrust context. Undeterred, Wildfang and the merchants’ counsel leveraged this action into an additional antitrust claim under § 7 of the Clayton Act (which utilizes a lower standard of proof for anti-competitive behavior). Thus, they were able to obtain discovery that, in Wildfang’s estimation, made it “100% clear that the only reason they [restructured] was to try to minimize their antitrust liability.”

After years of litigation, mediation, and even a DOJ investigation into the defendants, in 2012, the parties finally reached a historic multibillion-dollar settlement that also saw Visa and Mastercard lift their contractual bans on steering policies. The 2nd Circuit struck down the settlement on appeal based on a conflict from the same class counsel representing the plaintiffs for both monetary and injunctive relief. Consequently, Wildfang and Robins Kaplan were appointed as counsel for 23(b)(3) plaintiffs seeking monetary relief. Undeterred by this setback, after further amended complaints, discovery, and mediation, Wildfang and class counsel achieved another victory in 2019, securing a $6.25 billion settlement for over 10 million merchants, before reductions for opt outs. Additionally, Visa and Mastercard did not reinstate any anti-steering provisions into their contracts.

While litigation was a necessary element of relief, the merchants’ counsel understood this was only part of the solution. Wildfang noted that “when we started the litigation, we knew there would be these ancillary battles, and we decided as the leadership of the litigation, that it was in the interest of our clients . . . to play a productive role in these other . . .  fora.”

In 2010, as part of the Dodd-Frank Wall Street Reform Act, Senator Richard Durbin, assisted by Plaintiffs’ counsel and other merchant trade groups, introduced an amendment granting the Federal Reserve the power to regulate debit card interchange fees. The Fed subsequently capped them at approximately 22 to 24 cents per transaction for banks with assets of $10 billion or more. In Wildfang’s assessment, limiting regulation to debit card fees was a logical starting point for legislative reform:

[I]t was much easier for the merchants to argue . . . that a debit card transaction was just an electronic check . . . it made it more appealing to the congressional people we were talking to, to think . . . “well we’re just going to recognize that these are like electronic checks, and checks don’t have interchange fees. So, let’s get rid of these, or at least cap them.” That’s something more reasonable. If you get into trying to cap or regulate credit card interchange fees, that gets a lot more complicated, because the economics of a credit card transaction are a lot more complicated. Some of the interchange revenue ends up going as rewards to cardholders, which of course, the banks always claim is a wonderful good for the consumer, but in fact, those reward dollars are coming out of pockets of other consumers who may not have a credit card.

Senator Durbin espoused this reasoning in discussing the Durbin Amendment in the Senate Congressional Record. Debit card fees are fundamentally like electronic checks, in that they deduct payment for a transaction from a customer’s checking account. The nature of these transactions largely eliminates the need for high interchange fees, as banks need not entice consumers to spend their own money with rewards programs, nor does it require the same costs incurred to mitigate the risk of a consumer refusing to pay what they owe at the end of a month, as with a credit card.

Capping debit card fees was a monumental victory for merchants. Wildfang noted:

It had been true . . . by the early two thousand teens, that debit card transactions were increasing at a much faster rate than credit card transactions, and that was true whether you were talking about numbers of transactions or transaction volume. And there were a lot of reasons for that . . . [which] made capping debit fees particularly appealing, because we knew that that was a growing piece of the pie, and it was going to continue to grow, and it has continued to grow.

The number of non-prepaid debit card transactions has increased every year from 8.3 billion in 2000, to 72.7 billion in 2018, now constituting over half of all card based transactions, as compared to a little over a quarter in 2000. With the average value of debit card sales hovering consistently in the $38-$39 range, merchants were undoubtedly spared the cost of billions of dollars in interchange fees, having to pay a max of 24 cents, rather than 1%-3% of every transaction conducted. Additionally, the effects of the Durbin Amendment went far beyond relief of the financial burden from debit card fees, igniting tangential legislative and judicial fights throughout the U.S.

Armed with an affordable card payment alternative, it became paramount for merchants to make debit card, check, and cash payment options more appealing by offering discounts for use of these payments, or imposing surcharges on more expensive types of payments. Multiple states, often lobbied by Visa and Mastercard, had either passed or were considering passing laws banning these steering practices. Repealing or preventing these laws was key, as removal of anti-steering provisions from card issuer contracts would be useless if steering were illegal in the first place. Wildfang and merchants’ counsel worked behind the scenes with counsel for plaintiffs in Expressions Hair Design v. Schneiderman, 137 S. Ct. 1144 (2017), where the Supreme Court ruled a New York state law banning merchants from imposing surcharges regulated speech, not conduct. While the holding did not rule on the law’s constitutionality, some believe the case may percolate back to the Court soon to reexamine a key rational basis review standard in free speech cases.

When the litigation first began, consumers paid primarily by cash, check, and magnetic stripe credit or debit cards. Since then, the menu for consumers has increased exponentially, with EMV chip cards, various digital wallets, and cryptocurrencies now permeating payment methods both online and at a physical point of sale. The increasing diversity of payment methods further served to complicate the factual and narrative landscape of the litigation, primarily by challenging the standing Plaintiffs had in the antitrust realm. Wildfang explained:

Let’s take, for example, a transaction like Apple Pay. The economics of that are facially somewhat similar to a credit card, but there are more players in the payment chain, and the impact on the merchant of those transactions is not as clear as in a simple credit . . . or debit card transaction. And you had these intermediate players, one more layer between the banks and the merchant, and as you probably know, under federal antitrust law, only the direct purchaser has standing to bring an action for damages, and the defendants had always argued from the very beginning, that merchants were indirect purchasers, because, as sort of a technical matter, the way the electronics work, the acquiring bank—the merchant’s bank, is in some sense “first in line” as the money goes through them back to the merchant.

This potential dilution of a merchant’s ability to sue as a direct purchaser underscored the need to reach a monetary settlement rather than risk losing at trial. Wildfang believes these developments will play a key role in future electronic payment litigation:

[I]t’s going to be complicated, and the release that we gave to the defendants in the second settlement is almost certain to prompt litigation. There are going to be cases brought in the future where the defendants are going to argue the release applies and protects them against those claims and so there[] [is]going to be a lot of litigation along the edges of the original case, and whether or not a particular future claim has been released or not. And I think that the technological changes are going to be probably right in among all of those cases and kind of test the boundaries of the release.

Digital wallet platforms function and release payment information differently. Google utilizes an actual account for its wallet users to “store” money in, while Apple “facilitat[es] the ordering of fund transfers,” by creating and providing secure payment tokens to the merchant, rather than actual user account information. Apple also levies a 0.15% fee on card issuers who accept Apple Pay for integration with their cards. It remains to be seen how legislatures and courts will classify these roles of differing platforms in the payment chain between consumer and merchant.

But as both merchants and card issuers deal with another party and the costs it brings to the table, numerous issues will emerge once. Will the use of a certain payment method/platform render merchants as indirect purchasers? Will card issuers use additional or new fees to offset the costs of digital wallet providers’ fees? If so, are these fees precluded from litigation by this settlement? These are just a few of countless questions that may arise “around the edges of the original case.” Regardless of if or how these specific battles arise, the dynamic nature of the payment card industry is the one constant in a sea of changing technological variables. As Wildfang summed it up, “for the first forty years or so of the payment card industry, not much changed. But in the last ten years, a lot has changed, and I think that the next five or ten years is going to bring even more change.”


Split Ends: WEN Hair Care & The FDA’s Regulation of Cosmetics

MJLST Guest Blogger, Tommy Tobin

[Editor’s Note: The LawSci Forum is pleased to announce a new series on current issues in FDA law. This post is #1 in the series, with more in the coming weeks.]

We have all been tempted by late-night television infomercials and their promises. If the product works, our lives become more convenient; if it doesn’t, we’re only out a few dollars and the product will gather dust. For thousands across America, one product that promised a hair-care revolution left them scratching, itching, and balding.

The Food & Drug Administration (FDA) is investigating over 20,000 incidents of adverse events resulting from WEN by Chaz Dean. Los Angeles-based stylist Chaz Dean is the face of the WEN brand, endorsed by Brooke Shields, Alyssa Milano, and other celebrities. Sold on QVC, infomercials, and elsewhere, WEN is unlike most shampoos. It is marketed as a “revolutionary way to cleanse and hydrate the hair” without water.

There’s another way that WEN is unlike most shampoos: using WEN all too often results in large clumps of hair falling off one’s head. The FDA has received complaints of baldness in addition to hair loss, itching, and rashes after consumers tried WEN products. In July 2016, the FDA issued a Safety Alert to warn the public about potential results of using this hair care product. In that warning, the FDA noted that this was the largest number of reports ever received for a hair cleansing product.

Unsurprisingly, litigation has ensued. One California case has resulted in a preliminary class action settlement of over $26 million. Filed in the Central District of California, the suit alleges that the plaintiffs, and their similarly-situated class members, suffered hair loss and scalp irritation, among other injuries. One class representative allegedly lost one-third of her hair after she used WEN’s Sweet Almond Milk kit. In addition, plaintiffs claimed that the WEN was falsely advertised as safe and failed to warn users of potential harm.

Under the terms of the preliminary settlement, notice will be given to 6 million class members, defined as any American purchaser of WEN hair care products between November 2007 and August 1, 2016. A warning will be added to the product’s packaging telling users to seek immediate medical attention for adverse reactions. While many claimants in the class can submit claims for a $25 payment, those with more extensive damages can submit claims for additional recovery. For example, those that have lost more than 50% of their hair with minimal “hair regrowth” could recover as much as $20,000.

But, wait there’s more! The nature of the allegations against WEN have led many consumers, lawmakers, and even the New York Times to ask whether the FDA should have the authority to recall dangerous cosmetics from the market. Currently, the FDA is not authorized to order recalls of cosmetic products. Instead, such recalls are voluntary efforts by manufacturers or distributors.

A cursory inspection of the FDA’s name reveals that “cosmetics” is nowhere to be found in the title of the Food & Drug Administration. While the FDA notes that cosmetic companies and marketers “have the legal responsibility to ensure the safety of their products,” the WEN case provides an opportunity to reflect on the FDA’s regulatory authority over cosmetic products.  For example, the FDA may order warning statements on cosmetics that present health hazards and work with manufacturers on voluntary recalls. Time will tell whether WEN prompts further action to regulate cosmetic products.


Split Ends: WEN Hair Care & The FDA’s Regulation of Cosmetics

MJLST Guest Blogger, Tommy Tobin

[Editor’s Note: The LawSci Forum is pleased to announce a new series on current issues in FDA law. This post is #1 in the series, with more in the coming weeks.]

We have all been tempted by late-night television infomercials and their promises. If the product works, our lives become more convenient; if it doesn’t, we’re only out a few dollars and the product will gather dust. For thousands across America, one product that promised a hair-care revolution left them scratching, itching, and balding.

The Food & Drug Administration (FDA) is investigating over 20,000 incidents of adverse events resulting from WEN by Chaz Dean. Los Angeles-based stylist Chaz Dean is the face of the WEN brand, endorsed by Brooke Shields, Alyssa Milano, and other celebrities. Sold on QVC, infomercials, and elsewhere, WEN is unlike most shampoos. It is marketed as a “revolutionary way to cleanse and hydrate the hair” without water.

There’s another way that WEN is unlike most shampoos: using WEN all too often results in large clumps of hair falling off one’s head. The FDA has received complaints of baldness in addition to hair loss, itching, and rashes after consumers tried WEN products. In July 2016, the FDA issued a Safety Alert to warn the public about potential results of using this hair care product. In that warning, the FDA noted that this was the largest number of reports ever received for a hair cleansing product.

Unsurprisingly, litigation has ensued. One California case has resulted in a preliminary class action settlement of over $26 million. Filed in the Central District of California, the suit alleges that the plaintiffs, and their similarly-situated class members, suffered hair loss and scalp irritation, among other injuries. One class representative allegedly lost one-third of her hair after she used WEN’s Sweet Almond Milk kit. In addition, plaintiffs claimed that the WEN was falsely advertised as safe and failed to warn users of potential harm.

Under the terms of the preliminary settlement, notice will be given to 6 million class members, defined as any American purchaser of WEN hair care products between November 2007 and August 1, 2016. A warning will be added to the product’s packaging telling users to seek immediate medical attention for adverse reactions. While many claimants in the class can submit claims for a $25 payment, those with more extensive damages can submit claims for additional recovery. For example, those that have lost more than 50% of their hair with minimal “hair regrowth” could recover as much as $20,000.

But, wait there’s more! The nature of the allegations against WEN have led many consumers, lawmakers, and even the New York Times to ask whether the FDA should have the authority to recall dangerous cosmetics from the market. Currently, the FDA is not authorized to order recalls of cosmetic products. Instead, such recalls are voluntary efforts by manufacturers or distributors.

A cursory inspection of the FDA’s name reveals that “cosmetics” is nowhere to be found in the title of the Food & Drug Administration. While the FDA notes that cosmetic companies and marketers “have the legal responsibility to ensure the safety of their products,” the WEN case provides an opportunity to reflect on the FDA’s regulatory authority over cosmetic products.  For example, the FDA may order warning statements on cosmetics that present health hazards and work with manufacturers on voluntary recalls. Time will tell whether WEN prompts further action to regulate cosmetic products.


6th Circuit Aligns With 7th Circuit on Data Breach Standing Issue

John Biglow, MJLST Managing Editor

To bring a suit in any judicial court in the United States, an individual, or group of individuals must satisfy Article III’s standing requirement. As recently clarified by the Supreme Court in Spokeo, Inc. v. Robins, 136 S. Ct. 1540 (2016), to meet this requirement, a “plaintiff must have (1) suffered an injury in fact, (2) that is fairly traceable to the challenged conduct of the defendant, and (3) that is likely to be redressed by a favorable judicial decision.” Id. at 1547. When cases involving data breaches have entered the Federal Circuit courts, there has been some disagreement as to whether the risk of future harm from data breaches, and the costs spent to prevent this harm, qualify as “injuries in fact,” Article III’s first prong.

Last Spring, I wrote a note concerning Article III standing in data breach litigation in which I highlighted the Federal Circuit split on the issue and argued that the reasoning of the 7th Circuit court in Remijas v. Neiman Marcus Group, LLC, 794 F.3d 688 (7th Cir. 2015) was superior to its sister courts and made for better law. In Remijas, the plaintiffs were a class of individuals whose credit and debit card information had been stolen when Neiman Marcus Group, LLC experienced a data breach. A portion of the class had not yet experienced any fraudulent charges on their accounts and were asserting Article III standing based upon the risk of future harm and the time and money spent mitigating this risk. In holding that these Plaintiffs had satisfied Article III’s injury in fact requirement, the court made a critical inference that when a hacker steals a consumer’s private information, “[p]resumably, the purpose of the hack is, sooner or later, to make fraudulent charges or assume [the] consumers’ identit[y].” Id. at 693.

This inference is in stark contrast to the line of reasoning engaged in by the 3rd Circuit in Reilly v. Ceridian Corp. 664 F.3d 38 (3rd Cir. 2011).  The facts of Reilly were similar to Remijas, except that in Reilly, Ceridian Corp., the company that had experienced the data breach, stated only that their firewall had been breached and that their customers’ information may have been stolen. In my note, mentioned supra, I argued that this difference in facts was not enough to wholly distinguish the two cases and overcome a circuit split, in part due to the Reilly court’s characterization of the risk of future harm. The Reilly court found that the risk of misuse of information was highly attenuated, reasoning that whether the Plaintiffs experience an injury depended on a series of “if’s,” including “if the hacker read, copied, and understood the hacked information, and if the hacker attempts to use the information, and if he does so successfully.” Id. at 43 (emphasis in original).

Often in the law, we are faced with an imperfect or incomplete set of facts. Any time an individual’s intent is an issue in a case, this is a certainty. When faced with these situations, lawyers have long utilized inferences to differentiate between more likely and less likely scenarios for what the missing facts are. In the case of a data breach, it is almost always the case that both parties will have little to no knowledge of the intent, capabilities, or plans of the hacker. However, it seems to me that there is room for reasonable inferences to be made about these facts. When a hacker is sophisticated enough to breach a company’s defenses and access data, it makes sense to assume they are sophisticated enough to utilize that data. Further, because there is risk involved in executing a data breach, because it is illegal, it makes sense to assume that the hacker seeks to gain from this act. Thus, as between the Reilly and Remijas courts’ characterizations of the likelihood of misuse of data, it seemed to me that the better rule is to assume that the hacker is able to utilize the data and plans to do so in the future. Further, if there are facts tending to show that this inference is wrong, it is much more likely at the pleading stage that the Defendant Corporation would be in possession of this information than the Plaintiff(s).

Since Remijas, there have been two data breach cases that have made it to the Federal Circuit courts on the issue of Article III standing. In Lewert v. P.F. Chang’s China Bistro, Inc., 819 F.3d 963, 965 (7th Cir. 2016), the court unsurprisingly followed the precedent set forth in their recent case, Remijas, in finding that Article III standing was properly alleged. In Galaria v. Nationwide Mut. Ins. Co., a recent 6th Circuit case, the court had to make an Article III ruling without the constraint of an earlier ruling in their Circuit, leaving the court open to choose what rule and reasoning to apply. Galaria v. Nationwide Mut. Ins. Co., No. 15-3386, 2016 WL 4728027, (6th Cir. Sept. 12, 2016). In the case, the Plaintiffs alleged, among other claims, negligence and bailment; these claims were dismissed by the district court for lack of Article III standing. In alleging that they had suffered an injury in fact, the Plaintiffs alleged “a substantial risk of harm, coupled with reasonably incurred mitigation costs.” Id. at 3. In holding that this was sufficient to establish Article III standing at the pleading stage, the Galaria court found the inference made by the Remijas court to be persuasive, stating that “[w]here a data breach targets personal information, a reasonable inference can be drawn that the hackers will use the victims’ data for the fraudulent purposes alleged in Plaintiffs’ complaints.” Moving forward, it will be intriguing to watch how Federal Circuits who have not faced this issue, like the 6th circuit before deciding Galaria, rule on this issue and whether, if the 3rd Circuit keeps its current reasoning, this issue will eventually make its way to the Supreme Court of the United States.