InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
State appeals court says electronic bank statement constituted notice of new terms
On May 4, the Colorado Court of Appeals held that a plaintiff had constructive notice of updated terms and conditions in her membership agreement with a defendant credit union, which included an arbitration agreement with an opt-out provision. Plaintiff entered into a finance agreement with an auto dealer, which assigned the agreement to the defendant. To complete the assignment, the plaintiff opened a savings account and signed an agreement, in which she consented to receiving and accepting statements, notices, and disclosures electronically. A few years later, the defendant updated its membership agreement’s terms to include the arbitration provision and sent notices to members with their monthly bank statements. Plaintiff received an email with information about the updates and was given an opportunity to opt-out of the arbitration provision in writing within 30 days. Records show that the plaintiff received the email but did not open it. Defendant filed a motion to dismiss plaintiff’s class action complaint and compel arbitration, but the district court concluded that the plaintiff did not have actual or constructive notice of the arbitration agreement. In reversing the district court’s ruling, the Court of Appeals wrote “we do not deem the notice as being buried or hidden in [defendant’s] email, or the surrounding information as cluttering the screen to the extent that a reasonable person would be distracted from the important notice about the ‘updated ... Membership and Account Agreement.’” The Court of Appeals also disagreed with plaintiff’s argument that her “express and affirmative consent” was required for the defendant to add the arbitration provision to the terms, stating that “[u]nder the totality of the circumstances, [plaintiff] is deemed to have assented to the addition of the arbitration agreement” as she was constructively notified of the change, did not exercise her right to opt out, and continued to use her account.
While concurring with the majority, one of the judges questioned whether the “current ‘reasonable person’ standard that courts use for constructive notice is outdated given the economic realities of the digital age.” The judge asked whether the monthly bank statement has “significantly diminished in importance” or is becoming obsolete since consumers are able to check bank account balances and transactions “at any time and from any location.”
District Court dismisses FTC’s privacy claims in geolocation action
On May 4, the U.S. District Court for the District of Ohio issued two separate rulings in a pair of related disputes between the FTC and a data broker. The disputes center around accusations made by the FTC last August that the data broker violated Section 5 of the FTC Act by unfairly selling precise geolocation data from hundreds of millions of mobile devices which can be used to trace individuals’ movements to and from sensitive locations (covered by InfoBytes here). The FTC sought a permanent injunction to stop the data broker’s practices, as well as additional relief. The data broker, upon learning that the FTC planned to filed a lawsuit against it, filed a preemptive lawsuit challenging the agency’s authority.
The court first dismissed the data broker’s preemptive bid to block the FTC’s enforcement action, ruling that the data broker has not identified any “viable cause of action” to support its request for injunctive relief. The court explained that injunctive relief is a “drastic remedy” that is only available if no other legal remedy is available. However, the data broker possesses an “adequate remedy at law,” the court said, “because it can seek dismissal of, and otherwise directly defend against, the FTC’s enforcement action.”
With respect to the FTC’s action, the court granted the data broker’s motion to dismiss the FTC’s complaint, but gave the agency leave to amend. The court agreed with the data broker that the FTC’s complaint lacks sufficient allegations to support its unfairness claim under Section 5 of the FTC Act. While the court disagreed with the data broker’s assertion that it did not have “fair notice that its sale of geolocation data without restrictions near sensitive locations could violate Section 5(a) of the FTC Act” or that the FTC had to allege a predicate violation of law or policy to state a claim, the court determined that the FTC failed to adequately allege that the data broker’s practices created “a ‘significant risk’ of concrete harm.” Moreover, the court found that “the purported privacy intrusion is not severe enough to constitute ‘substantial injury’ under Section 5(n).” The court noted, however that some of the deficiencies may be cured through additional factual allegations in an amended complaint.
EU court says non-material damages in unlawful data processing may be eligible for compensation
On May 4, the Court of Justice of the European Union (CJEU) issued a judgment concluding that while not every infringement of the EU’s data protection law gives rise, by itself, to a right to compensation, non-material damage resulting from unlawful processing of data can be eligible for compensation. The CJEU reviewed questions posed by the Austrian Supreme Court on whether a mere infringement of the GDPR is sufficient to confer the right to compensation for individuals suffering non-material damages, and whether such compensation is possible only if the non-material damage suffered reaches a certain degree of seriousness. The Austrian Supreme Court also asked the CJEU to clarify what the EU-law requirements are when determining the amount of damages.
The CJEU clarified that the General Data Protection Regulation (GDPR) does not set thresholds for the “seriousness” of damages needed to confer a right to compensation. “[I]t is clear that the right to compensation provided for by the GDPR is subject to three cumulative conditions: infringement of the GDPR, material or non-material damage resulting from that infringement and a causal link between the damage and the infringement,” the court said in the announcement. Limiting the right to compensation to non-material damage that reaches a certain threshold requirement would be contrary to the broad conception of “damage” outlined in EU law, the CJEU explained, pointing out that obtaining compensation based on a certain threshold would result in different outcomes depending on a court’s assessment. Moreover, the CJEU emphasized that because the GDPR does not contain any rules governing the assessment of damages, it is up to the each member state’s legal system to prescribe detailed rules for actions intended to safeguard individual’s rights under the GDPR, as well as the criteria for determining the amount of compensation, provided the determination complies with the principles of equivalence and effectiveness. The CJEU explained in its ruling that “an infringement of the GDPR does not necessarily result in damage, and [] that there must be a causal link between the infringement in question and the damage suffered by the data subject in order to establish a right to compensation.”
ID verifier to pay $28.5 million to settle BIPA allegations
On May 5, the U.S. District Court for the Northern District of Illinois preliminarily approved an amended class action settlement in which an identification verification service provider agreed to pay $28.5 million to settle allegations that it violated the Illinois Biometric Information Privacy Act (BIPA). According to the plaintiffs, the defendant collected, stored, and or used class members’ biometric data without authorization when they uploaded photos and state IDs on a mobile app belonging to one of the defendant’s customers. After the court denied the defendant’s move to compel arbitration and determined the plaintiff had standing to pursue his BIPA claims, the parties entered into settlement discussions without the defendant admitting any allegations or liability. The court certified two classes: (i) Illinois residents who uploaded photos to the defendant through the app or website of a financial institution (class members will receive $15.7 million); and (ii) Illinois residents who uploaded photos through a non-financial institution (class members will receive $12.8 million). A final approval hearing will determine attorney’s fees and expenses and incentive awards.
11th Circuit: ECOA anti-discrimination provision against requiring spousal signature does not apply to defaulted mortgage during loan modification offer
On April 27, the U.S. Court of Appeals for the Eleventh Circuit affirmed a lower court’s decision to enter judgment in favor of a defendant national bank following a bench trial related to claims arising from foreclosure proceedings on the plaintiff’s home. The plaintiff executed a promissory note secured by a mortgage signed by both the plaintiff and her husband. After the borrowers defaulted on the mortgage, the defendant filed a foreclosure action and approved the plaintiff for a streamlined loan modification while the foreclosure action was pending. One of the conditions of the streamlined loan modification was that the plaintiff had to make required trial period plan payments and submit signed copies of the loan modification agreement within 14 days. Both individuals were expressly required to sign the modification agreement as borrowers on the mortgage. However, should one of the borrowers not sign, the bank required documentation as to why the signature is not required, as well as a recorded quit claim deed and a divorce decree. The plaintiff acknowledged that she refused to return a fully signed loan modification agreement or provide alternative supporting documentation, and during trial, both individuals admitted that the husband refused to sign. The borrowers eventually consented to final judgment in the foreclosure action and the property was sold.
The plaintiff then brought claims under ECOA and RESPA. The district court granted summary judgment to the defendant on the ECOA discrimination claim and the RESPA claim. After a bench trial on the ECOA notice claim, the district court determined that because the defendant gave proper notice to the plaintiff as required by ECOA (i.e., she was provided required written notices within 30 days after being verbally informed that her modification agreement was not properly completed), plaintiff’s claim failed on the merits.
On appeal, plaintiff argued, among other things, that the district court erred in granting summary judgment in favor of the defendant on her ECOA discrimination claim. The 11th Circuit explained that under ECOA it is unlawful for a creditor to discriminate against an applicant on the basis of marital status. However, ECOA and Regulation B also establish “exceptions for actions that are not considered discrimination, including when a creditor may require a spouse’s signature,” and include additional exceptions to creditor conduct constituting “adverse action” (i.e. “any action or forbearance taken with respect to an account that is delinquent or in default is not adverse action”). The appellate court held that because the plaintiff had defaulted on the mortgage at the time the loan modification was offered, ECOA and Regulation B’s anti-discrimination provision against requiring spousal signatures did not apply to her. Moreover, even if the provision was applicable in this instance, the appellate court held that “the district court correctly concluded that it was reasonable for [defendant] to require either [plaintiff’s] signature or a divorce decree in light of Florida’s homestead laws,” and that such a requirement does not constitute discrimination under ECOA.
As to the notice claim, the appellate court found no error in the district court’s conclusion that the defendant had satisfied applicable notice requirements by timely sending a letter to the plaintiff that (i) specified the information needed from the plaintiff; (ii) designated a reasonable amount of time within which to provide the information; and (iii) informed the plaintiff that failure to do so would result in cancellation of the modification. This letter satisfied the “notice of incompleteness” requirements of 12 C.F.R. § 202.9(c)(2).
2nd Circuit addresses preclusion standard in dismissal of RMBS actions
On April 26, the U.S. Court of Appeals for the Second Circuit upheld the dismissal of three residential mortgage-backed securities lawsuits tied to losses incurred during the 2008 financial crisis. The plaintiffs, issuers of collateralized debt obligations secured by RMBS certificates, sued several trust entities in separate lawsuits over the losses. According to the opinion, the district courts in each action assumed the plaintiffs had Article III standing but determined that they “were precluded from relitigating the issue of prudential standing” due to a related case they had previously brought against a different bank.
The 2nd Circuit explained that the district court in the related case had determined that the plaintiffs lacked standing because they had “conveyed all right, title, and interest in the RMBS certificates”—including the full power to file lawsuits—to third parties when issuing their notes, which were secured by certificates in RMBS trusts, among other assets. Following the decision, the third parties reassigned the litigation rights associated with the RMBS certificates back to the plaintiffs, but the court granted summary judgment in favor of the bank, holding that the plaintiffs lacked both Article III and prudential standing. The 2nd Circuit “affirmed on the ground that the assignments were champertous and that [p]laintiffs thus lacked prudential standing,” assuming but not deciding the issue of Article III standing.
With respect to the current lawsuits, the district court premised its dismissal on the finding that the plaintiffs were precluded from relitigating the issue of prudential standing by the holding in the related action. “In resolving an issue of first impression in this Circuit, we join the [9th] Circuit in concluding that the district courts permissibly bypassed the question of Article III standing to address issue preclusion, which offered a threshold, non-merits basis for dismissal,” the appellate court wrote. “In short, we fully agree with the district courts that [p]laintiffs were not entitled to a second bite at the prudential-standing apple after the [related] action. The district courts therefore did not err in taking this straightforward, if not ‘textbook,’ path to dismissal.”
FTC, Pennsylvania ban debt collection operation
On April 26, the FTC and the Commonwealth of Pennsylvania announced that the U.S. District Court for the Eastern District of Pennsylvania recently entered an order permanently banning a debt collection firm and two associated individuals from the industry. The FTC and Pennsylvania sued the defendants in 2020 for their involvement in a telemarketing operation that allegedly misrepresented “no obligation” trial offers to organizations and then enrolled recipients in subscriptions for several hundred dollars without their consent (covered by InfoBytes here). The complaint charged the defendants with violating the FTC Act by, among other things, illegally threatening the organizations if they did not pay for the unordered subscriptions and claimed the debt collection firm handled collections nationwide despite not having a valid corporate registration in any state and only being licensed to collect debt in Washington State. In addition to permanently enjoining the defendants from participating in the debt collection industry (whether directly or through an intermediary), the court order requires the defendants’ continued cooperation as the case proceeds against the other defendants.
Texas bankers seek to invalidate CFPB’s small business lending rule
On April 26, plaintiffs, including a Texas banking association, sued the CFPB, challenging the agency’s final rule on the collection of small business lending data. As previously covered by InfoBytes, last month, the Bureau released its final rule implementing Section 1071 of the Dodd-Frank Act, which requires financial institutions to collect and provide to the Bureau data on lending to small businesses with gross revenue under $5 million in their last fiscal year. According to the Bureau, the final rule is intended to foster transparency and accountability by requiring financial institutions—both traditional banks and credit unions, as well as non-banks—to collect and disclose data about small business loan recipients’ race, ethnicity, and gender, as well as geographic information, lending decisions, and credit pricing.
The plaintiffs’ goal of invalidating the final rule is premised on the argument that it will drive from the market smaller lenders who are not able to effectively comply with the final rule’s “burdensome and overreaching reporting requirements” and decrease the availability of products to customers, including minority and women-owned small businesses. Plaintiffs argued that the Bureau “took the original three pages of legislation and the 13 reporting data points required by [Dodd-Frank] and turned them into almost 900 pages of rulemaking—a new [f]inal [r]ule that requires banks to develop and implement new software and compliance mechanisms to comply with over 80 reporting requirements that have been exponentially grown by the CFPB since the Act requiring this [r]ule was passed.”
The plaintiffs further pointed to a decision issued by the U.S. Court of Appeals for the Fifth Circuit in Community Financial Services Association of America v. Consumer Financial Protection Bureau, where the court found that the CFPB’s “perpetual self-directed, double-insulated funding structure” violated the Constitution’s Appropriations Clause (covered by InfoBytes here and a firm article here), as justification for why the final rule should be set aside. The plaintiffs also pointed out certain aspects of the final rule that allegedly violate various requirements of the Administrative Procedure Act, and claimed that a recent data breach involving sensitive information on numerous financial institutions and consumers indicates that the agency is unprepared “to adequately assess the security and privacy impacts of its massive § 1071 data collection on small businesses.” The complaint seeks a court order finding the final rule to have been premised on the same unconstitutional grounds as found in CFSA, preliminary and permanent injunctions to set aside the final rule, and attorney fees and costs.
CFPB says furnishers’ investigative duties include legal disputes
On April 20, the CFPB filed an amicus brief in a case before the U.S. Court of Appeals for the Eleventh Circuit arguing that the duty to investigate a consumer’s credit dispute applies not only to factual disputes but also to disputes that can be labeled as legal in nature. The plaintiffs entered into a timeshare agreement with the defendant hotel chain and made monthly payments for nearly two years but then stopped. The plaintiffs disputed the validity of, and attempted to rescind, the agreement. The defendant did not agree to the rescission and continued to record the deed under the plaintiffs’ names. The plaintiffs later obtained copies of their credit reports, which showed past-due balances with the defendant, and subsequently submitted letters to a credit reporting agency (CRA) disputing the credit reporting. After the defendant certified the information was accurate, the plaintiffs sued the defendant and the CRA alleging that the defendant violated the FCRA by failing to conduct a proper investigation. The defendant moved for summary judgment, arguing that the issue of whether the debt is owed—the basis of the plaintiffs’ FCRA claim—constitutes a legal dispute and is not a factual inaccuracy. The defendant further maintained that there was no legal error because the plaintiffs owed the money as a matter of law. Last December, the U.S. District Court for the Middle District of Florida granted partial summary judgment in favor the defendant after concluding, among other things, that because the plaintiffs’ dispute centered on the legal validity of their debt, rather than a factual inaccuracy, the investigation requirement was not triggered and the claim was “not actionable under the FCRA.”
The Bureau argued in favor of the plaintiffs-appellants. According to the Bureau, the district court “unduly narrow[ed] the scope of a furnisher’s obligations by holding that furnishers categorically need not investigate indirect disputes involving ‘legal’ inaccuracies.” This position, the Bureau maintained, contradicts the purpose of the FCRA’s requirement to conduct a reasonable investigation of consumer disputes and “could reduce the incentive of furnishers to resolve ‘legal’ disputes, and, in turn, could increase the volume of consumer complaints about credit reporting issues that the Bureau receives and devotes resources to address.”
Explaining that the FCRA does not distinguish between legal and factual disputes, the Bureau stated that the district court’s conclusion “is not supported by the statute, risks exposing consumers to more inaccurate credit reporting, conflicts with the decision of another circuit, and undercuts the remedial purpose of the FCRA.” The Bureau presented several arguments to support its position, including that a reasonable investigation is required under the FCRA, and that while the reasonableness of an investigation is case specific, it “can be evaluated by how thoroughly the furnisher investigated the dispute (e.g., how well its conclusion is supported by the information it considered or reasonably could have considered).”
The Bureau also claimed that the Congress did not intend to exclude disputes that involve legal questions. “[M]any inaccurate representations pertaining to an individual’s debt obligations arguably could be characterized as legal inaccuracies, given that determining the truth or falsity of the representation could require the reading of a contract,” the Bureau wrote. Moreover, an “atextual exception for legal inaccuracies will create a loophole that could swallow the reasonable investigation rule,” the Bureau stressed. The agency urged the court to “reject a formal distinction between factual and legal investigations because it will likely prove unworkable in practice” and said that allowing such a distinction would “curtail the reach of the FCRA’s investigation requirement in a way that runs counter to the purpose of the provision to require meaningful investigation to ensure accuracy on credit reports.”
As previously covered by InfoBytes, the CFPB and the FTC filed an amicus brief presenting the same arguments last December in a different FCRA case on appeal to the 11th Circuit involving the same defendant.
District Court won’t stay CFPB litigation with credit reporter
On April 13, the U.S. District Court for the Northern District of Illinois denied a credit reporting agency’s (CRA) bid to stay litigation filed by the CFPB alleging deceptive practices related to the marketing and sale of credit scores, credit reports, and credit-monitoring products to consumers. The Bureau sued the CRA and one of its former senior executives last April (covered by InfoBytes here), claiming the defendants allegedly violated a 2017 consent order by continuing to engage in “digital dark patterns” that caused consumers seeking free credit scores to unknowingly sign up for a credit monitoring service with recurring monthly charges.
The CRA requested a stay while the U.S. Supreme Court considers whether the Bureau’s funding mechanism is unconstitutional. Earlier this year, the Court agreed to review next term the 5th Circuit’s decision in Community Financial Services Association of America v. Consumer Financial Protection Bureau, where it found that the CFPB’s “perpetual self-directed, double-insulated funding structure” violated the Constitution’s Appropriations Clause. (Covered by InfoBytes here and a firm article here.) While acknowledging that a ruling against the Bureau may result in the dismissal of the action against the CRA, the court concurred with the Bureau that consumers may be exposed to harm during a stay. “Were I to grant the requested stay, it could last more than one year, depending on when the Supreme Court issues its opinion,” the court wrote. “In that time, if the Bureau’s allegations bear out, consumers will continue to suffer harm because of defendants’ unlawful conduct. That potential cost is too great to outweigh the resource preserving benefits a stay would confer.”