In an order released last week, the Eleventh Circuit temporarily delayed enforcement of the Federal Trade Commission’s (FTC) order in the LabMD case.  As we reported earlier, the FTC ruled in July that LabMD’s data security practices violated the FTC Act, clarifying and expanding upon the FTC’s authority to regulate corporate data security practices.  After the FTC denied LabMD’s request for a stay, the company appealed to the Eleventh Circuit, which granted the stay in a unanimous decision.

The Eleventh Circuit noted that the case turns upon whether the FTC’s interpretation of the FTC Act is reasonable, and found that “there are compelling reasons why the FTC’s interpretation may not be reasonable.” The court found that LabMD had established the requisite likelihood of success on the merits, citing two statutory interpretation arguments.  First, the court doubted that the FTC Act encompasses intangible harms like those at issue in this case.  Second, the court found that the FTC’s interpretation of “likely to cause” substantial injury to consumers to mean “significant risk” (as opposed to “probable”) was not reasonable.

Turning to the other elements of a stay pending appeal, the Eleventh Circuit found that complying with the FTC’s Order would cause LabMD irreparable harm given its financial situation, that there would be no substantial injury to other parties given that LabMD is no longer operating, and that the public interest factor was neutral.  Although the appeal will now proceed on the merits, the court’s grant of the stay suggests that the Eleventh Circuit may be receptive to LabMD’s arguments for reversal of the FTC’s Order.