A Holiday Wish List for Privacy Litigators
As we speed past Thanksgiving and enter the holiday season, kids shouldn’t be the only ones putting together their wish lists. Here are some things that might not fit under a tree, but would certainly fill us with the joy of the season.
1. End to litigation over fax opt-out notices. The FCC already gave the defense bar an early gift when it issued its order on November 14, 2018, formally establishing that faxes sent with a customer’s consent do not need to have an opt-out notice under the TCPA. Although this may have been an inevitable result following the D.C. Circuit’s ruling in Bais Yaakov of Spring Valley, et al. v. FCC, the order eliminates any argument by plaintiffs that the FCC has not interpreted this issue following the Bais Yaakov ruling. Plaintiffs’ lawyers may still try various avenues to challenge this rule (including by arguing that the order was not subject to appropriate notice and comment) but for now, reason has prevailed. Although unsolicited faxes still require detailed opt-out notices, unwitting businesses can no longer be tricked into liability by sending a fax without an opt-out request to an individual who requests it.
2. “Harm” standard for BIPA claims. The Illinois Supreme Court is currently mulling a case that could redefine the state’s Biometric Information Privacy Act (BIPA), which has drawn significant interest from plaintiffs’ attorneys nationwide over the last decade. Last week, the Illinois Supreme Court heard arguments in Rosenbach v. Six Flags Entertainment Corp., where defendant Six Flags is arguing that it should not be held liable under BIPA when the plaintiff is unable to demonstrate harm. The lower court found last year that “[a]lleging only technical violations of the notice and consent provisions of the statute, as plaintiff did here, does not equate to alleging an adverse effect or harm.” Rosenbach v. Six Flags Entertainment Corp., 2017 IL App (2d) 170317, ¶¶ 23, 28 (Ill. App. 2d Dist. Dec. 21, 2017). Defense lawyers should be hoping that this ruling will be upheld. But the reports from last week’s oral argument do not seem promising, as several of the justices appeared skeptical of Six Flags’ argument. We may need some holiday magic to make this wish come true.
3. Reasonable interpretation of Hobbs Act deference. Those lawyers looking for the gift that keeps on giving should turn their attention toward the Supreme Court in the new year. Earlier this month, the Supreme Court announced that it has granted cert in a TCPA case that will present important questions on the scope of deference under the Hobbs Act. In Carlton & Harris Chiropractic, Inc. v. PDR Network, LLC, 883 F.3d 459 (4th Cir. 2018), the Fourth Circuit held that faxes promoting goods and services—even for “free”—are advertisements under the TCPA. In so doing, the court relied on a 2006 FCC Order finding that “facsimile messages that promote goods or services even at no cost . . . are unsolicited advertisements under the TCPA’s definition.” See Rules and Regulations Implementing the Tel. Consumer Prot. Act of 1991; Junk Fax Prevention Act of 2005, 71 Fed. Reg. 25,967, 25,973 (May 3, 2006). The Fourth Circuit held that, under the Hobbs Act, it was required to apply the 2006 FCC Order and find that the faxes at issue were advertisements. 883 F.3d at 469. This appears to be at odds with the standards in the Second, Sixth, Ninth and Eleventh Circuits, which all require a commercial nexus that goes beyond the requirements of the 2006 FCC Order before a fax promoting free goods or services can be considered an advertisement. The Supreme Court has limited its review to the question of whether the lower court was required to defer to the FCC’s interpretation. The resolution of this issue could have a wide-ranging impact on how TCPA cases are litigated.
4. Nationwide data breach notification standard. Is a nationwide data breach notification statute finally on the horizon? Almost certainly not. But we can always hope—isn’t that what the holiday season is all about? The last bill to gain much traction was the Data Acquisition and Technology Accountability and Security Act, which made some headway earlier this year before it ran up against objections from state attorneys general. So, short of a holiday miracle, it looks like this is one wish that is unlikely to be fulfilled. Perhaps we should just ask for the latest 50-state survey instead?