Consumer Protection

New York AG Demands Fantasy Sports Websites Give Back Money

  • New York AG Eric Schneiderman has amended his lawsuit against prominent daily fantasy sports gaming sites FanDuel, Inc. and DraftKings, Inc., this time asking the court to order them to return all the money collected from New York State consumers, and to pay a fine of up to $5000 per player. With approximately 600,000 New York based daily fantasy sports consumers, paying an estimated $200 million in entry fees in 2015, the monetary implications of the AG's amended complaint could exceed $3 billion.
  • In the amended complaint, AG Schneiderman expands on the deceptive practices arguments from the initial complaint (as opposed to the illegal gambling arguments), emphasizing allegations that the websites misrepresent the amounts won and the likelihood of winning. The AG also claims that the sites employ "incentive advertising" where a consumer must spend additional money in order to fully gain access to current winnings and bonuses. In contrast, authorities in Illinois and Nevada have recently ruled that daily fantasy sports fall under their state's definition of gambling (with less emphasis on deceptive practices).
  • The New York AG had been granted a temporary injunction blocking the operation of FanDuel and DraftKings on December 11. But on the same day, a New York appeals court granted a stay of that injunction, allowing the websites to continue operations pending a January hearing.

FTC Slows Fast Cash From Online Tribal Lenders

  • The Federal Trade Commission (FTC) voted 4-0 to approve settlement agreements with Red Cedar Services Inc. and SFS Inc., doing business online as 500 Fast Cash and One Click Cash respectively. The FTC had alleged that the online lenders violated the Truth in Lending Act and the Electronic Funds Transfer Act, and had committed deceptive practices under the FTC Act when enticing consumers to take out short-term loans online.
  • The complaint alleged that Red Cedar and SFS charged undisclosed and inflated fees on the short-term ("payday") loans offered, and threatened consumers with arrest or prosecution if they failed to pay the additional undisclosed fees. In addition, the FTC alleged that the lenders conditioned the loan on consumers' consent to preauthorize electronic fund transfers, and assessed multiple finance charges for accessing the consumers' accounts to make payment.
  • The lawsuit was filed in federal court for the District of Nevada and involved tribal entities from Oklahoma (e.g., Red Cedar) and Nebraska (SFS). The FTC cleared a key procedural hurdle in 2014 when District Judge Gloria Navarro ruled that the FTC has jurisdiction to sue tribal entities in federal court for deceptive practices under Section 5 of the FTC Act. The tribal entities had claimed immunity.
  • The final orders require Red Cedar and SFS to each pay $2.2 million as equitable monetary relief and to extinguish all consumer debts issued prior to December 2012, the latter contributing to an overall estimated value of $353 million. It also requires the lenders to accurately disclose the total amount a consumer will owe when initiating a payday loan, including the interest rates, finance charges, and any prepayment penalties.

FTC Shines Light on Brain Training

  • The FTC settled claims against Lumos Labs, Inc., doing business online as Lumosity, for alleged violations of the FTC Act in connection to marketing "brain training" software. The Commissioners voted 4-0 to approve the final order, with Commissioner Brill offering a concurring statement emphasizing the need for "rigorous, scientific support" for advertising claims related to improving consumers' health.
  • The complaint alleged that Lumosity "preyed on consumers' fears about age-related cognitive decline" to sell subscription access to a series of online games that it claimed would improve consumers' mental performance on everyday tasks; delay cognitive decline; and reduce impairment associated with strokes, PTSD, ADHD, etc. The FTC argued that Lumosity's claims were deceptive under the FTC Act because they relied on false proofs and misleading testimonials, or were made without proper scientific substantiation.
  • The proposed final order imposes a $50 million judgment on Lumosity, of which all but $2 million is suspended based on the company's financial statements and ability to pay. It requires the company to send emails to customers who had auto-renew subscriptions, offering a copy of the final order and a link to cancel. It also requires Lumosity to provide the FTC a list of its customers over a five-year period ending on December 31, 2014.

Data Privacy

New York AG and Uber Agree to Limit Access to God

  • New York AG Eric Schneiderman reached a settlement with Uber over allegations that the private car-for-hire company insecurely stored user and driver data and permitted company executives and staff to access rider information—including a map that tracked a rider's current location—through a portal referred to as "God View."
  • The investigation into the use of customer geolocation information is rumored to have originated when a reporter indicated that an Uber executive had tracked her without her permission and emailed her "logs" that described her rides in Uber cars.
  • Under the assurance of discontinuance, Uber agreed to encrypt rider geolocation and other sensitive rider information, and to adopt a multifactor authentication protocol for accessing it. Uber also agreed to limit access to the God View portal to designated company executives with a legitimate business objective. In addition, Uber agreed to pay a $20,000 fine for failing to provide notice to the AG regarding a 2014 data breach.

FTC Drills Through Dental Software Provider's Encryption Claims

  • The FTC reached an agreement with Henry Schein Practice Solutions, Inc. to resolve claims that the provider of dental office management software falsely claimed to offer industry-standard encryption that met regulatory requirements under the Health Insurance Portability and Accountability Act.
  • The administrative complaint alleged that Schein knowingly offered software that used a less complex form of encryption to protect patient personal information when compared to the "Advanced Encryption Standard," represented by the National Institute of Standards and Technology (NIST) to be the industry standard. In addition, the FTC alleged that Schein continued to market its software as "encrypted" even after NIST published a vulnerability alert specifically identifying the encryption standard used by Schein's software as "weak."
  • This resolution marks the first time the FTC has imposed monetary penalties for advertisements specifically related to data security. The consent order—which is subject to public comment for 30 days—requires Schein to pay $250,000 in consumer redress, cease making misleading statements about the strength of its data protection, and notify customers within 60 days if the "encrypted" software currently offered uses a weaker encryption standard than what is recommended by NIST.


DOJ Seeks $48 Billion From Volkswagen

  • The U.S. Department of Justice filed a lawsuit against Volkswagen AG; Audi AG; Volkswagen Group of America, Inc.; Porsche AG; and Porsche Cars North America, Inc. (collectively, VW), alleging that the carmaker violated the U.S. Clean Air Act by installing "defeat devices" to hide the actual amount of nitrogen oxide (NOx) emissions generated by the claimed clean diesel engines.
  • The claims center around four separate types of alleged violations Clean Air Act:

    • VW sold vehicles with false certificates of conformity with U.S. regulations;
    • VW sold vehicles that contained defeat devices;
    • VW tampered with emissions control systems; and
    • VW failed to disclose the presence of devices that could alter the performance of the emissions control system under certain conditions.
  • The complaint seeks civil penalties up to $32,500 for each violation prior to January 2009, and $37,500 for each violation thereafter. When applied to the indicated 600,000 vehicles, the combined penalties sought add up to $48 billion—significantly greater than the previous estimate of $18 billion. The DOJ is also seeking various forms of injunctive relief, including mitigation of current excess NOx emissions and prevention of future defeat devices.

Other Regulatory Issues

New Year, New Dietary Guidelines

  • The U.S. Department of Health and Human Services has put out the 2015–2020 Dietary Guidelines for Americans, offering five "overarching guidelines" and some specific recommendations for healthy eating.
  • The issue is not without controversy, and in this case led to a Congressional hearing in December. On certain topics, like the role of cholesterol (the warning against it was dropped in this edition) and whether red meat is healthy in any amount (the rumored recommendation against eating red meat did not materialize), the Guidelines pit different sectors of the economy against others.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.