Posts Tagged ‘State AGs’

CWAG Panel touches on the challenges of Privacy 3.0

Yesterday, the Conference of Western Attorneys General (“CWAG”) hosted a superb panel entitled “Privacy 3.0 – Emerging Enforcement & Policy Issues” at their annual meeting in Santa Fe, NM.  Featured on the panel were FTC Commissioner Julie Brill, Assistant AG Shannon Smith of the Washington Attorney General’s Office, Professor Chris Hoofnagle of UC Berkeley Law School and Professor Paul Ohm of the University of Colorado’s Law School.

The panelists discussed the enforcement approach to privacy and data security in the 1.0 (notice and choice) and 2.0 (harm-based analysis) eras – and how this approach may need to change in the current age given continuing challenges: the emergence of scholarship showing that “anonymization” is a fallacy, the continuing struggle to create clarity around key terms used in privacy, and the need to educate consumers about basic privacy concepts.  The panel also discussed the States’ approach to some of these developments – such as the Massachusetts data law.

You can view the full webcast on CWAG’s site.

Disclosure: I worked with CWAG to help pull this panel together.


Unintended Consequences? The Multistate Case Against Craigslist

Yesterday’s news about a Connecticut subpoena issued to Craigslist reminds us that sometimes, actions may have unintended consequences.

In November 2008, Craigslist negotiated a groundbreaking settlement with 43 states led by Connecticut AG Dick Blumenthal, concerning illegal use of its online listing services.  Specifically, Craigslist agreed to wall off the “erotic services” or adult ads section of its site and implement the appropriate age-verification procedures (via credit card).  Then, going a very charitable step further, Craigslist also agreed to donate 100% of its net revenue from the adult area of its site to charity, (and have that net revenue verified by an external auditor as part of the process).

Fast forward to May 2010, and it’s déjà vu all over again. Led by Connecticut, a group of 39 states is investigating the prevalence of prostitution ads on Craigslist, claiming that the site is earning “huge profits” from the sale of such ads.   According to a detailed subpoena issued to Craigslist yesterday the multistate group is “seeking evidence that the company is fulfilling its public promise to fight advertisements for prostitution and other illegal activity.”

Ironically, the age and credit card verification procedures Craiglist was required to implement for its adult only section in 2008 has boosted growth of this section.  According to the multistate group, Craiglist now makes over $36 million from hosting “adult and possibly illegal ads.”

The allegations – that the company may be withholding substantial amounts of money from charities – seem a bit disjointed.  This is Craigslist – a company that has always emphasized free over profit and has yet to fully exploit its enormous streams of traffic. Even though he knows that an IPO would make him a billionaire, Craiglist founder Craig Newmark refuses to take the company public.  Remember that unflattering article in Wired last August?  Clearly, this is a company that appears indifferent to income.

And yet, reading the subpoena requests (some of which are reproduced in the CT AGO’s press release) it is clear that the States are pursuing a theory that Craigslist is reneging on its settlement promise, and not donating all of the profits from its adult ad sales to charity.  I hope their allegations do not have an unintended consequence.  The damage to Craigslist reputation within its ecosystem – especially if these allegations are proven false – could prove particularly costly.

Today at the ABA: State AG Advertising Actions

April 21, 2010 Leave a comment

Greetings from the ABA’s Spring Antitrust Meeting in Washington DC!

The day started with a truly informative session on state Attorney General enforcement actions in the area of deceptive and unfair advertising.  The session was moderated by Kevin O’Connor of Godfrey & Kahn (formerly with the Wisconsin AG’s office), and included the following panelists:

  • William Brauch, Director, Consumer Protection Division, Iowa Attorney General’s Office
  • Patricia A. Conners, Associate Deputy Attorney General, Florida Attorney General’s Office
  • Robert M. Langer, Wiggin and Dana LLP
  • Paul L. Singer, Assistant Attorney General, Consumer Protection and Public Health Division, Texas Attorney General’s Office

The panel discussion touched on a number of procedural and substantive questions about this emerging area of state AG enforcement.

What types of deceptive or unfair advertising actions are state AG offices initiating? Since 2008, the States have brought and settled numerous actions for deceptive and unfair advertising violations – individually, as multi-states, and in coordination with the FTC. These include:

  • Off-label marketing – Multistate action against Eli Lilly for Zyprexa, led by Iowa AGO
  • Deceptive promotion & marketing – Multistate action against Pfizer, led by Oregon AGO
  • Deceptive advertising – Multistate action against Michelin, led by Kentucky AGO
  • Deceptive advertising – Joint action and settlement involving 35 states and the FTC against Lifelock

In the wake of the recession, the States are particularly focused on debt management programs and healthcare marketing; they are also keeping an eye on retailer marketing practices, especially towards children, and have also submitted comments to the FTC on negative option marketing practices. Clearly, AG enforcement in this area is not limited to any one industry or type of advertising/marketing activity.  Instead, state AG offices are looking closely at any instance where consumers are relying on deceptive or unfair representations made by companies about products and services.  And now, more than ever, they are working in close contact with both other state AG offices and the FTC, a trend that the panelists said is likely to continue.

How does a state AG office investigate and develop advertising actions? Consumer complaints are often a starting point for these investigations, and most states now accept complaints electronically (although online comments often lack requisite specificity).  According to Paul Singer of Texas, a common misconception is that there must be a certain number of complaints for a state to act.  Instead, States do their own research first to determine the validity of such complaints before initiating an investigation.  For instance, Bill Brauch of Iowa noted that a lack of complaints did not prevent the States’ investigation and subsequent settlement with Ameriquest in 2006.

Another potential trigger for an AG investigation are competitor complaints.  Of course, the challenge here is not to appear too self-serving.  To successfully initiate an investigation in this manner, the panelists suggested that the complaint should be framed in terms of its impact on consumers (and perhaps competition), and not just the competitors’ business.  The AG’s office may pro-actively initiate an investigation – based on news reports, or on information shared by another AG offices or federal agency.

A key point here is that AG offices often seek to settle a complaint before bringing a lawsuit.  This is often due to resource constraints.  So it’s important for clients to cooperate with a state AG office in the event of an investigation.  An investigation will most likely begin with informal contacts, followed by the issuance of a subpoena or CID.  In many cases, it might actually be preferable to have a CID issued – to protect the confidentiality of the information being produced.

What statutory authority does an AG office have to bring advertising actions? Most states bring actions under their UDAP statutes; more than half the states have “little FTC” Acts, while others still apply the “capacity to deceive” or “credulous consumer” standard.  According to Bob Langer (formerly with the Connecticut AG’s office), there is little practical difference in how these two standards are applied when it comes to deception claims.

The statutory analysis gets a little more difficult with unfairness claims because of inconsistent application under different state laws of the FTC’s unfairness test.  Several states still apply the definition of unfairness that was articulated in the 1972 Supreme Court case of Sperry v. Hutchinson, i.e. is the practice injurious to consumers, violate established public policy or is it unethical or unscrupulous? Other states follow the current FTC test for unfairness that was articulated in the 1994 amendments to the FTC Act.  These amendments define an unfair act or practice as one that causes or is likely to cause substantial injury to consumers, is not reasonably avoidable and is not outweighed by countervailing benefits to consumers or competition.  An added complication is that not all states follow all prongs of either test.  This means that practitioners should carefully research the relevant state’s laws and case law – to determine how that state defines an unfairness claim.

According to Trish Conners of Florida, the statutory bases for state AG enforcement may be increasing. One recent example was found in the HiTech Act, which now allows state AGs to file for HIPAA violations.  Such expansions of state AG enforcement authority under federal consumer statutes may allow state AG offices to file consumer multi-state advertising actions more easily.

How does a state AG advertising action differ from one brought by private litigants? Probably the biggest difference comes in the area of remedies – the States’ primary objective is usually to stop the bad conduct and an AG lawsuit will most likely seek equitable remedies including injunctive relief, consumer restitution and disgorgement.   In contrast, private class action litigants are usually focused on obtaining damages.

State CPAs: Experiment or Risk to the Federal Scheme?

March 10, 2010 Leave a comment

It was Supreme Court Justice Louis Brandeis who first introduced us to the idea that experimentation by individual States – “in things social and economic” – might be a good thing. In his 1932 dissent of the majority’s decision in New State Ice Co. v. Liebman, he wrote:

“To stay experimentation in things social and economic is a grave responsibility .. [I]t is one of the happy incidents of the federal system that a single courageous state may, if its citizens choose, serve as a laboratory; and try novel social and economic experiments without risk to the rest of the country.”

Thus began one of the more enduring metaphors in modern federalism – state and local governments as “laboratories of democracy,” legislating innovative approaches to address the social and economic problems that confront their citizens (according to Wikipedia, the phrase “defines” our unique system of federalism).   Of course, this formulation of federalism has an important limitation – an individual state’s approach to a problem, no matter how innovative, cannot pose risks to the larger, federal scheme.  But what happens if a majority of states engage in experiments with a similar approach that no longer mirrors the federal scheme?

This is the intellectual tension that dominates the discussion around the efficacy of state consumer protection laws – as evidenced in this groundbreaking report analyzing private litigation under state consumer protection acts or “CPAs.”  The report, by the Civil Justice Institute at Northwestern Law’s Searle Center for Law, Regulation & Economic Growth, examines the differences between state consumer protection law (as interpreted by state courts), and the federal consumer protection standard (as applied by the FTC).  And it arrives at a startling conclusion: nearly 40% of the claims brought under state consumer protection laws between 2000 and 2007 would not constitute illegal conduct under federal or FTC standards.

The Searle report aims to answer an important question: why are there differences between consumer protection enforcement under CPAs vs. the FTC standard?  To answer this question, the report engages in a particularly rigorous analysis. Since this was the first time a comprehensive look of CPAs was being undertaken, an initial step was to gather the data from which to conduct the research.  An enormous database of over 17,000 federal and state appellate decisions issued between 2000 and 2007 was assembled; then a random sample of cases was “coded” using general characteristics of state consumer protection acts.  The results were reviewed by a “Shadow FTC” of individuals with “substantial” consumer protection and FTC experience, as well as a Consumer Protection Task Force, led by Professor Joshua Wright of George Mason University.

The report’s conclusions are quite remarkable:

  • Between 2000 and 2007, CPA litigation increased by 119% – a rate of increase that was higher than that of tort litigation during the same period.  Litigation was most active in states with “vague statutory definitions” of prohibited conduct, and in states whose statutes provide for expanded recoveries by consumers.
  • CPAs allow consumers to bring actions in state courts alleging conduct that would not be considered illegal under the FTC standards for consumer protection.  So, to the extent that CPAs are intended to be complements to FTC action, they “appear to overshoot the mark.”
  • The Shadow FTC found illegal conduct in only 22% of the randomly generated cases, and about 62% of the successful cases.  This means that based on the report’s random sampling, nearly 40% of actions brought under state CPAs did not allege conduct that would have been considered illegal under the FTC standard.
  • The Shadow FTC also found that only 12% of the randomly generated CPA cases and 23% of successful CPA cases would result in FTC enforcement.  This finding gives some support to the theory that CPAs allow litigants to file cases that approximate FTC enforcement actions, but might not warrant FTC resources.

Surprisingly, the report does not separate out actions brought by state Attorneys General from those brought by private class counsel.  Many state statutes empower the Attorney General or other state agency to investigate and bring actions based on CPA violations on behalf of state consumers. Attorneys General also have primary responsibility for enforcement of their states’ consumer protection law, and AG actions can differ considerably from private litigation brought by class counsel.  For these reasons, the report’s methodology should separate cases brought by AGs from those brought by private counsel.

In fact, I would urge the report’s authors to go a step further and differentiate between private individual actions and private class actions under CPAs.  Perhaps this could be a collaborative project between the Searle Civil Justice Institute and its sister effort, the Searle AG Education Program.   The revised data will better reveal a snapshot of general trends, e.g. whether most States follow a unified approach to address certain consumer protection violations in AG, class and private individual actions.  The exercise will also provide valuable insight into how best to harmonize state and federal consumer protection enforcement – a move that Justice Brandeis, with his commitment to progressive causes, would probably appreciate. In this way, the Searle report will be better able to assess the impact of state legislative “experiments” and determine if they are really a risk to national consumer protection efforts.

Are We Ready for Electronic Health Records?

January 26, 2010 1 comment

With health care reform fast fading from the national agenda, we can’t forget that one part of that reform – adoption of  electronic health care records (or EHRs) – is still alive and kicking.  In fact, there’s a huge push by the federal government to articulate standards around privacy and data security – especially for medical health information.  To give this push some oomph, the feds are giving out $19 billion worth of incentives to entities who adopt EHRs, a move that is funded by provisions of the “HITECH Act“ under the stimulus bill. Healthcare organizations will receive increased Medicare/Medicaid reimbursements if they adopt EHRs by 2015 – which is why we’ve seen a big boost in medical IT spending, with companies like GE providing financing for medical IT projects.

With so many companies jumping on this bandwagon, EHRs should provide a much-needed jolt to the tech sector while also giving patients more control over their medical information and treatment (both laudable goals).  And yet, many uncertainties remain surrounding the push to digitize medical health information (a recent investigative piece on EHR adoption by Huff Post highlights some of these concerns). An additional uncertainty arises from the increasingly complex regulatory web that has started to encircle the medical health information sector.

Under federal law, HIPAA – administered by Health & Human Services – protects personal health information held by healthcare organizations (known as covered entities). The stimulus bill extended HIPAA’s reach even further – to include the business associates of covered entities.  Put differently, a medical IT provider, working with a health care organization on their EHR adoption, could be liable for HIPPA violations (and should be thinking about compliance accordingly).  And while the old version of HIPAA provided for an affirmative defense, the new version does not – increasing penalties significantly, from $25,000 to $1.5 million (for willful violations that have been corrected).

The stimulus edits to HIPAA also give State Attorneys General the right to bring actions for HIPAA violations.   Earlier this month, AG Richard Blumenthal of Connecticut brought the first HIPAA action by a state AG against HealthNet, a Connecticut based insurer that allegedly waited 6 months to report the breach of private medical and financial information of 446,000 of its members. And in addition to HIPAA, state law also may apply — since many states include “medical information” in the definition of “personal information” under their data breach notification statutes.

The Federal Trade Commission also has a stake in the issue – along with HHS and the state AGs.  In fact, Congress has asked the FTC and HHS to study the issues around medical health data privacy and issue a joint report on their findings. Congress will then decide which of the two agencies has the resources and expertise to enforce the ensuing regulations.

The regulatory uncertainly and patchwork will lead to increased compliance costs – especially for entities operating in multiple jurisdictions.  But the bigger concern here is whether business is even ready to comply-  a recent study by the Ponemon Institute and Crowe Horvath LLP found that only 6% of the 77 companies surveyed were prepared to comply with the HITECH Act provisions.

EJ Dionne in Washington Post – Coakley-Brown race is too close to call

January 19, 2010 Leave a comment

Interesting perspective and recent update from EJ Dionne of the Washington Post on today’s special senate election in Massachusetts and the contest between state AG Martha Coakley (D) and state senator Scott Brown (R).

Categories: Elections 2010 Tags:

Google Wants to Buy Yelp – Are Regulators in Sync?

December 18, 2009 1 comment

Rumours that Google wants to acquire Yelp (for $1.5 billion) hit the blogosphere and newswaves earlier today. While local advertisers may be part of the attraction (Google’s Place Pages for maps, etc.), I think the bigger story here is how Google continues to fortify its social search assets.  A smart move as social networking – with its mines of user profile data – continues to grow in relevance for online advertisers.  Commentators, most notably Wired, have mused that Google’s real competitor is Facebook (it’s social, not relevant search that’s key).  If you take that view, this acquisition makes total sense. Yelp – with 9 million uniques and $30 million in revenue for 2009  -is growing at a rate of 80%, while that same number for Citysearch, its nearest competitor, is around zero.  Yelp is an important acquisition for Google, as it builds its social search platform to compete with Facebook and others for online ad dollars.

The interesting question here is how regulators will view the Google-Yelp transaction. Will they view it in isolation, or will they analyze how this deal fits in with the seven other Google acquisitions currently pending with regulatory authorities? The ramifications are huge – particularly for the small, but growing mobile advertising market. Especially, since one of those 6 other transactions is Google’s bid to acquire AdMob, one of the largest providers of mobile advertising (see my post; Scott Cleland’s blog on antitrust concerns with this deal are also worth a read). Yelp is already on your app phone of choice – including phones featuring Google’s Android – and the synergies are almost poetic.  Plus, there are the persistent rumors that Nexus One (the Google phone), will be released next year.

All of this suggests that regulatory agencies need to be working very closely on merger reviews of technology deals in the coming months.  Coordination on these merger reviews needs to happen both between the agencies – here the DOJ, FCC and FTC – and with state Attorneys General that choose to review these transactions.  Coordination is key to the outcome of a process that will impact continued innovation and competition in the communications and technology industries.  Perhaps too, we will gain some insight into how the tech friendly Obama Administration really views merger policy in dynamic markets.