2023 Quick Links: Leftovers

Consumer Reviews

* Route App, Inc. v. Heuberger, 2023 WL 5334192 (D. Utah Aug. 18, 2023):

Heuberger argues that Route’s Breach of Contract claim fails because the non-disparagement provision in the Terms is unenforceable under the Consumer Review Fairness Act (“CRFA”) and inapplicable because Heuberger’s comments reflected his personal experiences with Route, and were either substantially true or statements of opinion. The non-disparagement clause reads: “[a]t all times during the Term and thereafter, neither Party will, whether directly or indirectly, make any disparaging, negative, or false or misleading statements with respect to the other Party.” Route responds that CRFA does not apply to commercial solicitations and that the non-disparagement agreement is not subject to common-law defamation requirements.

The CFRA “voids provisions of form contracts that restrict a party to that contract from conducting a ‘performance assessment of, or other similar analysis of, including by electronic means, the goods, services, or conduct of a person.’” Viewing Heuberger’s comments in the light most favorable to Route, the Court concludes that at least some of Heuberger’s comments are not a “performance assessment of, or other similar analysis of,” Route’s services. The comments are more akin to a commercial solicitation of a potential customer than a consumer review, and thus fall outside the scope of the CFRA. Moreover, there is nothing to suggest that the CFRA was designed to be used as a defense to a private breach of contract action. Further, the disparagement agreement is not limited by common-law defamation requirements.

* Are doctors still violating the Consumer Review Fairness Act to gag their patients? Maybe. . . State v. Alderwood Surgical Center, LLC, 2023 WL 3435305 (W.D. Wash. May 12, 2023); and State v. Alderwood Surgical Center, LLC, 2023 WL 3687053 (W.D. Wash. May 26, 2023). See also my CRFA summary and piece on doctors and consumer reviews.

* NYAG: Attorney General James Secures $100,000 from Manhattan Doctor Who Manipulated Online Reviews

* Haworth v. Pinho,  2023 WL 3017282 (Cal. App. Ct. April 20, 2023). Patient set up a website, creepyplasticsurgeon.com. The doctor sued. The court dismissed the anti-SLAPP motion because the matter was of public interest, but the doctor met his pleading burden.

* NY Times: SmileDirectClub to Release Customers From NDAs in Settlement

Other Consumer Issues

* Pop v. Lulifama.com LLC, 2023 U.S. Dist. LEXIS 125429 (M.D. Fla. July 20, 2023). Luli Fama makes swimwear. The plaintiff alleges that Luli Fama pays Instagram influencers to promote its products, but the influencers don’t disclose the payments. The court says the FTC endorsement guidelines can’t form the basis of a Florida consumer protection claim.

* Martin v. Thi E-Commerce, LLC, 2023 WL 5949029 (Cal. App. Ct. Sept. 13, 2023). Court rejects a discrimination claim against a website that doesn’t support screen readers because “the ADA unambiguously applies only to physical places. Moreover, even if we were to find ambiguity and decide the issue on the basis of legislative history and public policy, we would still conclude that the ADA does not apply to Web sites.”

* Reuters: US retail lobbyists retract key claim on ‘organized’ retail crime. NY Times: Retail Group Retracts Startling Claim About ‘Organized’ Shoplifting

* Turtle Island Foods, S.P.C. v. Strain, No. 22-30236 (5th Cir. Apr. 12, 2023). Restrictions on advertising vegan products as meat survives First Amendment challenge because the court accepts the state’s interpretation that it only applies to “misleading” marketing, which the court says is outside the First Amendment. Ugh.

* The final version of the INFORM Consumers Act.

* WSJ: Job Listings Abound, but Many Are Fake

* Intelligencer: Lina Khan’s Rough Year

AI

* NY Times: Google Devising Radical Search Changes to Beat Back A.I. Rivals

* MIT Technology Review: This new data poisoning tool lets artists fight back against generative AI (regarding “Nightshade”)

Privacy

* FTC v. Kochava, Inc., 2023 WL 3249809 (D. Idaho May 4, 2023)

a company could substantially injure consumers by selling their sensitive location information and thereby subjecting them to a significant risk of suffering concrete harms at the hands of third parties. But here, the FTC has not alleged that consumers are suffering or are likely to suffer such secondary harms. It only alleges that secondary harms are theoretically possible …[the FTC] must not only claim that Kochava’s practices could lead to consumer injury, but that they are likely to do so, as required by the statute…

Disclosing where a person has been every fifteen minutes over a seven-day period could undoubtedly reveal information that the person would consider private, such as their travel habits, medical conditions, and social or religious affiliations…

at least three factors lessen the severity of the alleged privacy injury. First, the data Kochava sells is not, on its face, sensitive or private. On the contrary, any private information that is revealed in Kochava’s data bank can be ascertained only by inference. But inferences are often unreliable. For example, geolocation data showing that a device visited an oncology clinic twice in one week could reveal that the device user suffers from cancer. Or it may instead reveal that the person has a friend or family member who suffers from cancer. Or that the person is a pharmacist or is in the business of selling or maintaining medical devices. The point is that the FTC does not actually claim that Kochava is disclosing private information, but rather that it is selling data from which private information might be inferred. Although this distinction does not eliminate all the privacy concerns voiced by the FTC in this lawsuit, it does lessen the severity of the alleged privacy injury.

Second, the information that can be inferred from Kochava’s geolocation data is generally accessible through other, lawful means. A third party may, for example, observe a person’s movements on public streets and sidewalks as they go to and from home or a medical facility. A third party may also discover a person’s home address by reviewing publicly accessible property records. Privacy interests in the kind of location data Kochava sells are therefore weaker than, for example, privacy interests in confidential financial or medical information which is not otherwise publicly accessible

Finally, the FTC has not even generally indicated how many device users may suffer privacy intrusions.

* In re Arthur J. Gallagher Data Breach Litigation, 631 F.Supp.3d 573 (N.D. Ill. Sept. 28, 2022):

– “Defendants argue that May fails to allege a specific action Defendants took or failed to take that breached a duty under the CCPA to maintain “reasonable” security measures. But they cite no authority requiring such specificity at this stage of the proceedings. This Court finds it sufficient that May alleges a Data Breach caused by Defendants’ purported lack of reasonable security measures that allowed third parties to view and steal her personal information.”

– “The CCPA defines “consumer” broadly as a “natural person who is a California resident,” and May is a California resident… The May complaint sufficiently alleges that Defendants are “businesses” because, according to May, they collected her personal information.”

* Florence v. Order Express, Inc., 2023 WL 3602248 (N.D. Ill. May 23, 2023):

Florence alleges he sent Order Express a notice identifying its alleged violation of § 1798.150. In Order Express’s response, it claimed to have enhanced its security measures, which Florence argues, amounted to the “implementation and maintenance of reasonable security procedures and practices”—rather than a cure—under § 1798.150(b). Florence alleges further that Order Express’s response to his notice did not explain how its enhanced security measures actually cured the alleged CCPA violation. Order Express did not encrypt Florence’s personal identifying information or delete the information it no longer needed to maintain on its internet-accessible network. Nor has Order Express expanded on its bare assertion in the motion to dismiss that it “cured all alleged violations within the requisite time period.” Accordingly, Florence has stated a claim under the CCPA.

Content 

* Nature: “exposure to Russian disinformation accounts was heavily concentrated: only 1% of users accounted for 70% of exposures. Second, exposure was concentrated among users who strongly identified as Republicans. Third, exposure to the Russian influence campaign was eclipsed by content from domestic news media and politicians. Finally, we find no evidence of a meaningful relationship between exposure to the Russian foreign influence campaign and changes in attitudes, polarization, or voting behavior”

* Reason: The Backpage Defendants Never Stood a Chance

* Tech Policy Press: “Deplatforming Reduces Overall Attention to Online Figures, Says Longitudinal Study of 101 Influencers”

* CCIA Research Center: “Hate Speech & Digital Ads: The Impact of Harmful Content on Brands”:

In a hypothetical scenario where hate speech was not moderated on social media services, research also found negative implications for brands that advertise on the services when hate speech was viewed. Proximity to content that included hate speech resulted in some respondents reporting that the content made them like the advertiser less. It also resulted in a slight decrease in favorable opinions of the advertiser brand, as well as a larger change in net favorability, with some of the movement shifting from favorable opinions to neutral (i.e., neither favorable nor unfavorable) opinions. Respondents who viewed content with hate speech also reported a lower likelihood of purchasing the advertised brand that directly preceded the content, compared to those respondents who viewed social media content with a positive or neutral tone right after the ad.

The results suggest that consumer sentiment toward a social media service would decline if it did not remove user-generated hate speech, and that consumer sentiment would also decline for brands that advertise on the same platform adjacent to said content. These findings indicate that social media services have a rational incentive to moderate harmful content such as hate speech and are consistent with digital services’ assertions that not all engagement adds value and that, in fact, some engagement is of negative value.

* Houston v. County of Maricopa, 661 F.Supp.3d 947 (D. Ariz. March 15, 2023). Court upholds publication of mugshots on the Maricopa County Sheriff’s Office (MCSO) website:

The publication of Plaintiff’s mugshot and arrest information is “accurate information” that is admittedly public record and which provides transparency into the activities of the MCSO. The MCSO website does not provide a means to shame Plaintiff “by, say, posting comments underneath his record,” and any “humiliation is but a collateral consequence” of people voluntarily seeking out the information. In short, MCSO’s “Mugshot Lookup” may be poor policy, it may be embarrassing and unseemly, even vulgar, but it is not unconstitutional

* “Civilizing social media: The effect of geolocation on the incivility of news comments“: “We found that displaying the IP location in the comments section increased location-based incivility, as geolocation can function as an effective cue that signals ideological affiliation and fuels conflicts between users holding different political positions on the Chinese Intern.”

* AP: Confidential document reveals key human role in gunshot tech

* Ronni Vogelsang, The Failure of FOSTA: Unintended Consequences Outweigh Good Intentions, 44 Univ. of La Verne Law Review 59 (2023):

Legislators confidently asserted that FOSTA-SESTA would decimate the online sex trafficking industry. However, three years after the law’s enactment, it is clear that FOSTA-SESTA has miserably failed to accomplish that goal and produced detrimental consequences that affect the fight against sex trafficking. Instead, the law has unintentionally enabled the expansion of online sex trafficking while simultaneously inhibiting the investigation and prosecution of these crimes….

Everyone agrees that sex trafficking is a problem, but FOSTA-SESTA is not the solution. Legislators have unintentionally hurt the very victims they were trying to protect. Retracting the law will remove barriers so that more traffickers can be held liable and victims receive the justice they deserve.

FOSTA’s negative effects have been documented before, but the story deserves to be told and retold as evidence of the risks associated with Section 230 reform.

However, I believe we should stop charitably assuming legislators had “good intentions” when they carelessly disregard the potential harms associated with their policy proposals. The proponents of SESTA/FOSTA claimed they were trying to protect victims of sex trafficking, but those claims were likely pretextual at least in part. Similarly, I disagree with characterizing FOSTA’s consequences as “unintended” when the legislators were repeatedly warned of the exact risks that came to fruition and the legislators proceeded anyway.

[You can see the same titling issues with a remarkably similarly titled 2021 Temple Law Review paper, “Good Intentions and Unintended Consequences: SESTA/FOSTA’s First Two Years,” unfortunately not cited in the Vogelsang piece.]