Class Action

Emptying the Nest: Recent Events at Twitter Prompt Class-Action Litigation, Among Other Things

Ted Mathiowetz, MJLST Staffer

You’d be forgiven if you thought the circumstances that led to Elon Musk ultimately acquiring Twitter would be the end of the drama for the social media company. In the past seven months, Musk went from becoming the largest shareholder of the company, to publicly feuding with then-CEO, Parag Agrawal, to making an offer to take the company private for $44 billion, to deciding he didn’t want to purchase the company, to being sued by Twitter to force him to complete the deal. Eventually, two weeks before trial was scheduled, Musk purchased the company for the original, agreed upon price.[1] However, within the first two-and-a-half weeks that Musk took Twitter private, the drama has continued, if not ramped-up, with one lawsuit already filed and the specter of additional litigation looming.[2]

There’s been the highly controversial rollout and almost immediate suspension of Twitter Blue—Musk’s idea of increasing the reliability of information on Twitter and simultaneously helping ameliorate Twitter’s financial woes.[3]Essentially, users were able to pay $8 a month for verification, albeit without actually verifying their identity. Instead, their username would remain frozen at the time they paid for the service.[4] Users quickly created fake “verified” accounts for real companies and spread misinformation while armed with the “verified” check mark, duping both the public and investors. For example, a newly created account with the handle “@EliLillyandCo” paid for Twitter Blue and tweeted “We are excited to announce insulin is free now.”[5] Eli Lilly’s actual Twitter account, “@LillyPad” had to tweet a message apologizing to those “who have been served a misleading message” from the fake account, after the pharmaceutical company’s shares dipped around 5% after the tweet.[6] In addition to Eli Lilly, several other companies, like Lockheed Martin, faced similar identity theft.[7] Twitter Blue was quickly suspended in the wake of these viral impersonations and advertisers have continued to flee the company, affecting its revenue.[8]

Musk also pulled over 50 engineers from Tesla, the vehicle manufacturing company of which he is CEO, to help him in his reimagining of Twitter.[9] Among those 50 engineers are the director of software development and the senior director of software engineering.[10] Pulling engineers from his publicly traded company to work on his separately owned private company almost assuredly raises questions of a violation of his fiduciary duty to Tesla’s shareholders, especially with Tesla’s share price falling 13% over the last week (as of November 9, 2022).[11]

The bulk of Twitter’s current legal issues reside in Musk’s decision to engage in mass-layoffs of employees at Twitter.[12] After his first week in charge, he sent out notices to around half of Twitter’s 7500 employees that they would be laid off, reasoning that cutbacks were necessary because Twitter was losing over $4 million per day.[13] Soon after the layoffs, a group of employees filed suit alleging that Twitter violated the Worker Adjustment and Retraining Act (WARN) by failing to give adequate notice.[14]

The WARN Act, passed in 1988, applies to employers with 100 or more employees[15] and mandates that an “employer shall not order a [mass layoff]” until it gives sixty-days’ notice to the state and affected employees.[16]Compliance can also be reached if, in lieu of giving notice, the employee is paid for the sixty-day notice period. In Twitter’s case, some employees were offered pay to comply with the sixty-day period after the initial lawsuit was filed,[17] though the lead plaintiff in the class action suit was allegedly laid off on November 1st with no notice or offer of severance pay.[18] Additionally, it appears as though Twitter is now offering severance to employees in return for a signature releasing them from liability in a WARN action.[19]

With regard to those who have not yet signed releases and were not given notice of a layoff, there is a question of what the penalties may be to Twitter and what potential defenses they may have. Each employee is entitled to “back pay for each day of violation” as well as benefits under their respective plan.[20] Furthermore, the employer is subject to a civil penalty of “not more than $500 for each day of violation” unless they pay their liability to each employee within three weeks of the layoff.[21] One possible defense that Twitter may assert in response to this suit is that of “unforeseeable business circumstances.”[22] Considering Musk’s recent comments that there is the potential that Twitter is headed for bankruptcy as well as the saddling of the company with debt to purchase it (reportedly $13 billion, with $1 billion per year in interest payments),[23] it seems there is a chance this defense could suffice. However, an unforeseen circumstance is strongly indicated when the circumstance is “outside the employer’s” control[24], something that’s arguable given the company’s recent conduct.[25] Additionally, Twitter would have to show that it has been exercising “commercially reasonable business judgment as would a similarly situated employer” in their conduct, another burden that may be hard to overcome. In sum, it’s quite clear why Twitter is trying to keep this lawsuit from gaining traction by securing release waivers. It’s also clear that Twitter has learned its lesson in not offering severance but they may be wading into other areas of employment law with recent conduct.[26]

Notes

[1] Timeline of Billionaire Elon Musk’s to Control Twitter, Associated Press (Oct. 28, 2022), https://apnews.com/article/twitter-elon-musk-timeline-c6b09620ee0905e59df9325ed042a609.

[2] Annie Palmer, Twitter Sued by Employees After Mass Layoffs Begin, CNBC (Nov. 4, 2022), https://www.cnbc.com/2022/11/04/twitter-sued-by-employees-after-mass-layoffs-begin.html.

[3] Siladitya Ray, Twitter Blue: Signups for Paid Verification Appear Suspended After Impersonator Chaos, Forbes (Nov. 11, 2022), https://www.forbes.com/sites/siladityaray/2022/11/11/twitter-blue-new-signups-for-paid-verification-appear-suspended-after-impersonator-chaos/?sh=14faf76c385c; see also Elon Musk (@elonmusk), Twitter (Nov. 6, 2022, 5:43 PM), https://twitter.com/elonmusk/status/1589403131770974208?s=20&t=bkkh_m5EgMreMCU-GWxXrQ.

[4] Elon Musk (@elonmusk), Twitter (Nov. 6, 2022, 5:35 PM), https://twitter.com/elonmusk/status/1589401231545741312?s=20&t=bkkh_m5EgMreMCU-GWxXrQ.

[5] Steve Mollman, No, Insulin is not Free: Eli Lilly is the Latest High-Profile Casualty of Elon Musk’s Twitter Verification Mess, Fortune(Nov. 11, 2022), https://fortune.com/2022/11/11/no-free-insulin-eli-lilly-casualty-of-elon-musk-twitter-blue-verification-mess/.

[6] Id. Eli Lilly and Company (@LillyPad), Twitter (Nov. 10, 2022, 3:09 PM), https://twitter.com/LillyPad/status/1590813806275469333?s=20&t=4XvAAidJmNLYwSCcWtd4VQ.

[7] Mollman, supra note 5 (showing Lockheed Martin’s stock dipped around 5% as well following a tweet from a “verified” account saying arms sales were being suspended to various countries went viral).

[8] Herb Scribner, Twitter Suffers “Massive Drop in Revenue,” Musk Says, Axios (Nov. 4, 2022), https://www.axios.com/2022/11/04/elon-musk-twitter-revenue-drop-advertisers.

[9] Lora Kolodny, Elon Musk has Pulled More Than 50 Tesla Employees into his Twitter Takeover, CNBC (Oct. 31, 2022), https://www.cnbc.com/2022/10/31/elon-musk-has-pulled-more-than-50-tesla-engineers-into-twitter.html.

[10] Id.

[11] Trefis Team, Tesla Stock Falls Post Elon Musk’s Twitter Purchase. What’s Next?, NASDAQ (Nov. 9, 2022), https://www.nasdaq.com/articles/tesla-stock-falls-post-elon-musks-twitter-purchase.-whats-next.

[12] Dominic Rushe, et al., Twitter Slashes Nearly Half its Workforce as Musk Admits ‘Massive Drop’ in Revenue, The Guardian (Nov. 4, 2022), https://www.theguardian.com/technology/2022/nov/04/twitter-layoffs-elon-musk-revenue-drop.

[13] Id.

[14] Phil Helsel, Twitter Sued Over Short-Notice Layoffs as Elon Musk’s Takeover Rocks Company, NBC News (Nov. 4, 2022), https://www.nbcnews.com/business/business-news/twitter-sued-layoffs-days-elon-musk-purchase-rcna55619.

[15] 29 USC § 2101(a)(1).

[16] 29 USC § 2102(a).

[17] On Point, Boston Labor Lawyer Discusses her Class Action Lawsuit Against Twitter, WBUR Radio Boston (Nov. 10, 2022), https://www.wbur.org/radioboston/2022/11/10/shannon-liss-riordan-musk-class-action-twitter-suit (discussing recent developments in the case with attorney Shannon Liss-Riordan).

[18] Complaint at 5, Cornet et al. v. Twitter, Inc., Docket No. 3:22-cv-06857 (N.D. Cal. 2022).

[19] Id. at 6 (outlining previous attempts by another Musk company, Tesla, to get around WARN Act violations by tying severance agreements to waiver of litigation rights); see also On Point, supra note 17.

[20] 29 USC § 2104.

[21] Id.

[22] 20 CFR § 639.9 (2012).

[23] Hannah Murphy, Musk Warns Twitter Bankruptcy is Possible as Executives Exit, Financial Times (Nov. 10, 2022), https://www.ft.com/content/85eaf14b-7892-4d42-80a9-099c0925def0.

[24] Id.

[25] See e.g., Murphy supra note 22.

[26] See Pete Syme, Elon Musk Sent a Midnight Email Telling Twitter Staff to Commit to an ‘Extremely Hardcore’ Work Schedule – or Get Laid off with Three Months’ Severance, Business Insider (Nov. 16, 2022), https://www.businessinsider.com/elon-musk-twitter-staff-commit-extremely-hardcore-work-laid-off-2022-11; see also Jaclyn Diaz, Fired by Tweet: Elon Musk’s Latest Actions are Jeopardizing Twitter, Experts Say. NPR (Nov. 17, 2022), https://www.npr.org/2022/11/17/1137265843/elon-musk-fires-employee-by-tweet (discussing firing of an employee for correcting Musk on Twitter and potential liability for a retaliation claim under California law).

 


Meta Faces Class Action Lawsuits Over Pixel Tool Data Controversy

Ray Mestad, MJLST Staffer

With a market capitalization of $341 billion, Meta Platforms is one of the most valuable companies in the world.[1] Information is a prized asset for Meta, but how that information is acquired continues to be a source of conflict. Their Meta “Pixel” tool is a piece of code that allows websites to track visitor activity.[2] However, what Meta does with the data after it is acquired may be in violation of a variety of privacy laws. Because of that, Meta is now facing almost fifty class action lawsuits due to Pixel’s use of data from video players and healthcare patient portals.[3]

What is Pixel?

Pixel is an analytical tool that tracks visitor actions on a website.[4] In theory, the actions that are tracked include purchases, registrations, cart additions, searches and more. This information can then be used by the website owners to better understand user behavior. Website owners can more efficiently use ad spend by tailoring ads to relevant users and finding more receptive users based on Pixel’s analysis.[5]

In the world of search engine optimization and web analysis tools like Pixel are common, and there are other sites, like Google Analytics, that provide similar functions. However, there are two key differences between these other tools and Pixel. First, Pixel has in some cases accidentally scraped private, identifiable information from websites. Second, Pixel can connect that information to the social profiles on their flagship website, Facebook. Whether intentionally or accidentally, Pixel has been found to have grabbed personal information beyond the simple user web actions it was supposed to be limited to and connected them to Facebook profiles.[6]

Pixel and Patient Healthcare Information

It’s estimated that, until recently, one third of the top 100 hospitals in the country used Pixel on their websites.[7] However, that number may decrease after Meta’s recent data privacy issues. Meta faced both criticism and legal action in the summer of 2022 for its treatment of user data on healthcare websites. Pixel incorrectly retrieved private patient information, including names, conditions, email addresses and more. Meta then targeted hospital website users with ads on Facebook, using the information Pixel collected from hospital websites and patient portals by matching user information with their Facebook accounts.[8] Novant Health, a healthcare provider, ran advertisements promoting vaccinations in 2020. They then added Pixel code to their website to evaluate the effectiveness of the campaign. Pixel proceeded to send private and identifiable user information to Meta.[9] Another hospital (and Meta’s co-defendant in the lawsuit), the University of California San Francisco and Dignity Health (“UCSF”), was accused of illegally gathering patient information via Pixel code on their patient portal. Private medical information was then distributed to Meta. At some point, it is claimed that pharmaceutical companies then gained access to this medical information and sent out targeted ads based thereon.[10] That is just one example – all in all, more than 1 million patients have been affected by this Pixel breach.[11] 

Pixel and Video Tracking

The problems did not stop there. Following its patient portal controversy, Meta again faced criticism for obtaining protected user data with Pixel, this time in the context of video consumption. There are currently 47 proposed class actions against Meta for violations of the Video Privacy Protection Act (the “VPPA”). The VPPA was created in the 1980’s to cover videotape and audio-visual materials. No longer confined to the rental store, the VPPA has now taken on a much broader meaning after the growth of the internet. 

These class actions accuse Meta of using the Pixel tool to take video user data from a variety of company websites, including the NFL, NPR, the Boston Globe, Bloomberg Law and many more. The classes allege that by collecting video viewing activity in a personally identifiable manner without consent (matching Facebook user IDs to the activity rather than anonymously), so Pixel users could target their ads at the viewers, Pixel violated the VPPA. Under the VPPA Meta is not the defendant in these lawsuits, but rather the companies that shared user information with Meta.[12]

Causes of Action

The relatively new area of data privacy is scarcely litigated by the federal government due to the lack of statutes protecting consumer privacy on the federal level. Because of that, the number of data protection civil litigants can be expected to continue to grow. [13] HIPAA is the Health Insurance Portability and Accountability Act, an act created in 1996 to protect patient information from disclosure without patient consent. In the patient portal cases, HIPAA actions would have to be initiated by the US government. Claimants are therefore suing Meta under consumer protection and other privacy laws like the California Confidentiality of Medical Information Act, the Federal Wiretap Act, and the Comprehensive Computer Data Access and Fraud Act instead.[14] These state Acts allow individuals to sue, when under Federal Acts like HIPPA, the Government may move slowly, or not at all. And in the cases of video tracking, the litigants may only sue the video provider, not Meta itself.[15] Despite that wrinkle of benefit to Meta, their involvement in more privacy disputes is not ideal for the tech giant as it may hurt the trustworthiness of Meta Platforms in the eyes of the public.

Possible Outcomes

If found liable, the VPPA violations could result in damages of $2,500 per class member.[16] Punitive damages for the healthcare data breaches could run in the millions as well and would vary state to state due to the variety of acts the claims are brought in violation of.[17] Specifically, in the UCSF data case class members are seeking punitive damages of $5 million.[18] One possible hang-up that may become an issue for claimants are arbitration agreements. If the terms and conditions of either hospital patient portals or video provider websites contain arbitration clauses, litigants may have difficulty overcoming them. On the one hand, these terms and conditions may be binding and force the parties to attend mandatory arbitration meetings. On the other hand, consumer rights attorneys may argue that consent needs to come from forms separate from online user agreements.[19] If more lawsuits emerge due to the actions of Pixel, it is quite possible that companies will move away from the web analytics tools to avoid potential liability. It remains to be seen whether the convenience and utility of Meta Pixel stops being worth the risk the web analytics tools present to websites.

Notes

[1] Meta Nasdaq, https://www.google.com/finance/quote/META:NASDAQ (last visited Oct. 21, 2022).

[2] Meta Pixel, Meta for Developers, https://developers.facebook.com/docs/meta-pixel/.

[3] Sky Witley, Meta Pixel’s Video Tracking Spurs Wave of Data Privacy Suits, (Oct. 13, 2022, 3:55 AM), Bloomberg Law, https://news.bloomberglaw.com/privacy-and-data-security/meta-pixels-video-tracking-spurs-wave-of-consumer-privacy-suits.

[4] Meta Pixel, https://adwisely.com/glossary/meta-pixel/ (last visited Oct. 21, 2022).

[5] Ted Vrountas, What Is the Meta Pixel & What Does It Do?, https://instapage.com/blog/meta-pixel.

[6] Steve Adler, Meta Facing Further Class Action Lawsuit Over Use of Meta Pixel Code on Hospital Websites, HIPPA Journal (Aug. 1, 2022), https://www.hipaajournal.com/meta-facing-further-class-action-lawsuit-over-use-of-meta-pixel-code-on-hospital-websites/.

[7] Id.

[8] Id.

[9] Bill Toulas, Misconfigured Meta Pixel exposed healthcare data of 1.3M patients, Bleeping Computer (Aug. 22, 2022, 2:16 PM), https://www.bleepingcomputer.com/news/security/misconfigured-meta-pixel-exposed-healthcare-data-of-13m-patients/.

[10] Adler, supra note 6.

[11] Toulas, supra note 9.

[12] Witley, supra note 3. 

[13] Id.

[14] Adler, supra note 6.

[15] Witley, supra note 3.

[16] Id

[17] Dave Muoio, Northwestern Memorial the latest hit with a class action over Meta’s alleged patient data mining, Fierce Healthcare (Aug. 12, 2022 10:30AM), https://www.fiercehealthcare.com/health-tech/report-third-top-hospitals-websites-collecting-patient-data-facebook.

[18] Id.

[19] Witley, supra note 3.




TikTok Settles in Class Action Data Privacy Lawsuit – Will Pay $92 Million Settlement

Sarah Nelson, MJLST Staffer

On November 15, 2021, TikTok users received the following notification within the app: “Class Action Settlement Notice: U.S. residents who used Tik Tok before 01 OCT 2021 may be eligible for a class settlement payment – visit https://www.TikTokDataPrivacySettlement.com for details.” The notification was immediately met with skepticism, with users taking to Twitter and TikTok itself to joke about how the notification was likely a scam. However, for those familiar with TikTok’s litigation track record on data privacy, this settlement does not come as a surprise. Specifically, in 2019, TikTok – then known as Musical.ly – settled with the Federal Trade Commission over alleged violations of the Children’s Online Privacy Protection Act for $5.7 million. This new settlement is notable for the size of the payout and for what it tells us about the current state of data privacy and biometric data law in the United States.

Allegations in the Class Action

21 federal lawsuits against TikTok were consolidated into one class action to be overseen by the United States District Court for the Northern District of Illinois. All of the named plaintiffs in the class action are from either Illinois or California and many are minors. The class action comprises two classes – one class covers TikTok users nationwide and the other only includes Tik Tok users who are residents of Illinois.

In the suit, plaintiffs allege TikTok improperly used their personal data. This improper use includes accusations that TikTok, without consent, shared consumer data with third parties. These third parties allegedly include companies based in China, as well as well-known companies in the United States like Google and Facebook. The class action also accuses TikTok of unlawfully using facial recognition technology and of harvesting data from draft videos – videos that users made but never officially posted. Finally, plaintiffs allege TikTok actively took steps to conceal these practices.

What State and Federal Laws Were Allegedly Violated?

On the federal law level, plaintiffs allege TikTok violated the Computer Fraud and Abuse Act (CFAA) and the Video Privacy Protection Act (VPPA). As the name suggests, the CFAA was enacted to combat computer fraud and prohibits accessing “protected computers” in the absence of authorization or beyond the scope of authorization. Here, the plaintiff-users allege TikTok went beyond the scope of authorization by secretly transmitting personal data, “including User/Device Identifiers, biometric identifiers and information, and Private Videos and Private Video Images never intended for public consumption.” As for the VPPA, the count alleges the Act was violated when TikTok gave “personally identifiable information” to Facebook and Google. TikTok allegedly provided Facebook and Google with information about what videos a TikTok user had watched and liked, and what TikTok content creators a user had followed.

On the state level, the entire class alleged violations of the California Comprehensive Data Access and Fraud Act and a Violation of the Right to Privacy under the California Constitution. Interestingly, the plaintiffs within the Illinois subclasswere able to allege violations under the Biometric Information Privacy Act (BIPA). Under the BIPA, before collecting user biometric information, companies must inform the consumer in writing that the information is being collected and why. The company must also say how long the information will be stored and get the consumer to sign off on the collection. The complaint alleges TikTok did not provide the required notice or receive the required written consent.

Additionally, plaintiffs allege intrusion upon seclusion, unjust enrichment, and violation of both a California unfair competition law and a California false advertising law.

In settling the class action, TikTok denies any wrongdoing and maintains that this settlement is only to avoid the cost of further litigation. TikTok gave the following statement to the outlet Insider: “While we disagree with the assertions, we are pleased to have reached a settlement agreement that allows us to move forward and continue building a safe and joyful experience for the TikTok community.”

Terms of the Settlement

To be eligible for a settlement payment, a TikTok user must be a United States resident and must have used the app prior to October of 2021. If an individual meets these criteria, they must submit a claim before March 1, 2022. 89 million usersare estimated to be eligible to receive payment. However, members of the Illinois subclass are eligible to receive six shares of the settlement, as compared to the one share the nationwide class is eligible for. This difference is due to the added protection the Illinois subclass has from BIPA.

In addition to the payout, the settlement will require TikTok to revise its practices. Under the agreed upon settlement reforms, TikTok will no longer mine data from draft videos, collect user biometric data unless specified in the user agreement, or use GPS data to track user location unless specified in the user agreement. TikTok also said they would no longer send or store user data outside of the United States.

All of the above settlement terms are subject to final approval by the U.S. District Judge.

Conclusion

The lawyers representing TikTok users remarked that this settlement was “among the largest privacy-related payouts in history.” And, as noted by NPR, this settlement is similar to the one agreed to by Facebook in 2020 for $650 million. It is possible the size of these settlements will contribute to technology companies preemptively searching out and ceasing practices that may be privacy violative

It is also worth noting the added protection extended to residents of Illinois because of BIPA and its private right of actionthat can be utilized even where there has not been a data breach.

Users of the TikTok app often muse about how amazingly curated their “For You Page” – the videos that appear when you open the app and scroll without doing any particular search – seem to be. For this reason, even with potential privacy concerns, the app is hard to give up. Hopefully, users can rest a bit easier now knowing TikTok has agreed to the settlement reforms.


Robinhood Changed the Game(Stop) of Modern Day Investing but Did They Go Too Far?

Amanda Erickson, MJLST Staffer

It is likely that you have heard the video game chain, GameStop, in the news more frequently than normal. GameStop is a publicly traded company that is known for selling, trading, and purchasing gaming devices and accessories. Along with many other retailers during the COVID-19 pandemic, GameStop has been struggling. Not only did COVID-19 affect its operations, but the Internet beat the company’s outdated business model. Prior to January 2021, GameStop’s stock prices reflected the apparent new reality of gaming. In March 2015, GameStop’s closing price was around $40 a share, but at the beginning of January 2021, it was at $20 a share. With a downward trend like this, it might come as a shock to learn that on January 27, 2021, GameStop’s closing price was at $347.51 a share, with the stock briefly peaking at $483 on the following day.

This dramatic surge can be accredited to a large group of amateur traders on the Reddit forum, r/WallStreetBets, who promoted investments in the stock. This sudden surge forced large scale institutional investors, who originally bet against the stock through short positions, to buy the stock in order to hedge their positions. Short selling involves “borrowing” shares of a company, and quickly selling the borrowed shares into the market. The short seller hopes that these shares will fall in price, so that they can buy the shares back at a potentially lower price. If this happens, they can return the shares back that they “borrowed” and keep the difference as profit. The practice of short selling is controversial. Short selling can lead to stock price manipulation and can generate misinformation about a company, but it can also serve to check and balance the markets. The group on Reddit knew that short sellers had positions betting against GameStop and wanted to take advantage of these positions. This caused the stock price to soar when these short sellers had to repurchase their borrowed shares.

This historic scene intrigued many day traders to participate and place bets on GameStop, and other stocks that this Reddit group was promoting. Many chose to use Robinhood, a free online trading app, to make these trades. Robinhood introduced a radical business model in 2014 by offering consumers a platform that allowed them to trade with zero commissions, and ultimately changed the way the industry operated. That is until Robinhood issued a statement on January 28, 2021 announcing that “in light of recent volatility, we restricted transactions for certain securities,” including GameStop. Later that day, Robinhood issued another statement saying it would allow limited buying of those securities starting the next day. This came as a shock to many Robinhood users, because Robinhood’s mission is to “democratize finance for all.” These events exacerbated previous questions about the profitability model of Robinhood and ultimately left many users questioning Robinhood’s mission.

The first lawsuit was filed by a Robinhood user on January 28, 2021, alleging that Robinhood blocked its users from purchasing any of GameStop’s stock “in the midst of an unprecedented stock rise thereby depriv[ing] retail investors of the ability to invest in the open-market and manipulating the open market.” Robinhood is now facing over 30 lawsuits, with that number only rising. The chaos surrounding GameStop stock has caught lawmakers’ attention, and they are now calling for congressional action. On January 29, 2021, the Securities and Exchange Commission issued a statement informing that it is “closely monitoring and evaluating the extreme price volatility of certain stocks’ trading prices” and expressed that it will “closely review actions taken by regulated entities that may disadvantage investors.” Robinhood issued another statement on January 29, 2021, stating they did not want to stop people from buying these stocks, but that they had to take these steps to conform with their regulatory capital requirements.

The frenzy has since calmed down but left many Americans with questions surrounding the legality of Robinhood’s actions. While it may seem like Robinhood went against everything the free market has to offer, legal experts disagree, and it all boils down to the contract. The Robinhood contract states “I understand Robinhood may at any time, in its sole discretion and without prior notice to Me, prohibit or restrict My ability to trade securities.” Just how broad is that discretion, though? The issue now is if Robinhood treated some users differently than others. Columbia Law School professor, Joshua Mitts, said, “when hedge funds are going to lose from a trading suspension, they don’t face any lockup like this, any suspension, any halt at the retail level, but when retail investors find themselves locked in, they find themselves unable to exit the trade.” This protective action by Robinhood directly contradicts the language in the Robinhood contract that states that the user agrees Robinhood does not “provide investment advice in connection with this Account.” The language in this contract may seem clear separately, but when examining Robinhood’s restrictions, it leaves room to question what constitutes advice when restricting retail investors’ trades.

Robinhood’s practices are now under scrutiny by retail investors who question the priority of the company. The current lawsuits against Robinhood could potentially impact how fintech companies are able to generate profits and what federal oversight they might have moving forward. This instance of confusion between retail investors and their platform choice points to the potential weaknesses in this new form of trading. While GameStop’s stock price may have declined since January 28, the events that unfolded will likely change the guidelines of retail investing in the future.

 


“Football Is a Microcosm of America”

Emily Moss, MJLST Staffer

Sunday’s Super Bowl LV had a notably different tone than in any other year. Cardboard cutouts and masked fans filled the stadium, there was no audience on the field during The Weeknd’s halftime performance, and the NFL aired an anti-racism commercial that opened with the line “football is a microcosm of America.” This commercial, which NPR dubbed the “worst hypocrisy from a sports league,” is the most recent in the NFL’s string of racial justice focused actions. Yet the league where Colin Kaepernick has not played since he knelt in protest of police brutality and racial inequality is unwilling to reckon with its own racial injustices. Days before this year’s atypical Super Bowl aired, ABC News reported on emails it obtained, suggesting that clinicians doing evaluations as part of the NFL’s concussion settlement program were required to use different cognitive scales for Black and White players.

Th ABC News report stemmed from a long line of litigation over NFL players’ head injuries. In 2014, faced with growing research about the effects of professional football on players’ brains and a long list of players who committed suicide in a pattern related to brain injuries, the NFL and a class of “roughly 18,000 retired players and their beneficiaries” entered into a settlement agreement. Plaintiffs’ attorneys Sol Weiss and Christopher Seeger stated that the agreement was “an extraordinary settlement for retired NFL players and their families—from those who suffer with neurocognitive illnesses today, to those who are currently healthy but fear they may develop symptoms decades into the future.” Some plaintiffs, however, expressed concern, calling the settlement a “lousy deal” for players whose symptoms would not meet the compensation requirements.

On August 25, 2020, Black NFL retirees Kevin Henry and Najeh Davenport, on behalf of themselves and all others similarly situated, sued the NFL. The complaint claims that “the [NFL concussion] Settlement Agreement is marred by an unacceptable flaw: the National Football League and NFL Properties, LLC (collectively, ‘the NFL’) have been avoiding paying head-injury claims under the Settlement Agreement based on a formula for identifying qualifying diagnoses that explicitly and deliberately discriminates on the basis of race.” Pursuant to the settlement, in order to establish a player’s cognitive function decline, clinicians compare players to a baseline. When determining the baseline, doctors can consider a number of factors, including age, education, and, significantly, race. A scale that uses such “race-norming” assumes that Black players start out with a lower cognitive function baseline than White players. The result is that a Black player may be denied compensation for the same cognitive function that would trigger compensation for a White player. This scheme “is particularly insidious because it presumes Black retirees to be less intelligent than their non-Black fellow retirees.” The complaint thus alleges deprivation of equal rights under 42 U.S.C. § 1981.

The NFL moved to dismiss for failure to state a claim on November 2, 2020. The motion argues that (1) the use of “race-norming” is contemplated by the 2014 judicially-approved settlement to which the plaintiffs were given notice and an opportunity to object, (2) the plaintiffs failed to establish intent to discriminate as required by § 1981, and (3) the plaintiffs failed to establish but-for causation as required by § 1981. The plaintiffs filed a reply in December but the judge has yet not ruled.

In a statement responding to Henry and Davenport’s suit, NFL commissioner Roger Goodell claimed that “[t]he federal court is overseeing the operation and implementation of that settlement, and we are not part of selecting the clinicians, the medical experts, who are making decisions on a day-to-day basis.” However, when Davenport applied for compensation based on a determination from a clinician who did not apply race-norming standards, the NFL appealed his application, claiming “his neuropsychological test scores may have been calculated with improper demographic norm adjustments.” And while the NFL maintains that the settlement program does not require race-norming, according to a recent ABC News report, a neuropsychologist who evaluated NFL players for the settlement program claimed that, in his experience, “when clinicians deviate from the algorithm, there are multiple inquiries levied at them.” Another clinician stated that assessment was “right on target.”

The ABC News investigation supports the lawsuit’s claim that the NFL compensates White and Black players based on different standards. As one clinician put it “[b]ottom line is that the norms do discriminate against Black players . . . [s]o now what? In this time of reckoning, like many professions, I think we need to look closely at the expected and unexpected ramifications of our practices.” While the NFL has not released its settlement statistics, the ramifications of this practice is clear. Black retirees will be denied compensation more than White retirees. In a country where medical racism is prevalent, the NFL is indeed a “microcosm of America.”


Reviewing Interchange Fees: How Fifteen Years of Litigation Partially Explains the Grimace on Your Local Business Owner’s Face When You Pay for a $2.00 Product With a Credit Card

Jesse Smith, MJLST Staffer

Credit and debit cards have become a fundamental part of commerce. It’s hard to beat the perceived simplicity, convenience, and security of using a small piece of plastic or your phone to purchase goods and services. But many forget that when you swipe your card at any business that accepts cards, the merchant does not receive the full amount of the price it charges for the good or service purchased. “Interchange fees” are costs levied against a merchant by the bank that issued the card being used for payment. Until 2010, interchange fees comprised between 1%-3% of the cost of the purchase. Their described purpose is to “cover handling costs, fraud and bad debt costs, and the risk involved in approving the payment.” In recent decades, card issuers have also used interchange fees to fund popular “rewards programs” offered in the form of cashback and points to cardholders.

Interchange fees have been the subject of intense legislative and litigation controversies for the last two decades. They highlight numerous salient issues at the intersection of law, economics, and technology. In 2004, a group of merchants filed a lawsuit against Visa,  Mastercard, and their card issuing banks (In Re Payment Card Interchange Fee and Merchant Discount Antitrust Litigation 827 F.3d 223 (2d Cir. 2016)), alleging anticompetitive practices in how they set interchange fees and the contractual rules required of merchants who accepted their credit cards. The issues addressed in the case span multiple areas of law including corporate structure, antitrust, freedom of speech, and legislative process.

Over a decade later, the lawsuit culminated in one of the largest antitrust class action settlements in the history of the United States. To understand the history and progression of this lawsuit is to understand interchange fees more generally. I spoke to K. Craig Wildfang, a partner at Robins Kaplan LLP, and co-lead counsel for the merchants in the case. Mr. Wildfang’s explanation of the litigation and payment card industry overall provided unparalleled insight into this important aspect of how we conduct transactions in an increasingly tech driven society.

In 2004, Plaintiffs filed claims against Visa and Mastercard (who previously set interchange fee schedules), and the banks that collectively owned these card networks at the time. The lawsuit challenged the “collective setting of interchange fees” by the defendants as antitrust violations, more specifically, as price fixing conspiracies under Sections 1 and 2 of the Sherman Antitrust Act. It also challenged anti-steering rules written into the card networks’ contracts with merchants, which prevented businesses from using discounts, surcharges, or signage to “steer” customers towards use of cheaper methods of payment, including cash or checks.

Soon after the commencement of the lawsuit, Visa and Mastercard restructured their businesses by divesting the banks from their ownership interests and offering IPOs in their companies’ stock. Doing so would cause interchange fee rate setting to resemble the actions of single entities, rather than joint conduct propagated by the banks as owners of the credit card companies. Such restructuring posed a challenge to the merchants suing, as courts historically look at single conduct less skeptically than joint conduct in an antitrust context. Undeterred, Wildfang and the merchants’ counsel leveraged this action into an additional antitrust claim under § 7 of the Clayton Act (which utilizes a lower standard of proof for anti-competitive behavior). Thus, they were able to obtain discovery that, in Wildfang’s estimation, made it “100% clear that the only reason they [restructured] was to try to minimize their antitrust liability.”

After years of litigation, mediation, and even a DOJ investigation into the defendants, in 2012, the parties finally reached a historic multibillion-dollar settlement that also saw Visa and Mastercard lift their contractual bans on steering policies. The 2nd Circuit struck down the settlement on appeal based on a conflict from the same class counsel representing the plaintiffs for both monetary and injunctive relief. Consequently, Wildfang and Robins Kaplan were appointed as counsel for 23(b)(3) plaintiffs seeking monetary relief. Undeterred by this setback, after further amended complaints, discovery, and mediation, Wildfang and class counsel achieved another victory in 2019, securing a $6.25 billion settlement for over 10 million merchants, before reductions for opt outs. Additionally, Visa and Mastercard did not reinstate any anti-steering provisions into their contracts.

While litigation was a necessary element of relief, the merchants’ counsel understood this was only part of the solution. Wildfang noted that “when we started the litigation, we knew there would be these ancillary battles, and we decided as the leadership of the litigation, that it was in the interest of our clients . . . to play a productive role in these other . . .  fora.”

In 2010, as part of the Dodd-Frank Wall Street Reform Act, Senator Richard Durbin, assisted by Plaintiffs’ counsel and other merchant trade groups, introduced an amendment granting the Federal Reserve the power to regulate debit card interchange fees. The Fed subsequently capped them at approximately 22 to 24 cents per transaction for banks with assets of $10 billion or more. In Wildfang’s assessment, limiting regulation to debit card fees was a logical starting point for legislative reform:

[I]t was much easier for the merchants to argue . . . that a debit card transaction was just an electronic check . . . it made it more appealing to the congressional people we were talking to, to think . . . “well we’re just going to recognize that these are like electronic checks, and checks don’t have interchange fees. So, let’s get rid of these, or at least cap them.” That’s something more reasonable. If you get into trying to cap or regulate credit card interchange fees, that gets a lot more complicated, because the economics of a credit card transaction are a lot more complicated. Some of the interchange revenue ends up going as rewards to cardholders, which of course, the banks always claim is a wonderful good for the consumer, but in fact, those reward dollars are coming out of pockets of other consumers who may not have a credit card.

Senator Durbin espoused this reasoning in discussing the Durbin Amendment in the Senate Congressional Record. Debit card fees are fundamentally like electronic checks, in that they deduct payment for a transaction from a customer’s checking account. The nature of these transactions largely eliminates the need for high interchange fees, as banks need not entice consumers to spend their own money with rewards programs, nor does it require the same costs incurred to mitigate the risk of a consumer refusing to pay what they owe at the end of a month, as with a credit card.

Capping debit card fees was a monumental victory for merchants. Wildfang noted:

It had been true . . . by the early two thousand teens, that debit card transactions were increasing at a much faster rate than credit card transactions, and that was true whether you were talking about numbers of transactions or transaction volume. And there were a lot of reasons for that . . . [which] made capping debit fees particularly appealing, because we knew that that was a growing piece of the pie, and it was going to continue to grow, and it has continued to grow.

The number of non-prepaid debit card transactions has increased every year from 8.3 billion in 2000, to 72.7 billion in 2018, now constituting over half of all card based transactions, as compared to a little over a quarter in 2000. With the average value of debit card sales hovering consistently in the $38-$39 range, merchants were undoubtedly spared the cost of billions of dollars in interchange fees, having to pay a max of 24 cents, rather than 1%-3% of every transaction conducted. Additionally, the effects of the Durbin Amendment went far beyond relief of the financial burden from debit card fees, igniting tangential legislative and judicial fights throughout the U.S.

Armed with an affordable card payment alternative, it became paramount for merchants to make debit card, check, and cash payment options more appealing by offering discounts for use of these payments, or imposing surcharges on more expensive types of payments. Multiple states, often lobbied by Visa and Mastercard, had either passed or were considering passing laws banning these steering practices. Repealing or preventing these laws was key, as removal of anti-steering provisions from card issuer contracts would be useless if steering were illegal in the first place. Wildfang and merchants’ counsel worked behind the scenes with counsel for plaintiffs in Expressions Hair Design v. Schneiderman, 137 S. Ct. 1144 (2017), where the Supreme Court ruled a New York state law banning merchants from imposing surcharges regulated speech, not conduct. While the holding did not rule on the law’s constitutionality, some believe the case may percolate back to the Court soon to reexamine a key rational basis review standard in free speech cases.

When the litigation first began, consumers paid primarily by cash, check, and magnetic stripe credit or debit cards. Since then, the menu for consumers has increased exponentially, with EMV chip cards, various digital wallets, and cryptocurrencies now permeating payment methods both online and at a physical point of sale. The increasing diversity of payment methods further served to complicate the factual and narrative landscape of the litigation, primarily by challenging the standing Plaintiffs had in the antitrust realm. Wildfang explained:

Let’s take, for example, a transaction like Apple Pay. The economics of that are facially somewhat similar to a credit card, but there are more players in the payment chain, and the impact on the merchant of those transactions is not as clear as in a simple credit . . . or debit card transaction. And you had these intermediate players, one more layer between the banks and the merchant, and as you probably know, under federal antitrust law, only the direct purchaser has standing to bring an action for damages, and the defendants had always argued from the very beginning, that merchants were indirect purchasers, because, as sort of a technical matter, the way the electronics work, the acquiring bank—the merchant’s bank, is in some sense “first in line” as the money goes through them back to the merchant.

This potential dilution of a merchant’s ability to sue as a direct purchaser underscored the need to reach a monetary settlement rather than risk losing at trial. Wildfang believes these developments will play a key role in future electronic payment litigation:

[I]t’s going to be complicated, and the release that we gave to the defendants in the second settlement is almost certain to prompt litigation. There are going to be cases brought in the future where the defendants are going to argue the release applies and protects them against those claims and so there[] [is]going to be a lot of litigation along the edges of the original case, and whether or not a particular future claim has been released or not. And I think that the technological changes are going to be probably right in among all of those cases and kind of test the boundaries of the release.

Digital wallet platforms function and release payment information differently. Google utilizes an actual account for its wallet users to “store” money in, while Apple “facilitat[es] the ordering of fund transfers,” by creating and providing secure payment tokens to the merchant, rather than actual user account information. Apple also levies a 0.15% fee on card issuers who accept Apple Pay for integration with their cards. It remains to be seen how legislatures and courts will classify these roles of differing platforms in the payment chain between consumer and merchant.

But as both merchants and card issuers deal with another party and the costs it brings to the table, numerous issues will emerge once. Will the use of a certain payment method/platform render merchants as indirect purchasers? Will card issuers use additional or new fees to offset the costs of digital wallet providers’ fees? If so, are these fees precluded from litigation by this settlement? These are just a few of countless questions that may arise “around the edges of the original case.” Regardless of if or how these specific battles arise, the dynamic nature of the payment card industry is the one constant in a sea of changing technological variables. As Wildfang summed it up, “for the first forty years or so of the payment card industry, not much changed. But in the last ten years, a lot has changed, and I think that the next five or ten years is going to bring even more change.”


Split Ends: WEN Hair Care & the FDA’s Regulation of Cosmetics

MJLST Guest Blogger, Tommy Tobin

[Editor’s Note: The LawSci Forum is pleased to announce a new series on current issues in FDA law. This post is #1 in the series, with more in the coming weeks.]

We have all been tempted by late-night television infomercials and their promises. If the product works, our lives become more convenient; if it doesn’t, we’re only out a few dollars and the product will gather dust. For thousands across America, one product that promised a hair-care revolution left them scratching, itching, and balding.

The Food & Drug Administration (FDA) is investigating over 20,000 incidents of adverse events resulting from WEN by Chaz Dean. Los Angeles-based stylist Chaz Dean is the face of the WEN brand, endorsed by Brooke Shields, Alyssa Milano, and other celebrities. Sold on QVC, infomercials, and elsewhere, WEN is unlike most shampoos. It is marketed as a “revolutionary way to cleanse and hydrate the hair” without water.

There’s another way that WEN is unlike most shampoos: using WEN all too often results in large clumps of hair falling off one’s head. The FDA has received complaints of baldness in addition to hair loss, itching, and rashes after consumers tried WEN products. In July 2016, the FDA issued a Safety Alert to warn the public about potential results of using this hair care product. In that warning, the FDA noted that this was the largest number of reports ever received for a hair cleansing product.

Unsurprisingly, litigation has ensued. One California case has resulted in a preliminary class action settlement of over $26 million. Filed in the Central District of California, the suit alleges that the plaintiffs, and their similarly-situated class members, suffered hair loss and scalp irritation, among other injuries. One class representative allegedly lost one-third of her hair after she used WEN’s Sweet Almond Milk kit. In addition, plaintiffs claimed that the WEN was falsely advertised as safe and failed to warn users of potential harm.

Under the terms of the preliminary settlement, notice will be given to 6 million class members, defined as any American purchaser of WEN hair care products between November 2007 and August 1, 2016. A warning will be added to the product’s packaging telling users to seek immediate medical attention for adverse reactions. While many claimants in the class can submit claims for a $25 payment, those with more extensive damages can submit claims for additional recovery. For example, those that have lost more than 50% of their hair with minimal “hair regrowth” could recover as much as $20,000.

But, wait there’s more! The nature of the allegations against WEN have led many consumers, lawmakers, and even the New York Times to ask whether the FDA should have the authority to recall dangerous cosmetics from the market. Currently, the FDA is not authorized to order recalls of cosmetic products. Instead, such recalls are voluntary efforts by manufacturers or distributors.

A cursory inspection of the FDA’s name reveals that “cosmetics” is nowhere to be found in the title of the Food & Drug Administration. While the FDA notes that cosmetic companies and marketers “have the legal responsibility to ensure the safety of their products,” the WEN case provides an opportunity to reflect on the FDA’s regulatory authority over cosmetic products.  For example, the FDA may order warning statements on cosmetics that present health hazards and work with manufacturers on voluntary recalls. Time will tell whether WEN prompts further action to regulate cosmetic products.


Split Ends: WEN Hair Care & the FDA’s Regulation of Cosmetics

MJLST Guest Blogger, Tommy Tobin

[Editor’s Note: The LawSci Forum is pleased to announce a new series on current issues in FDA law. This post is #1 in the series, with more in the coming weeks.]

We have all been tempted by late-night television infomercials and their promises. If the product works, our lives become more convenient; if it doesn’t, we’re only out a few dollars and the product will gather dust. For thousands across America, one product that promised a hair-care revolution left them scratching, itching, and balding.

The Food & Drug Administration (FDA) is investigating over 20,000 incidents of adverse events resulting from WEN by Chaz Dean. Los Angeles-based stylist Chaz Dean is the face of the WEN brand, endorsed by Brooke Shields, Alyssa Milano, and other celebrities. Sold on QVC, infomercials, and elsewhere, WEN is unlike most shampoos. It is marketed as a “revolutionary way to cleanse and hydrate the hair” without water.

There’s another way that WEN is unlike most shampoos: using WEN all too often results in large clumps of hair falling off one’s head. The FDA has received complaints of baldness in addition to hair loss, itching, and rashes after consumers tried WEN products. In July 2016, the FDA issued a Safety Alert to warn the public about potential results of using this hair care product. In that warning, the FDA noted that this was the largest number of reports ever received for a hair cleansing product.

Unsurprisingly, litigation has ensued. One California case has resulted in a preliminary class action settlement of over $26 million. Filed in the Central District of California, the suit alleges that the plaintiffs, and their similarly-situated class members, suffered hair loss and scalp irritation, among other injuries. One class representative allegedly lost one-third of her hair after she used WEN’s Sweet Almond Milk kit. In addition, plaintiffs claimed that the WEN was falsely advertised as safe and failed to warn users of potential harm.

Under the terms of the preliminary settlement, notice will be given to 6 million class members, defined as any American purchaser of WEN hair care products between November 2007 and August 1, 2016. A warning will be added to the product’s packaging telling users to seek immediate medical attention for adverse reactions. While many claimants in the class can submit claims for a $25 payment, those with more extensive damages can submit claims for additional recovery. For example, those that have lost more than 50% of their hair with minimal “hair regrowth” could recover as much as $20,000.

But, wait there’s more! The nature of the allegations against WEN have led many consumers, lawmakers, and even the New York Times to ask whether the FDA should have the authority to recall dangerous cosmetics from the market. Currently, the FDA is not authorized to order recalls of cosmetic products. Instead, such recalls are voluntary efforts by manufacturers or distributors.

A cursory inspection of the FDA’s name reveals that “cosmetics” is nowhere to be found in the title of the Food & Drug Administration. While the FDA notes that cosmetic companies and marketers “have the legal responsibility to ensure the safety of their products,” the WEN case provides an opportunity to reflect on the FDA’s regulatory authority over cosmetic products.  For example, the FDA may order warning statements on cosmetics that present health hazards and work with manufacturers on voluntary recalls. Time will tell whether WEN prompts further action to regulate cosmetic products.


6th Circuit Aligns With 7th Circuit on Data Breach Standing Issue

John Biglow, MJLST Managing Editor

To bring a suit in any judicial court in the United States, an individual, or group of individuals must satisfy Article III’s standing requirement. As recently clarified by the Supreme Court in Spokeo, Inc. v. Robins, 136 S. Ct. 1540 (2016), to meet this requirement, a “plaintiff must have (1) suffered an injury in fact, (2) that is fairly traceable to the challenged conduct of the defendant, and (3) that is likely to be redressed by a favorable judicial decision.” Id. at 1547. When cases involving data breaches have entered the Federal Circuit courts, there has been some disagreement as to whether the risk of future harm from data breaches, and the costs spent to prevent this harm, qualify as “injuries in fact,” Article III’s first prong.

Last Spring, I wrote a note concerning Article III standing in data breach litigation in which I highlighted the Federal Circuit split on the issue and argued that the reasoning of the 7th Circuit court in Remijas v. Neiman Marcus Group, LLC, 794 F.3d 688 (7th Cir. 2015) was superior to its sister courts and made for better law. In Remijas, the plaintiffs were a class of individuals whose credit and debit card information had been stolen when Neiman Marcus Group, LLC experienced a data breach. A portion of the class had not yet experienced any fraudulent charges on their accounts and were asserting Article III standing based upon the risk of future harm and the time and money spent mitigating this risk. In holding that these Plaintiffs had satisfied Article III’s injury in fact requirement, the court made a critical inference that when a hacker steals a consumer’s private information, “[p]resumably, the purpose of the hack is, sooner or later, to make fraudulent charges or assume [the] consumers’ identit[y].” Id. at 693.

This inference is in stark contrast to the line of reasoning engaged in by the 3rd Circuit in Reilly v. Ceridian Corp. 664 F.3d 38 (3rd Cir. 2011).  The facts of Reilly were similar to Remijas, except that in Reilly, Ceridian Corp., the company that had experienced the data breach, stated only that their firewall had been breached and that their customers’ information may have been stolen. In my note, mentioned supra, I argued that this difference in facts was not enough to wholly distinguish the two cases and overcome a circuit split, in part due to the Reilly court’s characterization of the risk of future harm. The Reilly court found that the risk of misuse of information was highly attenuated, reasoning that whether the Plaintiffs experience an injury depended on a series of “if’s,” including “if the hacker read, copied, and understood the hacked information, and if the hacker attempts to use the information, and if he does so successfully.” Id. at 43 (emphasis in original).

Often in the law, we are faced with an imperfect or incomplete set of facts. Any time an individual’s intent is an issue in a case, this is a certainty. When faced with these situations, lawyers have long utilized inferences to differentiate between more likely and less likely scenarios for what the missing facts are. In the case of a data breach, it is almost always the case that both parties will have little to no knowledge of the intent, capabilities, or plans of the hacker. However, it seems to me that there is room for reasonable inferences to be made about these facts. When a hacker is sophisticated enough to breach a company’s defenses and access data, it makes sense to assume they are sophisticated enough to utilize that data. Further, because there is risk involved in executing a data breach, because it is illegal, it makes sense to assume that the hacker seeks to gain from this act. Thus, as between the Reilly and Remijas courts’ characterizations of the likelihood of misuse of data, it seemed to me that the better rule is to assume that the hacker is able to utilize the data and plans to do so in the future. Further, if there are facts tending to show that this inference is wrong, it is much more likely at the pleading stage that the Defendant Corporation would be in possession of this information than the Plaintiff(s).

Since Remijas, there have been two data breach cases that have made it to the Federal Circuit courts on the issue of Article III standing. In Lewert v. P.F. Chang’s China Bistro, Inc., 819 F.3d 963, 965 (7th Cir. 2016), the court unsurprisingly followed the precedent set forth in their recent case, Remijas, in finding that Article III standing was properly alleged. In Galaria v. Nationwide Mut. Ins. Co., a recent 6th Circuit case, the court had to make an Article III ruling without the constraint of an earlier ruling in their Circuit, leaving the court open to choose what rule and reasoning to apply. Galaria v. Nationwide Mut. Ins. Co., No. 15-3386, 2016 WL 4728027, (6th Cir. Sept. 12, 2016). In the case, the Plaintiffs alleged, among other claims, negligence and bailment; these claims were dismissed by the district court for lack of Article III standing. In alleging that they had suffered an injury in fact, the Plaintiffs alleged “a substantial risk of harm, coupled with reasonably incurred mitigation costs.” Id. at 3. In holding that this was sufficient to establish Article III standing at the pleading stage, the Galaria court found the inference made by the Remijas court to be persuasive, stating that “[w]here a data breach targets personal information, a reasonable inference can be drawn that the hackers will use the victims’ data for the fraudulent purposes alleged in Plaintiffs’ complaints.” Moving forward, it will be intriguing to watch how Federal Circuits who have not faced this issue, like the 6th circuit before deciding Galaria, rule on this issue and whether, if the 3rd Circuit keeps its current reasoning, this issue will eventually make its way to the Supreme Court of the United States.