CURRENT MONTH (February 2019)

Data Privacy

Federal Court Enjoins NYC Ordinance Requiring Airbnb and HomeAway to Disclose User Info

By Antoine Bedard, Penn State Law

On January 3, 2019, U.S. District Judge Engelmayer of the U.S. District Court for the Southern District of New York preliminarily enjoined a New York City ordinance that required home-sharing platforms like Airbnb and HomeAway to report information monthly on all NYC users, specifically the hosts who provided listings through the platforms. AirBNB, Inc. v. City of New York, 18 Civ. 7712 (PAE) (S.D.N.Y. Jan. 3, 2019). The court held that the platforms have privacy interests in their user records, for competitive and customer relation purposes, that “trigger Fourth Amendment Protection.” The court found that the ordinance would likely be invalidated under the Fourth Amendment, because there is no “pre-compliance review by a neutral decisionmaker” and the city hasn’t sufficiently justified the “sweeping capture” of user records. The court stated that “…the expansive user records required [to] be produced cannot be credibly described as ‘limited in scope.’” Accordingly, the court enjoined the ordinance from taking effect while the parties expeditiously engaged in discovery so the Court would be able to rule on the plaintiffs’ application for permanent relief.

State Attorneys General Are Skeptical of CFPB’s Plan to Spur Innovation

By Stephen T. Middlebrook, Womble Bond Dickinson

Twenty-two state attorneys general have written a letter to CFPB Director Kathy Kraninger expressing concern that the Bureau’s proposal for no-action letters and a regulatory “sandbox” policy will harm consumers.  The CFPB proposals would expand the ability of businesses to experiment with new and innovative financial products by seeking exemptions from certain federal regulations.  Under CFPB’s existing policies that went into effect in 2016, only one company has successfully obtained a no-action letter. The state AGs believe that the proposed modifications, however, go too far and will undermine the Bureau’s ability to protect consumers.  The letter also suggests that the CFPB lacks authority to grant these kinds of waivers.

International Law

U.K. Regulators Agree on Data Sharing Terms

By Valerie Surgenor, MacRoberts LLP 

The UK Information Commissioner’s Office (the “ICO”) and the UK’s Financial Services Authority (the “FCA”) on February 18, 2019, signed a non-binding Memorandum of Understanding (see https://ico.org.uk/media/about-the-ico/documents/2614342/financial-conduct-authority-ico-mou.pdf). The MOU will assist in enabling the two organisations to develop a closer working relationship so that they can better discharge their regulatory functions whilst complying with both the GDPR and the UK Data Protection Act of 2018 where there is sharing of personal data. The ICO is the UK’s data protection regulator and the FCA regulates financial firms providing services to consumers and maintains the integrity of the UK’s financial markets.

 Digital Currency

JPMorgan Chase Successfully Tests Its Own Stablecoin

By Stephen T. Middlebrook, Womble Bond Dickinson

JPMorgan Chase announced <https://www.jpmorgan.com/global/news/digital-coin-payments> that it has successfully tested using its own cryptocurrency to facilitate corporate payments among institutional customers.  The virtual currency, dubbed “JPM Coin,” is a stablecoin pegged to the dollar and backed by funds held on deposit at the bank.  JPMC believes that the virtual currency has potential to provide faster, cheaper payment options to its corporate customers while also reducing counterparty risk.  JPM Coin will be issued on the bank’s permissioned Quorum Blockchain technology, although in the future it should be operable on other blockchain networks.

Florida Court Says Bitcoin isn’t Currency But is a Payment Instrument

Erin J. Illman, Bradley Arant Boult Cummings LLP

On January 30, 2019, the Third District Court of Appeal for the State of Florida entered an order reversing a trial court’s dismissal of charges of illegal money transmission, finding that finding that Bitcoin does not expressly fit within the definition of “currency,” but it does qualify as a payment instrument, defined as a “medium of exchange, whether or not redeemable in currency,” under Florida’s money transmission statute. This is a significant development under Florida law, as a person is prohibited by the Florida Money Services Businesses Law, Chapter 560, Florida Statutes (the “Florida MSB Code”) from engaging in, and in some cases merely advertising its engagement in, a Regulated Money Service in Florida without first obtaining a license from the Florida OFR or qualifying for a statutory exemption from licensure. This case appears to widen the scope of cryptocurrency businesses that must now register under the Florida MSB Code -- holding even brokers who facilitate the buying/selling or exchange of cash for Bitcoin (or potentially other cryptocurrencies) with engaging in“selling or issuing payment instruments for compensation.”

Electronic Contracting

Second Circuit Refuses to Enforce Arbitration Clause in Online Consumer Contract 

By John E. Ottaviani, Partridge, Snow & Hahn LLP

In Starke v. SquareTrade, Inc. No. 17-2474-CV (2d Cir. Jan 10, 2019), the Second Circuit Court of Appeals affirmed that an arbitration clause did not become part of the contract between SquareTrade and a consumer, because the consumer did not have reasonable notice of and manifest his assent to the clause.  The arbitration clause was included in terms linked to a post-sale email sent to the consumer.  The Second Circuit applied the reasoning from its decisions in Nicosia v. Amazon.com, Inc., 834 F.3d 220, 229 (2d Cir. 2016), and Meyer v. Uber Techs., Inc., 868 F.3d 66, 72–73 (2d Cir. 2017), and concluded the consumer did not have reasonable notice of the arbitration provision.  Facts that were important to the Court were:  (1) SquareTrade never directed the consumer’s attention to the terms-and-conditions hyperlink that contained the arbitration clause, (2) nothing in the “cluttered” post-sale email sent to the consumer directed the consumer’s attention to the terms and conditions, (3) the interface was cluttered and featured various buttons and promotional advertisements that distract the reader from the relevant hyperlink, (4) the email did not advise the consumer that he would be deemed to agree to the contract terms by clicking the link.  The Court of Appeals also felt that, although terms provided to a consumer after the sale may be enforceable in appropriate cases, there was little reason for SquareTrade not to provide the terms pre-sale.

New York Federal Court Upholds Arbitration Clause in a Digital Currency Contract 

By John E. Ottaviani, Partridge, Snow & Hahn LLP

Recently, in Sultan v. Coinbase, Inc. No. 18-934 (FB)(ST) (E.D.N.Y. Jan 24, 2019), a federal district court permitted Coinbase to enforce an arbitration clause in an online contract with a customer.  The court used the reasoning in the Second Circuit’s decisions in Starke v. SquareTrade, Inc. No. 17-2474-CV (2d Cir. Jan 10, 2019), Nicosia v. Amazon.com, Inc., 834 F.3d 220, 229 (2d Cir. 2016), and Meyer v. Uber Techs., Inc., 868 F.3d 66, 72–73 (2d Cir. 2017), to determine that it had to “look to the design and content of the relevant interface to determine if the contract terms were presented to the offeree in [a] way that would put her on inquiry notice of such terms.”  Factors important to the Court’s decision were that the user interface had a “minimalist layout and no distractions,” the request to agree to the terms and the privacy policy were immediately above the “Create Account” button and “provided simultaneously to enrollment,” and that the user had to affirmatively click a box certifying that he or she agree to the terms and the privacy policy.  This case, together with the SquareTrade decision, demonstrates that courts are no longer automatically “rubber-stamping” and enforcing the terms of a “click-through” agreement, but are looking carefully at the presentation of the terms to determine whether the user has reasonable notice of the terms.  This factor was also identified in pioneering work done by the ABA Business Law Section’s Cyberspace Committee in looking at online contractingSultan v. Coinbase, Inc. No. 18-934 (FB)(ST) (E.D.N.Y. Jan 24, 2019)

Does Freedom of Contract Require Freedom From Contract

By John E. Ottaviani, Partridge, Snow & Hahn LLP

An interesting blog post on the Scientific American blog observes that the number of written contracts the average person enters into has increased exponentially in the last 50 years, and that the “click to contract” human-computer interface nudges human to behave automatically, without thinking, making consent illusory.  The post argues that freedom of contract requires freedom from contract, and that when the contract becomes automatic and ubiquitous, both disappear.

Cybersecurity

New York Department of Financial Services Cybersecurity Regulations Filings

By Alan S. Wernick, Wernick & Associates, Ltd.

The New York Department of Financial Services (“DFS”) cybersecurity regulations (23 NYCRR 500) became effective March 1, 2017.  These regulations affect companies outside of New York doing business with financial services companies in New York.  Mentioned in the regulations, and in the 12/21/2018 Memo from the DFS Superintendent, by 3/1/2019 all banks, insurance companies, and other financial services institutions and licensees regulated by DFS will be required to have a robust cybersecurity program in place designed to protect consumers' private data; a written policy or policies that are approved by the Board of Directors or a Senior Officer (e.g., a CISO) to help protect data and systems; and controls and plans in place to help ensure the safety and soundness of New York's financial services industry (e.g., encryption and multifactor authentication).  The regulation sets forth certain limited exemptions, many of which still require certain cybersecurity programs and practices. The second annual certifications of compliance were due 2/15/2019, and any entity requesting an exemption should have notified DFS prior to the 2/15/2019 deadline.

Financial Institutions Move Towards Settlement with Wendy’s over Data Breach

By Alan S. Wernick, Wernick & Associates, Ltd.

From October 2015 through June 2016, The Wendy’s Company (“Wendy’s”) experienced a data breach that allegedly compromised customers’ personal and financial information during the period that resulted in, among other things, First Choice Federal Credit Union, et al. vs The Wendy’s Company, et al.  This is a lawsuit filed by several financial institutions claiming Wendy’s owed them reimbursements for expenses they incurred when they had to reimburse customers for fraudulent transactions that followed the data breach at Wendy’s.  On February 13, 2019, counsel for the parties submitted their Memorandum of Law in Support of Plaintiffs’ Unopposed Motion for Preliminary Approval of Class Action Settlement. On February 26, 2019, the Court issued its Preliminary Approval Order (Document 183) concerning the settlement.  Under the proposed settlement Wendy’s agrees, among other things to:  pay $50 million into a settlement fund to compensate financial institutions who issued payment cards compromised in the data breach; create and/or maintain certain data security safeguards for itself and its franchisees.

EDITED BY

ARTICLES & VIDEOS (February 2019)

Filter By Topics: Topic

No Results Found.

No Results Found.

No Results Found.

Login or Registration Required

You need to be logged in to complete that action.

Register/Login