Jenner & Block LLP

EDPB Provides Guidance on Personal Data Transfers Following Schrems II

   

By: Kelly HagedornDavid P. Saunders, and Matthew Worby

New-Development-IconEarlier this year, in Schrems II, the Court of Justice of the EU (CJEU) invalidated the EU-US Privacy Shield.[1] That judgment also cast doubt over the validity of standard contractual clauses (SCCs) as a means by which to transfer personal data outside of the EU, in particular to the United States. Unsurprisingly, this has caused concern within organisations who rely on such transfers as part of their business model.

Data protection requirements, imposed by the GDPR, travel with any personal data whenever it is transmitted outside of the EU. Problems arise when an organisation needs to transfer personal data to a jurisdiction where local laws might undermine these protections. Without some way to manage this potential conflict, it was unclear if organisations’ personal data transfers outside of the EU would be able to continue.

Unfortunately, the CJEU provided no practical guidance for organisations as to how to make international personal data transfers compliant with its ruling and did not provide any safe harbour period before its ruling took effect. In recent days, however, two key efforts have been made to assist organisations meet their post-Schrems II GDPR requirements:

  1. recommendations have been issued by the European Data Protection Board (EDPB);[2] and
  2. a revised set of SCCs has been published by the European Commission for consultation.

Recommendations Issued by the EDPB

The EDPB has published a practical roadmap for organisations seeking to transfer personal data internationally in a compliant manner in the wake of Schrems II. This roadmap sets out six recommended steps:

Continue reading "EDPB Provides Guidance on Personal Data Transfers Following Schrems II" »


California Passes Proposition 24: California Privacy Rights Act to Become Law

   

By: David P. Saunders, Kate T. Spelman, and Effiong K. Dampha

New-Update-IconPrivacy was on the ballot this November, at least in California. And it appears that enough people voted in favor of Proposition 24, the California Privacy Rights Act (CPRA), for it to become law. Although the CPRA technically becomes effective five days after the California Secretary of State certifies the voting results, the bulk of the law – which is an overhaul of the California Consumer Privacy Act (CCPA) – will not come into force until January 1, 2023. Businesses have some time to prepare for the most significant changes, which we have written about previously. Those changes include handling a new category of “sensitive personal information,” the expansion of the existing CCPA private right of action, and mandatory changes to company privacy policies. So what happens to the CCPA, and what do businesses have to prepare for? The answer is not much in the short term.

Until the CPRA becomes fully effective in 2023, the CCPA remains in full effect. That means businesses should keep up with their CCPA compliance, including being attentive to new California Attorney General regulations. The following CPRA provisions – which largely do not impact businesses directly – will become effective once the California Secretary of State certifies the voting results:

  • An extension of the carve out for business contact and employee personal information that is collected by businesses covered by the CCPA. In the existing CCPA, these carve outs were set to expire on January 1, 2021. The carve outs will now be extended to January 1, 2023.
  • A Consumer Privacy Fund will be created – with appropriations to be made by the legislature – with the purpose of “offsetting the costs” of state courts and the California Attorney General enforcing the CCPA (and later the CPRA). The fund will also be used “to promote and protect consumer privacy, educate children in the area of online privacy, and fund cooperative programs with international law enforcement organizations” in connection with addressing consumer data breaches.
  • The California Attorney General will be charged with developing a laundry list of new regulations, which will put meat on the bones of many of the new CPRA rules.
  • A new state agency, the California Privacy Protection Agency, will be created, funded, and begin operations.

Continue reading "California Passes Proposition 24: California Privacy Rights Act to Become Law" »


Authors Explore Cases that Test Limits of the California Consumer Privacy Act

CaliforniaIn a recent article published by The Recorder, Jenner & Block Partner Kate T. Spelman and Associates Vivian L. Bickford and Effiong G. Dampha examine class action cases that test the limits of the California Consumer Privacy Act, which took effect January 1. “These suits shed light on the various ways plaintiffs are testing the boundaries of the CCPA and its private right of action,” the authors observe. They then highlight several categories of these boundary-testing lawsuits.

To read the full article, titled "Class Actions Seek to Test the Limits of the CCPA's Private Right of Action," please click here


Three Takeaways from Lendit 2020

 

By: Michael W. Ross 

FintechI recently attended LendIt’s 2020 conference, the largest Fintech conference of the year.  Kudos to everyone at LendIt for successfully transitioning the conference to a remote platform – it was a great few days of speakers and topics including really slick tools for engagement and networking. In this post, I’m sharing rough notes on my top three takeaways from the sessions I attended. This is by no means a comprehensive recap, and, if you attended, I’d love to hear from you about what you thought.

Artificial Intelligence. First, artificial intelligence and machine learning are on everyone’s mind these days. From regulators to service providers to financial institutions, speakers honed in on the use of AI for everything from underwriting, to risk analysis, to loan servicing, to many other things. Everyone is talking about the risks and rewards of using these new tools, including how to hone their models and how much to involve a human touch. As I listened, the relevance of our prior writing and talks on the potential for enforcement activity in the area of AI was top of mind – it has stayed quite relevant.  Check it out!

Serving the Underserved.  Relatedly, almost everyone seems to be talking about how technology is helping improve access to credit and banking services to those previously cut out – not only the use of AI, but also the overall digitization of banking, payments, and credit. Thought leaders are focused on looking beyond the ordinary credit file; on the use of mobile services to reach new consumers; and on the growth of non-traditional payment platforms. Stay tuned for developments in this area, including the broadening of the “payments” world to include non-financial institutions.

Partnerships.  Last, partnerships are all the rage. Financial institutions are buying startups, in addition to investing in technology themselves; smaller banks, community banks, and others are partnering to keep up with the latest tech trends; and regulators are focused on the third-party risk issues that partnerships raise, and also on allowing third parties to keep smaller banks competitive through partnerships. This area is not limited to true lender issues – especially keep an eye on the FDIC’s recent request for information on standard-setting for third-party service providers.

Again, these are just some blog thoughts from one attendee – please get in touch with your reactions and thoughts!


Colorado Consumers Receive Additional Protections after Attorney General Settles Lawsuits

By: Alexander N. Ghantous

loanIn August of 2020, the Colorado Attorney General’s Office settled two lawsuits concerning Colorado’s right to enforce its consumer loan interest rate limits.[1] The lawsuits involved Avant of Colorado, LLC (“Avant”) and Marlette Funding, LLC (“Marlette”), both of which are not banks.[2] However, partnerships with banks located outside of Colorado were established by the companies: Avant with WebBank, and Marlette with Cross River Bank.[3]

According to the Colorado Attorney General’s website, federal law permits “certain out-of-state banks” to offer loans at higher interest rates in Colorado than what is generally permitted in the state.[4] The Colorado Attorney General alleged that the partnerships in these matters were established to illegally offer loans at higher interest rates than what was allowed in Colorado.[5] While the lawsuits did result in a settlement, there was no admission of fault, liability, or wrongdoing.[6]  

Continue reading "Colorado Consumers Receive Additional Protections after Attorney General Settles Lawsuits " »


California Legislature Passes New Consumer Financial Protection Law

By: Madeline Skitzki

New-Update-IconOn August 31, 2020, the California Legislature passed Assembly Bill 1864. In general, this bill (1) renamed the Department of Business Oversight as the Department of Financial Protection and Innovation and renamed the commissioner of the Department as the Commissioner of Financial Protection and Innovation, and (2) enacted the California Consumer Financial Protection Law (CCFPL) to, among other purposes, strengthen consumer protections by expanding the ability of the Department of Financial Protection and Innovation to improve accountability and transparency in the California financial system and promote nondiscriminatory access to responsible, affordable credit.

Under the bill, the Department of Financial Protection and Innovation is required to regulate the provision of various consumer financial products and services and exercise nonexclusive oversight and enforcement authority under California and federal (to the extent permissible) consumer financial laws. The Department is granted the power to bring administrative and civil actions, issue subpoenas, promulgate regulations, hold hearings, issue publications, conduct investigations, and implement outreach and education programs, and is required to promulgate certain rules and regulations regarding registration requirements. The bill also makes it unlawful for covered persons or service providers to engage in unlawful, unfair, deceptive, or abusive acts or practices with respect to consumer financial products or services or to provide consumers financial products or services that are not in conformity with any consumer financial law.  It further requires covered persons and service providers to file certain documents under oath and imposes specific civil and monetary penalties, as well as injunctive relief, for violations of the CCFPL.  With respect to funding, the bill requires the Commissioner to deposit all money collected or received under the CCFPL with the State Treasurer for the Financial Protection Fund, which is created under the bill for the administration of the CCFPL.


Consumer Finance Observer – Summer 2020 Edition

Summer 2020Jenner & Block has published its fifth issue of Consumer Finance Observer or CFO, a newsletter providing analysis of key consumer finance issues and updates on important developments to watch. As thought leaders, our lawyers write about the consumer finance sector on topics ranging from artificial intelligence, compliance, data security, FinTech, lending, and securities litigation.

In the Summer 2020 issue of the CFO, our consumer finance lawyers discuss: litigation and enforcement consideration for FinTech PPP Lenders; an update on New York State’s Department of Financial Services; the US Supreme Court’s decision in Selia Law LLC v. CFPB; Office of the Comptroller of the Currency's adoption of the rule in Madden v. Midland Funding; COVID-19's disparate impact; and proposed amendments to California's Proposition 65. Contributors are Partners Kali N. BraceyJeremy M. CreelanMichael W. Ross, and Kate T. Spelman; Associates Jacob D. Alderdice and Julian J. Ginos.

To read the full newsletter, please click here


RIP “White” Chocolate Litigation (2012-2020)

By: Alexander M. Smith 

White chocolateWhile some varieties of food labeling lawsuits (such as lawsuits challenging the labeling of “natural” products) show no sign of dying off, other trends in food labeling litigation have come and gone. Last year, for example, appeared to mark the end of lawsuits challenging the labeling of zero-calorie beverages as “diet” sodas. And this year may witness the end — or, at least, the beginning of the end — of lawsuits challenging the labeling of “white” candy that is not technically “white chocolate,” at least as the FDA defines that term.

Although it is difficult to pinpoint the beginning of “white” chocolate litigation, the leading case for many years was Miller v. Ghirardelli Chocolate Co., 912 F. Supp. 2d 861, 864 (N.D. Cal. 2012). There, the court declined to dismiss a lawsuit challenging the labeling of Ghirardelli’s “Classic White” baking chips. The court concluded that the plaintiff had plausibly alleged that a variety of statements on the packaging — including “Classic White,” “Premium,” “Luxuriously Smooth and Creamy,” “Melt-in-Your-Mouth-Bliss,” and “Finest Grind for Smoothest Texture and Easiest Melting” — collectively misled the plaintiff into believing that the product was made with “real” white chocolate, even though it was not. Id. at 873-74. Emboldened by this decision, plaintiffs in California, New York, and elsewhere began filing a wave of similar class actions challenging the labeling of “white” chocolate, baking chips, and other candy. Since the beginning of this year, however, courts have begun dismissing “white” chocolate lawsuits with increasing frequency.

In Cheslow v. Ghirardelli Chocolate Co., for example, the plaintiffs — like the plaintiffs in Miller — challenged the labeling of Ghirardelli Classic White Premium Baking Chips as misleading. --- F. Supp. 3d ---, 19-7467, 2020 WL 1701840, at *1 (N.D. Cal. Apr. 8, 2020). Although the plaintiffs alleged that the product’s labeling misled them into believing that the product contained white chocolate, the court found this theory of deception implausible and dismissed the complaint. In reaching that conclusion, the court noted that the labeling did not include the terms “chocolate” or “cocoa” and that the term “white” referred to the color of the chips, rather than the presence of white chocolate or the quality of the chips. Id. at *4-5. Much as the term “white wine . . . does not inform the consumer whether the wine is a zinfandel or gewürztraminer,” the court reasoned that the adjective “white” was not probative of whether the chips contained white chocolate. Id. at *5. Likewise, even if some consumers might misunderstand the term “white” to refer to white chocolate, the court concluded that this would not salvage the plaintiffs’ claims; according to the court, the fact that “some consumers unreasonably assumed that ‘white’ in the term ‘white chips’ meant white chocolate chips does not make it so.”  The court also rejected the plaintiffs’ remaining theories of deception: it concluded that the term “premium” was non-actionable puffery (id. at *5-6); it held that the image of white chocolate chip macadamia cookies on the package did not “convey a specific message about the quality of those chips” (id. at *7); and it held that consumers could not ignore the ingredients list, which made clear that the product did not include white chocolate and resolved any ambiguity about its ingredients (id. at *7-8). And while the plaintiffs attempted to amend their complaint to bolster their theory of deception, the court concluded that their new allegations — including a summary of a survey regarding consumer perceptions of the labeling — did not render their theory any more plausible and dismissed their lawsuit with prejudice. See Cheslow v. Ghirardelli Chocolate Co., --- F. Supp. 3d ----, 2020 WL 4039365, at *5-7 (N.D. Cal. July 17, 2020).

Continue reading "RIP “White” Chocolate Litigation (2012-2020)" »


SEC and CFTC Actions Against Cryptocurrency App Developer for Unregistered Security-Based Swaps Highlight Risks for Fintech Companies

By: Charles D. Riely and Michael F. Linden

FintechA recent enforcement action by the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) in the Fintech space serves as a cautionary tale for innovators who fail to heed traditional regulations. On July 13, 2020, the SEC and CFTC each filed settled enforcement actions against California-based cryptocurrency app developer Abra and its related company, Plutus Technologies Philippines Corporation. Abra’s bold idea was to provide its global users with a way to invest in blue-chip American securities, all funded via Bitcoin. In executing this idea, Abra took pains to focus its products outside of the United States and hoped to avoid the ambit of US securities laws. As further detailed below, however, the SEC and CFTC both found that Abra’s new product violated US laws. This post details Abra’s product, why the regulators came to the view that the new idea ran afoul of long-established provisions under federal securities and commodities laws, and the key takeaways from the regulators’ actions.

  1. Abra’s Product

In 2018, Abra began offering users synthetic exposure, via Bitcoin, to dozens of different fiat currencies and a variety of digital currencies, like Ethereum and Litecoin. Users could fund their accounts with a credit card or bank account, and Abra would convert those funds into Bitcoin. When a user wanted exposure to a new currency, the user would choose the amount of Bitcoin he or she wanted to invest, Abra would create a “smart contract” on the blockchain memorializing the terms of the contract, and the value of the contract would move up or down in direct relation to the price of the reference currency.

Continue reading "SEC and CFTC Actions Against Cryptocurrency App Developer for Unregistered Security-Based Swaps Highlight Risks for Fintech Companies" »


OCC Adopts Final Rule Rejecting Madden

By: Michael W. Ross, Williams S.C. Goldstein, Amy Egerton-Wiley and Maria E. LaBella

LoanLast month, the Office of the Comptroller of the Currency (OCC) adopted a final rule clarifying that the terms of a national bank’s loans remain valid even after such loans are sold or transferred.  The rule was intended to reject the Second Circuit’s decision in Madden v. Midland Funding 786 F.3d 246 (2015).  The Federal Deposit Insurance Corporation (“FDIC”) followed suit later in the month, adopting a rule to clarify that interest rates on state bank-originated loans are not affected when the bank assigns the loan to a nonbank.  These steps do not resolve all of the uncertainty surrounding the decision, as discussed further below.

  1. The Madden v. Midland Funding

In Madden v. Midland Funding, Saliha Madden, a New York resident, contracted with Bank of America for a credit card with a 27% interest rate.  That rate exceeded the 25% usury cap under New York law.  But, as a national bank, Bank of America believed that it was entitled to “export” the interest rate of Delaware, its place of incorporation, under the National Bank Act and attendant principles of federal preemption.  By the time Madden defaulted, the balance had been acquired by Midland Funding, a debt collector headquartered in California.  When Midland Funding tried to collect the debt at the 27% interest rate, Madden sued under New York usury laws.  She argued that Midland could not take advantage of Bank of America’s interest-rate exportation.

Continue reading "OCC Adopts Final Rule Rejecting Madden" »