Bryan Cave Leighton Paisner Retail Blog

Retail Law

Other Posts

Main Content

Online Seller Wins Dismissal of RICO Claims in Counterfeiting Action by Fashion Retailers

A New York federal court recently held that defendant Alibaba Group Holding Ltd. (“Alibaba”), which is notorious for allegedly enabling the sale of counterfeit products, did not violate federal racketeering law by selling allegedly counterfeit products on its e-commerce venues.

Alibaba owns and operates the popular shopping sites Alibaba.com, Taobao.com, and AliExpress.com, and generated $248 billion in gross merchandise volume in 2014 – more than Amazon and eBay combined. Luxury fashion retailers, including Gucci and Yves Saint Laurent, filed suit against Alibabi and seven other corporate entities that had roles in online platforms through which Chinese merchants could connect with consumers worldwide.

The lawsuit alleges that fourteen Chinese merchants, also named as defendants, sold counterfeit products bearing plaintiffs’ marks in the Alibaba marketplaces. It further alleges that the Alibaba defendants provided the online marketing, data collection, payment processing, financing, and shipping services necessary to sell the products, even though they knew or should have known that the merchant defendants were selling counterfeit goods.

On August 4, 2016, the U.S. District Court for the Southern District of New York granted the Alibaba defendants’ motion to dismiss two claims asserted against them under the Racketeer Influenced and Corrupt Organizations Act, 18 U.S.C. §1961 et seq. (“RICO”).

Plaintiffs’ first RICO claim was a substantive RICO claim brought pursuant to Section 1962(c), which makes it “unlawful for any person employed by or associated with any enterprise engaged in…interstate or foreign commerce, to conduct or participate, directly or indirectly, in the conduct of such enterprise’s

Receipt With Credit Card Data Constitutes Sufficient Injury for Class Action to Proceed

A recent federal court ruling allows a class action lawsuit to proceed against luxury fashion retailer Jimmy Choo for violating the Fair and Accurate Credit Transactions Act of 2003 (FACTA).  This ruling, which will likely be appealed, has important implications for other consumer class action lawsuits against retailers.

Jimmy Choo was accused of violating FACTA by printing credit card expiration dates on customer receipts in Wood v. J Choo USA, Inc., S.D. Fla. Case No. 15-cv-81487.  Jimmy Choo argued that the plaintiff had no standing to sue because she was not damaged when the retailer printed her credit card expiration date on her receipt. The court disagreed, holding that the consumer was sufficiently damaged to maintain the action as soon as soon as the receipt was printed.

Companies facing lawsuits alleging FACTA violations should be aware that although the U.S. Supreme Court held in Spokeo Inc. v. Robins, 136 S. Ct. 1540 (2016), that a plaintiff must show that an injury was both “concrete and particularized” and cannot rely on a procedural violation to allege injury in fact, there are instances where an injury may exist solely by virtue of a breach of a statutory prohibition.

Judge Beth Bloom of the U.S. District Court for the Southern District of Florida said that in certain circumstances—such as in this case involving Jimmy Choo—“the violation of a procedural right granted by statute” is sufficient to constitute injury for purposes of standing.

FACTA prohibits businesses from printing more than the

FDA Releases Final Rule Allowing Voluntary Risk Reviews of Food Additives to Continue

The Food and Drug Administration (FDA) says its final rule allowing outside groups to evaluate food additive risks will streamline its “Generally Recognized as Safe” (GRAS) reviews.

The agency recently released its GRAS final rule for its food additive program, switching reviews from a more formal but slower “petition-based” process to a voluntary “notification” process.  For retailers with private label food products, that means that they or their vendors can continue to convene their own expert panels to review the safety of many food additives, and provide notice of their findings to the FDA.

Under the federal Food, Drug and Cosmetic Act (FD&C Act), any substance that is intentionally added to food is a food additive that is subject to premarket review and approval by FDA, unless the substance is generally recognized, among qualified experts, as having been adequately shown to be safe under the conditions of its intended use, or unless the use of the substance is otherwise excepted from the definition of a food additive.

The use of a food substance may be GRAS either through scientific procedures or, for a substance used in food before 1958, through experience based on common use in food, which requires a substantial history of consumption for food use by a significant number of consumers.

Rule adopts pilot voluntary notification program.

The FDA’s rule implements as final a pilot notification program under which food makers can convene their own expert panels to prepare GRAS reviews and provide notice to the

New Federal Law Will Require Disclosure of GMO Content in Food

A new federal law will require food makers to disclose when foods contain genetically modified ingredients.

The law, which was recently signed by President Obama, will require such food products to be labeled with text, a symbol, or an electronic code readable by smartphone indicating the presence of GMOs. Small businesses will also have the option to label food products with a telephone number or Internet website directing customers to additional information.

The U.S. Department of Agriculture (USDA) has two years to draft regulations concerning which products require such disclosure, and additional details concerning what food makers must do to comply. After the regulations are finalized, food makers will have at least another year before the law takes effect.

Law preempts state and local GMO labeling laws.

The federal law preempts a similar Vermont law, Act 120, that took effect in July, as well as any other state or local GMO disclosure laws. The Vermont Attorney General’s office has announced it will suspend enforcement of Act 120.

Critics of the federal law, including Vermont’s congressional delegation, argued that it falls short compared with Vermont’s tougher labeling law requiring all foods with GMO ingredients to be labeled “produced with genetic engineering.”

Supporters of the federal law, including many in the food industry, say it avoids a state-by-state patchwork of laws in favor of a national disclosure solution.

Law will be federally enforced, but may fuel private lawsuits.

The law will be administered and enforced by the federal government, through the USDA.

FAA Regulations Clear Way for Delivery Drones

August 9, 2016

Categories

FAA Regulations Clear Way for Delivery Drones

August 9, 2016

Authored by: BCLP and Flora Sarder

The Federal Aviation Administration (FAA) has finalized its regulations concerning operational drones, allowing retailers to start using drone delivery systems.

In making drones available for retail delivery use, the FAA has carved out a space for drones to operate without becoming an “air carrier” under federal law regulating air transportation.

As a result, drones can now be used to deliver cargo in the mainland United States, except in Washington D.C., or any U.S. territory if the cargo weighs less than a total of 55 pounds, the flight is conducted from the remote pilot’s visual line of sight, the drones fly a maximum speed of 100 mph, and gain a maximum of 400 feet.

The much anticipated drone regulations bode well for retailers and manufacturers making their way into the drone delivery space.  Just a couple of months ago, Switzerland’s postal service began testing out drone deliveries with Matternet, a company dedicated to creating and mastering drone delivery systems.

In the United States, Amazon has eagerly been preparing for favorable regulations to allow room for Amazon PrimeAir, a delivery system designed to get to customers in 30 minutes or less.

Drones must be flown by remote pilots during daylight hours

Before retailers can start operating delivery drones, the new FAA regulations require that there must be a remote pilot who holds a remote pilot certificate and conducts a pre-flight check before each flight.  The drone must remain in the pilot’s visual line of sight so that it can be readily seen without

Does Your Organization Collect Geo-Location Information?

July 14, 2016

Categories

Smartphones, smartphone apps, websites, and other connected devices (e.g.,“wearables”) increasingly request that consumers provide their geo-location information.  Geo-location information can refer to general information about a consumer’s location, such as his or her city, state, zip code, or precise information that pinpoints the consumer’s location to within a few feet, such as his or her GPS coordinates.

Organizations request geo-location information for a variety of reasons.  For example, many apps – such as transportation or delivery services – require geo-location in order to provide services that are requested by the consumer.  Other apps – such as mapping programs, coupon programs, or weather programs – require geo-location information in order to provide consumers with useful information.  Because such information has become intertwined, in many cases, with products and services, some organizations require the user to “Accept” or ‘“Agree”’ to the collection of geo-location information as a condition to using a device, application, or website.

Although there is currently no federal statute that expressly regulates the use, collection, or sharing of geo-location data, the FTC has taken the position that precise geo-location information is a form of “sensitive” personal information and has suggested that a failure to reasonably secure such information, or a failure to adequately disclose the collection or sharing of such information, may violate the FTCA’s general prohibition against unfair or deceptive practices.1  In addition, Congress and state legislatures have considered several proposals that would expressly regulate the data.

What to consider if your organization collects geo-location information:

  • What is the
  • What to Consider When Drafting or Reviewing a Privacy Policy

    June 20, 2016

    Categories

    Although financial institutions, health care providers, and websites directed to children are required to create consumer privacy policies under federal law, other types of websites are not.  In 2003, California became the first state to impose a general requirement that most websites post a privacy policy.  Under the California Online Privacy Protection Act (“CalOPPA”), all websites that collect personal information about state residents must post an online privacy policy if the information is collected for the purpose of providing goods or services for personal, family, or household purposes.  Since the passage of the CalOPPA, most websites that collect information – whether or not they are directed at California residents or are otherwise subject to the CalOPPA – have chosen to post an online privacy policy.

    What to think about when drafting or reviewing a privacy policy:

  • Is your organization subject to a federal law that requires that a privacy policy take a particular form, or include particular information?
  • Does the privacy policy describe the main ways in which your organization collects information?
  • Does the privacy policy describe the ways in which your organization shares information with third parties?
  • Does the privacy policy discuss data security? If so, is the level of security indicated appropriate?
  • Would the privacy policy interfere with a possible merger, acquisition, or sale of your organization’s assets?
  • Would the privacy policy interfere with future ways in which your organization may want to monetize data?
  • Does the privacy policy use terms that might be misunderstood
  • How to Pass Data Between Retailers to Facilitate Transactions

    June 9, 2016

    Categories

    Online retailers often learn information about a consumer that may be used to help identify other products, services, or companies that may be of interest to the consumer.  For example, if a consumer purchases an airplane ticket to Washington, D.C., the consumer may want information about hotels, popular restaurants, or amenities at the airport.

    Although online retailers often strive to provide recommendations quickly, and to make a consumer’s transition to a third party retailer seamless, the Restore Online Shoppers’ Confidence Act (“ROSCA”) generally prohibits one online merchant from transferring payment information (e.g., a credit card number) to a second online merchant.

    Below are some questions to consider when evaluating the data privacy issues involved in passing information between online retailers:

  • Are consumers being presented with third party products or services when they visit a retailer’s website?
  • Are consumers being presented with third party products or services immediately after they visit a retailer’s website?
  • Are such items affirmatively selected by the consumer, or added automatically to the consumer’s shopping cart?
  • If the consumer decides to purchase such items, would they likely think that your organization, or the third party, is processing the transaction?
  • Is the total cost of each third party product clearly and conspicuously disclosed?
  • If the consumer indicates that they wish to buy a third party product or service, can the consumer easily change that decision?
  • Is contact information being transferred from one retailer to another?
  • Is payment information being transferred from one retailer to another?
  • Is the third
  • Recommendations for Evaluating Your Company’s Use of Social Media

    The majority of retailers utilize social media to market their products and services, interact with consumers, and manage their brand identity. Many mobile applications and websites even permit users to sign-in with their social media accounts to purchase items or use the applications’ services.

    While using third party social media websites has significant advantages for businesses, it also raises distinct privacy concerns. Specifically, the terms of use that apply to social media platforms may give the platform the right to share, use, or collect information concerning your business or your customers. To the extent that the social media platform’s privacy practices are not consistent with the practices of your own company, they may contradict or violate the privacy notice that you provide to the public.

    Here is a list of issues to consider when evaluating your company’s use of social media:

  • How would a data breach of social media platforms affect your company? Do you have a plan if your social media account is breached?
  • Does your company share information with an intermediate service provider, such as a social media analytics company, to provide or analyze social media services?
  • Is your internal data or customer personal information protected under your agreements with third parties, including social media platforms?
  • What types of customer personal information are solicited, collected, maintained, or disseminated via your social media platforms (e.g., geo-location)?
  • Do you display information or images of users or other people, including your employees? Did the people in the images give their permission
  • Data Breach Litigation Report: An Analysis of Federal Class Action Lawsuits Involving Data Security Breaches

    Data security breaches – and data security breach litigation – dominated the headlines in 2015 and continue to do so in 2016.  While data breach litigation is an important topic for the general public, and remains one of the top concerns of general counsel, CEOs, and boards alike, there remains a great deal of misinformation reported by the media, the legal press, and law firms. At best this is due to a lack of knowledge and understanding concerning data breach litigation; at worst some reports border on sensationalism or fearmongering.

    Bryan Cave LLP began its survey of data breach class action litigation four years ago to rectify the information gap and to provide clients, as well as the broader legal, forensic, insurance, and security communities, with reliable and accurate information concerning data breach litigation risk.  The 2016 report covers litigation initiated over a 15 month period from the fourth quarter of 2014 through the fourth quarter of 2015.  Key findings include:

    • There was a nearly 25% decline in the quantity of cases filed as compared to the 2015 Data Breach Litigation Report .
    • When multiple filings against single defendants are removed, there were only 21 unique defendants during the relevant period, indicating that plaintiffs’ attorneys are filing multiple cases against companies connected to the largest and most publicized breaches, and are not filing cases against the vast majority of other companies that experience data breaches.
    • Approximately 5% of publicly reported data breaches led to class action

    Credit Card Data Breaches: Protecting Your Company from the Hidden Surprises

    Debit and credit cards are now the primary form of retail payment. Many retailers may not realize, however, that by accepting credit cards, they expose themselves to the risk of a data security breach and significant potential costs and legal liabilities.

    Retailers should consider the major sources of direct costs following a data breach. These costs always include the retaining of a PCI (payment card industry) certified forensic investigator as required by the PCI Council. Costs also typically include the retaining of a privileged forensic investigator (often by the retailer’s law firm or general counsel); the hiring of outside counsel; public relations and crisis management; and consumer notification including printing and mailing costs and protection services offered to consumers.

    In addition to the direct costs following a data breach, retailers often face three forms of liability from third parties: payment card brand fees; regulatory costs arising from investigations from the FTC, SEC and State Attorneys General, for example; and class action exposure. Contrary to what many retailers believe, retailers are typically not shielded from liability by their card processor or device manufacturers in the event of a payment card data breach. The “fine print” in the contracts for these products or services usually includes a number of provisions that place the liability on the retailer.

    Finally, retailers may want to evaluate whether a cyber-insurance policy is needed, and if the policy they are considering provides appropriate coverage, retention and limits in light of the costs detailed above.

    Click here  to

    The attorneys of Bryan Cave Leighton Paisner make this site available to you only for the educational purposes of imparting general information and a general understanding of the law. This site does not offer specific legal advice. Your use of this site does not create an attorney-client relationship between you and Bryan Cave LLP or any of its attorneys. Do not use this site as a substitute for specific legal advice from a licensed attorney. Much of the information on this site is based upon preliminary discussions in the absence of definitive advice or policy statements and therefore may change as soon as more definitive advice is available. Please review our full disclaimer.