Bryan Cave Leighton Paisner Retail Blog

Main Content

Subscription-Based Business Models: An Overview of Auto-Renewal Regulations

The demand for subscription-based and recurring revenue business models is growing faster than ever.  According to a 2014 report by The Economist Intelligence Unit, 80 percent of customers are demanding new consumption models including subscribing, sharing, and leasing.  As a result, most companies are changing, or are in the process of changing, how they price and deliver their goods and services.  With 6.8 billion potential subscribers on mobile, social and web, the market is ripe for the business models first made popular by companies such as BirchBox and Dollar Shave Club.

A natural corollary to the recurring revenue streams driven by subscriptions is the need to comply with laws regulating purchases that automatically renew.  While subscription services (sometimes referred to as auto-renewal programs) can be lucrative, companies should be mindful of the applicable laws to avoid the costs of fighting off the type of lawsuits that led to Sirius XM Radio settling an auto-renewal case for $3.8 million and Angie’s List settling a similar suit for $2.8 million.

Automatic Renewal Regulation

Automatic renewal programs are regulated by both the federal government and individual states.  Federally, automatic renewal programs are regulated by the Federal Trade Commission under 15 U.S.C. Section 41, et seq. and the Restore Online Shoppers’ Confidence Act.  Under these regulations, the FTC and the attorney generals for individual states have enforcement authority to bring actions against companies in violation of these rules.

On the state level, at least 24 states have enacted statutes regulating automatic renewals to

The New FLSA Regulations: Impact Will Be More Than Just Higher Salaries for Exempt Employees

As has been widely publicized in the press, on May 18, 2016, the U.S. Department of Labor (“DOL”) released the final rule updating the regulations regarding the white collar exemptions from overtime compensation under the Fair Labor Standards Act (“FLSA”). These regulations apply to workers who fall under the executive, administrative, or professional exemptions from the FLSA’s minimum wage and overtime protections as well as to the highly compensated employee.  The new regulations will likely be challenged, but, barring a court injunction or other action, they will go into effect on December 1, 2016. While the DOL did not alter the duties test for the overtime exemptions, the impact on employers will be much more profound than just higher salary levels.


Under the new regulations:

  • The salary threshold increases from $455 per week (i.e., $23,660 per year) to $913 per week (i.e., $47,476 per year).
  • The total annual compensation requirement for highly compensated employees increases from $100,000 to $134,004 (the employer must pay the salary threshold ($913/week) each week exclusive of any nondiscretionary bonuses or incentive payments).
  • These amounts will automatically update every three years, with the first update effective January 1, 2020.
  • Nondiscretionary bonuses and incentive payments, including commissions, may satisfy up to 10 percent of the salary basis requirement (but there are specific requirements that must be met, such as payments must be made on a quarterly or more frequent basis).
  • Small businesses, nonprofit organizations, and higher education institutions must comply with the new requirements

Recommendations for Evaluating Your Company’s Use of Social Media

The majority of retailers utilize social media to market their products and services, interact with consumers, and manage their brand identity. Many mobile applications and websites even permit users to sign-in with their social media accounts to purchase items or use the applications’ services.

While using third party social media websites has significant advantages for businesses, it also raises distinct privacy concerns. Specifically, the terms of use that apply to social media platforms may give the platform the right to share, use, or collect information concerning your business or your customers. To the extent that the social media platform’s privacy practices are not consistent with the practices of your own company, they may contradict or violate the privacy notice that you provide to the public.

Here is a list of issues to consider when evaluating your company’s use of social media:

  • How would a data breach of social media platforms affect your company? Do you have a plan if your social media account is breached?
  • Does your company share information with an intermediate service provider, such as a social media analytics company, to provide or analyze social media services?
  • Is your internal data or customer personal information protected under your agreements with third parties, including social media platforms?
  • What types of customer personal information are solicited, collected, maintained, or disseminated via your social media platforms (e.g., geo-location)?
  • Do you display information or images of users or other people, including your employees? Did the people in the images give their permission
  • No Common Sense – Today’s Cost of Doing Business

    May 23, 2016


    What is a retailer to do? The world today is filled with people assuming they are being disrespected and believing they are being defrauded. It’s not just that some customers can be surly and demanding when they are in your store, they often seek to sue you on behalf of all your customers, wreaking havoc on your business operations and driving up your legal expenses. Common sense, courtesy, and consideration may be the retailers’ best tools both at the point of sales and in court.  Remember even when they sue, people are your customers.

    Over the past several years, there has been a rash across the country in “consumer protection” class actions. Not health and safety challenges; those obviously should be first order of priority both from the standpoint of risk to the company and from the standpoint of reputation and “doing the right thing.” For example, labeling class action claims have been increasing dramatically in the past several years and have hit a number of industries including food, heath, cosmetics, pet care and others.  The challenges run the gamut from trade dress to challenges about specific product content or potential scientific benefits.

    Real Risk Exposure? This other variety of suits challenge nitpicky “common sense” product issues yet are wrapped (no pun intended) in theories of marketing fraud or other unfair practices allegations. Recent class action case topics have included: is my sandwich long enough, is there too much ice in my drink, etc. Unfortunately, many of these suits allege

    Gender-Based Price Discrimination: California Seeks to Extend Law to Prohibit Discrimination in Pricing of Gender-Specific Goods

    California is taking on gender price discrimination. California law already prevents businesses from gender-based price discrimination for services such as haircuts, alterations, and dry cleaning.   A recently proposed bill (Senate Bill 899, Hueso) would extend that law to “retailers” and prohibit price discrimination in the sale of “goods.”

    SB 899 recently passed out of the Senate Judiciary Committee, where several positive amendments were made after comments from the California Retailers Association and others.  One significant change from the original proposed legislation is elimination of a requirement that retailers post the prices of all goods so that consumers could determine if “men’s” and “women’s” products were priced the same.  The bill also removed food products from its broad scope.

    The bill as amended states: “No business establishment . . . may discriminate, with respect to the price charged for goods of a substantially similar or like kind, against a person because of the person’s gender.”  “Substantially similar” is defined as goods that do all of the following: “(A) Share the same brand; (B) Share the same functional components; and (C) Share 90 percent of the same materials or ingredients.”

    The amended bill also permits price differences based “specifically on the labor, materials, tariffs, or other gender-neutral reasons for having increased cost for providing the goods.”  The bill contains a statutory penalty of $4,000 for violations and contains an attorneys’ fees provision.

    While substantially improved since introduction, SB 899 remains problematic:  What goods are gender-specific?  Would a pink towel or scented

    Data Breach Litigation Report: An Analysis of Federal Class Action Lawsuits Involving Data Security Breaches

    Data security breaches – and data security breach litigation – dominated the headlines in 2015 and continue to do so in 2016.  While data breach litigation is an important topic for the general public, and remains one of the top concerns of general counsel, CEOs, and boards alike, there remains a great deal of misinformation reported by the media, the legal press, and law firms. At best this is due to a lack of knowledge and understanding concerning data breach litigation; at worst some reports border on sensationalism or fearmongering.

    Bryan Cave LLP began its survey of data breach class action litigation four years ago to rectify the information gap and to provide clients, as well as the broader legal, forensic, insurance, and security communities, with reliable and accurate information concerning data breach litigation risk.  The 2016 report covers litigation initiated over a 15 month period from the fourth quarter of 2014 through the fourth quarter of 2015.  Key findings include:

    • There was a nearly 25% decline in the quantity of cases filed as compared to the 2015 Data Breach Litigation Report .
    • When multiple filings against single defendants are removed, there were only 21 unique defendants during the relevant period, indicating that plaintiffs’ attorneys are filing multiple cases against companies connected to the largest and most publicized breaches, and are not filing cases against the vast majority of other companies that experience data breaches.
    • Approximately 5% of publicly reported data breaches led to class action

    Native Advertising: Recent FTC Cases Require Disclosure of Paid Endorsements on Social Media

    May 12, 2016


    Two recent cases by the Federal Trade Commission (“FTC”) demonstrate its position that paid endorsements in social media must be disclosed. These cases reinforce the FTC’s stance on transparency in native advertising, which is paid advertising made to look like the media content around it.

    The FTC has approved a final consent order with Machinima, Inc. requiring the company to disclose when it has compensated “influencers” to post online videos or product endorsements. According to the FTC’s complaint, the California-based online entertainment network engaged in deceptive advertising by paying influencers to post online videos endorsing a home video game system and several games, without disclosing that they were being paid for their opinions.

    Although not yet final, the FTC has also proposed a consent order with department store chain Lord & Taylor, based on that company’s advertising campaign for a new apparel line using a paid article in online fashion magazine, Nylon, as well as other online posts. The FTC complaint alleges that Lord & Taylor paid fashion influencers between $1,000 and $4,000 each to post a photo of themselves in a particular dress, styled any way they like, with the photo tag @lordandtaylor. Lord & Taylor did not, however, require Nylon or the influencers to disclose that they had been paid, which the FTC complaint alleges constituted false advertising.

    In both cases, the orders prohibit the companies from falsely claiming – expressly or by implication – that an endorser, influencer or blogger is an independent user or ordinary consumer.

    The Hidden Danger for Retailers Doing Business in New Jersey: Alert Regarding the Truth-in-Consumer Contract, Warranty and Notice Act

    A New Jersey statute intended to prevent deceptive practices in consumer contracts recently has become a focus for litigation in the state.

    The Truth-in-Consumer Contract, Warranty and Notice Act, N.J.S.A. §56:12-14 et seq., (“TCCWNA”) prohibits the use of illegal terms in consumer contracts and also provides that consumer contracts may not state that any of its provisions are void, unenforceable or inapplicable in some jurisdictions “without specifying which provisions are or are not void, unenforceable or inapplicable within the State of New Jersey.” See TCCWNA at §56:12-16. In other words, a general disclaimer regarding a consumer contract that is directed to New Jersey residents is not sufficient. Instead, it appears the customer-facing language used by a retailer should identify the specific provisions of its contracts, warranties, notices, loyalty programs, signs, etc. that are void, unenforceable or inapplicable in New Jersey.

    Courts have interpreted the statute to apply to language typically used by retailers in their websites’ Terms and Conditions and Rules of Use, on social media, and in contracts – such as commonly used provisions seeking to hold the retailer harmless or limit liability, requiring the customer to assume risks, and waiving certain fees and costs. As a result, retailers should evaluate all customer-facing language, notices and disclosures to ensure that the rights of New Jersey customers are not being waived or restricted. Retailers should note, however, that plaintiffs are in the process of testing the boundaries of the TCCWNA with courts, which means that the law is unsettled

    ADA Website Accessibility Cases Continue to Grow

    An increasing number of retailers are facing lawsuits or threats of lawsuits regarding website accessibility under the Americans With Disabilities Act (“ADA”), despite the fact that the ADA and its implementing regulations do not expressly address website accessibility.

    The Department of Justice first announced in 2010 that it would issue formal regulations regarding website accessibility, but they now are not expected until 2018. In the meantime, the number of cases against retailers and others continue to mount, and judges show no propensity to dismiss or stay the cases while the DOJ works on its regulations.  Last month, a federal magistrate judge in a website accessibility case against Harvard University and the Massachusetts Institute of Technology rejected arguments that the court should dismiss or stay those cases pending issuance of the DOJ regulations.

    Further, for what is believed to be the first time in any court, a California judge recently granted summary judgment to a visually-impaired plaintiff who alleged that the website of luggage retailer Colorado Bag’n & Baggage was inaccessible in violation of the ADA. Judge Brian Foster awarded the plaintiff, Edward Davis, $4,000 in damages.  Davis is also entitled under the ADA to recovery of his attorneys’ fees.  Davis has filed at least nine lawsuits in San Bernardino County Superior Court and another two in federal court. Several have ended with settlements.  He is represented by Victoria Knowles of the Newport Trial Group.

    UPDATE Regarding California Prop. 65: Revised Warning Requirements for BPA in Canned Foods Effective May 11, 2016

    May 5, 2016


    The Proposition 65 warning requirement for Bisphenol-A (“BPA”) takes effect on May 11, 2016, but a recent emergency regulation has revised the warning requirements for food and beverage products only.

    Pursuant to an emergency regulation proposed by California’s Office of Environmental Health Hazard Assessment (OEHHA), the Proposition 65 warning for such food and beverage products may be posted at all point-of-sale devices. The warning should be at least 5 inches by 5 inches, and the language as revised should state:


    Many food and beverage cans have linings containing bisphenol A (BPA), a chemical known to the State of California to cause harm to the female reproductive system.  Jar lids and bottle caps may also contain BPA.

    You can be exposed to BPA when you consume foods or beverages packaged in these containers.

    For more information, go to:

    OEHHA intends to allow the point-of-sale warning for at least a year and a half in order to allow manufacturers time to provide product-specific warnings or to reformulate using BPA alternatives, and for safe harbor levels for exposure to BPA to be established. BPA is often found in the epoxy lining in canned foods and beverages, the lining in many jar lids and bottle caps, and in a wide range of hard plastic consumer products. OEHHA recently proposed a safe harbor level of 3 micrograms per day for dermal BPA exposure from solid materials.

    The emergency regulation and point-of-sale warning only

    EEOC Proposes to Collect Pay Data from Certain Employers

    April 25, 2016


    EEOC Proposes to Collect Pay Data from Certain Employers

    April 25, 2016

    Authored by: Nancy Franco

    The Equal Employment Opportunity Commission (“EEOC”) recently proposed a revision to the Employer Information Report (“EEO-1”) that would require certain employers to submit aggregate data on employee pay and hours worked.

    Employers with 100 or more employees and federal contractors with 50-99 employees already are required to submit the EEO-1 to the EEOC by September 30 of each year.  The current version of the EEO-1 requires employers to report the number of individuals they employ by ten job categories, sex, race, and ethnicity. Under the new proposal, beginning with the September 30, 2017 report, private employers and federal contractors with 100 or more employees would also report the number of employees and the employees’ total W-2 earnings for the prior twelve month period within twelve designated pay bands.

    For example, an employer would report that it employs 5 Latina women who are Senior Level Officials in the twelfth pay band ($208,000 and over).  Employers would not report individual salary information.  An employer would also report the total number of hours worked by its employees in each pay band for the last twelve month period by their sex, race, and ethnicity.  For example, an employer would report that the total hours worked by the 5 Latina women who are Senior Level Officials in the twelfth pay band is 10,000 hours.

    Federal contractors with 50-99 employees would not be required to submit data regarding pay or hours worked, but they would still be required to report data regarding sex, race, and ethnicity

    Certification of Compliance with Flammability Standards No Longer Required for “Inherently Safe” Adult Clothing

    Until recently, federal law required many adult clothing manufacturers and importers to issue certificates of compliance with applicable flammability standards, even though certain fabrics had already been determined to meet such standards.

    Effective March 25, 2016, however, the Consumer Product Safety Commission (“CPSC”) gave the industry a reprieve – a new policy eliminating the need for certificates of compliance for adult clothing made from certain fabrics. The relevant fabrics include plain surface fabrics weighing at least 2.6 ounces per square yard and all fabrics that are made from acrylic, modacrylic, nylon, olefin, polyester or wool. The policy is expected to save manufacturers roughly $250 million yearly in certificate preparation costs. Click here for more information.

    Department of Labor Will Investigate Compliance with Distribution Rules for Defined Benefit Plans

    Employers in the retail industry often experience significant employee turnover, and it can be difficult to keep track of former employees once they have moved on.  Thus, retailers should be aware that the Department of Labor (“DOL”) has recently implemented an initiative to investigate the manner in which large employers comply with the required minimum distribution rules for defined benefit plans.

    The initiative is focused on the extent to which large employers have processes in place to (i) locate missing plan participants, (ii) inform deferred vested participants that a benefit is payable, and (iii) commence benefit payments in a timely fashion.  The minimum distribution rules generally require qualified plans to begin distributions no later than the April 1 following the calendar year in which a former employee reaches age 70½.  Since retail employers tend to face a particularly tough task in keeping track of former employees, those with defined benefit plans will want to make sure they have robust procedures in place to locate missing participants before the DOL comes knocking.  Click here to read more.

    California Prop. 65 Warning Requirement for BPA to Take Effect

    April 14, 2016


    The California Proposition 65 warning requirement for Bisphenol-A (“BPA”) takes effect on May 11, 2016, and retailers, manufacturers, and distributors should act now to reduce potential liability.

    BPA is used in a wide variety of plastic consumer products, including the epoxy lining in food and beverage cans and bottle lids, some reusable food and drink containers, CDs and DVDs, and electronics and sports equipment made from polycarbonate plastics.  California has not yet adopted a safe harbor level for exposure to BPA below which no warning is required, but recently proposed a safe harbor level of 3 micrograms per day for dermal BPA exposure from solid materials.  The safe harbor level will not be adopted prior to May 11, however, when the warning requirement takes effect.

    In the meantime, California’s Office of Environmental Health Hazards Assessment (OEHHA) has proposed an emergency regulation to allow temporary use of a standard point-of-sale warning message for BPA exposures from canned and bottled foods and beverages only. All other products that contain BPA may subject the sellers to liability if they are sold in California on or after May 11 without a warning.

    Click here for more information.

    Putative Class Action Lawsuit Filed against J. Brand Jeans over “Made in California, USA” Label

    Plaintiffs in California continue to focus on labels. Recently, a putative class action lawsuit was filed against J Brand, Inc., the maker of designer J Brand jeans and other clothing. The complaint alleges that the label for J Brand jeans states they are “Made in California, USA,” but that more than 5% of the jeans consist of imported material. Specifically, the complaint alleges that the imported material used includes fabric, thread, buttons, subcomponents of the zipper assembly, and rivets.

    The plaintiff’s claim against J Brand, Inc. is based on an alleged violation of California Business and Professions Code section 17533.7, which provides that it is unlawful to use “Made in U.S.A.,” or similar words if the product has been “entirely or substantially made, manufactured, or produced outside of the United States.”

    There are two exceptions to the statute. First, a company may still use the “Made in U.S.A.” label if imported materials constitute 5% or less of the final wholesale value of the manufactured product. Second, a company may still use the “Made in U.S.A.” label if the manufacturer cannot produce or obtain the imported materials from a domestic source, and the imported materials constitute 10% or less of the final wholesale value of the manufactured product.

    National retailers should be aware that the California standard for a “Made in U.S.A.” label differs slightly from the Federal Trade Commission (“FTC”) standard. The FTC requires that “all or virtually all” of a product with a “Made in U.S.A.” label be made

    Credit Card Data Breaches: Protecting Your Company from the Hidden Surprises

    Debit and credit cards are now the primary form of retail payment. Many retailers may not realize, however, that by accepting credit cards, they expose themselves to the risk of a data security breach and significant potential costs and legal liabilities.

    Retailers should consider the major sources of direct costs following a data breach. These costs always include the retaining of a PCI (payment card industry) certified forensic investigator as required by the PCI Council. Costs also typically include the retaining of a privileged forensic investigator (often by the retailer’s law firm or general counsel); the hiring of outside counsel; public relations and crisis management; and consumer notification including printing and mailing costs and protection services offered to consumers.

    In addition to the direct costs following a data breach, retailers often face three forms of liability from third parties: payment card brand fees; regulatory costs arising from investigations from the FTC, SEC and State Attorneys General, for example; and class action exposure. Contrary to what many retailers believe, retailers are typically not shielded from liability by their card processor or device manufacturers in the event of a payment card data breach. The “fine print” in the contracts for these products or services usually includes a number of provisions that place the liability on the retailer.

    Finally, retailers may want to evaluate whether a cyber-insurance policy is needed, and if the policy they are considering provides appropriate coverage, retention and limits in light of the costs detailed above.

    Click here  to

    The attorneys of Bryan Cave Leighton Paisner make this site available to you only for the educational purposes of imparting general information and a general understanding of the law. This site does not offer specific legal advice. Your use of this site does not create an attorney-client relationship between you and Bryan Cave LLP or any of its attorneys. Do not use this site as a substitute for specific legal advice from a licensed attorney. Much of the information on this site is based upon preliminary discussions in the absence of definitive advice or policy statements and therefore may change as soon as more definitive advice is available. Please review our full disclaimer.