Smashbox Trap and Trace Class Action

Trap and Trace Class Action Against Smashbox Cosmetics

Smashbox Trap and Trace Class Action

Tauler Smith LLP recently filed a trap and trace class action against Smashbox Cosmetics, and now the legal action is getting significant press coverage. A recent article on the Smashbox lawsuit details how the makeup company has been accused of using TikTok’s “trap and trace” software to unlawfully collect and store the confidential information of website visitors. According to the Los Angeles consumer protection lawyers who filed the lawsuit, Smashbox failed to obtain consent from consumers before acquiring their data via a process known as “fingerprinting.” Now, Smashbox has been sued in a California superior court.

Are you a California resident who visited the Smashbox website? To learn whether you might qualify to join the class action suit as a plaintiff, contact us today.

Smashbox Beauty Cosmetics Accused of Using Illegal Fingerprinting Software

Smashbox Beauty Cosmetics is a cosmetics company that sells primers, foundations, lipsticks, and other types of makeup to consumers both online and in retail stores. The class action lawsuit, which was recently filed in Los Angeles County Superior Court, alleges that Smashbox runs “advanced matching” on its website to scan the site “for recognizable form fields containing phone numbers, email addresses, and other identifying information about customers.”

More specifically, the makeup company is accused of using fingerprinting software to match data from otherwise-anonymous website visitors to existing data that has already been stored by social media platform TikTok. The TikTok app then gathers device and browser information, geographic information, referral tracking, and URL tracking. According to the lawsuit, this is done without users’ consent.

Selling Consumer Data to TikTok?

Smashbox allegedly uses the fingerprinting data that it acquires for marketing purposes: so that the company will know as much as possible about website users who can then be targeted with advertisements. Moreover, it is believed by the plaintiffs that Smashbox may be selling this consumer information to third parties like TikTok for similar purposes. Depending on the type of information provided on website forms, this could include things like age, gender, race, and even more intimate details about users.

Lead plaintiffs’ attorney Robert Tauler criticized Smashbox for allegedly sharing sensitive information about consumers who visit the company’s website. According to Tauler, there are no safeguards in place to protect the information that Smashbox allegedly shares with social media companies: “TikTok keeps this data for reasons that our leaders believe pose a threat to ordinary citizens.” The dangers of giving Chinese-owned TikTok access to confidential information about Americans have been highlighted in recent months by the National Security Agency (NSA), which has called the social media company “a platform for surveillance”.

CIPA Consumer Privacy Complaint Filed Against Smashbox

A class action complaint has been filed against Smashbox for alleged violations of the California Trap and Trace Law. That law is contained in California Penal Code § 638.51, which is part of the California Invasion of Privacy Act (CIPA).

Los Angeles consumer fraud attorney Robert Tauler, who brought the digital privacy class action on behalf of the plaintiffs, believes that this legal action will send an important message to companies like Smashbox that may collect consumer data without permission. Tauler said that “Smashbox should consider the negative impact their secret and immoral data collection practices are having on society instead of just trying to acquire young customers at any cost.”

Join the Trap & Trace Class Action Lawsuit Against Smashbox

The California Invasion of Privacy Act (CIPA) gives consumer privacy victims the right to sue for financial compensation. In fact, CIPA complaints alleging trap & trace violations allow for multiple forms of damages to be awarded to successful plaintiffs.

The lawsuit against Smashbox Beauty Cosmetics requests different types of financial compensation for qualifying plaintiffs:

  • Statutory damages pursuant to the California Invasion of Privacy Act (CIPA).
  • Punitive damages to ensure that Smashbox refrains from using trap and trace software in the future.
  • Attorney’s fees and other costs.

Additionally, the consumer privacy class action lawsuit against Smashbox seeks a court order enjoining the company from acquiring and sharing consumer data, as well as an order requiring the company to disgorge all data acquired through the TikTok software.

Did You Visit the Smashbox Website? Contact a California Consumer Protection Attorney Today

If you visited the Smashbox Beauty Cosmetics website and/or filled out any forms on the site, your confidential information may have been unlawfully collected. The Los Angeles consumer protection lawyers at Tauler Smith LLP are currently representing plaintiffs in a class action lawsuit against Smashbox. Call 310-590-3927 or send an email for more information.

Pen Registers

What Are Pen Registers?

Pen Registers

A number of recent lawsuits have been filed based on something known as “the pen register theory.” But what are pen registers? One of the surveillance tools commonly used by law enforcement to spy on suspects is the pen register, which allows police to capture phone numbers that were dialed on outgoing calls. Increasingly, these devices are being used by businesses to reveal the content of communications on websites, which poses a very real privacy concern for consumers. Worse yet, many companies with websites are now collaborating with TikTok to identify people who may wish to remain anonymous – exposing confidential information about consumers to third parties without authorization. The good news is that California law protects consumers against invasion of privacy by companies utilizing pen registers and other tracking devices.

To learn more about pen registers and how you can stop companies from using them to unlawfully collect your data, keep reading.

What Is the Definition of a Pen Register?

Both federal and California statutes have defined pen registers in the context of surveillance, especially as it relates to surveillance by law enforcement or other government actors. Recently, the term has been defined in other contexts, including when the devices are used by companies that operate websites targeting consumers.

Generally speaking, a pen register is a device that records any phone numbers that have been dialed from a particular telephone line. In legal cases involving allegations of privacy violations by companies using pen registers, courts have defined a pen register broadly so that it includes programs and software that monitors internet communications.

Differences Between Pen Registers and Trap & Trace Devices

Pen registers differ from trap and trace devices in a significant way: pen registers show the phone numbers that have been dialed by a particular phone, while trap and trace devices show the phone numbers that have called a particular phone. Another way to think of the difference is that pen registers capture data from outgoing communications, and trap and trace devices capture data from incoming communications that identify the originating phone number or geolocation.

Whether the privacy violation involves a pen register or a trap and trace device, the basis for a lawsuit typically remains the same: if a website owner fails to obtain affirmative consent from a site visitor prior to the use of tracking software, it may be a serious violation of California’s consumer fraud and consumer privacy laws such as the California Invasion of Privacy Act (CIPA) and the California Consumer Privacy Act (CCPA).

Invasion of Privacy Concerns Raised by Use of Pen Registers and Trap & Trace Devices

The use of pen registers to monitor customers raises concerns about invasion of privacy. Similarly, data sharing via tracking and tracing software can impose significant dangers on web users. For example, one of the major fears with automatic tracking software is that user activity will be tracked across every page on the website, regardless of how private the information might be. This means that highly personal information could be compromised, particularly if a website user is filling out forms on the site.

Pen Register Lawsuits & Trap and Trace Lawsuits in California

The California Invasion of Privacy Act (CIPA) can serve as the basis for a consumer protection lawsuit, particularly when the plaintiff is alleging a digital privacy violation. For a while, the main CIPA claim filed in California courtrooms involved wiretapping lawsuits against companies that violated the privacy rights of website visitors. That’s because this type of unauthorized data collection violated Section 631(a) of the CIPA, which explicitly prohibits third parties from illegal wiretapping or eavesdropping on communications. Recently, however, a lot of CIPA class action lawsuits are being based on either the pen register theory or the trap and trace theory.

When website owners gather data from site visitors without first getting consent, it may constitute a violation of California’s strict privacy laws – specifically Section 638.51 of the California Invasion of Privacy Act (CIPA). This has led to a new wave of CIPA litigation in California courtrooms that involves both pen register claims and trap and trace claims. Many companies that do business in California are now facing class action lawsuits because of the way they use certain analytic tools on their websites. The statutory penalties for violations of the CIPA have proven costly for companies that don’t follow the law – and they have given potential plaintiffs ample reason to talk to a consumer protection attorney about their legal options.

Contact the Los Angeles Consumer Protection Attorneys at Tauler Smith LLP

Too many companies in California and elsewhere in the United States are invading the privacy of customers who visit their websites, which in many instances involves data breaches and even the unauthorized sharing of personal data. The California consumer protection lawyers at Tauler Smith LLP represent plaintiffs in class actions and individual lawsuits. We have experience with trap & trace lawsuits and pen register lawsuits. Call us or email us to schedule a free consultation. Article on Smashbox Lawsuit Article on Smashbox Class Action Lawsuit Article on Smashbox Lawsuit

California’s strong digital privacy laws, like the California Invasion of Privacy Act (CIPA) and the California Consumer Privacy Act (CCPA), have become a popular basis for civil suits filed in state courtrooms. A recent article on the Smashbox class action lawsuit details how the cosmetics company allegedly used trap and trace devices to collect and store confidential information from website visitors. According to attorneys for the plaintiff, the data was acquired automatically as soon as individuals landed on the website: they never even had an opportunity to provide consent.

You can read the article on the Smashbox lawsuit here.

Smashbox Beauty Cosmetics Accused of Using Trap and Trace Devices on Website

The article on the recent trap & trace class action provides important details about the allegations against Smashbox:

“I personally think it is a shame that Smashbox would share intimate details of a young person’s life, including their skin color, with TikTok. TikTok keeps this data for reasons that our leaders believe pose a threat to ordinary citizens,” said the plaintiff’s attorney, Robert Tauler of Tauler Smith. “Smashbox should consider the negative impact their secret and immoral data collection practices are having on society instead of just trying to acquire young customers at any cost.”

Smashbox Beauty Cosmetics is accused of using TikTok’s “trap and trace” software to collect and store website visitors’ private identifying information, allegedly using “fingerprinting” software to collect and store user data without their consent.

“The TikTok Software installed and activated by Defendant captures data and sends it to TikTok’s servers so that TikTok can reconstruct the user’s identity. As part of this arrangement, Defendant has the ability to use some of the data to run an advertising campaign on TikTok to market its business on social media. The objective for TikTok is to gather as much information about Americans as they can, by any means necessary,” the legal complaint alleges. “In this regard, TikTok has recently been identified as ‘a platform for surveillance’ by the director of the National Security Agency.”

Lawsuit: Smashbox Tracking Customer Data Automatically Without Consent

Companies like Smashbox are allegedly coding the software used on their websites to track a user’s identity and personal information, including things like geolocation data, search terms, and payment methods. Customer activity on the websites is being tracked automatically: as soon as a person visits the site, their actions are monitored regardless of whether they actually consented to the monitoring. Moreover, the confidential customer information acquired by Smashbox and other companies on their websites may later be sold to third parties for the purpose of targeted advertisements.

Call the California Consumer Protection Lawyers at Tauler Smith LLP

Tauler Smith LLP routinely represents plaintiffs in cases involving consumer fraud and invasion of privacy, including allegations against companies that have violated the California Trap and Trace Law. To find out if you are eligible to join the class action against Smashbox Beauty Cosmetics, call or email us today.

Pen Registers vs. Trap and Trace Devices

Pen Registers vs. Trap and Trace Devices

Pen Registers vs. Trap and Trace Devices

Invasion of privacy has become a major concern for consumers who frequent websites and make purchases online. That’s because many companies are now using pen registers and trap devices, which may include website cookies, web beacons, script, software code, and other types of software to track user data. While both federal and California law provide strong protections for consumers in these situations, pen registers vs. trap and trace devices is still a distinction that needs to be understood before speaking to a consumer fraud lawyer. What exactly is the difference between a pen register and a trap & trace device? And what legal recourse do you have when a company uses one of these tracking tools to monitor your online activity?

To learn more about the differences between pen registers and trap & trace devices, keep reading this blog.

What Is a Pen Register?

Long before the invention of the internet, pen registers were being used by law enforcement as a crime-fighting tool. A pen register is a physical device that gives government actors the ability to track outgoing phone numbers that have been dialed from a telephone line. If the police suspect illegal activity, they may obtain a court order that allows them to secretly install a pen register on the phone line.

Importantly, courts have ruled that the laws regulating the use of pen registers also extend to online communications. The California Invasion of Privacy Act (CIPA) defines a pen register as “a device or process that records or decodes dialing, routing, addressing or signaling information transmitted by an instrument or facility from which a wire or electronic communication is transmitted.” The types of information commonly collected by pen registers includes phone numbers, email addresses, and internet data such as IP addresses. A pen register does not identify the contents of a communication, which is its main difference from a trap and trace device.

Pen Register Lawsuits in California

Law enforcement has historically used pen traps to record both outgoing and incoming telephone numbers after obtaining a phone-tapping warrant. After the passage of the Patriot Act in 2001, police were able to use the same warrants to monitor Internet communications. Eventually, California lawmakers responded to the increasingly broad government monitoring of American citizens by updating the definition of consumer communications in the California Invasion of Privacy Act (CIPA). This has now prompted many consumers to bring pen register lawsuits against companies that use software to identify website visitors and acquire their personal data.

When a company’s website utilizes certain tools to track interactions and communications with site visitors, it may be a violation of the CIPA. This is especially likely when a website visitor has a reasonable expectation of privacy. As a result, California courtrooms have seen a surge in class action lawsuits filed under a relatively new legal theory: pen register claims and trap and trace claims, both based on the CIPA.

Penalties for Pen Register Violations

When a company uses website session replay software or chatbot features without the consent of site visitors, it may be considered a violation of both federal and California digital privacy laws.

Federal Pen Register Law

Federal law originally addressed pen registers in the Electronic Communications Privacy Act. The statute was later addressed by the USA PATRIOT Act, which was passed in 2001 in response to the September 11 attacks.

California Pen Register Law

California law addresses pen registers in the California Invasion of Privacy Act (CIPA), which imposes statutory penalties of $2,500 for each pen register violation.

Wiretapping Claims vs. Pen Register Claims

California’s consumer privacy laws prohibit companies from recording, transcribing, or otherwise surveilling communications without permission. This is unlawful whether the surveillance involves phones or websites. In the context of websites, wiretapping may involve secretly recording chats that were supposed to remain confidential, or it may involve data acquisition from forms that were filled out by site visitors. The California Invasion of Privacy (CIPA) gives consumers the right to file civil suits when their online conversations have been illegally wiretapped.

Although CIPA wiretapping claims and CIPA pen register claims are similar, there are a few key differences. For instance, a plaintiff bringing a wiretapping claim must show that there was no consent for the monitoring and that their communications were actually captured by the website. By contrast, a plaintiff bringing a pen register claim merely needs to show that the pen register was utilized without either consent or a court order.

What Is the Difference Between Pen Registers and Trap & Trace Devices?

One of the reasons that legal statutes often refer to both pen registers and trap and trace devices in the same sections is that many internet monitoring programs can be utilized to record both incoming and outgoing calls.

Whether the customer information is acquired via pen registers or trap and trace devices, the end result is a serious invasion of customer privacy. The businesses that violate the California Trap and Trace Law are often seeking to acquire as much information as possible about website visitors so that the data can then be monetized and sold to third parties. That’s why these companies will go to such great lengths to obtain, collect, and organize large pools of data from website visitors without their knowledge or consent.

Talk to a California Consumer Protection Lawyer Today

Tauler Smith LLP is a Los Angeles law firm that represents consumers in both individual lawsuits and class actions across California. Our knowledgeable consumer protection lawyers know how to win pen register lawsuits and trap & trace lawsuits because we have experience with invasion of privacy cases. We will hold website operators accountable for using unauthorized tracking devices on their websites.

Call 310-590-3927 or send an email for a free consultation.

United HealthCare Trap and Trace Class Action

Trap and Trace Class Action Against United HealthCare

United HealthCare Trap and Trace Class Action

Los Angeles law firm Tauler Smith LLP recently filed a trap and trace class action against United HealthCare. The national health insurance provider has been accused of unlawfully collecting data from website visitors and then sharing the information with controversial social media company TikTok. These actions would constitute clear violations of the California Invasion of Privacy Act (CIPA), which prohibits companies from using website tracking software to gather personal information about customers. The plaintiffs in the digital privacy class action are pursuing substantial monetary damages for the alleged privacy breaches.

For more information about the lawsuit against United HealthCare, keep reading this blog. And to learn whether you might be eligible to join the class action, contact us directly.

What Is a Trap and Trace Device?

California Penal Code § 638.50(c), which is part of the California Invasion of Privacy Act (CIPA), places considerable restrictions on companies that use trap and trace devices. The statute defines a trap and trace device as “a device or process that captures the incoming electronic or other impulses that identify the originating number or other dialing, routing, addressing, or signaling information reasonably likely to identify the source of a wire or electronic communication, but not the contents of a communication.” A person, company, or other entity that wishes to use a trap and trace device must first obtain a court order.

The CIPA, codified as Cal. Penal Code 630, often serves as the basis for lawsuits against companies accused of illegally wiretapping or eavesdropping on customer conversations. The statute was enacted for the purpose of curbing the invasion of privacy that often results from the use of certain technologies that pose a threat to the free exercise of personal liberties. The CIPA extends civil liability for surveillance that uses technology generally, and the Trap and Trace Law specifically imposes civil liability and statutory penalties against companies that unlawfully install pen registers or trap and trace software without first obtaining a court order.

Consumer Protection Class Action Filed Against United HealthCare

The recent consumer protection class action lawsuit involving the trap and trace law was filed in the Los Angeles County Superior Court. The defendant in the case is United HealthCare Services, Inc., a private insurance company that provides health insurance plans to consumers. According to the lawsuit, United HealthCare installed a data collection process on its website,, for the purpose of tracking and tracing the identity and source of visitors to the site. That data was then allegedly shared with TikTok, the popular but scandal-ridden social media company.


The software that United HealthCare installed on its website was created by TikTok for the purpose of identifying site visitors. The TikTok software on the United HealthCare website runs code via a process known as “fingerprinting” that enables the company to collect as much data as it can about anonymous site visitors, including device and browser information, geographic information, and URL tracking. This information is then matched with existing data that TikTok has previously acquired from hundreds of millions of Americans who use the social media platform.

Similar allegations of unlawful data collection in collaboration with TikTok have been made in other trap & trace class action lawsuits recently filed in California courts.

“Advanced Matching”

United HealthCare has also been accused of using trap and trace devices to collect website visitor information via a process known as “Advanced Matching.” This is a feature that allows TikTok to scan the website for recognizable form fields containing confidential customer information, such as email addresses, phone numbers, and routing information.

Class Action Lawsuit: United HealthCare Surveilled Website Visitors Without Consent

Visitors to the United HealthCare website have a reasonable belief that their web activity will be secure because the website intake page informs users that the information they share is “secure.” But the California class action lawsuit against the health care provider alleges that this is false: customers’ personal information and activity on the site is scanned and sent to TikTok so that its source can be identified through fingerprinting and deanonymization. The lawsuit accuses United HealthCare of sharing consumer data with TikTok without obtaining express or implied consent.

TikTok’s “Best Practices” Policy

Alarmingly, TikTok allegedly has a “best practices” policy encouraging companies like United HealthCare to capture this customer data “as early as possible” and “as frequently as possible.”  The class action lawsuit filed in the L.A. County Superior Court accuses United HealthCare of following TikTok’s best practices to gather customer information as soon as a user visits the website: code on the site automatically sends information to TikTok to match the user with TikTok’s fingerprint.

By definition, there is no way for a site visitor to consent to the tracking of their activity because the TikTok software is deployed automatically when a user lands on the United HealthCare website. Site visitors have no way of knowing about the trap and trace devices, and United HealthCare does not even attempt to obtain visitors’ consent.

United HealthCare Accused of Illegally Sharing Customer Data with TikTok

Digital privacy is a growing concern for many Americans, particularly as more and more companies commit consumer fraud. One of the most troubling allegations against United HealthCare in the recent trap and trace lawsuit is that the company may be illegally sharing information about website visitors with TikTok. TikTok is owned by the Chinese government, and there are serious concerns that the social media company may be sharing user data with an adversarial foreign country. In fact, the U.S. Congress recently passed legislation that would require TikTok to be sold to a different entity or face a permanent ban in the United States. Additionally, the director of the National Security Agency (NSA) has identified TikTok as “a platform for surveillance” that poses a possible cybersecurity risk to the country.

The class action lawsuit against United HealthCare highlights a major problem with data collection on the United HealthCare website: user data is allegedly being shared with third parties who have the ability to harm California citizens through data aggregation. Moreover, the fact that this is a healthcare provider means that vulnerable American citizens could be targeted based upon their specific medical issues and uninsured status.

Plaintiffs Seek Monetary Damages for Violations of California’s Trap & Trace Law

The class action lawsuit against United HealthCare accuses the healthcare provider of violating California’s Trap and Trace Law. If United HealthCare is found liable in the civil suit, plaintiffs who visited the company’s website may be eligible for substantial monetary damages. That’s because the California Invasion of Privacy Act (CIPA) imposes both statutory damages meant to compensate victims and punitive damages meant to discourage future violators. The law also allows for successful plaintiffs to recover reasonable attorney’s fees and costs.

Did You Visit the United HealthCare Website? Contact the Los Angeles Consumer Protection Lawyers at Tauler Smith LLP

Did you visit the United HealthCare website and fill out any forms or provide any personal information? If so, you may be eligible to pursue monetary damages for an invasion of privacy violation. That’s because United HealthCare has been accused of using trap & trace technology to unlawfully collect the confidential information of website visitors and then share the data with third parties.

The California consumer protection lawyers at Tauler Smith LLP are representing plaintiffs in a class action lawsuit against United HealthCare. For more information, call 310-590-3927 or email us.

California Trap and Trace Law

California’s Trap and Trace Law

California Trap and Trace Law

California’s trap and trace law protects consumers against the unauthorized tracking of their activity online. For law enforcement, securing a court order to intercept communications is difficult because there are strict limitations on this type of activity. Yet, for companies with websites, it has become far too easy to acquire customer data in the same invasive manner without any authorization or consent. Moreover, once a company has acquired certain information about a user, the company might try to use that information to deliver targeted advertising. In some cases, the customer data might even be sold to a third party. A qualified consumer fraud lawyer can help individuals better understand the nature of the protections provided by California’s consumer privacy laws.

The installation of tracking and tracing software on a website may be a violation of the California Trap and Trace Law. To learn more, keep reading.

What Is a Trap & Trace Device?

The California Invasion of Privacy Act (CIPA) defines a trap and trace device as “a device or process that captures the incoming electronic or other impulses that identify the originating number or other dialing, routing, addressing or signaling information reasonably likely to identify the source of a wire or electronic communication.”

Trap and trace devices differ from wiretaps because they do not capture the content of communications in real time. Instead, a trap and trace device enables the collection of very particular information from a website visitor: the dialing, routing, addressing, or signaling information (also known as DRAS).

How Do Companies Use Trap and Trace Technology to Collect Consumer Data?

Website tracking software may permit companies to gather identifying information about website visitors, such as their phone number and email address. Tracking devices can also be used to gather other personal information about website users, including device and browser information, geographic information, referral tracking, and URL tracking.

How can trap and trace technology be used to identify the source of an electronic communication? One way that a trap and trace device might work is to capture incoming electronic impulses that identify the dialing, routing, addressing, and signaling information generated by website visitors. For example, as detailed in a recent digital privacy class action complaint against United HealthCare, website users might be asked to provide personal information like their gender, birthday, zip code, and tobacco use history. This data could then be scanned and sent to a third party like TikTok for deanonymization. Significantly, website visitors are never informed that the company is sharing confidential user information with the third party.

Tracking Software Is Deployed Automatically and Without Consent

When a company utilizes technology to track the interactions of website visitors, the company must first obtain a court order to do so. In many cases, however, companies do not get a court order to use trap and trace technology on their websites. In fact, the tracking & tracing software is often installed on certain companies’ websites and then deployed automatically: the software may start gathering personal information about users the moment they land on the site. This means that a user’s web activity is tracked before the user even has an opportunity to consent by “accepting cookies” or “managing preferences” on the website.

There are significant privacy concerns raised by the use of trap and trace technology on websites. The truth is that the personal information revealed by internet communications can be far more revealing than the same type of information captured by phone dialing information. That’s because when a trap and trace device captures a person’s internet addressing data, it may also reveal other important aspects of their communications, including geolocation data, purchase history, and other personal information. Moreover, a record of which website URLs a person visited on a website could be used to precisely identify the content of communications on the site.

Companies Accused of Selling Confidential Customer Data to TikTok and Other Third Parties

Companies as diverse as United HealthCare, WebMD, and Smashbox have been sued in recent months for alleged violations of California’s Trap and Trace Law. Many of the companies that utilize and deploy computer software on their websites attempt to make money by selling ads, and this is easier to accomplish when they are able to identify users who can then be commoditized and sold to the highest bidder.

Multiple trap & trace class action lawsuits have been filed against businesses accused of working with social media company TikTok to “fingerprint” website visitors so that their personal information can be collected and shared. For example, one type of trap & trace software allegedly utilized by TikTok allows companies to collect extensive data about anonymous website visitors and then match it with existing data that the social media platform has already acquired and accumulated about hundreds of millions of Americans. The technology can reportedly reconstruct a user’s identity, which then gives companies the ability to use the data to run advertising campaigns targeting the user.

CIPA Section 638.51: California Trap & Trace Law

As more and more websites have begun using technology to track site visitors, the number of lawsuits challenging this kind of technology has risen. Some California class action plaintiffs have started to file consumer protection lawsuits based on the trap and trace device theory, with dozens of lawsuits being filed in California state and federal courts over the last year. That’s because § 638.51 of the California Invasion of Privacy Act (CIPA) limits the ways in which companies can gather information about website users.

The statute that addresses trap and trace devices is broadly worded so that it applies to any device meant to locate a person, including websites. This means that a lot of individuals may qualify to join a class action lawsuit against companies that use these types of devices to acquire personal information about website visitors.

Class Action Lawsuits

Sections 631(a) and 632.7 of the California Invasion of Privacy Act (CIPA) specifically prohibit companies from wiretapping or eavesdropping on conversations with customers, and courts have extended these protections to consumers who visit websites. With respect to trap and trace class actions brought under the CIPA, federal courts have held that the law also applies to Internet communications. As a result, a number of lawsuits are now being filed under Section 638.51 of the consumer privacy statute.

Statutory Penalties

Each trap and trace violation carries a statutory penalty of $2,500, which serves as a strong deterrent for companies that operate websites targeting consumers in California.

Pen Register Lawsuits in California

Another type of legal claim filed under California Penal Code § 638.51 is a consumer protection lawsuit alleging privacy violations based on the pen register theory. The law explicitly prohibits anyone from using a pen register without first getting a court order.

A pen register is a physical machine commonly used by law enforcement to trace signals from someone’s phone or computer. In the context of a website, pen registers can be utilized to identify a website user’s location, browsing history, and purchase history. Pen registers track the phone numbers dialed from a particular phone line; by contrast, trap & trace devices track the numbers of incoming calls to a phone line. Importantly, trap and trace devices can also be utilized to identify the content of online communications, such as website forms that are completed by site visitors.

Call the Los Angeles Consumer Protection Lawyers at Tauler Smith LLP

Did a website track your personal information without consent? If so, you may be eligible to file a trap & trace lawsuit to recover statutory damages. The Los Angeles consumer protection lawyers at Tauler Smith LLP have experience handling consumer class action complaints filed in both federal and state courtrooms. Call 310-590-3927 or email us now for a free consultation.

Walgreens Consumer Class Action Lawsuit

Consumer Class Action Complaint Against Walgreens

Walgreens Consumer Class Action Lawsuit

Tauler Smith LLP recently filed a consumer class action complaint against Walgreens because the retail behemoth is allegedly selling Phenazopyridine Hydrochloride (Phenazo), an unapproved over-the-counter UTI drug, to unsuspecting customers in violation of California’s consumer protection laws. The class action suit, which was filed in federal court in California, alleges that Walgreens uses misleading advertising to deceptively sell Phenazo to treat urinary tract infections even though the drug is unsafe, ineffective, and unlawful to market to consumers.

For more information about the Walgreens UTI drug lawsuit, keep reading this blog.

What Is the FDA Approval Process for Over-the-Counter Drugs?

The U.S. Food and Drug Administration (FDA) regulates the safety and effectiveness of prescription and nonprescription drugs sold in the United States. Before over-the-counter drugs like Phenazo can be sold to consumers, they must be approved by the FDA. This can happen in one of two ways:

  1. The drug goes through the standard FDA approval process, which involves submitting a New Drug Application (NDA).
  2. The drug receives a drug monograph.

A drug monograph is a process that drug manufacturers can utilize to get their products approved for specific therapeutic uses in a particular category. In other words, a drug monograph is a way around the requirement for FDA approval as a finished drug.

New Drug Applications

Under authority granted by the Federal Food, Drug, and Cosmetic Act (FDCA), the FDA typically requires drug manufacturers to submit a New Drug Application (NDA) or an Abbreviated New Drug Application (ANDA) and provide clinical trial data to demonstrate the safety of a new drug before they can market it as a finished drug product.

When the FDA requested data on the safety and efficacy of all OTC urinary antiseptics/analgesics not yet reviewed by the FDA, the request included Phenazopyridine Hydrochloride (Phenazo). In this notice, the FDA stated that Phenazo had not been the subject of an approved NDA, meaning that the UTI drug’s safety was not demonstrated to the satisfaction of the federal regulatory agency.

OTC Drug Monographs

An OTC drug monograph allows drug manufacturers to lawfully market certain over-the-counter drugs based on the safety of a drug’s active ingredients. The monograph process involves a “rule book” that defines specific conditions under which an OTC drug may be considered safe and effective in a given therapeutic category. Under this approach, a manufacturer does not need FDA approval to bring the nonprescription drug to market because only certain ingredients are being marketed as safe for a particular use within a particular therapeutic drug category.

What Is Phenazopyridine?

Phenazopyridine Hydrochloride (Phenazo) is an over-the-counter drug used to treat symptoms of urinary tract infection (UTI), including urinary pain, burning, and discomfort. UTI is a medical condition that disproportionately impacts women, particularly women in underserved communities.

Millions of Americans trust pharmacies to sell them safe, effective, and lawful remedies for their illnesses, including urinary tract infections. For these consumers, pharmacies are the primary point of purchase for over-the-counter drugs, as well as the primary source of information for over-the-counter medications. Reliance on OTC medications is heightened in underprivileged communities where residents are more vulnerable to illness and health concerns due to lack of access to medical care.

Phenazo is marketed and advertised as a drug for urinary tract infections – but the UTI drug has not been approved by the FDA, which means that stores like Walgreens should not be selling it as an over-the-counter treatment.

Walgreens Sued for False Advertising of UTI Drug Phenazo

Argueta v. Walgreens Co. is a high-profile consumer class action lawsuit against the Walgreens Company, which operates the second-largest pharmacy store chain in the United States. The lawsuit, which was filed in the U.S. District Court for the Eastern District of California, accuses the pharmacy of unlawfully selling Phenazopyridine Hydrochloride (Phenazo) over the counter and marketing the misbranded drug as a finished drug product called “Urinary Pain Relief.”

The Walgreens class action alleges that Phenazo has never been approved by the FDA under the NDA/ANDA process, nor has Phenazo ever been brought to market under an established OTC drug monograph. In other words, the drug is allegedly being marketed and sold by Walgreens in violation of California consumer fraud laws.

Walgreens Accused of Violating California’s Unfair Competition Law (UCL)

Walgreens has been accused of violating California’s Unfair Competition Law (UCL) by selling the unapproved OTC drug Phenazo. The UCL is a far-reaching consumer protection statute that applies to many different kinds of unethical business practices, including hidden shipping insurance surcharges, false reference pricing, and deceptive advertising of over-the-counter drug products. The statute explicitly prohibits any “unlawful, unfair or fraudulent business act or practice,” as well as “unfair, deceptive, untrue or misleading advertising.” The basis for the class action lawsuit against Walgreens is that the pharmacy allegedly sells the Phenazo product in a manner that is likely to deceive the public about whether the drug is approved by the FDA and therefore lawful to sell over the counter.

Importantly, the UCL is a strict liability statute. This means that the plaintiff in a UCL claim does not need to show that the defendant intentionally or negligently engaged in fraudulent business practices; all that is needed is a showing that the unfair practice or act occurred. In other words, anyone who purchased an over-the-counter UTI drug product from Walgreens may be entitled to multiple forms of compensation, including restitution, statutory damages, and punitive damages.

Did You Purchase a UTI Drug at Walgreens? Call the California Consumer Protection Lawyers at Tauler Smith LLP

The California consumer protection lawyers at Tauler Smith LLP have filed a class action lawsuit against Walgreens over the sale of Phenazopyridine as an over-the-counter treatment for urinary tract infections. The proposed class of consumers eligible for the lawsuit includes anyone who purchased the Walgreens UTI product in California during the last four (4) years.

Call 310-590-3927 or email us to schedule a free consultation.

Cannabis Class Action Lawsuit

Tauler Smith LLP Successfully Defends THC Potency Class Action

Cannabis Class Action Lawsuit

A California court granted Tauler Smith LLP’s motion to dismiss without leave to amend in a deceptive pricing class action alleging mislabeling of THC potency. The plaintiffs specifically alleged that the cannabinoid content in the defendant’s infused joints did not match what was on label. Tauler Smith’s skilled Los Angeles class action defense attorneys filed a demurrer to the class action based on the discrepancy between the plaintiffs’ purchases and the potency tests that formed the basis of plaintiffs’ claims.

To learn more about Tauler Smith’s latest legal victory, keep reading this blog.

California Consumer Laws on Cannabis Advertising and THC Content

Recreational marijuana is a multi-billion-dollar business in the states where it is legal, which includes California. In fact, it is estimated that California is the largest cannabis market in the world. Although there are no clear federal regulations of cannabis sales, California agencies do regulate marijuana product sales within the state. For example, the California Department of Cannabis Control allows just a 10% margin of error for THC content listed on product packaging and labels. If the THC potency amount listed on the package is not close enough to the THC potency amount of the actual product, then a court may find that the company selling the products engaged in false advertising.

One reason that cannabis product labels may promise higher potency is that consumers are typically willing to pay more for weed with a stronger concentration of THC, which stands for Delta-9-tetrahydrocannabinol. Marijuana with a higher percentage of THC can deliver a more euphoric “high” for users.

Class Action Lawsuit: Ayala v. Central Coast Agriculture

Central Coast Agriculture is a California-based progressive farm that focuses on sustainability. The company is also a licensed cannabis cultivator, and some of its products are sold under the Raw Garden brand name. According to the original complaint against Central Coast Agriculture, the consumer-plaintiffs purchased two products: a Raw Garden Infused Joints three-pack in the “Sunset Cookies” strain, and Raw Garden Infused Joints in the “Caribbean Slurm” strain. The plaintiffs alleged that the marijuana products were mislabeled because the amount of THC contained in the products was substantially lower than the amount stated on the packaging: 25 percent THC potency versus 44 percent THC potency.

The plaintiffs in Ayala et al. v. Central Coast Agriculture, Inc. filed a class action lawsuit under a number of consumer protection statutes, including the California Consumers Legal Remedies Act (CLRA), the California Unfair Competition Law (UCL), and the California False Advertising Law. The case was heard in the Superior Court of California, County of Santa Clara, and the Honorable Theodore C. Zayner ruled on the litigants’ pre-trial motions.

Tauler Smith LLP Wins Defense Demurrer in Class Action Lawsuit

A demurrer is a legal challenge to a specific claim made in court, much like a motion to dismiss in federal court. When determining whether to grant a demurrer, courts will typically assume that all the facts alleged in the pleading are true, no matter how improbable they might be. If the plaintiff’s case is still unlikely to succeed even under these circumstances, then the motion for demurrer may be granted by the court.

The defendant in Ayala v. Central Coast Agriculture was represented by Los Angeles law firm Tauler Smith LLP. Our class action defense attorneys demurred to all causes of action in the case because the plaintiffs failed to allege sufficient facts. Specifically, the defense attorneys objected because the plaintiffs were unable to sufficiently demonstrate that the marijuana products purchased actually contained less THC than the amount listed on the product labels.

California Class Action Defense Lawyers Win THC Potency Case

The Santa Clara Superior Court sustained defense counsel’s demurrers on every cause of action in the case, which represented another huge pre-trial victory for the Tauler Smith LLP law firm. Moreover, the court held that the legal arguments were so overwhelmingly in favor of the defendant that the plaintiffs should have no leave to amend their complaint. In other words, the plaintiffs’ complaint was dismissed entirely.

In its ruling, the court held that the plaintiffs’ class action complaint relied on several faulty assumptions about the products they purchased, as well as the lab results cited in the lawsuit:

  1. Testing was done too late. The court noted that the THC lab tests were conducted roughly two (2) months after the original purchases, which cast serious doubt on how relevant the tests might be in the case. The court further noted that there was nothing in the plaintiffs’ lawsuit about when the joints tested by the WeedWeek researchers were produced or sold. This meant that the plaintiffs had no way of knowing how long the products were on the shelves before being tested.
  2. Not the same products. The court also said that the plaintiffs failed to show that the joints tested by WeedWeek were the same as the products at issue in the lawsuit. There was no evidence that any lab tests were conducted on the particular “Sunset Cookies” strain of marijuana purchased by one of the plaintiffs. (The plaintiffs suggested that a “Fire Walker” THC product tested by researchers was “substantially similar” to the “Sunset Cookies” strain, but the court rejected this argument.) Beyond that, only a single pre-rolled joint of the “Caribbean Slurm” strain was tested, which was an insufficient analog of the particular product purchased by the other plaintiff. Even the WeedWeek article authors characterized their testing as an “imperfect experiment” with conclusions that do not necessarily apply to any individual brand, company, or product.
  3. No information on product labeling. The court stated that there was zero information about the labelling of the products tested by the lab researchers and cited by the plaintiffs. This meant that the plaintiffs failed to prove that the THC amounts listed on the packages they purchased were the same as the THC amounts listed on the packages of the products being tested.
  4. Failed to account for testing variables. The court noted other problems with the laboratory test results referenced by the plaintiff in their lawsuit, including the failure of the testers to account for significant variables. For example, there was no information about the products’ temperature exposure, the potential for testers’ bias, or the possibility of human error.
  5. No injury or harm suffered by plaintiffs. The court found that since the plaintiffs failed to show that the marijuana products purchased actually contained less THC than was listed on the product labels, they could not establish that they sustained any injury or damage as a result of their purchases.

The Santa Clara Superior Court held that there was no clear connection between the lab testing results and the plaintiffs’ actual purchases. The testing results could not be applied to the Raw Garden marijuana joints purchased by the plaintiffs because the tests were conducted on different products at different times by different entities using different methods for different purposes. This was a clear and decisive victory for both the defendant and the Tauler Smith LLP litigation team. The legal win was even more impressive because the consumer protection statutes relied on by the plaintiffs tend to be interpreted broadly by California courts and often in favor of plaintiffs.

You Need to Hire the Right Lawyer for Your Consumer Class Action Defense

When ruling on the demurrer in Ayala et al. v. Central Coast Agriculture, Inc., the court concluded that the lab tests relied on by the plaintiffs were insufficient to draw an inference that the products at issue were inaccurately labeled. This was in stark contrast to the ruling in another false advertising case.

Two other consumers recently sued a different California marijuana company, DreamFields Brands, Inc. That class action complaint, which was filed in Los Angeles Superior Court, alleged similar facts: that the plaintiffs purchased pre-rolled joints containing a lower percentage of THC than declared on the product packaging. Additionally, the class action lawsuit cited the same independent lab tests performed by WeedWeek. The defendant in that lawsuit was represented by a different law firm, and those lawyers were unsuccessful in getting the case dismissed.

The dissimilar results in these cases should make one thing abundantly clear: hiring the right lawyer to represent you in your class action defense could be the difference between winning and losing.

Contact the California Class Action Defense Lawyers at Tauler Smith LLP

Class action lawsuits filed in California courts are notoriously complicated, particularly when they involve consumer protection claims. That’s why it is imperative that defendants in these cases be represented by the experienced California class action defense lawyers at Tauler Smith LLP. Our litigation team has extensive experience representing defendants in false advertising cases, including both private civil actions and class actions.

Call or email us today for a free initial consultation.

FTC Rule on Automatic Renewals

FTC Rule Proposal on Automatic Renewals

FTC Rule on Automatic Renewals

The Federal Trade Commission (FTC) may soon pass new rules that strengthen federal protections for consumers who purchase products or services that are automatically renewed. The FTC rule proposal on automatic renewals would impose strict requirements on companies that offer automatic renewal subscriptions, or negative options, to consumers. Federal statutes and rules typically refer to automatic renewals as “negative options” because the absence of any affirmative action by the customer is enough to justify the auto-renewal. In other words, silence or inaction by the consumer is construed as acceptance of the auto-renewal contract. The amended FTC rule would make it easier for consumers to cancel their auto-renewal subscriptions, and it would impose civil penalties on companies that violate federal law.

For more information about the proposed amendments to the FTC Rule on Automatic Renewals, keep reading this blog.

What Is the Federal Law on Automatic Renewals?

California consumer protection lawyers are familiar with California’s Automatic Renewal Law (ARL), which regulates businesses that offer auto-renewing subscriptions to consumers in the state. The federal analogue to the ARL is the Negative Option Rule, which has been in effect in every state for 50 years. The Negative Option Rule is enforced through Section 5 of the FTC Act. In this context, automatic renewals are called “negative options” because sellers are allowed to interpret a customer’s silence as implied acceptance of an auto-renewal offer.

There are some major limitations on the Negative Option Rule. For example, the federal law only regulates prenotification plans. This means that the law only applies to companies that attach auto renewals to customer agreements before the sale of products or services.

FTC Proposes Amendment to the Federal Rule on Automatic Renewals

The FTC has proposed amendments to the federal Automatic Renewal Law. The suggested changes to federal law would have a significant effect on many state laws, especially in states that do not already regulate auto-renewal subscriptions. Some of the specific regulations that would be modified or added to federal law under the rule change include:

  • Mandatory upfront disclosures of auto-renewal plans.
  • Penalties for company misrepresentations about auto-renewal plans.
  • Obtaining consumer consent for enrolling in auto-renewal plans.
  • Annual reminders about automatic renewals.
  • Easier cancellation of auto-renewal plans.

Ultimately, the FTC will decide whether to approve or decline the proposed rule changes. The federal agency might also decide to make revisions and then open up the new amendment for public comments.

Auto-Renewal Disclosures

One of the biggest changes being proposed for federal law is to require businesses to disclose any auto-renewal terms in a way that ensures that customers will see the terms. The current federal law stipulates that businesses must place auto-renewal terms in “visual proximity” to a request for consent. By contrast, the new rules would require these disclosures to be “immediately adjacent,” or right next to, any text about customer consent so that the disclosures are easily noticeable or difficult to miss. In other words, companies won’t be able to hide the auto-renewal consent text.

Additionally, the proposed FTC rule calls for companies to disclose particular information before customers can legally consent to an automatic renewal plan:

  • Will payments be recurring?
  • What is the cost of the subscription, including the auto-renewals?
  • When will the subscription first automatically renew, and on what dates or at what intervals thereafter?
  • What is the deadline to cancel the subscription before it automatically renews?
  • What is the process for canceling the subscription?

The amended FTC rules would require companies to provide this information for all types of transactions involving recurring contracts, not just those occurring online. That’s because the rules would apply to offers made on the internet, in print publications and advertisements, during telephone solicitations, and in person at brick-and-mortar retail stores.

Misrepresentations About Auto-Renewal Plans

California consumer fraud lawyers will tell you that the state’s false advertising laws impose severe restrictions on the sales practices of companies that do business in the state. Companies that violate these laws may be subject to both civil liability and criminal penalties for egregious conduct. The proposed FTC rules would go a long way toward catching up with California’s regulations of companies that offer auto-renewal plans by applying federal regulations to misrepresentations about the entire sale agreement. For instance, the federal law would explicitly bar companies from misrepresenting a material fact related to any part of a transaction involving an automatically renewing subscription, even if the misrepresentation has nothing to do with the auto-renewal.

Consumer Consent for Auto-Renewals

The proposed changes to FTC rules would include a requirement that companies obtain affirmative consent from consumers before an auto-renewal contract becomes legally binding. Importantly, the customer’s consent for auto-renewal terms would have to be separate and apart from their consent for the transaction or purchase itself. For example, the business would not be able to hide the auto-renewal agreement or otherwise confuse the customer into thinking that they are only agreeing to the original purchase. As set forth by the recommended FTC rules, the request for affirmative consent from the consumer for the auto-renewal subscription would likely have to be a “check box, signature, or other substantially similar method.”

Additionally, companies will need to maintain a record of the customer-provided consent for a period of at least three (3) years from the date on which the subscription was first approved, or for one (1) year after the subscription has been cancelled.

Annual Reminders About Auto-Renewals

The FTC rule amendment under consideration would require companies to send annual reminders to customers about any auto-renewing subscriptions that involve products or services other than physical goods. The reminder must be sent annually even if it is not a yearly subscription plan. Additionally, these annual reminders would need to be in plain language that clearly identifies the product subscription or service being renewed, the dollar amount of the subscription, the frequency of the renewals, and the process for cancelling the subscription. The reminder would also have to be sent to the consumer in the same manner that they initially provided consent for the auto-renewal plan.

Cancellation of Auto-Renewals

The FTC rule changes would also require businesses to make it easy for customers to immediately cancel their auto-renewal subscriptions. For example, the cancellation option must use simple and easy-to-understand terms. The customer must also be given the ability to cancel through the same method they used to make the initial purchase, meaning that an online purchase could be cancelled on the company’s website.

Another requirement under consideration by the FTC is that companies would not be able to make any additional offers when a customer is attempting to cancel their auto-renewal subscription. These types of offers are known as “save attempts” because they tend to involve the business trying to save the auto-renewal subscription from cancellation. The idea here is that businesses should not be allowed to confuse customers with unclear terms or modifications that might dissuade them from cancelling their subscription.

FTC Rule on Auto-Renewals Regulates Business-to-Business Contracts

The California Automatic Renewal Law (ARL) is considered by many to be the strongest such law in the country, imposing requirements on businesses that go far beyond anything in current federal laws. In at least one way, however, the proposed FTC rule would actually go further than California’s ARL. That’s because the federal law would apply to both consumer transactions and business-to-business transactions.

FTC Enforcement of Federal Auto-Renewal Laws

Amendments to the federal law on automatic renewals would greatly strengthen the ability of the Federal Trade Commission (FTC) to enforce the law and crack down on violators. The FTC proposal would allow the government to seek restitution on behalf of consumers, as well as imposing civil penalties against companies that violate the law.

The federal law does not provide a civil remedy for individual consumers, but they can still seek financial compensation by filing a lawsuit based on state laws like the California Automatic Renewal Law (ARL). The federal law on auto renewals may also make it easier for consumers to file class action lawsuits under state law.

California’s Law on Automatic Renewal Offers

Companies that do business in California must follow stringent requirements when it comes to subscription renewals, including pre-transaction disclosures, affirmative consent, renewal notices, and cancellation policies. The purpose of the California Automatic Renewal Law (ARL) is to end the practice of ongoing charging of consumer credit cards without consumers’ explicit consent.

Some of the specific requirements that the California ARL imposes on companies include the following:

  • Cancellations: Customers must be permitted to cancel their subscriptions online if they initially signed up online. Additionally, the cancellation process must be easy, with no steps that might obstruct or delay the process.
  • Long-term subscriptions: If the subscription is for a period of at least one year before the initial renewal, businesses must send renewal notices to customers to ensure that they are informed. This notice needs to be sent at least 15 days before the subscription is scheduled to be renewed.
  • Free gifts or promotions: If there was a free gift, trial subscription, or promotional discount involved, the company must send a notice of renewal to the customer before the trial period is over.

Call the California Consumer Fraud Attorneys at Tauler Smith LLP

The California consumer fraud attorneys at Tauler Smith LLP represent plaintiffs in civil suits filed in both state and federal courtrooms throughout the country. If you were charged for an automatically renewing subscription that you did not authorize, we can help you pursue restitution and monetary damages. Call 310-590-3927 or email us to discuss your case.

Federal Law on Automatic Renewals

Federal Law on Automatic Renewals

Federal Law on Automatic Renewals

Federal law on automatic renewals has gotten stronger and more far-reaching in recent years. This has come in response to states like California that have started to take the lead when it comes to protecting consumers against deceptive advertising and business fraud. There are several prominent laws at both the California state level and the federal level that govern retail subscription programs and automatic renewal programs, including the FTC Rule on Automatic Renewals. Additionally, both state and federal agencies have begun increasing their enforcement of these laws in recent years. For example, the California Automatic Renewal Task Force (CART) makes sure that businesses comply with California’s Automatic Renewal Law (ARL), while the Consumer Financial Protection Bureau (CFPB) is actively enforcing federal laws regulating negative options and recurring contracts. Before contacting federal or state agencies, consumers who have been billed without consent for an auto-renewal subscription should speak with a qualified consumer protection attorney.

To learn more about the federal law on automatic renewal subscriptions, keep reading this blog.

What Is the Federal Trade Commission Rule on Auto-Renewals?

Companies that do business in California while offering automatic renewal and subscription programs must comply with applicable state and federal laws, including the California Automatic Renewal Law (ARL). In fact, California has served as a model for automatic renewal legislation passed by other states, as well as federal statutes and rules that govern auto-renewals.

Federal law uses slightly different terminology for automatic renewal subscriptions: they are instead referred to as “negative option plans.” Basically, a negative option plan is one that is automatically renewed if the consumer fails to take any kind of affirmative action to cancel or not renew it.

The California false advertising lawyers at Tauler Smith LLP represent plaintiffs in civil litigation both individually and as members of class action lawsuits. We also regularly appear in both state and federal courts, so we are very familiar with the relevant consumer protection laws.

How Is the Federal Automatic Renewal Law Enforced?

The Federal Trade Commission (FTC) enforces federal law on automatic renewals and the Negative Option Rule. Federal guidelines for automatic renewals tend to focus on up-front disclosures from businesses, informed consent from customers, and uncomplicated cancellation procedures.

In addition to the FTC, the Consumer Financial Protection Bureau (CFPB) is also involved in enforcement of federal laws concerning automatic renewal and subscription practices.

Proposed Amendment to FTC Rule on Automatic Renewals

The FTC proposed an amendment to the agency rule on automatic renewals that could have a serious impact on how companies do business in California and other states. When the FTC asked for public input on auto-renewal policies, the response was overwhelming: the federal agency received thousands of comments from consumers who complained that businesses were deceptively renewing subscriptions without consent.

Some pro-business organizations like the U.S. Chamber of Commerce have objected to the FTC’s proposed rules for auto renewal subscription services, which the group says would “impose substantial and burdensome regulations on the business community.” But similar consumer fraud regulations already exist in California: statutes like the Automatic Renewal Law (ARL), the Consumers Legal Remedies Act (CLRA), and the Unfair Competition Law (UCL) all provide strong protections for consumers against companies that do business in the state.

If the FTC rule change is approved and goes into effect, it will certainly affect businesses that offer automatic renewal plans in California and other states. That’s because federal law would allow for the imposition of civil penalties of up to $50,000 for each violation of the law.

Other Federal Laws Regulating Automatic Renewals: ROSCA and TSR

The Federal Trade Commission rule on negative options is the main federal law that governs automatic renewal offers by companies. In addition to the FTC rule, there are a couple of other federal statutes that also apply to automatic renewals:

  • The Restore Online Shoppers’ Confidence Act (ROSCA)
  • The Telemarketing Sales Rule (TSR)

Restore Online Shoppers’ Confidence Act (ROSCA)

Under federal law, there are disclosure requirements for auto-renewal terms when a customer signs up for a subscription online. The Restore Online Shoppers’ Confidence Act (ROSCA) requires companies to clearly and conspicuously disclose “all material terms of the transaction” prior to obtaining the customer’s billing information. ROSCA also imposes on businesses a requirement to obtain express informed consent for an auto-renewal plan before getting customers’ billing information.

Unfortunately for consumers, ROSCA has limited application to auto-renewal plans because it only applies to online purchases.

Telemarketing Sales Rule (TSR)

Another important federal law governing automatic renewals is the Telemarketing Sales Rule (TSR). The TSR requires certain disclosures when a telemarketer offers a product or service that includes an automatic renewal subscription, such as the material terms and conditions of the purchase.

State Laws: What Is the California Law on Automatic Renewals of Subscriptions?

California’s Automatic Renewal Law (ARL) goes even further than federal law by explicitly prohibiting companies from auto-renewing subscriptions without first obtaining affirmative consent from the subscriber. That type of consent can only be given when the customer is aware of what exactly they are agreeing to, so this means companies must “clearly and conspicuously” disclose the subscription terms, including the price of the service, length of the subscription, and any recurring charges. Clear and conspicuous disclosure can be achieved by using all-caps, highlighted text, colored text, boldface font, and anything else that might contrast or differentiate an auto-subscription from other terms or conditions.

Canceling Subscriptions Under California’s ARL

The California Auto Renewal Task Force (CART) is a group of district attorneys in Los Angeles County, San Diego County, Santa Barbara County, Santa Clara County, and Santa Cruz County who enforce the ARL against companies that mislead and deceive California consumers with confusing subscription policies that automatically renew without authorization and that can be difficult to cancel afterwards.

Doug Allen, an assistant district attorney with the Santa Cruz County District Attorney’s Office and also a member of CART, says that the ARL is specifically designed “to make it as easy to get out of [an auto-renewal subscription] as it was to get into it.” The ARL stipulates that businesses must provide full disclosure to customers about the terms and conditions of all subscription renewal plans, including automatic renewals. Additionally, the ARL requires businesses to make it easy for customers to cancel a subscription on the backend.

Most Common Violations of the California ARL

Some of the most egregious violations of the California Automatic Renewal Law (ARL) involve companies that intentionally make it tough for a customer to cancel by bouncing the customer around when they call or email. For example, a retailer might inform the customer that they will need to speak to a “supervisor” who is conveniently never available. This is done with the full intention of ensuring that the customer remains enrolled in the subscription program. When a customer tries to cancel on the company’s website, the site needs to be easy to navigate and the cancellation process needs to be simple. The ARL also prohibits businesses from attempting to drag out the cancellation with an online survey; any surveys must be provided after the cancellation is complete.

Contact the California Consumer Protection Lawyers at Tauler Smith LLP

Tauler Smith LLP is a law firm that handles consumer fraud litigation in both state and federal courts across the United States. Our consumer protection lawyers have extensive experience representing plaintiffs in these matters, so we understand the nuances of automatic renewal laws that may apply in your particular case. If you were billed for a monthly subscription contract that was automatically renewed without your consent, we can assist you. Call or email us now to schedule a free initial consultation.