U.S. Supreme Court Decides FLSA Requires Overtime Pay For Highly Paid Day-Rate Workers
On February, 23, 2023, the U.S. Supreme Court decided Helix Energy Solutions Group, Inc. v. Hewitt No. 21-984 (U.S. Feb. 22, 2023), a highly anticipated ruling on the Fair Labor Standards Act (FLSA). The ruling is a cautionary tale for employers, warning that any cracks in their compensation structure may put them on the hook to pay overtime to high-earning employees. Hewitt determined that the FLSA required an employer to pay overtime to an offshore oil rig worker who earned over $200,000 annually because it paid him a daily, not weekly, rate. The decision is a must-read for all employers on their strategies for wage-and-hour compliance.
Read the full Alert on the Duane Morris LLP website.
DMCAR Trend # 10 – PAGA Actions Suffered Their First Setback, Work-Arounds Continued To Percolate
By Gerald L. Maatman, Jr. and Jennifer A. Riley
Duane Morris Takeaway: In 2022, actions under the California Private Attorneys General Act (PAGA), Cal. Lab. Code, §§ 2698, et seq., saw their first setback as the U.S. Supreme Court’s decision in Viking River Cruises, Inc. v. Moriana, et al., 142 S.Ct. 1906 (2022), created a workaround to arbitration programs that require individual proceedings.
The PAGA created a scheme to “deputize” private citizens – “aggrieved employees” – to sue their employers for violations of the California Labor Code on behalf of their co- workers as well as the State. If successful, aggrieved employees receive 25% of any recovered civil penalties and pass the other 75% to the California Labor and Workforce Development Agency (LWDA). The PAGA authorizes the attorneys who pursue the action to collect their attorney’s fees and costs in addition to the civil penalties. As a result, PAGA claims have exploded over the past two decades.
The Explosion Of PAGA Notices
According to data maintained by the California Department of Industrial Relations, the number of PAGA notices filed with the LWDA has increased exponentially over the past two decades. The number grew from 11 notices in 2006 to 1,743 in 2011, to 5,208 in 2016, and to 6,502 in 2021. From 2013 to 2014, employers saw the largest single year increase, from 1,605 notices in 2013 to 4,532 notices in 2014, an increase of 182%. Over the five-year period from 2017 to 2021, the number of notices grew from 4,985 in 2017, to 6,502 in 2021, an increase of 30%.
The following chart illustrates this trend.
The increase is a likely reaction to the growth of workplace arbitration, fueled by the availability of fee-shifting.
The PAGA As A Work-Around To Arbitration
Although the proliferation of mandatory arbitration programs started as early as 1991 when the U.S. Supreme Court issued Gilmer, et al. v. Interstate/Johnson Lane Corp., 500 U.S. 20 (1991), the movement did not gain steam until 2011, when the U.S. Supreme Court issued its ruling in AT&T Mobility LLC v. Concepcion, et al., 563 U.S. 333 (2011), and held that the FAA preempts state rules that stand “as an obstacle to the accomplishment of the FAA’s objectives,” and it did not peak until 2018 with the U.S. Supreme Court’s decision in Epic Systems Corp. v. Lewis, et al., 138 S.Ct. 1612 (2018), wherein the last hurdle to enforcement of class and collective action waivers was eliminated.
As the adoption of arbitration programs gained popularity as a mechanism to contract around class and collective actions, the plaintiffs’ class action bar identified work-arounds. The California Supreme Court’s cemented the PAGA as the frontrunner for generated labor-related claims with its 2014 decision in Iskanian, et al. v. CLS Transportation Los Angeles, 59 Cal.4th 348 (Cal. 2014), which seemingly immunized the PAGA from arbitration programs. In Iskanian, the California Supreme Court held that “where an employment agreement compels the waiver of representative claims under the PAGA, it is contrary to public policy and unenforceable as a matter of state law.” Id. at 384. Whereas the California Supreme Court acknowledged Concepcion, it nevertheless reasoned that the rule against PAGA representative action waivers did not frustrate the FAA’s objectives because, whereas the FAA aims to ensure an efficient forum for the resolution of private disputes, a PAGA action “is a dispute between an employer and the state Labor and Workforce Development Agency.” Id.
The ruling likely fueled the filing of PAGA notices in 2014 and thereafter, as it cleared the PAGA as a mechanism by which to maintain a representative action unhindered by agreements to arbitrate on an individual basis. The PAGA workaround suffered its first significant set-back in 2022 with the U.S. Supreme Court’s highly anticipated decision in Viking River Cruises, Inc. v. Moriana, et al., 142 S.Ct. 1906 (2022), which addressed the arbitrability of PAGA claims.
The Dagger Of Viking River
In Viking River, the U.S. Supreme Court drove a dagger through the heart of this work- around by continuing its trend of enforcing the FAA over state efforts to avoid or flat-out prohibit arbitration. See, e.g., Cal. Lab. Code § 229 (“Actions to enforce the provisions of this article for the collection of due and unpaid wages claimed by an individual may be maintained without regard to the existence of any private agreement to arbitrate.”). The U.S. Supreme Court confirmed that, whether judicial or legislative in nature, where the FAA is in play, it preempts efforts to enforce those rules.
In Viking River, the U.S. Supreme Court found a conflict between the FAA and PAGA’s procedural structure. It recognized that the statute contains a “built-in mechanism of claim joinder,” which permits “aggrieved employees” to use the Labor Code violations they personally suffered as a basis to join to the action any claims that could have been raised by the State in an enforcement proceeding. Id. at 1923. It held that, to the extent that Iskanian precludes division of PAGA actions into individual and non-individual claims, and thereby “prohibits parties from contracting around this joinder device,” the FAA preempts such rule. Id.
Importantly, however, after finding that Viking should have been able to compel arbitration of plaintiff’s individual claim, the U.S. Supreme Court addressed “what the lower courts should have done with Moriana’s non-individual claims.” Id. at 1925. It ruled that, once an individual claim has been committed to a separate proceeding, the employee is no different from a member of the general public, and the PAGA provides no mechanism for such person to maintain suit. As a result, the correct course was to dismiss the remaining claims. Id.
As a result, the U.S. Supreme Court eviscerated perhaps the most popular work-around to workplace arbitration, dealing a significant blow to the plaintiffs’ bar and its ability to pursue claims on a representative basis.
In her concurrence, Justice Sotomayor expressly opened the door to two potential solutions to the majority opinion. She suggested that, in its analysis of the parties’ contentions, the Supreme Court detailed “several important limitations on the pre-emptive effect of the [FAA],” meaning that “California is not powerless to address its sovereign concern that it cannot adequately enforce its Labor Code without assistance from private attorneys general.” Id. at 1925. First, she suggested that, if the majority was incorrect in its understanding that the plaintiff lacked “statutory standing” under the PAGA to litigate her “non-individual” claims separately, “California courts, in an appropriate case, will have the last word.” Second, alternatively, Justice Sotomayor opined that “the California Legislature is free to modify the scope of statutory standing under the PAGA within state and federal constitutional limits.” Id. at 1925-26.
Although the California State Legislature has not taken action, on July 20, 2022, the California Supreme Court granted review in Adolph, et al. v. Uber Technologies, Inc., No. G059860, on the question as to whether an aggrieved employee, who agreed to arbitrate claims under the PAGA that are “premised on Labor Code violations actually sustained by” the aggrieved employee, maintains standing to pursue “PAGA claims arising out of events involving other employees” in court or in any other forum agreed by the parties. The California Supreme Court is likely to issue a decision on these questions in 2023.
In the meantime, despite the U.S. Supreme Court’s ruling in Viking River, many plaintiff’s attorneys have requested, and many California courts have granted, stays of representative claims, rather than dismissals, likely in order to preserve tolling in the event that the California Supreme Court fashions a rule that permits them to proceed with representative claims.
DMCAR Trend # 9 – Corporate Defendants Aggressively Asserted Defenses Based On Personal Jurisdiction Video
DMCAR Trend # 9 – Corporate Defendants Aggressively Asserted Defenses Based On Personal Jurisdiction
By Gerald L. Maatman, Jr. and Jennifer A. Riley
Duane Morris Takeaway: In 2022, corporate defendants aggressively asserted defenses based on personal jurisdiction to fracture collective actions in particular. In Bristol-Myers Squibb Co. v. Superior Court of California, San Francisco County, 137 S. Ct. 1773 (2017), the U.S. Supreme Court held that each plaintiff in a mass action must demonstrate a basis for the court to exercise personal jurisdiction over the defendant for purposes of adjudicating his or her claims, even if those claims are similar to the claims of other plaintiffs.
Federal circuits, however, have disagreed on the impact of the Supreme Court’s ruling in the collective action and class action context. Such a decision has the potential to curtail the forums in which the plaintiffs’ bar may file class and collective actions against a corporate defendant and, in particular, could limit the forums where a plaintiff could bring a nationwide action to those where a court may exercise general personal jurisdiction over the defendant (i.e., typically only the state where the company is organized and the state where it maintains its principle place of business).
Given the potential of the defense to fracture nationwide suits, multiple defendants raised personal jurisdiction in 2022, and the number of federal circuits holding that Bristol-Myers applies to collective actions grew to three (the Third, Sixth, and Eighth Circuits), with one circuit holding otherwise (the First Circuit).
In Fischer, et al. v. Federal Express Corp., 42 F.4th 366 (3d Cir. 2022), the Third Circuit joined the Sixth and Eighth Circuits in concluding that Bristol-Myers requires a court to find personal jurisdiction over the claims of opt-in plaintiffs in an FLSA collective action. The plaintiff, a Pennsylvania resident, brought suit against FedEx in the U.S. District Court for the Eastern District of Pennsylvania alleging that FedEx misclassified her and other security specialists as exempt from the overtime requirements of the FLSA. Two non-resident FedEx employees, who worked for FedEx in their home states, filed notices of consent to join the action. The district court held that it lacked specific personal jurisdiction over FedEx with respect to their claims, and they filed a petition for interlocutory appeal. The Third Circuit granted the petition to resolve whether, in an FLSA collective action, where the district court lacks general personal jurisdiction over the defendant, all opt-in plaintiffs must demonstrate that the district court may exercise specific personal jurisdiction over the defendant to resolve their claims.
The Third Circuit recognized that the Sixth and Eighth Circuits had answered in the affirmative, holding that the claims of FLSA opt-in plaintiffs must arise out of or relate to the defendant’s minimum contacts with the forum state, Id. at 370 (citing Canaday, et al. v. Anthem Cos., 9 F.4th 392 (6th Cir. 2021), and Vallone, et al. v. CJS Solutions Group, LLC, 9 F.4th 861 (8th Cir. 2021)), whereas the First Circuit had answered in the negative, holding that only the named plaintiffs must show that their claims arise out of or relate to the defendant’s minimum contacts with the forum state. Id. (citing Waters, et al. v. Day & Zimmermann NPS, Inc., 23 F.4th 84 (1st Cir. 2022)).
The Third Circuit agreed with the former, holding that, like the out-of-state plaintiffs in Bristol-Myers, the opt-in plaintiffs in FLSA collective actions must satisfy the personal jurisdiction requirements of the Fourteenth Amendment to join the suit by demonstrating general personal jurisdiction or specific personal jurisdiction. As to the former, the opt- ins could not establish general personal jurisdiction over FedEx because the company was incorporated in Delaware and had a principal place of business in Tennessee. As to the latter, the opt-ins could not establish specific jurisdiction because they lived and worked in New York and Maryland, respectively, and based their claims entirely on their treatment by FedEx in their home states. Id. at 383.
During 2022, the parties in three of these cased filed petitions for review by the U.S. Supreme Court, and requested that it address the question of personal jurisdiction in the context of collective actions. To date, the Supreme Court has denied two of the petitions, with the petition outstanding. Thus, it is unlikely that the Supreme Court will resolve this issue in 2023, and corporate defendants can expect that personal jurisdiction will remain a powerful defense for facing collective actions outside of their home states.
Illinois Supreme Court Holds Each Fingerprint Scan Is A Separate BIPA Violation – Thereby Creating The Potential For Increased Damages In Privacy Class Actions
By Gerald L. Maatman, Jr., Alex W. Karasik, Tyler Z. Zmick, and Jennifer A. Riley
Duane Morris Takeaways: In the latest ruling in Illinois in the biometric privacy class action space, the Illinois Supreme Court decided today in Cothron v. White Castle, 2023 IL 128004 (Ill. Feb. 17, 2023), that a separate claim for damages accrues under the Biometric Information Privacy Act (“BIPA”) each time a private entity scans or transmits an individual’s biometric identifier or information, in violation of section 15(b) or 15(d).
This ruling could exponentially increase monetary damages in class actions brought under the BIPA, especially in the employment context, where employees scan in and out of work multiple times per day for several hundred days per year.
Plaintiff alleged that after she started working at White Castle in 2004, the company required her to use a fingerprint-based system to access the workplace computer she used in her position as a manager. Plaintiff sued White Castle several years later in 2018, alleging that the company violated Sections 15(b) and 15(d) of the BIPA in connection with the fingerprint-based system by (i) collecting her biometric data without providing her with the requisite notice and obtaining her written consent, and (ii) disclosing her biometric data without consent.
After removing the complaint to the U.S. District Court for the Northern District of Illinois, White Castle moved for judgment on the pleadings on the basis that Plaintiff’s claims were untimely. Specifically, White Castle argued that Plaintiff’s BIPA claims accrued in 2008 (when her first fingerprint scan occurred after the BIPA took effect), yet she did not file her complaint until 2018. The District Court rejected White Castle’s one-time-only theory of claim accrual, holding that the lawsuit was timely because each separate unauthorized fingerprint scan constituted an independent violation of the statute, meaning Plaintiff’s BIPA claims were timely because her last fingerprint scan occurred within five years of the filing of her complaint. Because the issue presented a close call, however, the District Court permitted White Castle to file an interlocutory appeal with the Seventh Circuit regarding whether Section 15(b) and 15(d) claims accrue each time a private entity scans a person’s biometric identifier and each time a private entity transmits a scan to a third party, respectively, or only upon the first scan and first transmission.
The U.S. Court of Appeals for the Seventh Circuit accepted the interlocutory appeal. Id. ¶ 9. After determining that Plaintiff had standing to bring her action in federal court under Article III of the U.S. Constitution, the Seventh Circuit addressed the parties’ respective arguments on the accrual of a claim under the Act. Id. Ultimately, the Seventh Circuit found the parties’ competing interpretations of claim accrual reasonable under Illinois law, and it agreed with Plaintiff that “the novelty and uncertainty of the claim-accrual question” warranted certification of the question to the Illinois Supreme Court. Id. at 1165-66. The Seventh Circuit “observed that the answer to the claim-accrual question would determine the outcome of the parties’ dispute, this court could potentially side with either party on the question, the question was likely to recur, and it involved a unique Illinois statute regularly applied by federal courts.” Id..
The Illinois Supreme Court’s Decision
In a 4-3 split ruling, the Illinois Supreme Court held today that that a separate claim accrues under the BIPA each time a private entity scans or transmits an individual’s biometric identifier or information, in violation of section 15(b) or 15(d). First, the Illinois Supreme Court analyzed the certified question with respect to Section 15(b), which provides that no private entity “may collect, capture, purchase, receive through trade, or otherwise obtain” a person’s biometric data unless it first provides notice and receives written consent. 740 ILCS 14/15(b). Relying on the plain language of the statute and the fact that the actions of “collecting” and “capturing” biometric data can occur more than once, the Supreme Court agreed with Plaintiff’s interpretation – namely, that Section 15(b) “applies to every instance when a private entity collects biometric information without prior consent.” Id. ¶¶ 19, 23. As interpreted in the context of the facts of the case, the Supreme Court further observed that White Castle obtains an employee’s fingerprint, stores it in its database, and then compares the fingerprint taken during subsequent scans to verify the identity of the employee. In the Supreme Court’s words, White Castle “fails to explain how such a system could work without collecting or capturing the fingerprint every time the employee needs to access his or her computer or pay stub.” Id. ¶ 23. Accordingly, consistent with the District Court’s decision in Cothron and the Illinois Appellate Court’s conclusion in Watson, 2021 IL App (1st) 210279, ¶ 46, the Illinois Supreme Court held that an entity violates Section 15(b) the first time it collects biometric data without having provided the requisite notice and obtaining consent, in addition to “each subsequent scan or collection.” Id. ¶ 24.
Next, closely tracking its analysis of Section 15(b), the Supreme Court similarly held that BIPA Section 15(d) – which prohibits the disclosure, redisclosure, or dissemination of biometric data without consent – “applies to every transmission to a third party.” Id. ¶ 28. Like the verbs “collect” and “capture” in Section 15(b), the acts of disclosing and redisclosing biometric data occur upon the initial disclosure in addition to any subsequent disclosure or redisclosure of the data. See id. ¶ 29 (“A fingerprint scan system requires a person to expose his or her fingerprint to the system so that the print may be compared with the stored copy, and this happens each time a person uses the system.”).
The majority opinion also rejected White Castle’s remaining “nontextual” arguments supporting its single-accrual interpretation. White Castle argued that a BIPA claim accrued only upon the initial collection or disclosure of a person’s biometric data because an individual loses the right to control his or her biometric data as soon as the data is collected and/or disclosed. In rejecting the argument, the Supreme Court again relied on the statute’s plain language, stating: “[n]o such limitation appears in the statute. We cannot rewrite a statute to create new elements or limitations not included by the legislature.” Id. ¶ 39.
Next, the Supreme Court turned to White Castle’s argument that in light of the BIPA’s liquidated damages provision, interpreting the statute to mean an entity violates Sections 15(b) and 15(d) every time it collects or discloses biometric data means “a party may recover for “each violation,” allowing multiple or repeated accruals of claims by one individual could potentially result in punitive and “astronomical” damage awards that would constitute “annihilative liability” not contemplated by the legislature and possibly be unconstitutional.” Id. ¶ 41. For example, White Castle estimated that if Plaintiff was successful and allowed to bring her claims on behalf of as many as 9,500 current and former White Castle employees, classwide damages in her action may exceed $17 billion. Once again, the Supreme Court rejected White Castle’s argument because the statutory language is clear and supports plaintiff’s position. See id. ¶ 40 (“As the district court observed, this court has repeatedly held that, where statutory language is clear, it must be given effect, “ ‘even though the consequences may be harsh, unjust, absurd or unwise.’ ” (Emphasis omitted.) Cothron, 477 F. Supp. 3d at 734 (quoting Peterson v. Wallach, 198 Ill. 2d 439, 447 (2002)).”).
Importantly, however, the Supreme Court acknowledged that trial courts could exercise their discretion to reduce the amount of statutory damages that plaintiffs can recover. Id. ¶ 42. In closing, the Supreme Court reiterated the position that White Castle’s “policy-based concerns about potentially excessive damage awards under the Act are best addressed by the legislature,” and it “suggest[ed] that the legislature review these policy concerns and make clear its intent regarding the assessment of damages under the Act.” Id. ¶ 43. Accordingly, the Illinois Supreme Court concluded that the plain language of section 15(b) and 15(d) shows that a claim accrues under the BIPA with every scan or transmission of biometric identifiers or biometric information without prior informed consent.
Notably, three Illinois Supreme Court Justices, inclusive Chief Justice Theis, joined the Dissenting Opinion. Of note, the Dissent opined that two significant consequences militate against the majority’s construction. Id. ¶ 60. First, under the majority’s rule, plaintiffs would be incentivized to delay bringing their claims as long as possible, since “If every scan is a separate, actionable violation, qualifying for an award of liquidated damages, then it is in a plaintiff’s interest to delay bringing suit as long as possible to keep racking up damages.” Id. Second, the Dissent noted that, “the majority’s construction of the Act could easily lead to annihilative liability for businesses.” Id. at ¶ 61.
In sum, the Dissent commented that, “Imposing punitive, crippling liability on businesses could not have been a goal of the Act, nor did the legislature intend to impose damages wildly exceeding any remotely reasonable estimate of harm. Id. ¶ 63. To this point, the Dissent opined that, “nothing in the Act indicating that the legislature intended to impose cumbersome requirements or punitive, crippling liability on corporations for multiple authentication scans of the same biometric identifier. The legislature’s intent was to ensure the safe use of biometric information, not to discourage its use altogether.”
Implications For Employers
Following the Illinois Supreme Court’s similar pro-plaintiff ruling in Tims v. Black Horse Carriers, 2023 IL 127801 (Ill. Feb. 2, 2023), which applied a five-year statute of limitations to the BIPA instead of a one-year statute of limitations, the well is beginning to dry for businesses in terms of potential BIPA class action defenses. While employers can still explore novel exemptions, such as information captured from a patient in a health care setting, most companies caught in the crosshairs of BIPA class actions will be facing monumental amounts of potential damages.
Businesses confronted with BIPA class actions may need to explore alternative potential defenses, such as the constitutionality of the overbearing damages thresholds. Companies will also likely push for legislative changes. Nonetheless, given the bleak outlook of the law as it stands, it is imperative for businesses to immediately ensure they are compliant with the BIPA.
DMCAR Trend # 8 – Courts Continued To Grapple With Problems Of Standing And Uninjured Class Members Video
DMCAR Trend # 8 – Courts Continued To Grapple With Problems Of Standing And Uninjured Class Members
By Gerald L. Maatman, Jr. and Jennifer A. Riley
Duane Morris Takeaway: During 2022, courts continued to grapple with the rules that govern the certification of classes that contain uninjured class members. Various cases climbed to the federal circuit level, with varying results, and the U.S. Supreme Court once again declined to take up the issue, making uninjured class members a continued topic of disagreement and debate for 2023.
By definition, individuals who did not suffer injury as the result of the defendant’s conduct cannot maintain claims, and courts do not have the power to award them relief. As the U.S. Supreme Court reiterated in its seminal 2020 decision in TransUnion, “Article III does not give federal courts the power to order relief to any uninjured plaintiff, class action or not.” TransUnion LLC v. Ramirez, et al., 141 S.Ct. 2190, 2208 (quoting Tyson Foods v. Bouaphakeo, et al., 577 U.S. 442, 466 (2016) (Roberts, C.J., concurring)). In this respect, the “plaintiffs must maintain their personal interest in the dispute at all stages of the litigation . . . And standing is not dispensed in gross; rather, plaintiffs must demonstrate standing for each claim that they press and for each form of relief that they seek.” Id.
Courts, however, continue to grapple with the application of these concepts in the class certification context and, in particular, they disagree over whether to certify a class, a plaintiff must demonstrate that every putative class member has standing or, stated differently, must demonstrate that the class excludes those individuals who did not suffer harm. In TransUnion, the Supreme Court expressly left open the question of “whether every class member must demonstrate standing before a court certifies a class.” Id. at n.4. Such a requirement has significant consequences for the class action landscape and, as a result, multiple federal circuits considered the issue over the past year.
In Drazen, et al. v. Pinto, 41 F.4th 1354 (11th Cir. 2022), for example, the Eleventh Circuit vacated and remanded an order approving a class settlement after finding that some settlement class members did not experience an Article III injury. The plaintiffs filed suit alleging that the defendant violated the Telephone Consumer Protection Act by sending unwanted calls and text messages. Although the Eleventh Circuit previously held that a single unauthorized text message is not sufficient for an Article III injury, the district court approved the settlement on the basis that “only the named plaintiffs must have standing.” Id. at 1357. Although only about 7% of the settlement class members had received a single text, the Eleventh Circuit reversed. Applying TransUnion, it explained that, when plaintiffs seek certification, they must limit the class definition “to those individuals who have Article III standing.” Id. at 1361. Because the settlement class may have included individuals who received a single unwanted text message, the Eleventh Circuit held that approving the settlement would allow “individuals without standing [to] receiv[e] what is effectively damages in violation of TransUnion.” Id. at 1362. The Eleventh Circuit remanded to provide the parties an opportunity to revise the class definition.
In Hyland, et al. v. Navient Corp., 48 F.4th 110 (2d Cir. 2022), the Second Circuit confronted a similar issue in the context of a non-monetary settlement and reached the opposite result. The plaintiffs, a group of public servants with loans that the federal Public Service Loan Forgiveness program did not forgive, filed suit claiming that the defendant loan service companies misled them regarding their eligibility for the program. Id. at 115. The parties reached a nationwide non-monetary settlement that preserved class members’ rights to file individual claims for money damages. Id. at 114. The district court approved the settlement, and a group of objectors appealed. On appeal, the objectors argued that because “[s]ome class members were no longer using the company to service their loans when the class was certified . . . the class as a whole. . . lacked standing to pursue injunctive relief.” Id. at 117. The Second Circuit rejected that argument. It held that “[s]tanding is satisfied so long as at least one named plaintiff can demonstrate the requisite injury.” Id. at 117-18. It reasoned that, because the plaintiffs alleged that they “continued to rely on [the company] for information about repaying their student loans,” they plausibly alleged that they “were likely to suffer future harm.” Id. at 118. The Second Circuit concluded that these allegations were “enough to confer standing on the entire class” and affirmed the district court’s order. Id. (citing Amado, et al. v. Andrews, 655 F.3d 89, 99 (2d Cir. 2011) (“In a class action, once standing is established for a named plaintiff, standing is established for the entire class.”)).
In Bowerman, et al. v. Field Asset Services, Inc., 39 F.4th 652 (9th Cir. 2022), the Ninth Circuit considered what happens when the plaintiffs cannot or are not able to define their class so as to exclude uninjured class members. The plaintiff filed suit on behalf of a putative class of workers alleging that the defendant misclassified them as independent contractors rather than employees and, as a result, improperly failed to pay them overtime and failed to reimburse their business expenses. Id. at 657. The district court granted class certification, and the Ninth Circuit reversed. The plaintiffs did not dispute that they lacked common proof that putative class members worked overtime hours or incurred reimbursable expenses, but argued that, under Ninth Circuit precedent, “the presence of individualized damages cannot, by itself, defeat class certification.” Id. at 661-62 (quoting Leyva, et al. v. Medline Industries Inc., 716 F.3d 510, 514 (9th Cir. 2013)). The Ninth Circuit disagreed. It distinguished between “the calculation of damages and the existence of damages in the first place.” Id. at 662.
Quoting its decision in Castillo, et al. v. Bank Of America, NA, 980 F.3d 723, 730 (9th Cir. 2020), the Ninth Circuit noted that “if the plaintiffs cannot prove that damages resulted from the defendant’s conduct, then the plaintiffs cannot establish predominance.” The Ninth Circuit concluded that the defendant’s liability to any class member for failing to pay overtime wages or to reimburse business expenses “would implicate highly individualized inquiries on whether that particular class member ever worked overtime or ever incurred any ‘necessary’ business expenses” and, under such circumstances, class certification is improper.
Further contributing to the divergence of case law precedents, in Olean Wholesale Grocery Cooperative, Inc., et al. v. Bumble Bee Foods, LLC, 31 F.4th 651 (9th Cir. 2022), in an en banc decision, the Ninth Circuit ruled 9 to 2 to uphold an order certifying a class that potentially included a significant number of uninjured class members. The plaintiffs brought suit against Starkist alleging that it engaged in a price-fixing scheme from 2011 to 2013 that led to their paying supra-competitive prices for tuna products. The district court granted class certification. After a panel vacated the order, the Ninth Circuit agreed to hear the case en banc and affirmed the ruling. Both parties presented expert testimony regarding antitrust impact, but their experts disagreed as to whether 28% of the class members could rely on the plaintiffs’ model to show injury attributable to the alleged conspiracy. Similar to Bowerman, the Ninth Circuit addressed the issue as one of predominance, noting that, when individualized questions relate to “the injury status of class members,” Rule 23(b)(3) requires that the court determine whether individualized inquiries about such matters predominate over common questions.” Id. at 668.
The Ninth Circuit rejected the argument that Rule 23 does not permit a district court to certify a class that potentially includes more than a de minimis number of uninjured class members, reasoning that Rule 23(b)(3) “requires only that the district court determine after rigorous analysis whether the common question predominates over any individual questions, including individualized questions about injury or entitlement to damages.” Id. at 669. The Ninth Circuit noted that, here, the defendants did not show that 28% of the class members were uninjured. Rather, the defendants disputed whether class members with no or limited transactions during the benchmark period could rely on the plaintiffs’ model. The district court was not required to resolve the dispute; rather, if the jury were persuaded by the critique, it could conclude that the plaintiffs had failed to prove antitrust impact on a class-wide basis, but “[i]n neither case would the litigation raise individualized questions regarding which members of the class had suffered an injury.” Id. at 681.
In August 2022, Starkist filed a petition with the U.S. Supreme Court asking it to strike down the decision and to elucidate the circumstances in which a court may or may not certify a class that includes a significant number of class members who were never injured by the alleged harm. On November 14, 2022, however, the U.S. Supreme Court turned down the request. Hence, the issue remains one that divides lower federal courts, thereby fueling uncertainty on an important class action issue.
If a defendant’s showing that one or more members of the defined class did not suffer a concrete harm can defeat class certification, such a defense is a potent tool for the defense.
As a result, while 2022 saw the further development of the defense, corporate defendants are likely to see continued litigation over this issue during the upcoming year.
Dior Dismissed From Illinois BIPA Class Action Lawsuit Challenging Virtual Try-On Technology
By Kelly A. Bonner, Alex W. Karasik, Gerald L. Maatman, Jr., and Jennifer A. Riley
Duane Morris Takeaways: In a significant win for fashion and beauty retailers in the privacy class action space, in Warmack-Stillwell v. Christian Dior Inc., No. 1:22-CV-04633, 2023 U.S. Dist. LEXIS 22926 (N.D. Ill. Feb. 10, 2023), an Illinois federal court held that an exemption to the Illinois Biometric Information Privacy Act (“BIPA”) for data captured from a patient in a health care setting barred proposed class action claims alleging that luxury giant Christian Dior Inc.’s (“Dior”) virtual try-on tool (“VTOT”) violated the BIPA.
Businesses in Illinois, particularly online fashion and beauty retailers, can use this ruling to attack BIPA claims involving VTOT technology.
As discussed in our previous publications, lawsuits involving BIPA claims and eyewear have been dismissed under one of BIPA’s statutory exemptions, which in relevant part excludes from its definitions of biometric identifiers and biometric information: (1) information captured from a patient in a health care setting; or (2) information collected, used, or stored for health care treatment, payment, or operations under the federal Health Insurance Portability and Accountability Act of 1996, including prescription lenses, non-prescription sunglasses, and frames meant to hold prescription lenses.
Plaintiff alleged that Dior maintained a VTOT feature on its website that collected users’ facial geometry data without first obtaining written consent or informing users of the purpose and length of time that their data was being collected in violation of Section 15(b) of BIPA. Plaintiff also alleged that Dior failed to provide a publicly available data retention and destruction schedule, as required by Section 15(a) of BIPA.
Dior moved to dismiss Plaintiff’s complaint on the basis that the BIPA’s health care exemption applied to non-prescription sunglasses, such as the ones sold by Dior and which the plaintiff alleged that she tried on with the VTOT technology, and thus precluded Plaintiff’s claims.
Plaintiff countered that the sunglasses were fashion accessories; Dior’s website was not a health care setting; and Dior’s consumers were not patients. Plaintiff also sought to distinguish prior decisions applying the BIPA’s health care exemption as focusing on the VTOT technology being used for prescription glasses, akin to optometrist fittings, and not in connection with the purchase of luxury sunglasses. Id. at *8.
The Court’s Decision
The Court granted Dior’s motion to dismiss under Rule 12(b)(6). First, the Court explained that Plaintiff qualified as a “patient in a health care setting” under the dictionary definition of the term “patient,” and that Dior’s VTOT feature “facilitates the provision of a medical device that protects vision.” Id. at *8. Similarly, the Court held that use of the VTOT technology constituted “health care,” which the dictionary defined as “efforts made to maintain or restore physical, mental, or emotional well-being especially by trained and licensed professionals.” Id. at *9.
In addition, the Court reasoned that the relevant test was “not a user’s subjective understanding, but rather an objective application of the text of the exemption.” Id. at *8-9. The Court opined that the outcome of the analysis should not change if a consumer uses the VTOT in search of primarily stylish sunglasses rather than protective ones.
Plaintiff attempted to distinguish Dior’s website from a “health care setting” by arguing that “[a]n artist prepping a canvas is not providing a health care service if they use a scalpel instead of an Xacto knife.” Id. at *9. As to that point, the Court concluded that the VTOT feature facilitated the purchase of sunglasses to wear on one’s face and protect one’s eyes, thus performing the product’s intended medical function rather than an unconventional purpose.
Similarly, the Court rejected Plaintiff’s attempts to analogize her case to BIPA suits against blood plasma centers, in which courts rejected application of the health care exemption. Even if the cases applied the same definitions of “health care” and “patient,” the Court concluded that the removal of plasma for commercial purposes is not “health care because the purpose — at least from the plasma donors’ perspectives — was not to ‘maintain or restore physical, mental or emotional well-being’; it was to get paid.” Id. at *11.
Finally, the Court notably denied Dior’s motion to dismiss under Rule 12(b)(1), rejecting Dior’s argument that Plaintiff failed to allege an injury-in-fact sufficient for Article III standing. The Court concluded that Plaintiff sufficiently alleged an injury-in-fact under Section 15(a) “because “unlawful retention of a person’s biometric data is as concrete and particularized an injury as an unlawful collection of a person’s biometric data.” Id. at *11.
Accordingly, the Court granted Dior’s motion to dismiss on Rule 12(b)(6) grounds, but rejected Dior’s Article III standing argument and denied its motion based on Rule 12(b)(1).
Implications for Retailers
The Court’s decision in Warmack is a solid victory for fashion and apparel retailers, and indicates that courts are willing to expand the BIPA’s healthcare exemption to more retail-oriented environments, and adopt a plain reading of the statue rather than seeking to discern legislative intent. This ruling could have significant implications for personal care products retailers, especially those who utilize VTOT features to assess skin complaints such as aging, hyperpigmentation, and recommend treatments, and whether those defenses will draw regulatory scrutiny for purposed “drug” claims.
In the meantime, retailers should stay abreast of biometric data privacy laws in Illinois and beyond, and ensure that their privacy policies stay current with evolving nationwide legislation.
Trend # 6 – Privacy Class Actions Became An Intense Focus Of The Plaintiffs’ Class Action Bar
By Gerald L. Maatman, Jr. and Jennifer Riley
Duane Morris Takeaway: Privacy litigation – in a multitude of forms and theories – revealed itself as the hottest area of growth in terms of activity by the plaintiffs’ class action bar in 2022. The new year started off with a huge privacy ruling from the Illinois Supreme Court in Tims, et al. v. Black Horse Carriers, Case No. 127801 (Ill. Feb. 2, 2023), in which it held that a five-year statute of limitations applies to BIPA claims.
The Illinois Biometric Privacy Act Continued To Drive Lawsuits
In 2022, the plaintiffs’ class action bar continued to focus on businesses and vendors utilizing biometric technology and filed numerous class action lawsuits based on the Illinois Biometric Information Privacy Act, 740 ILCS 14/15 (BIPA).
Enacted in 2008, the BIPA regulates the collection, use, and handling of biometric identifiers and information by private entities. Subject to limited exceptions, the BIPA generally prohibits the collection or use of an individual’s biometric identifiers and biometric information without notice, written consent, and a publicly-available retention and destruction schedule.
Although Texas and Washington have implemented similar biometric protections, the BIPA provides for a private cause of action with aggressive statutory penalties allowing for $1,000 per violation and $5,000 per intentional or reckless violation. Because of this damages provision, the plaintiffs’ bar files almost all BIPA lawsuits as class actions. Plaintiffs have focused more than one-third of BIPA cases on fingerprinting and have focused roughly a quarter on facial recognition surveillance.
The most noteworthy BIPA case of the year was Rogers, et al. v. BNSF Railway Co., Case No. 19-CV-3083 (N.D. Ill.), the first federal jury trial in a case brought under the BIPA. After a week-long trial in the U.S. District Court for the Northern District of Illinois, a jury found that BNSF recklessly or intentionally violated the law 45,600 times and entered a verdict in favor of the class of 45,000 workers. The court thereafter awarded damages against BNSF of $228 million. BNSF subsequently filed a motion for a new trial arguing that none of the 45,000 class members suffered any actual harm and raising constitutional concerns about the BIPA. That motion remains pending for decision, and is almost sure to result in an appeal in 2023.
As BIPA class actions proliferate and businesses struggle to defeat such claims, the Illinois Supreme Court in early 2023 clarified the scope of the statute of limitations applicable to the BIPA in Tims, et al. v. Black Horse Carriers, Case No. 127801 (Ill. Feb. 2, 2023). The Illinois Supreme Court held that a five-year statute of limitations applies to claims under the BIPA. This ruling adds to the risks for employers and companies who do business in Illinois in terms of BIPA class action exposures. Given that the BIPA statute does not have an explicit statute of limitations, the Illinois Supreme Court’s ruling now provides clarity for litigants and attorneys in this space as to the scope of the putative classes in their lawsuits.
If employers have not already done so, now is time to make sure their timekeeping procedures and consent policies are legally compliant. The Tims ruling is apt to increase the plaintiff class action bar’s appetite for BIPA claims, so it is more important than ever for employers to make sure their procedures are legally sound
The Illinois Supreme Court is also due to issue its decision in Cothron v. White Castle System, Inc., No. 1280004 (Ill.), which will decide whether each fingerprint scan is its own discrete violation. An adverse finding in Cothron could enhance BIPA class action exposures. In Cothron, et al. v. White Castle Systems, 2021 U.S. App. LEXIS 37593 (7th Cir. Dec. 20, 2021), the Seventh Circuit asked the Illinois Supreme Court to provide much-needed clarification on the accrual of BIPA violations, specifically whether certain BIPA claims accrue only once upon the initial collection or disclosure of biometric information or whether a claim accrues each time a company collects or discloses biometric information.
The Illinois Supreme Court likely will rule on these key BIPA matters in the early part of 2023 and the statute will continue to drive class action litigation. Its technical requirements, combined with stiff statutory penalties and fee-shifting, provide a recipe for attention from the plaintiff’s class action bar, and companies’ continued development and use of innovative technologies are apt to provide a veritable barrel of opportunity.
Class Action Suits Alleging Wiretapping Violations
A new wave of class action lawsuits filed in California, Florida, Massachusetts, and Pennsylvania targeted companies that use technologies to track user activity on their websites, based on the theory that such practices violate electronic interception provisions of various state laws when done without consent.
The plaintiffs’ bar grounded these claims in the electronic interception provisions of various state laws. Wiretap statutes like the California Invasion of Privacy Act, the Pennsylvania Wiretapping and Electronic Surveillance Act, and the Florida Security of Communications Act generally prohibit the unauthorized interception or disclosure of communications transmitted electronically.
The plaintiffs’ bar targeted technologies that track a user’s interactions with the website (e.g., clicking, scrolling, swiping, hovering and typing) and create a recording of those interactions and inputs – known as session replay software. They also attacked coding tools that create and store transcripts of conversations with users in a website’s chat feature. The plaintiffs in this new string of class actions allege that recording their interactions with a website and sending that recording to a third party for analysis without their consent is an illegal invasion of their privacy.
Recent decisions from the Ninth and Third Circuits fueled the swell of lawsuits alleging violations of these wiretap statutes. In May 2022, in Javier, et al. v. Assurance IQ, LLC, 2022 U.S. App. LEXIS 14951 (9th Cir. May 31, 2022), the Ninth Circuit held that the California Invasion of Privacy Act requires prior consent and explicitly rejected the argument that this wiretap statute allows a business to obtain consent to the use of session replay software after the recording already has begun. The Ninth Circuit, however, did not comment on what would amount to effective consent to the use of session reply software under the wiretap statute.
A few months later, the Third Circuit in Popa, et al. v. Harriet Carter Gifts, 2022 U.S. App. LEXIS 22707 (3d Cir. Aug. 16, 2022), ruled that an electronic interception violating the Pennsylvania Wiretapping and Electronic Surveillance Act occurred when the plaintiff visited a website to purchase a product and her interactions on that site were recorded and transmitted to a third-party marketing firm.
The Third Circuit concluded that the location of the interception was plaintiff’s browser, and it rejected the defendants’ argument that the wiretap statute did not apply because the third-party marketing firm’s servers – where the information was sent – were located in Virginia. If other circuits follow the Third Circuit’s approach, it could subject companies to liability under a state wiretap statute each time a user accesses its website from that state.
In each of the three lawsuits brought thus far in Pennsylvania, the class consisted of allegedly more than 5,000 individuals. This new wave of lawsuits alleging wiretap violations threatens to subject businesses to a substantial amount in penalties, including fines ranging from $1,000 to $50,000 per violation, depending on the state. If a violation occurs every time a user accesses a website in one of these states, the amount of penalties to which a company may be subject can balloon quickly.
More State Legislation Created And Expanded Data Privacy Rights
While Congress has refrained from addressing data privacy through federal legislation, many states have enacted their own laws, and 2022 saw significant state legislative activity regarding data privacy with five states preparing for new privacy laws to take effect in 2023, including California, Colorado, Connecticut, Utah, and Virginia.
On the heels of California’s enactment of the California Consumer Privacy Act (CCPA) in 2020, California businesses will need to comply with all requirements of the California Privacy Rights Act (CPRA) effective January 1, 2023. The CPRA expands the current CCPA private right of action by authorizing consumers to bring lawsuits arising from data breaches involving additional categories of personal information and is arguably the strictest data privacy law in the United States, which places California privacy law closer, in many respects, to Europe’s GDPR. With potential statutory damages ranging from $100 to $750 per consumer per incident, and breaches often involving hundreds of thousands or even millions of users, these types of claims will almost certainly lead to a sharp rise in class action litigation.
Virginia, Colorado, Connecticut, and Utah likewise enacted sweeping data privacy laws that will roll out in 2023. These laws are all similar in structure, but unlike California’s statute, which allows an individual to sue a company for alleged violations, enforcement will be left to the respective state attorneys general. Each of these laws provides for expanded consumer rights related to their data, including: (i) Right of access (i.e., allows for a consumer to access from a business/data controller the information or categories of information collected about a consumer); (ii) Right of deletion (i.e., right for a consumer to request deletion of personal information about the consumer under certain conditions; (iii) Right to opt-out (i.e., allows for a consumer to opt out of the sale of personal information about the consumer to third parties); (iv) Right of portability (allows for a consumer to request personal information about the consumer be disclosed in a common file format); and (v) Notice and transparency requirements (i.e., an obligation placed on a business to provide notice to consumers about certain data practices, privacy operations, and/or privacy programs).
The approach each state attorney general takes regarding enforcement of these new laws will provide lessons for other states looking to regulate consumer privacy in the absence of a federal standard and almost certainly will be closely monitored by the plaintiffs’ bar, as it attempts to draw from favorable rulings and to anticipate which state will enact the next plaintiff-friendly data privacy laws. 28 U.S.C. §1292(b), Rule 23(f) does not require the district court to certify an issue for appeal. Moreover, Rule 23(f) does not include the potentially limiting requirements of Section 1292(b), under which the district court can certify an issue for appeal only where an order “involve[s] a controlling question of law as to which there is substantial ground for difference of opinion” and where “an immediate appeal from the order may materially advance the ultimate termination of the litigation.”
Finally, class action litigants can appeal final orders issued by the district court under 28 U.S.C. § 1291, which states that “courts of appeals (other than the United States Court of Appeals for the Federal Circuit) shall have jurisdiction of appeals from all final decisions of the district courts of the United States.”