S4 E01: Ask an Attorney: What’s Driving Email Compliance Litigation

Audio version

Ask an Attorney: What’s Driving Email Compliance Litigation

Transcript

Matt Cagle 

 Hi everybody. Welcome to the latest episode of Compliance Pointers. My name is Matt Cagle. I’m with Compliance Point. This is the next episode in our Ask an Attorney series, and I’m thrilled to have an old friend and colleague, Frank Nolan (franknolan@eversheds-sutherland.com), here with us today. Frank is with Eversheds Sutherland. We have worked with Frank. Gosh, Frank, at this point, I don’t know, eight or nine years, maybe more than we want to admit on a variety of issues, whether that’s TCPA related work, some data privacy stuff, but Frank and his team at Eversheds are someone we would highly recommend.
So as Frank and I were thinking about what would be a good topic for today’s conversation, he mentioned that e-mail compliance of all things is something that is rising up in terms of risk area potential priority for organizations to address. Historically, Frank, we have not seen a lot of enforcement activity around e-mail, particularly under CAN-SPAM at the federal level or with the state attorneys general. I’m curious what is driving this increase?

Frank Nolan  

Sure, and thanks for having me, Matt. It’s good to speak with you again. So I’m a litigator. So our team handles compliance requests from clients time to time, from time to time because we’re familiar with a lot of these statutes that give rise to private litigation. So we’re always looking in things from that lens. And the reason that I brought up this topic is because for the first time in my career we’ve seen, we’re seeing litigation arising from.
It’s effectively allegations of spam emailing. Now that’s something that I’ve never seen before, largely because the federal CAN-SPAM Act doesn’t provide for private right of action. So it’s enforced by the FTC. It’s not actionable by private litigants, and there’s no damages provision.
For private litigants, the way that there is, I mean you mentioned the TCPA. I think one thing Congress was trying to do when it enacted the CAN-SPAM  Act was avoid what we see with the TCPA, which is just this onslaught of private litigation that costs companies millions and millions of dollars a year for settlements and and things of that of that nature. So CAN-SPAM is not an area that we’re saw litigation. So I was a little surprised to see a little flurry, so far a flurry of activity relating to a California anti-email spam law. There’s a couple of these laws in the books, the one in California has been around since 2003. It’s similar to the CAN-SPAM Act, except obviously it’s a state law. It’s got a couple of key differences, which is why.
I took note of it and that is the primary one is that it’s enforceable through civil litigation. So plaintiff’s lawyers have started to very early stages to key on this law to file class action lawsuits or to send pre-litigation demand letters trying to get a quick payday from the you know the letters are basically designed for that and now they’re taking a run at class action complaints to see if there’s any traction there to take advantage of the liquidated damages provision in the California law, which is $1000 per each unsolicited offending e-mail, as well as attorney’s fees and costs. So you could the numbers can you can imagine a company sends a lot of emails out through a marketing campaign if they get tagged with one of these. The numbers can get astronomical quickly.

Matt Cagle 

 Well, I think, and this is why we wanted to talk about this. We’ve worked with companies for decades at this point when it comes to their direct marketing activities and whenever they’ve brought up e-mail, we’ve always said, hey, it’s.
Follow CAN-SPAM. It’s pretty straightforward. If you’re not selling fake Rolexes or doing something very questionable, it’s unlikely that you’ll see enforcement activity around this. Obviously honor those consumer preferences, honor the opt-outs, but follow the intent of the law when it comes to CAN-SPAM.
And you should be good, you know, focus on the TCPA, some of those higher risk areas in my mind. And I’m curious if you agree, this changes the risk paradigm related to e-mail activity, at least in the short term, somewhat significantly if it is subject to private right of action, potentially those class actions like you said.

Frank Nolan

Yeah, it could. I mean, we’re still so early in, I guess what you might call like the trial balloon phase of plaintiff’s lawyers taking a run at seeing how whether these claims can survive. So if you go back maybe 10-15 years, there are a few of these cases filed.

They were not class actions and they weren’t filed in the context that we’re seeing them now. So there’s not really a body. There’s some case law out there about this California law, but not much that’s applicable to the theories that one particular plaintiff’s firm, maybe a couple others, are taking a run at now. So the law, this California law, doesn’t have a clever name like the CAN-SPAM law or the TCPA. We’ll just call it the California law. Well, it tries to prohibit three types of practices.
The first is that emails that use a third party’s domain name without the permission of that third party. So, in other words, kind of masks the e-mail address. That’s not something that we’re seeing yet as a theory. The theories that we’re seeing are under the other two prohibitions under the law.
So emails that contain false information in the from line. So there’s no way for the recipient to identify who the advertiser is. So these are all commercial emails. So in the from line and then the other is in the subject line where if the subject line is likely misleading a reasonable recipient about a material fact regarding the contents or the subject matter of the message. So in other words, the subject line says something. It’s pointing the recipient this way, and then the actual body of the e-mail when you open it is saying something different, all in the context of marketing or advertising.
Advertising. So it’s basically a Deceptive Practices Act specific to emails that are being sent. And yeah, it’s like CAN-SPAM. It’s enforceable by the government, but in this case, California Attorney General, and by e-mail service providers, so CAN-SPAM also. Can be enforced by those that very narrow category of businesses. But unlike hand spam, anybody who receives one of these emails who’s in the state of California can bring an action, even if the defendant or the company that’s sending these is not in California.

Matt Cagle  

OK. So to kind of read that back to you, it sounds like you’re you’re not yet and I don’t want to speak for you necessarily, but you’re not as convinced that this is going to be a successful long-term strategy for the plaintiff’s attorneys that while there’s risk?
In the short term, and still a lot of unknowns that need to be settled, like through likely through the courts. It’s perhaps not the five alarm fire that some might be thinking it is.

Frank Nolan

I’ll say this, we’ve got one of these cases, a couple of more in the hopper that are pending a motion to dismiss and I’m bullish on our arguments. So I think that these are the theory here or the theories that I’ve seen so far with respect to my clients.

I don’t think they will stand up to scrutiny on the pleadings. Is that a guarantee? No, definitely not. And if we have some bad decisions, I mean that happens. We’ve seen that in SIPA, some bad that litigation. With the wiretapping on websites, some decisions that I don’t agree with, if we get some bad decisions in this, then who knows? And I think that’s what the plaintiffs’ firms are kind of testing out to see if this could be what you call 5 alarm fire, 5 alarm fire to us and our clients. Is a big payday to the plaintiffs bar. So I think we’re kind of in that early stages of seeing whether these theories.

And you know, one thing that plaintiffs’ lawyers are in the consumer protection space are very good at is adjusting on the fly. So they get a bad decision and they adjust their, they tweak their theory a little bit, try another angle. So even if we do get a, you know, some good decisions here, I’m not expecting that to be the end of this theory. I’m just saying that as of now, this theory doesn’t add up to me, and I think that courts will hopefully see it that way, but it’s too early to tell for sure.

Matt Cagle 

Right. So companies need to be aware and thoughtful, but not panic, and that makes sense, and I would agree. So it sounds like you mentioned you’re dealing with a few of these cases. What trends are you seeing in these claims or arguments?

Frank Nolan

So I think I can maybe giving an example of how this works or one of these works might be helpful. So do you have a Gmail account? Yeah.

Matt Cagle 

 I do. Yeah. I’m not gonna give it out on here given the popularity of this podcast, but I do have a Gmail account. Yeah.

Frank Nolan

That’s good. That’s good. So most people have a Gmail account. If you go into your Gmail, let’s say on your desk, start with your desktop and you see the three folders up there. You’ve got your inbox, you got your social promotions, maybe it’s promotions and social, but there’s a separate tab there for promotions on your the home screen.
All kinds of stuff goes in there. You probably don’t check it very often, but if you do and open up that tab, you’re gonna see two things. You’re gonna see one just emails, so from a subscription service that you might get. So if you subscribe to a food delivery service and they’ll send you periodic updates on your account or deals that you have. You might get as a subscriber interspersed with those emails is something a little bit different that when you first look at it, you might think will conflate the two things. The difference is that that e-mail may say the name of the company.
And then right after it, it says sponsored. So what that is, that’s an advertisement. If you click on that, it kind of looks like an e-mail, but it isn’t really an e-mail because there’s no sender, there’s no way to respond to it. There’s no time that it was it landed in your inbox, and then if you close out of Gmail and then log back in 1/2 an hour later, it’s probably gone, whereas an actual e-mail that you got from a company is still in your e-mail inbox. The reason that you get those emails that say sponsor on it is due to a number of things. But it’s basically driven by the and, for example, Google’s advertising algorithm. So Google knows everything about you, Matt, as you probably know. So it knows like your your general level of income and education, whether you have kids. So you know, they may send you certain. Again, I’ll use the food service delivery example programs or subscriptions that you might find appealing given your demographic as a dad of four kids. Uh, ages, whatever to whatever. You need some food delivery services because you’re too busy to make dinner on a Tuesday night. So that’s why you’re getting those ads. But it is just an ad. Now here’s where it gets a little different in the way that the reason that plaintiffs lawyers are triggering on this is because if you open that advertisement and it shows up as an advertisement, there’s an there’s an icon in the top right of the advertisement. This is all within Gmail. You can click on it and you can have that converted to an e-mail in your inbox. So basically it’s a way to save the advertisement. So as a consumer you may want to this ad looks really good to me. I may want to take advantage of this sale for example, so you can save it to your inbox. When it saves to your inbox, then it becomes an email or it looks like an e-mail. It has a date on it. It has a to and a from line. You can respond to the e-mail and if you log out and log back in, it’ll still be there. So a plaintiff’s lawyers are doing is having their plaintiffs effectively go in there and create or convert that ad into an e-mail and then turn around and sue the company that’s advertising through Google and saying you sent me an e-mail. This is a spam e-mail. Well, it’s not quite that simple because it was solicited because you’re actually, as a plaintiff, converting it from an advertisement into an e-mail. So the argument is our argument is that this is not an e-mail, this is an advertisement. And then when it became an e-mail, it was not unsolicited because you in effect as the consumer, the plaintiff took, you know, an action to invite the e-mail into your inbox. So that’s that’s one theory that we’re seeing and the plaintiff’s lawyers who have had very frank and honest discussions with about the you know what I think are the flaws in their theory are we’re going to see we’re going to see what the courts say. We’re going to we’re going to play this out because it’s worth it to the plaintiff’s lawyers to invest their time because if it if a court views this is an e-mail.
Then this is going to explode. Every company that’s advertising through Google that’s sending ads to someone’s Gmail account, which is pretty much most advertisements, could be subject to these claims. As perverse as it sounds, and when you throw in $1000 per e-mail violation, you know, God knows how many advertisements are going out, the numbers become so astronomical that it’s worth it for the limited investment by the plaintiff’s lawyers now.

Matt Cagle  

Yeah, all right. So let me make sure I’m tracking this under CAN-SPAM. You can e-mail people until they unsubscribe marketing emails or not. So in this case, even when I convert it to an e-mail and they’re argue and you’re arguing it’s solicited because they converted it, I’m curious, is the solicitation component really key to the argument or is it more focused on that’s now an e-mail once they convert it and then are they pushing the issue with the misleading component? Does that make sense?

Frank Nolan

Yeah, that’s exactly right. So that’s this, this is. There are two aspects here. It’s the solicited part, which is basically what I was just talking about. And then there’s the false and misleading either the subject line or the from line. Now one theory that we’ve seen is some of these advertisements advertise price reductions. So this is our subscription or this is a product that or service that we’re providing at this discount. It was 2999, now it’s 1999 and there are laws including in California that prohibit.

Basically advertising or selling something as a discount when the original off of an original price that was never actually posted. So in other words, we never they never actually sold something for $29.99. So you can’t go around and say this is discounted by $29.99. It’s called a strikethrough pricing law.

Now, some of these complaints are alleging that these emails are doing effectively the same thing, and it’s a violation of the strikethrough law, therefore a violation of this e-mail law. Now they’re doing that without actually alleging a separate claim under the strikethrough law. This is entirely tavern to this e-mail spam law, but it’s the same theory as the strikethrough law, which is a misleading theory. It’s a consumer deceptive practices type of theory.

Matt Cagle  

OK, that’s interesting. And I would encourage folks listening to this if they didn’t read or catch wind of the old Navy case brought under this California law that it would be good to look at that. I think their issue there was a subject line said something about final day of a sale when in fact.
It was not the final day of the sale, so it sounds like it’s in that same ballpark that you were just talking about.

Frank Nolan

Exactly. And then there’s another piece of this, which is the from line. So if you are advertising, a company is not putting those advertisements into your Gmail promotions folder. It’s Google, for example, who’s doing that. And so when the e-mail says it’s from you know, a Google address who is the actual, you know, conduit of this advertisement, but it’s but it says in the front line that it is from the company that is using the Google service. Those two things are not aligned and these plaintiffs are alleging that that’s misleading because it’s is it from Google? Is it from the company and it’s not matching up and that’s deceptive according to these allegations that however is actionable under the federal CAN-SPAM act, that kind of theory. So we’ve got a preemption argument there. So you can’t bring one of these claims under that theory because it’s preempted by federal law under CAN-SPAM.

Matt Cagle  

So before we put a bow on how companies should navigate this with California, are there any other states that they should have on their radar?

Frank Nolan

And that law’s even older. That’s from 1998. So these laws are, I mean, it’s surprising that you have anti-spam e-mail laws that are this old because people weren’t really emailing quite in the same volume that they were nearly 30 years ago, as they are now, but Washington is another state. We’ve seen a lot of consumer protection litigation in Washington lately. It’s not quite at the level of California, but you know, it’s not surprising that that’s that’s another state that’s seeing activity here.

Matt Cagle 

 OK, I know we’ve got a pretty educated audience, but for anyone that is sitting there hearing $500 per violation or $1000 per violation in in California, I do want to reiterate the point you made to make sure they caught it, which, yeah, that could be painful if we’re talking about.
Multiple violations with a single plaintiff. It’s that ultimately becomes a class action and likely multi $1,000,000 penalties or exposure, eventually settlements and even if you’re successful with defending it.

Frank Nolan

Right.

Matt Cagle  

All the attorney’s fees and time and effort involved in defending that type of activity. Not that we don’t love attorney’s fees, Frank, but just, you know, calling it out for our folks that are listening consideration. Exactly. Exactly. Yep.

Frank Nolan

But we don’t let plaintiffs attorneys fees.
So what? Yeah, just one one kind of related point there. What what we could start seeing are pre litigation demand letters more than I mean let me back up a step. What the plaintiffs firms want or the plaintiffs firms in this area want is a couple of good decisions.
Denying motions to dismiss in federal or state court in California. Then they can use those. They can cite them in these pre litigation demand letters that they that they will. If it’s anything like what we see with the SIPA or SIPA law with website tracking, they’re just going to blank it. Companies, they’re going to send out thousands of these letters threatening a class action. To your point, the damages are going to be in the 10s of millions, potentially, maybe more. Or you could settle individually. With the with this individual plaintiff pre-litigation for less than you would spend on the cost of defense and that that will cost companies not quite the same amount, but it will be in certainly a nuisance complaint. So I think that they’re following a similar playbook that that we saw with the website tracking litigation that we’re seeing with the website tracking litigation in California.

Matt Cagle  

OK. All right. So this is, this is all good for people to hear. Now they’re probably thinking, what do I do about this? So obviously you don’t want to be an easy target. That’s always our first recommendation is understand the type of e-mail activity your company’s conducting. What’s the scope of that? And then what controls, guardrails do you have in place to mitigate the risk associated with this? To review those emails, these campaigns, make sure there’s nothing that could be alleged to be misleading, despite, you know, we know the plaintiffs are going to do their best anyways.
That would be our advice. I’m curious, what do you have in addition to that?

Frank Nolan

Yeah, I mean, it’s about mitigation, not elimination of risk. I mean, it’s similar with the TCPA. You just have to have a strong compliance program that doesn’t. But if you’re marketing to to consumers, you’re you’re, it’s the cost of doing business at the very least that you’re going to, you know, be faced with if it’s not this e-mail lawsuit, some other kind of nuisance type claim. So you have to do what you can, which is basically what you would do anyway as a company that is, you know, invested in how it’s viewed publicly by its customers and consumers at large, which is tell the truth. Avoid misleading subject lines. Make sure that you’re clearly identifying who’s advertising a product or service in the from line of the e-mail. Don’t use third party domains without their permission.

Just do what you would expect. You know, just take a common sense view. I think is at this point without a developed case law here, take a common sense view of the world that you don’t want to lie to your customers. I mean, how ticked off would you be as a customer if you get an e-mail with the subject line suggesting some massive discount and you open it up and it’s not true at all. I think most companies are probably doing that anyway, I would hope. So I certainly don’t have any clients. I don’t think you do either who are actively trying to, you know, engage in a bait and switch marketing campaign, but just making sure that you know you’re kind of tracking these kinds of developments for the foot faults that could end up, you know, creating liability risk later on and then just monitor for developments in this area just like you would with any, you know, whether it’s TCPA or CIPA or whatever it might be, because this is very quickly and rapidly evolving, but for now I think just tell the truth.

Matt Cagle  

Yeah, no, I absolutely agree. And from what we’ve seen when issues pop up with this, it’s usually unintentional with our clients that they have a good wanting to tell the truth marketing legal compliance team, but then it’s.
Somebody has a great idea for a campaign or they they have a third party marketing agency downstream that has a a model that’s worked well for other clients of theirs and they want to launch that and perhaps you know you’re getting into that Gray area of misleading. And so that’s where we would just recommend caution and where possible have those controls.
Make sure there is some review and approval process for any new campaigns, any new subject lines, just for Peace of Mind again, like you said, to mitigate.

Frank, really appreciate you joining us today and and sharing and and staying on be on time with us. I would just like to ask you real quick, where can the audience find you if they’d like to learn more about this or some of the areas that you and the Eversheds team focus on?

Frank Nolan

Sure, I’m happy to answer any questions if you want to reach out or pretty much the best place to find me is at the Compliance Point Exchange Conference in coming up in March where I’ll be speaking about a data breach litigation and how your early response to data breach can impact your litigation strategy later on. So I’ll be seeing you there, Matt, and you know, find out if any of the audience members there are regular listeners to the podcast.

Matt Cagle  

Yeah, I hope so. I hope so. No, we appreciate the plug. Yeah, for the audience, we do have our event coming up in just under two months. If you haven’t registered, please do so. Frank will be there. And while his session’s gonna be focused on data breach, I’m sure you could grab him during one of the breaks and pick his ear on this e-mail issue too.
We will make Frank’s information available associated with this podcast when we post it, and mine will be available too. If anyone has any questions, feel free to reach out directly. Frank, thank you for your time. See you in Orlando.

Frank Nolan

Thanks, Matt. Take care.