Welcome back for another week of What's Next, where we report on the intersection of law and technology. This week we check in with Loeb & Loeb's David Mallen, who reports on how social media influencers are changing the rules of advertising law. Plus, Google gets sued for its foray into the medical records space. And Yahoo finally draws closer to a settlement of its data breach suits.


David Mallen is an advertising disputes and retail and consumer brands expert for Loeb & Loeb.
|

Reining in the Advertising Power of the Internet Famous

In 2019, social media influencer marketing is a fully saturated, sophisticated industry. Of course, there have been influencer cats (RIP Grumpy Cat). There are teenage influencer millionaires, such as JoJo Siwa, a 16-year-old Internet celebrity who has amassed a networth of $12 million with the help of product launches at JCPenney and Target. There are even computer-generated virtual influencers, like the one model Bella Hadid “kissed” in a Calvin Klein commercial in May. However, regulations have not quite caught up with an online ecosystem where cats and models made of pixels are hawking products and services. As the co-chair of advertising disputes and retail and consumer brands for Loeb & Loeb in New York, David Mallen has watched influencer marketing heat up and explode. “What I've been doing is working with companies and, sometimes influencers themselves, to get advertising right, and do it in a way that's compliant with the law,” Mallen said. Yet, marketers, influencers and lawyers still have quite a few lingering questions about the line between content and advertising and how consumers internalize the onslaught of ads.

Answers have been edited for length and clarity.

What are some of the big legal questions sparked by influencer marketing?  Just by talking about brands, influencers are able to reach consumers in a more organic way. That has been an exciting thing for the industry and media. But it raises a lot of challenges, including the issue of what it means when a celebrity, influencer or someone with tens of millions of followers is being paid to promote a particular brand or message. Do consumers have the right to know that? Does that affect the credibility of what is being conveyed on those platforms? These are really hot issues, and they raise some concerns under the Consumer Protection Law and traditional advertising law.

For instance, it is the position of the Federal Trade Commission that if you're advertising to consumers, that consumers have the right to know that they're being advertised to—that you can't disguise your advertising as editorial or some other kind of content, because that would be misleading. That rule, which has been in place for a long time, becomes really challenging in the fast-moving world of social media platforms, where it's not clear what's advertising. There isn't always a fine line between a commercial message and some other kind of communication. 

➤➤What are you watching that could signal the future of law in this space?  I think the thing to watch is the enforcement action on the part of the Federal Trade Commission. In the past, they have taken some action against certain brands and ad agencies when they found there was no disclosure or identification of material connection. What they've done in the last year or two is actually indicate that they might take action against influencers themselves. Last year, they sent a slew of warning letters. Not to the companies, but to the actual influencers and celebrities cautioning them that, “Hey, you have an obligation, too, to let consumers know that you are being paid by those brands if you're going to be talking about those companies and products.” It would be really interesting to see where the Federal Trade Commission goes with their next enforcement action or warning letters.

➤➤Are you seeing the influencer industry have to grapple with product liability, fraud and scams?  You're going to see enforcement both where the FTC finds an influencer not disclosing its advertising and also making claims that are untruthful or fraudulent. There was one case a couple years ago involving a gambling company called CSGO Lotto. So, you have these paid influencers talking about promoting this gambling platform without revealing that they are actually the owners of the platform. In the last year, there were also a couple video game cases where the FTC sent letters to the company or the influencers, because consumers thought the influencer was just giving a review, when, in fact, they were paid to give a very, very positive review. When those reviews are paid for, and they are not disclosed, it undermines the credibility of the whole operation. However, there's an argument that younger people don't care whether there's a paid relationship between a company and an influencer. They either expect it, or they don't understand the world in the way the older generation does, where we grow up thinking there's paid messages and there's non-paid messages. I think the presumption is always going to be that it does matter. Nobody has satisfied the FTC in saying “Hey, why are you even concerned about this?” But, I don't think we fully understand how younger people make sense of media today.


Google, University of Chicago Sued Over Medical Records Privacy

Last week, Google, the University of Chicago and the university's medical center were slapped with a class action suit for “what is likely the greatest heist of consumer medical records in history,” according to the complaint.

The lawsuit asserts Google struck a partnership with the University of Chicago beginning in 2017 to gather electronic health records for six year's worth of patient data, and then the tech giant filed a patent for its own medical records system to become a leader in the trillion-dollar per year healthcare space.

Matt Dinerstein, a patient of the University of Chicago Medical Center, is representing the class after the hospital allegedly gave Google access to his confidential medical information without his consent. Records from Dinerstein's 2015 visits were not properly anonymized and included date stamps and notes from nurses and doctors.

Dinerstein is accusing Google and the university of violating the Consumer Fraud and Deceptive Business Practices Act, the Health Insurance Portability and Accountability Act (HIPAA) and implied and express contracts that the hospital wouldn't share patient information to third parties.

“We believe that not only is this the most significant health care data breach case in our nation's history, but it is the most egregious given our allegations that the data was voluntarily handed over,” Jay Edelson, founder of Edelson PC, told The New York Times.

The next hearing in the case is scheduled for September 6 in front of U.S. District Judge Rebecca R. Pallmeyer of the Northern District of Illinois.


U.S. District Judge Lucy Koh of the Northern District of California, who has been presiding over the Yahoo data breach cases since 2016.
|

Yahoo Close to Data Breach Settlement But Koh Has Questions

After three years, Yahoo finally appears to be close to reaching a settlement over a series of data breaches that occurred between 2012 and 2017. On Tuesday, however, U.S. District Judge Lucy Koh in San Jose said the web services provider has yet to answer why 32 plaintiffs firms had to be involved in the case when she only approved five.

In response to a request to add Daniel Robinson of Robinson Calcagnie in Newport Beach, California, an attorney in state court proceedings, Koh said Thursday she was reluctant to take away more money from class members.

“Why should I expand class counsel?” she said. “I still don't see an answer to my question why 23 law firms were necessary in the MDL and 8 in the state court case?”

Koh agreed to add Robinson to the executive counsel committee to give the state court plaintiffs representation in the settlement after he promised that he would continue to not bill for any work done after the first proposed settlement.

Koh also read aloud the short- and long-form notices of the class action settlement notices, flagging vague references and confusing language. The documents ask Yahoo users to refer back to press announcements regarding the data breaches made as far back as seven years ago. “My impression is that Yahoo doesn't want to admit that it has been breached basically every year since 2012,” she said. “If [the notices is] not clear, I'm not going to approve it.”

Koh said the notices should include the date and time of the breaches, so that potential victims can make an informed decision. John Yanchunis, lead counsel and head of the class action department for Morgan & Morgan in Tampa, Florida, said it wasn't the intent to make the notices unclear and that legal team would correct the notices in short order.

The judge gave the settlement team 14 days to refile the second amended settlement, which Koh said she expects to approve outside of minor nits. After that, she intends to give parties 230 days to opt out of or object to the deal, setting a tentative fairness hearing date of April 2, 2020.

On the Radar

Free Local TV for All Orrick, Herrington & Sutcliffe's David Hosp and his client Locast say they've found a way to provide local television programming over the Internet without violating copyright laws. Locast is taking advantage of a Copyright Act loophole that allows nonprofits to retransmit content if they do not charge for it. Read more from Scott Graham here.

Keeping Gig Workers Contract Opponents of Assembly Bill 5, which would codify parts of the California Supreme Court's 2018 Dynamex ruling, are hitting social media feeds and traditional media outlets to generate public resistance toward the legislation. The bill has been a main target of a combined $336,000 lobbying campaign from Uber and Lyft. David Reis, the head of Arnold & Porter Kaye Scholer's labor and employment group, has some talking points of his own. Read more from Cheryl Miller here.

Philadelphia Adapting to Life Without E-Filing The First Judicial District went analog after shutting down its digital systems six weeks ago due to a hack. Now, its website is back online, but the publicly accessible electronic docket and filing systems are still inaccessible. Read more from Max Mitchell here.