Common Carrier Status Exempts AT&T from FTC Act Enforcement Action

The Federal Trade Commission enforces the FTC Act, which prevents “persons, partnerships, or corporations, except common carriers subject to the Acts to regulate commerce, from using unfair or deceptive acts or practices in or affecting commerce.” Section 5 of the FTC Act. AT&T offered consumers mobile data service, non-common carrier services, and mobile voice service, common carrier services. The FTC filed a complaint against AT&T for “data throttling,” reducing data speeds, on unlimited mobile data plans once the customer’s data usage exceeded a certain threshold during the billing cycle. AT&T brought a motion to dismiss the FTC’s complaint, arguing that it is a common carrier exempt from the FTC Act, even for the non-common carrier services it offers. The Federal Communications Commission (FCC) subsequently reclassified mobile data service as a common carrier service.

The district court denied AT&T’s motion to dismiss. On appeal to the Ninth Circuit, the issue was

Whether the common carrier exemption in Section 5 is status-based, such that an entity is exempt from regulation as long as it has the status of a common carrier under the ‘Acts to regulate commerce,’ or is activity-based, such that an entity with the status of a common carrier is exempt only when the activity the FTC is attempting to regulate is a common carrier activity.

The Ninth Circuit ruled that the common carrier exemption is status-based, so that AT&T, as a common carrier, cannot be sued for violating Section 5 of the FTC Act.

Continue reading “Common Carrier Status Exempts AT&T from FTC Act Enforcement Action”

FTC Pursues Hacked Wyndham Over Lax Cybersecurity Practices

Wyndham may wish it could be on vacation after the FTC’s unfair practice suit against it. The Federal Trade Commission (FTC) filed suit against hotel and time share giant Wyndham Worldwide Corporation, alleging unfair practice and a deceptive privacy policy for Wyndham’s failure to protect consumer data from hackers.  Hackers stole personal and financial consumer data from Wyndham’s computer systems three times from 2008 to 2009, resulting in over $10.6 million dollars of fraudulent charges.  The district court denied Wyndham’s motion to dismiss.  The Third Circuit granted interlocutory (interim) appeal on these two issues:

Whether the FTC has authority to regulate cybersecurity under the unfairness prong of 15 U.S.C. § 45(a); and, if so, whether Wyndham had fair notice its specific cybersecurity practices could fall short of that provision.

(Opinion pdf page 7).

The Third Circuit affirmed the district court’s ruling.

Continue reading “FTC Pursues Hacked Wyndham Over Lax Cybersecurity Practices”