For those who haven’t previously been following, this is our third installment on COVID-19 class actions. The first installment was prospective and authored prior to any filed class actions. The second installment examined the first certified class and putative class actions filed in the mass tort and consumer spaces. In this installment, we discuss and analyze recent coronavirus-related putative class actions in the areas of banking, privacy, higher education, and securities.

Banking Class Actions:

On March 27, 2020, Congress passed and the President signed, the Coronavirus Aid Relief and Economic Security Act (“CARES Act”). In the weeks following the enactment of the CARES Act, individuals and small business have filed putative class actions against various lenders asserting economic losses and seeking injunctive relief related to additional lender-imposed criteria for processing PPP loan applications. The first of such lawsuits was Profiles, Inc., et al. v. Bank of America Corp., et al., Case No. 1:20-cv-00894-SAG (D.C. MD April 3, 2020), wherein small businesses in Maryland filed a putative class action alleging that Bank of America imposed additional criteria for processing PPP loan applications in violation of the CARES Act. Specifically, the Profiles plaintiffs dispute Bank of America’s requirement that borrowers must have had “a Small Business lending and Small Business checking relationship with Bank of America . . . or a Small Business checking account” as of February 15, 2020 and do not have a business credit or borrowing relationship with another bank.”

On April 7, 2020, the Profiles plaintiffs filed a motion for temporary restraining order (“TRO”) requesting that the Court impose regulations for how Bank of America receives and processes applications, which the Court denied on April 13, 2020. In denying the TRO, the Profiles Court found that there is no private right of action under the CARES Act and that imposing the requested TRO “may undermine Congress’s goal to maximize relief for American small businesses.” Notably, the Court recognized that “numerous other financial institutions have imposed additional eligibility requirements, beyond the two identified in the CARES Act,” including Chase Bank, which like Bank of America, requires that borrowers have an existing relationship with its bank. Click here to read more about the Profiles TRO ruling and why it is a significant win for PPP lenders.

Individuals and small businesses have filed similar class actions against other financial institutions, including Frost Bank and Wells Fargo. See Scherer, et al. v. Frost Bank, Case No. 4:20-cv-01297 (S.D. Tex. April 12, 2020); Scherer, et al. v. Wells Fargo Bank, N.A., Case No. 4:20-cv-01295 (S.D. Tex. April 11, 2020). Similar to the Profiles plaintiffs, Scherer alleges Frost Bank and Wells Fargo violated the CARES Act by requiring small business applicants to have had an established checking account at their bank as of April 1, 2020. [1] Should these cases pass likely motions to dismiss, plaintiffs’ battle at any certification stage will be significant. Putative class members, among other things, will have to show any “common issues” set forth in the loan criteria predominate over the myriad of individual issues separating the putative class members and likely influencing loan decisions, such as banking history, credit ratings, timing of application and size of loan, among others.

These are just a handful of cases in what will no doubt be a flurry of litigation challenging lender decisions and policies under the fragile economic conditions arising out of this pandemic.

Privacy Class Actions:

The social-distancing measures, stay-at-home orders, and business/public closures resulting from this pandemic have significantly impacted our daily personal and professional lives, and have dramatically increased our reliance on cloud-based communications platforms to interact, socialize, and connect with others. Zoom Video Communications, Inc., for instance, has seen its number of daily users balloon from approximately 10 million to 200 million daily users from December 2019 through March 2020. While the popularity of Zoom has been apparent, it has also resulted in a flurry of recently filed class actions scrutinizing the company’s privacy policies and potential security vulnerabilities.

For example, in Cullen v. Zoom Video Communications, Inc., No. 5:20-cv-02155 (N.D. Cal. Mar. 30, 2020), the plaintiff alleges the company failed to properly safeguard its users’ personal information (i.e. the user’s mobile operating system type and version, the device time zone, the device model and the device unique advertising identifier). In Taylor v. Zoom Video Communications, Inc., No. 5:20-cv-02170 (N.D. Cal. Mar. 31, 2020), the plaintiff alleges that Zoom discloses personal identifying information of its users to unauthorized third parties, including Facebook, for use in targeting advertising without the users’ consent and without any ability to withhold consent. In Johnston v. Zoom Video Communications, Inc., No. 5:20-cv-02376 (N.D. Cal. Apr. 8, 2020), the plaintiff similarly claims that Zoom unlawfully shared users’ personal information with unauthorized third parties, including Facebook, but further alleges that it failed to provide adequate security to avoid breach and infiltration of users’ video conferences (more colloquially known as, “Zoombombing”).

Other plaintiffs continue to file similar class actions (some with variations) against Zoom. See, e.g., Hurvitz v. Zoom Video Communications et al., No. 2:20-cv-03400 (C.D. Cal. Apr. 13, 2020) (alleging unlawful data disclosure of personal information on Zoom through an integrated third-party software application by LinkedIn and a software development kit by Facebook); Ohlweiler v. Zoom Video Communications, Inc., No. 2:20-cv-03165 (C.D. Cal. Apr. 3, 2020) (alleging false and misleading advertising of Zoom’s cloud and video communication products, including its security benefits and practices); Kondrat et al. v. Zoom Video Communications, Inc., No. 5:20-cv-02520 (N.D. Cal. Apr. 13, 2020) (alleging Zoom failed to maintain reasonable security procedures, unlawfully disclosed users’ personal information to third parties, and suffered a data breach of users’ personal information).

In all of these cases against Zoom, plaintiffs allege a mixture of claims, including violation of the California Consumer Privacy Act (effective January 1, 2020), California Consumer Legal Remedies Act, California Unfair Competition Law, California invasion of privacy act, California Constitution, and various state law claims such as negligence, breach of an implied contract, unjust enrichment, and trespass to chattels, among others.

For purposes of class certification under Rule 23, plaintiffs seeking to certify privacy class claims will be susceptible to various attacks and must overcome a number of issues. For these cases, plaintiffs and Zoom users may be subject to the arbitration and class waiver provisions in its terms of use or privacy policy. Plaintiffs must eventually show that differences in state law will not be problematic for any proposed nationwide classes. In addition, plaintiffs also must also overcome the numerous individualized issues inherent in these claims, such as: utilization of the platform, reliance on representations in any privacy policy, circumstances surrounding the alleged disclosures and procedures to safeguard personal information, standing to bring claims, differences in the Zoom product used, personalized settings of the host and/or attendee, expectations about or unique changes made to how personal information should be handled, and varying damages across the putative class.

While these cases are still in the early stages of litigation, they will be among the first privacy class actions raising claims under the CCPA, and will undoubtedly raise significant questions during class certification.

Higher Education Class Actions:

One of the largest sectors affected by COVID-19 is our education system. Like many other businesses, organizations, and institutions, colleges and universities faced significant challenges and changes in the wake of the COVID-19 pandemic. For many, the resultant change was to move classes to an online platform and request that the students leave campus and return home. Because of such actions, students across the United States have filed class action lawsuits against their respective universities. See Rosenkrantz, et al. v. Arizona Board of Regents, 2:20-cv-00613 (D. Ariz.); Rickenbaker, et al. v. Drexel University, 2:20-cv-01358 (D. S.C.); Student A, et al. v. Liberty University, 6:20-cv-00023 (W.D. Va.); Church, et al. v. Purdue University, et al., 4:20-cv-00025 (N.D. Ind.); Dixon, et al. v. University of Miami, 2:20-cv-01348 (D. S.C.).

Each of these lawsuits seek reimbursement for costs, including room and board, which the students claim they did not receive the benefit of obtaining. These lawsuits assert some variety of breach of contract, unjust enrichment, and conversion. Most notably, Church does not limit its class action to just tuition or on-campus housing. Instead, plaintiffs brought this action on behalf of four classes: (1) all people who paid tuition and were denied live in-person instruction; (2) all people who paid the costs of on-campus housing and had to move out prior to completion of the semester; (3) all people who paid costs for meals and on-campus dining for the semester; and (4) all people who paid fees for the semester.

As with many cases, the viability of these class actions will depend heavily on the factual development, including but not limited to, the express language of the contracts, the potential alternative arrangements, the timing of the changes, and other individual issues among class members. The outcome of these cases is far from clear, but guidance can certainly be taken from prior “refund” actions featured in our last post.

Securities Class Actions:

The pandemic’s impact on the economy as a whole has been staggering. Mass layoffs have left millions of Americans unemployed, and the uncertainty surrounding the virus has produced severe instability in markets. This volatility has spurred numerous securities class actions where shareholders allege that companies were not forthright or honest about the impact of COVID-19 on their business. For example, in McDermid v. Inovio Pharmaceuticals, Inc., et al., 2:20-cv-01402 (E.D. Pa.) plaintiffs allege that Inovio capitalized on widespread COVID-19 fears by claiming that it had had developed a vaccine for the virus. In their complaint, the McDermid plaintiffs cite to numerous public statements from the Inovio CEO who allegedly claimed the company was “able to construct [a COVID-19] vaccine within three hours.” According to the complaint, when it was revealed that Inovio had simply “designed a vaccine construct” and not a COVID-19 vaccine, its stock price plummeted 71%, wiping out “$643 million in market capitalization.”

In Atachbarian v. Norwegian Cruise Lines, et al., (S.D. Fla.), plaintiffs allege that “[a]lthough Defendants knew that COVID-19 would have a devastating impact on their business since at least February 20, 2020, during the Class Period they made false and misleading statements about their prospects for 2020, and the impact of COVID-19 on their business.” Specifically, the Atachbarian plaintiffs allege that Norwegian Cruise Line managers “took steps to induce potential customers to book trips, by underplaying the danger of COVID-19” and when the “truth was disclosed by the Miami New Times,” the price of the company’s stock fell almost 36%.

Although shareholder class actions routinely settle early and rarely proceed deep into litigation, it is important to monitor these cases for certification rulings that may have a significant impact on securities class actions in the future.