Class action claims have taken on a new twist in the wake of COVID-19. Already, the global pandemic has generated litigation across a broad swath of areas, including privacy, data security, and consumer, among others. To date, hundreds of business lawsuits related to the pandemic are pending, with dozens more filed weekly. According to the U.S. Chamber of Commerce Litigation Center, activity to date is only the “tip of the iceberg.” Per Steven Lehotsky, chief counsel for the Chamber Litigation Center, businesses can expect more “opportunistic class action lawsuits down the road.” In this alert, we provide an overview of the first wave of pandemic-related class action litigation trends and project what businesses should expect next.
First wave of COVID-related class actions
Privacy and data security litigation. Among the first cases filed related to the pandemic were a variety of privacy and data security related class actions. Plaintiffs focused on companies that now have a spotlight on them due to increased usage during shelter-in-place orders. Across the technology industry, a variety of online services are blitzscaling—or rapidly growing—based on skyrocketing demand from consumers for food delivery, e-commerce, and virtual social connections. In California, in particular, the pandemic coincided with the California Consumer Privacy Act (CCPA) coming into force on January 1, 2020. Despite some calls to delay enforcement in light of COVID-19, California’s Attorney General plans to begin enforcing the law starting July 1, 2020 as planned. AG Xavier Bacerra’s office has stated, “We encourage businesses to be particularly mindful of data security in this time of emergency.”
Telephone Consumer Protection Act (TCPA). TCPA cases continue to be active as COVID-19 issues have emerged. MoFo’s Class Dismissed blog recently reviewed the March 20, 2020 FCC Declaratory Ruling allowing certain calls for “emergency purposes” amidst the pandemic. That does not mean, however, that there is a blanket exemption from the TCPA’s rules governing certain calls and messages, and multiple TCPA lawsuits have been filed involving coronavirus-related communications. In a case filed in late April, the Texas Attorney General sued two parties for alleged violations of the TCPA and the Texas state law corollary. Specifically, the lawsuit alleges that a marketing service advertised health benefit plans by stating that they “include coronavirus testing and treatment.” Another lawsuit, filed by private plaintiff attorneys in Florida in March 2020, alleges that a golf course company sent text messages referencing COVID-19, stating “Stay safe in these crazy times by golfing at top 100 courses[.]”
Beyond privacy, data security, and TCPA, class actions in other consumer areas have seen an uptick across the board.
Health claims from shutting down too late. Multiple cases filed against cruise lines, for example, assert claims that cruise ships improperly continued operations despite allegedly knowing that passengers were showing symptoms of COVID-19.
Cancellation and refund claims. As businesses have been forced to shutter in response to the pandemic, plaintiffs have filed a slew of class actions alleging claims related to recurring membership charges and refunds. Multiple cases throughout the country have targeted gyms, levying causes of action for breach of contract and consumer protection laws. Travel and vacation-related businesses have also been in the cross-hairs. Resorts, airlines, and vacation destinations—and even online event businesses—are facing a variety of class actions alleging claims such as unjust enrichment, fraudulent misrepresentation, conversion, and breach of contract. Nor have educational institutions been spared. As schools moved classes online, lawsuits have been filed seeking reimbursement for room and board and reimbursement for the lost benefits of in-person education.
False advertising related to health benefits. With hundreds of millions of Americans suddenly seeking to stock up on supplies such as hand sanitizers, sellers of such products have been faced with scrutiny both from federal law enforcement officials (covered in a recent alert by MoFo’s national security and crisis group) as well as private plaintiff attorneys.
Insurance litigation. Insurance companies face a litany of lawsuits relating to denial of coverage for business interruption, as insurers have claimed in some instances that losses caused by COVID-19 are excluded from coverage. Plaintiffs such as restaurants, bakeries, dental practices, and others forced to shutter have filed cases. One group including several well-known restaurateurs such as Wolfgang Puck, Daniel Boulud, and Dominique Crenn, has banded together to create the Business Interruption Group (BIG), whose website promises to “bring BIG legal action in every state” against insurers.
Financial services institutions. Banks across America have moved rapidly to participate in the Coronavirus Aid, Relief and Economic Security Act (“CARES Act”) Paycheck Protection Program (PPP), helping small businesses procure funding to maintain jobs during state-ordered shutdowns. Many of these institutions now face lawsuits related to eligibility and processing for PPP loans, as well as disputes over commercial loans and foreclosures. As with the TCPA, state AGs have gotten involved here, too. Arizona’s AG, for instance, in mid-March 2020 sent a letter to over 1,000 financial institutions requesting a suspension of foreclosures, repossessions, and evictions for a certain amount of time, as well as waivers for late fees and default interest for credit card account holders.
Securities cases. Plaintiff attorneys have aimed their sights at securities litigation as well—bringing cases against companies whose stock prices have fallen alongside broader market volatility. Theories range from false and misleading statements minimizing the pandemic’s impact on a company’s business, to alleged false claims based on developments of treatments or vaccines. MoFo’s Coronavirus Task Force has been following recent U.S. Securities and Exchange Commission guidance for companies in this area.
Policy advocacy in the wake of COVID-19 litigation
As the first wave of pandemic-related cases works its way through the pleading stages of litigation, advocates are simultaneously working to influence litigation policy as well.
These efforts have already resulted in various liability limitations at multiple levels of government. At the federal level, the CARES Act contains certain liability protections for respirator manufacturers that have had to ramp up research, development, and distribution efforts. The U.S. Department of Health and Human Services has also provided guidance on tort liability immunity granted under the Public Readiness and Emergency Preparedness Act (the “PREP Act”), as discussed by our colleagues in MoFo’s Class Dismissed blog. Many states too have instituted liability protections for certain healthcare industries and medical facilities.
Others, meanwhile, have attempted to leverage the pandemic to advance policy goals related to challenging pre-dispute arbitration agreements. As documented by the Institute for Legal Reform, early drafts of COVID-19 relief bills in the U.S. House and Senate, as a result, contained provisions aimed at invalidating arbitration clauses in disputes about business loans and employee sick leave, among other topics.
Wave two: What to expect from the next set of COVID-19 related lawsuits
Wave one of pandemic class action litigation has crashed ashore. The next wave may not be far behind. In the privacy and data security arena, we expect to see more cases. The FBI, DOJ, and international law enforcement agencies have warned of unprecedented criminal hacking activity in the wake of the pandemic. There have been reports that attackers have successfully lurked in a company’s infrastructure before discovery, sometimes for weeks or even months. Given this, the ongoing surge in COVID-19 related hacking activity is likely to result in publicly revealed data breaches in the coming months. Such breaches may trigger class actions under the CCPA’s private right of action, discussed here, among other state data breach and notice statutes.
Other privacy lawsuits will stem from implementation of biometric track and trace technology. Illinois’ biometric privacy statute, the Biometric Information Privacy Act (BIPA)—already a source of frequent litigation—will continue to be the focus of new class actions. Similar statutes, some creating even greater exposure, are being contemplated in states such as Virginia. To facilitate virus response and containment, organizations will look towards pooling data and leveraging anonymized datasets to perform epidemiological studies. Given advancements in de-anonymization and disaggregation technologies, this may lead to the filing of creative and new privacy claims.
Just as a series of class actions arose from pandemic-related shutdowns, so too will lawsuits come as communities begin to re-open towards a new normal. Litigation around compliance with government guidelines, negligence causes of action related to safety measures, lawsuits around COVID-19 treatments, newly developed personal protective equipment and other products, and claims around social distancing implementation appear to be on the horizon. As noted above, lawmakers and regulators are keenly aware of such litigation risk and may attempt to support reopening by crafting or expanding safe harbors.
How should businesses shore up in the face of the COVID-19 class action litigation wave?
Morrison & Foerster’s Class Action + Mass Torts Group and Coronavirus Task Force have advised and represented many clients on emerging claims related to COVID-19. MoFo’s Litigation team routinely helps companies prepare for and respond to litigation risks including matters involving the CCPA, TCPA, BIPA, and other consumer causes of action that are being explored in this new pandemic environment. To stay a step ahead, our team has been analyzing newly filed lawsuits as well as COVID-19 publications and trends. For new products, incorporating risk analysis up front in the design process is vital. Particularly around issues of privacy and data security, organizations should be mindful of notice, consent, and other statutory and regulatory issues—especially in the areas of biometrics and data analytics. As always, organizations will benefit from strong contracts, clear representations in public facing policies, and careful consideration as to pre-dispute arbitration clauses. More time at home has not slowed down the pursuit of class action lawsuits or the need for thoughtful compliance practices.
 See, e.g., Turner v. Costa Crociere SPA, No. 20-cv-21481 (S.D. Fla. Apr. 7, 2020); Archer v. Carnival Corporation, et al., No. 20-cv-02381 (N.D. Cal. Apr. 8, 2020).
 See, e.g., Namorato v. New York Sports Clubs, No. 20-cv-02580 (S.D.N.Y. Mar. 26, 2020); Barnett v. Fitness International, LLC, No. 0:20-cv-60658 (S.D. Fla. Mar. 30, 2020); Delvecchio v. Boston Sports Clubs, No. 20-cv-10666 (D. Mass. Apr. 5, 2020).
 See, e.g., McMillan v. StubHub, No. 20-cv-00319 (W.D. Wis. Apr. 2, 2020); Rutledge v. Do LaB Inc. (Cal. Super. Ct. Mar. 24, 2020); Ruiz v. Magic Mountain LLC, et al., No. 2:20-cv-03436 (C.D. Cal. Apr. 13, 2020); Carisi v. Events and Adventures California, No. 3:20-cv-02260 (N.D. Cal. Apr. 2, 2020).
 See, e.g., Rosenkrantz, et al. v. Arizona Board of Regents, 2:20-cv-00613 (D. Ariz.); Rickenbaker, et al. v. Drexel University, 2:20-cv-01358 (D. S.C.); Student A, et al. v. Liberty University, 6:20-cv-00023 (W.D. Va.); Church, et al. v. Purdue University, et al., 4:20-cv-00025 (N.D. Ind.); Dixon, et al. v. University of Miami, 2:20-cv-01348 (D. S.C.).
 See, e.g., David v. Vi-Jon, Inc. dba Germ-X, No. 20-cv-99999 (S.D. Cal. Mar. 5, 2020); Gonzalez v. Gojo Indus., Inc., No. 1:20-cv-888 (S.D.N.Y. Feb. 1, 2020).
 Douglas v. Norwegian Cruise Lines, No. 20-cv-21107 (S.D. Fla. Mar. 12, 2020); Atachbarian v. Norwegian Cruise Lines et al., No. 1:20-cv-21386 (S.D. Fla. Mar 31, 2020); McDermid v. Inovio Pharmaceuticals, Inc., No. 20-cv-01402 (E.D. Pa. Mar. 12, 2020).
 Arizona Executive Order No. 2020-27 (Mar. 11, 2020); Arkansas Executive Order No. 18 (Apr. 14, 2020); Connecticut Executive Order No. 7V (Apr. 7, 2020); Georgia Executive Order No. 04.14.20.01 (Apr. 14, 2020); Illinois Executive Order No. 19 (Apr. 1, 2020); Indiana Executive Order No. 13 (Mar. 6, 2020); Michigan Executive Order No. 30 (2020); New Jersey Executive Order No. 112 (Apr. 1, 2020); New York Executive Order No. 202.10 (Mar. 23, 2020); North Carolina Executive Order No. 130 (Apr. 8, 2020).