State AG Updates: Arizona, Texas, California, North Carolina, Washington, New York and an AG Coalition

In this edition of Faegre Drinker’s State Attorneys General Update, we discuss:

• The Arizona AG’s $85 million settlement with Google relating to location-tracking data
• A coalition of AGs investigating banks for joining the United Nations’ Net-Zero Banking Alliance
• The Texas AG’s lawsuit against Google for alleged misuse of biometric data
• The California AG’s settlement with Ygrene for alleged misconduct relating to its administration of a clean energy program
• The North Carolina AG’s $23 million consent judgment against a debt collector
• The Washington AG’s $10.5 million settlement with Tyson Foods over alleged price-fixing
• The New York AG’s:
  • $1.9 million settlement with e-commerce companies over a data breach
  • $3 million settlement with a developer for allegedly failing to pay prevailing wages as required to obtain a tax benefit
  • False Claims Act settlement with dental practices for allegedly billing for unnecessary root canals
  • Settlement with a ski resort relating to allegedly unlawful non-compete agreements and lawsuit against the resort’s buyer
  • $568,750 settlement with a New York doctor for alleged Medicaid fraud
  • Settlement with Hy Cite for its alleged failure to disclose refund policies in its contracts

Arizona AG Enters $85 Million Settlement With Google for Alleged Improper Use of Consumer Location Data

Google agreed to an $85 million settlement for alleged violations of Arizona’s Consumer Fraud Act. Specifically, the Arizona AG alleged that Google violated the Act by building “coercive design tactics used to manipulate users’ behavior,” known as “dark patterns,” into its Android phone software. In this instance, the AG alleged that Google created misleading settings, so even if a consumer turned off location tracking in the “Location History” menu, location data would still be tracked and used to sell advertisements through other settings — specifically, the “Web & App Activity” menu.

The state’s legislature will receive $72.25 million of the settlement for appropriation as it sees fit. Another $5 million will be used by the Arizona AG to fund educational programs for AGs and judges relating to consumer protection issues. The remaining $7.75 million will be paid to the state’s outside counsel. Copies of the AG’s press release and the settlement agreement are available here.

Coalition of AGs Investigating Banks for Joining the United Nations’ Net-Zero Banking Alliance

A group of 19 AGs announced that they issued civil investigative demands to several major banks as a result of the banks joining the United Nations’ Net-Zero Banking Alliance. The Banking Alliance commits members to align their lending and investment portfolios with net-zero emissions by 2050. The AGs are investigating whether commitments made as part of the Alliance violate antitrust and consumer protection laws by discriminating against certain industries.

The Texas AG Sues Google for Alleged Misuse of Biometric Data

Following his suit against Meta earlier this year as a result of similar alleged misuse of facial recognition software, Texas AG Ken Paxton filed a lawsuit alleging Google violated Texas’s Capture or Use of Biometric Identifier Act (CUBI) by utilizing facial recognition software to capture and store biometric data of both users and non-users of its products. CUBI prohibits companies from capturing a person’s biometric data, including their “face geometry” and voiceprints, unless the company informs the person that it is doing so and obtains their informed consent. Companies must delete biometric data within one year of the expiration of the purpose for which the data was collected. The AG alleges Google violated each of these requirements.

In particular, the AG alleges that Google’s Google Photos, Nest devices and Google Assistant products violate CUBI. According to the AG, Google Photos’ use of facial recognition software on photographs of individuals who did not consent to use of the software — i.e., photos of individuals without a Google Photos account — is a violation of CUBI. Further, he contends Google does not adequately notify users of Google Photos that their biometric data is being captured and does not give them an option to opt out of having their biometric data captured. The AG makes similar allegations about the Nest Aware product, which can identify individuals in videos recorded by Nest devices. The AG also argues that recordings of the three seconds before a Google Assistant is activated and recordings immediately following activation, which Google allegedly uses to create voiceprints, violate CUBI by failing to distinguish between consenting users and non-users.

The AG’s suit seeks an order providing for a variety of injunctive relief, including precluding Google from using any biometric data of Texans without their informed consent, and financial penalties of $25,000 per violation of CUBI. Copies of the AG’s press release and complaint are available here.

California AG Enters Settlement With Ygrene for Alleged Misconduct Relating to Its Administration of a Clean Energy Program

The California AG and the FTC entered a settlement with Ygrene Energy Fund, Inc., (Ygrene) to resolve “allegations of misconduct relating to its administration of the Property Assessed Clean Energy (PACE) program.” According to the AG, Ygrene “engaged in forgery, high-pressure sales tactics, and other misconduct to induce homeowners to utilize the PACE financing option that it offered in partnership with local governments.” Specifically, Ygrene and many of its contractors allegedly “failed to secure consumers’ express informed consent to use their homes as collateral to secure PACE financing, instead impersonating consumers on calls or forms” and “rushed property owners through Ygrene’s lengthy contract.” In addition, Ygrene allegedly made misrepresentations about the homeowners’ ability to refinance or sell their homes prior to paying off PACE loans.

Pursuant to the settlement, Ygrene must reform its business practices and provide monetary “relief for consumers who were impacted by Ygrene’s fraudulent practices.” The reforms include “employee training, a commitment to terminate contractors who violate the law, prompt investigation of all consumer complaints and government inquiries, notices to consumers to obtain their informed consent for PACE financing, and regular reporting to the Attorney General and FTC demonstrating compliance with the settlement terms.” The agreement included a $22 million suspended judgment and a $3 million payment into escrow for payment to the FTC and eligible consumers. Upon Ygrene’s full satisfaction of all monetary obligations to the FTC and consumers, the remainder of the judgment will remain suspended. If a court determines Ygrene failed to disclose any material asset, materially misstated the value of any asset, or made any other material misstatement or omission in its financial representations, Ygrene must pay the suspended $22 million penalty. Copies of the AG’s press release and the proposed settlement agreement are available here.

North Carolina AG Obtains Consent Judgment of $23 Million Against a North Carolina Debt Collector

The North Carolina AG obtained a consent judgment against Gordon Scott Engle and his Texas-based debt collection companies for allegedly operating in North Carolina illegally. The AG sued Engle in 2019 after he bought consumer debt from the rental chain Aaron’s, claiming he took advantage of consumers and “sent fake court notices to consumers, threatened to arrest some, and filed criminal complaints in several cases that resulted in actual criminal summonses against customers.”

The consent judgment permanently bars Engle from collecting debt in North Carolina and provides that he “must:

• Give up any claims to the property that was the subject of the debt.
• Clear negative credit lines at credit reporting agencies.
• Stop collecting on any civil judgments and file to vacate those judgments.
• Cooperate with consumers and the courts to get criminal convictions and pending charges expunged.
• Report compliance to the attorney general’s office.”

Pursuant to the judgment, $22 million in consumer debt will be forgiven and approximately 650 individuals will receive refunds of $223. A copy of the consent judgment is available here.

Washington’s AG Enters $10.5 Million Settlement With Tyson Foods in Price-Fixing Lawsuit

The Washington AG entered a $10.5 million settlement with Tyson Foods (Tyson) resulting from the AG’s lawsuit over price-fixing chicken products. The AG asserts that Tyson and eighteen other chicken producers “engaged in a host of anticompetitive conduct to coordinate supply and manipulate pricing” of chicken products since at least 2008, “causing consumers to overpay by millions of dollars.” Specifically, the chicken producers allegedly inflated prices, rigged contract bids, illegally exchanged information and coordinated industry supply reductions to maximize profits.

The consent decree requires Tyson to provide the AG information and documents in support of its ongoing action against the other producers and to conduct internal training regarding state and federal antitrust laws. Under the terms of the decree, if Tyson engages in price fixing or any other anticompetitive conduct in the next five years, the AG can seek additional civil penalties. Copies of the AG’s press release and the consent decree are available here.

The New York AG Enters $1.9 Million Settlement With E-Commerce Companies Relating to Data Breach

The New York AG entered a settlement with Zoetop Business Company, Ltd., (Zoetop) relating to a data breach involving customers of its SHEIN and ROMWE e-commerce brands. The data breach occurred in June 2018 by way of a cyberattack on Zoetop’s systems. As part of the breach, hackers stole millions of customers’ names, email addresses, hashed passwords and credit card information. Zoetop did not detect the attack and was advised of it by their payment processor after a credit card network and an issuing bank advised the processor that they had information suggesting there had been a breach. Zoetop retained a cybersecurity firm that identified 39 million affected accounts but, according to the AG, Zoetop did not advise affected customers that their information had been compromised. Further, Zoetop allegedly made false public statements asserting that only 6.42 million accounts were impacted and that they did not have information indicating that credit card information had been stolen.

The AG alleged that Zoetop did not take reasonable security measures and identified a number of alleged deficiencies, including: (a) using an outdated hashing algorithm to store passwords that was known to provide inadequate protection; (b) storing credit card information from some transactions in a debug log file, which is known to be less secure than other methods of storage; (c) failing to run regular external vulnerability scans; (d) failing to review audit logs to identify incidents; and (e) failing to maintain a comprehensive written incident response plan for a cyberattack. The settlement agreement provides for Zoetop to take certain measures to enhance its cybersecurity and to pay $1.9 million in penalties and costs. The settlement only addresses claims relating to approximately 800,000 affected New York residents. Copies of the AG’s press release and assurance of discontinuance are available here.

The New York AG Enters $3 Million Settlement With Property Developer Over the Developer’s Alleged Failure to Pay Prevailing Wages to Employees

Residential property developer Heatherwood Communities LLC (Heatherwood) agreed to pay $3 million to resolve allegations that it failed to pay prevailing wages to its workers as required by New York City’s 421-a program, which provided Heatherwood certain tax benefits. To qualify for tax credits under the program developers must either set aside a certain portion of developments for affordable housing or agree to pay prevailing wages and benefits to employees in accordance with schedules set by the New York City Comptroller. The AG alleged that Heatherwood paid employees approximately 41% of the wages to which they were entitled and failed to provide required benefits. A portion of the settlement will be paid to 24 employees who were allegedly underpaid. The remainder will be paid to the city and state as penalties. The case was initiated by a local union, acting as a whistleblower. The union will receive a portion of the settlement. Copies of the AG’s press release and the settlement agreement are available here.

The New York AG Settles False Claims Act Allegations Against Pediatric Dentistry Group

The New York AG entered a $753,457 settlement with HQRC Management Services LLC (HQRC), its owner and 13 affiliated pediatric dentistry facilities for conducting unnecessary procedures on pediatric Medicaid patients. As part of the settlement the HQRC acknowledged that certain therapeutic plupotomies — sometimes referred to as “baby root canals” — which had been conducted by HQRC and its affiliates from 2011 to 2018, were not medically necessary, based on the available records. The settlement resolves claims by the United States, New York and New Jersey. The case was initiated by a former employee under qui tam provisions of the federal and New York state False Claims Acts. Copies of the AG’s press release and the settlement agreement are available here.

The New York AG Settles Non-compete Claims Against Ski Resort and Sues Buyer for Anticompetitive Practices

The New York AG entered a settlement agreement with the owner of Greek Peak Mountain Ski Resort (Greek Peak) and announced a lawsuit against the company that bought Greek Peak’s primary ski mountain — Intermountain Management (Intermountain) — for anticompetitive practices. Greek Peak sold its primary mountain, Toggenburg Mountain, to Intermountain in August 2021. As part of the transaction, Greek Peak’s owner agreed to a non-compete agreement containing a no-poach provision that prohibited him from hiring any of Intermountain’s employees. Greek Peak’s owner had entered similar agreements with his prior business partners. After the sale of Toggenburg, Intermountain announced that it would shut down the resort and would seek a deed restriction preventing it from operating as a resort in the future. It encouraged Toggenburg customers to use one of Intermountain’s two other resorts.

The AG alleges that the no-poach agreement was illegal and anticompetitive because it did not have a lawful purpose and harmed workers. To resolve the allegations, Greek Peak’s owner agreed to pay a $195,000 fine and cooperate with the AG in an action against Intermountain. The AG is separately suing Intermountain for violations of the state’s antitrust statute and is seeking an order divesting Toggenburg, rescinding of the non-compete agreement, and awarding monetary damages and penalties. Copies of the AG’s press release, complaint and settlement agreement are available here.

New York AG Announces $568,750 Settlement With a New York Doctor for Alleged Medicaid Fraud

The New York AG entered a $568,750 settlement with a New York doctor, Ahmad M. Mehdi, MD, relating to an investigation into Mehdi’s “up-coding” of medical services and engaging in “Medicaid payments for smoking cessation counseling that were not sufficiently documented.” Specifically, Mehdi allegedly claimed reimbursement from Medicaid for “enhanced and more lucrative procedures” than he actually performed. The settlement includes a $260,000 reimbursement to Medicaid and a penalty of $308,750. Pursuant to a companion federal settlement, Mehdi will also pay $331,250 to the federal government to resolve up-coding and Controlled Substances Act claims. Copies of the AG’s press release and the settlement agreement are available here.

New York AG Enters Settlement With Hy Cite for Its Alleged Failure to Disclose Refund Policies in Its Contracts

The New York AG entered a $300,000 settlement with cookware company Hy Cite Enterprises, LLC, (Hy Cite) to resolve allegations that the company did not “clearly disclose their refund policies in their contracts with thousands of consumers.” The AG alleged that Hy Cite “targeted Spanish-speaking communities and refused to let them return products after they were pressured into buying them.” According to the AG, Hy Cite “did not have any stated refund policy and instead only told consumers they have three business days to cancel their purchase, a violation of the Door-to-Door Sales Protection Act,” which requires companies without a refund policy to give consumers 20 days to make a return on door-to-door sales.

Pursuant to the settlement agreement, Hy Cite will pay $300,000 in penalties to the state and allow eligible consumers “to return [their products] for either a cash refund or exchange for new products, depending on the condition of the products returned.” The agreement additionally requires Hy Cite “to include a 20-day refund policy on its New York sales order forms for at least three years.” Copies of the AG’s press release and the assurance of discontinuance is available here.