Well, that was quick. Yesterday, the FTC filed a motion to dismiss (.pdf) LabMD’s complaint in federal court in Georgia. Their filing cited Judge Salas’s opinion in FTC v. Wyndham, which was also released yesterday:
Because the Court lacks jurisdiction, it need not reach the merits of LabMD’s challenges. But they are groundless in any event. The FTC Act grants the Commission broad authority that easily encompasses harm to consumers from the release of their sensitive personal information. The Commission may exercise that authority through individual adjudications; there is no requirement that it promulgate rules prior to enforcement. FTC authority can easily co-exist with medical privacy statutes administered by the Department of Health and Human Services (“HHS”), as HHS has explicitly recognized. Indeed, today, the District Court for the District of New Jersey issued an opinion in FTC v. Wyndham Worldwide Corp., No. 13-1887 Slip Op. (April 7, 2014) (attached as Ex. 8), holding that the FTC Act confers on the FTC authority over data security practices and that other statutes that also address data security do not impliedly preempt the FTC Act.