November 2011

The Ninth Circuit reversed the district court’s approval of a class action settlement last Monday in Nachshin v. AOL, remanding the two-year old case back to the district court for a new round of settlement negotiation and approval. No. 10-55129 (9th Cir. Nov. 21, 2011).  The class action was brought in 2009, alleging that the Internet company violated the Electronic Communications Privacy Act (ECPA) when it inserted footers containing promotional messages into e-mails sent by its users. The complaint also alleged unjust enrichment, breach of contract, and violations of state law.

The problem with the settlement was not that the class representatives failed to adequately represent class members, as in the Second Circuit’s recent decision in the latest iteration of the Tasini v. New York Times case, or that the interests of the members of the proposed class (all 66 million of them) were too factually and legally different to proceed in a class action, as in the Ninth Circuit’s recent decision in Ellis v. Costco Wholesale Corp. Instead, the Ninth Circuit reversed the settlement on the less common ground that it provided for distributions from the settlement fund to charities that were unrelated to the claims underlying the lawsuit.Continue Reading ECPA Class Action Settlement Overturned

An amendment to a discussion tabled in the House of Lords relating to the Protection of Freedoms Bill 2010 – 2011 has called for the creation of a dedicated Privacy Commissioner.

The proposed establishment of a single Privacy Commissioner seeks to correct the existing proliferation of UK commissioners with strictly circumscribed powers and create an organization that is sufficiently flexible to navigate through the ever-changing technology and privacy policy landscapes.

If the Bill receives Royal Assent and becomes law, the new Commissioner will supersede the current UK Information Commissioner and reflect a more holistic approach of protecting individual privacy in all of its aspects rather than regulating personal data alone.Continue Reading House of Lords Calls for a Privacy Commissioner

On 24 November 2011, the EU Court of Justice decided that ISPs cannot be forced to filter Internet traffic to fight intellectual property violations.  

In 2007, the Brussels Court of First Instance obliged the ISP Scarlet to filter all internet traffic and to block traffic involving violations of intellectual

Continue Reading European Court Rejects Internet Filtering by ISPs

by David Fagan and Alex Berengaut

On November 10, 2011, Judge Liam O’Grady of the United States District Court for the Eastern District of Virginia issued a 60-page memorandum opinion in a dispute over the validity of a special court order issued to Twitter for non-content records for certain users

Continue Reading Virginia District Court Issues Significant Ruling Upholding Government Access to Non-Content User Data

Judge Koh of the District Court for the Northern District of California recently granted LinkedIn’s motion to dismiss with leave to amend in Low v. LinkedIn.  Covington represents LinkedIn in this case, in which Plaintiff alleges that he suffered injury by virtue of LinkedIn’s purported transmittal of a unique UserID to certain third parties as a portion of a URL referrer header.

The Court held that the plaintiff had not alleged sufficient injury-in-fact to satisfy Article III standing, because “Plaintiff has failed to put forth a coherent theory of how his personal information was disclosed or transferred to third parties, and how it has harmed him.”  In making this determination, the Court rejected Plaintiff’s theories of  “emotional” and “economic” harm.

With respect to emotional harm, the court noted that Plaintiff was “unable to articulate a theory of what information had actually been transmitted to third parties, how it had been transferred to third parties, and how LinkedIn had actually caused him harm.”  Similarly, in considering Plaintiff’s theory of economic harm, the Court held that Plaintiff’s allegations were “too abstract and hypothetical to support Article III standing,” citing a growing body of precedent, including Judge Koh’s own recent decision in In re iPhone Application Litigation, in which courts have held that the unauthorized collection of personal information does not create an economic loss.  Quoting Specific Media, the Court observed that Plaintiff had failed to allege how he was foreclosed from capitalizing on the value of his personal data or how he was “deprived of the economic value of [his] personal information simply because [his] unspecified personal information was purportedly collected by a third party.”Continue Reading LinkedIn Motion to Dismiss Granted

Government officials must seek a warrant to compel the disclosure of cell phone location data, a federal district court ruled, holding that a federal law allowing the government to obtain some information without a warrant violates the Fourth Amendment.

In a one-page order upholding a magistrate judge’s decision, U.S. District Judge Lynn N. Hughes, of the Southern District of Texas, held Nov. 11 that records showing the “date, time, called number, and location of the telephone when the call was made” are constitutionally protected, and thus the government needs a warrant based on probable cause to compel the disclosure of such data. That standard is higher than the standard required for a court order under the Stored Communications Act, which requires a government entity to demonstrate that there are “specific and articulable facts showing that there are reasonable grounds to believe” the contents of or records about an electronic communication are “relevant and material to an ongoing criminal investigation.”Continue Reading Federal Court Finds Warrant Required to Obtain Cell-Phone Locations

The group that develops technical standards and guidelines for the World Wide Web released a set of draft standards on Monday that are intended to allow consumers to limit and control how they are tracked online.

The standards, developed by the World Wide Web Consortium (known as the “W3C”), would allow consumers to set a “Do-Not-Track” preference using their browser or other tools.  The proposal effectively sets up an “opt-out” mechanism for online tracking because no preference is transmitted until the user affirmatively selects a setting.  The standard states that, absent laws, rules or other requirements to the contrary, servers may interpret the lack of an expressed preference “as they find most appropriate for the given user, particularly when considered in light of the user’s privacy expectations and cultural circumstances.”  Once set by the user, the Do-Not-Track preference would be transmitted to any website the user visits; the standard requires website servers that have implemented the standard to send a response signal indicating whether the website respects the tracking preference.  Users would be able to affirmatively allow tracking, block all tracking, or refuse tracking generally but allow tracking on certain sites.Continue Reading Web-standards group releases draft “Do-Not-Track” mechanism

In a speech this week at the U.S. Chamber of Commerce, White House Deputy Chief Technology Officer for Internet Policy Daniel Weitzner announced that the Administration will soon roll out a “privacy bill of rights,” which he described as a “broad, high-level statement of principles” that could be enforced
Continue Reading White House To Roll Out “Privacy Bill of Rights”

This past week, officials from the Asia-Pacific Economic Cooperative’s 21 member nations met in Honolulu to discuss a range of policy issues affecting the Asia-Pacific region.  One development coming out of the meeting was the adoption by APEC of the Honolulu Declaration, which includes an endorsement of a self-regulatory,
Continue Reading APEC Approves Cross-Border Privacy Initiative

Online advertiser ScanScout has entered into a consent agreement with the Federal Trade Commission in connection with claims it made that consumers could opt out of receiving targeted ads by changing their computer’s web browser settings to block cookies.  According to the FTC, these claims were deceptive with respect to the use of so-called “Flash cookies” since browser settings did not allow users to remove or block the Flash cookies used by the company.  Flash cookies generally cannot be controlled through browser privacy settings, in contrast to traditional “HTTP” cookies.

Under the terms of the proposed settlement, ScanScout must post a prominent notice on its home page stating the following:  “We collect information about your activities on certain websites to send you targeted ads. To opt out of our targeted advertisements, click here.”  The company must provide a hyperlink to an opt-out mechanism that offers users the ability – through a single click or a single change to a browser setting – to prevent the company from:

  • collecting information that can identify the user or her computer;
  • associating any previously collected data with the user; or
  • in the absence of any affirmative action by the user, redirecting the user’s browser to third parties that collect data. 

The opt out choice must remain in effect for a minimum of five years.  There also must be a clear and prominent notice within close proximity of the opt out mechanism that provides certain additional disclosures, including the current status of the user’s choice and any circumstances that, if initiated by the user, would disable the choice made by a user. Continue Reading FTC Settles Flash Cookie and COPPA Claims