2021 was another busy year for data privacy regulatory enforcement and litigation. With some distance to reflect on last year, we have prepared this post identifying and describing important trends from 2021 that can help provide insight into what to expect in the data privacy landscape in 2022.

Data Privacy Regulatory Enforcement Trends

Federal Trade Commission (FTC) and state enforcement action in 2021 centered on several key areas, including protecting children.

An FTC enforcement action last year alleged that the maker of an online coloring book application violated the Children’s Online Privacy Protection Act (COPPA) by collecting personal information about children who used the app without notifying their parents and obtaining their consent.  The allegations note that the app included a “Kids” category that was targeted to children.  The FTC further claimed that the app’s social media features collected personal information from users and that some parents, lacking knowledge of these features, may have inadvertently permitted their young children to use the app.
Continue Reading 2021 Trends in Privacy Regulatory Enforcement and Litigation

On Wednesday, a federal judge in the Central District of California dismissed Humana Pharmacy Inc.’s motion to dismiss a putative class action suit alleging the company illegally recorded telephone calls with customers, finding that the California Invasion of Privacy Act (“CIPA”) does not exempt quality assurance recordings.

In its motion to dismiss, Humana argued that CIPA exempts “service observing,” or a business’s recording of calls between its employees and customers for quality assurance purposes.  Judge Josephine Staton Tucker rejected Humana’s interpretation of the statute and further found that plaintiff’s complaint did not allege that Humana recorded the call for service observing purposes, refusing to read such purpose into the allegations.

The court also rejected Humana’s contention that plaintiff’s complaint failed to allege that the company did not provide proper notice to him at the outset that the call was being recorded. The court held that plaintiff’s allegation that he was not warned “at any point during the telephone conversation” was sufficient at the pleadings stage, but acknowledged that the issue could be raised again in a motion for summary judgment. 

Continue Reading Humana’s Quality Assurance Calls Not Exempted From CIPA

In a recent order, Judge Henderson of the District Court for the Northern District of California denied NebuAd Inc.’s motion to dismiss in Valentine v. NebuAd Inc., No. C08-05113 TEH, finding that plaintiffs had sufficient statutory standing to assert claims under the California Invasion of Privacy Act (“CIPA”) and the California Computer Crime Law (“CCCL”) and that these claims were not preempted by the federal Electronic Communications Privacy Act (“ECPA”).

With respect to standing, the Court found that the California Legislature did not intend to limit the right of action under CIPA and CCCL to in-state plaintiffs, and, thus, the out-of-state plaintiffs in this action could bring suit again a California defendant (NebuAd).  (Notably, this analysis pertained to standing under these specific California statutes, not the Article III constitutional standing that was at issue in the recent RockYou decision, which we wrote about here).  On the preemption issue, the Court rejected the Central District of California’s holding in Bunnell v. Motion Picture Ass’n of Am. that ECPA preempted a CIPA claim.  Instead, the Court said it was more persuaded by the California Supreme Court’s contrary holdings that ECPA does not preempt CIPA in People v. Conklin and Kearney v. Salomon Smith Barney.

Continue Reading California Privacy Claims Survive Motion to Dismiss In NebuAd Lawsuit