Last week, the Third Circuit revived a multi-district privacy lawsuit against Google, finding that the trial court erred in dismissing the plaintiffs’ privacy claims under California state law.  The case centers around the plaintiffs’ allegations that Google violated state and federal law by circumventing the Safari browser’s default “cookie blocker” settings to track users’ online activity while publicly professing to respect users’ Safari browser settings.  While the Third Circuit affirmed the trial court’s dismissal of federal claims under the Wiretap Act, the Stored Communications Act (SCA), and the Computer Fraud and Abuse Act (CFAA), the court vacated the district court’s dismissal of the plaintiffs’ claims under California tort law and the California constitution’s right to privacy.

The plaintiffs’ claims originated from a 2012 Wall Street Journal article describing a researcher’s findings that Google, despite the Safari browser’s default settings intended to blocking tracking cookies, had utilized methods to circumvent these settings and track Safari users’ Internet browsing habits via tracking cookies.  At the same time, the plaintiffs alleged, Google made a series of public statements, including statements within its privacy policy, indicating that it respected the Safari browser’s cookie-blocking settings.  Google subsequently entered into settlements with the Department of Justice and a consortium of state attorneys general over its practices.  Twenty-four plaintiffs also filed putative class action suits against Google and third-party advertisers, alleging violations of federal and state privacy law.  The suits were combined into the instant litigation in the District of Delaware, and in October 2013, the district court dismissed the complaint in its entirety, finding that the plaintiffs failed to state a claim.


Continue Reading Third Circuit Resurrects State Law Claims Against Google in Safari Cookie Tracking Lawsuit

In one of the first decisions evaluating Telephone Consumer Protection Act (TCPA) claims under the FCC’s recent omnibus TCPA order, the Northern District of California dismissed a putative class action lawsuit alleging that AOL violated the TCPA when users of its Instant Messenger service (AIM) sent text messages to incorrect recipients.  After the court dismissed

Last week, the Federal Communications Commission (FCC) released the text of its long-awaited order addressing certain aspects of the Telephone Consumer Protection Act (TCPA) and related FCC rules.  The order addressed a total of 21 petitions seeking “clarification or other actions” regarding the TCPA, principally in connection with automated calls and text messages.

Although the order purports only to “clarify” existing FCC precedent, there is widespread debate over whether the order imposed new requirements on entities that transmit automated calls and text messages.  The order already has been appealed by one party and other appeals are expected.  Nevertheless, because the FCC claims the order only clarifies existing precedent, its provisions became effective when the order was released on July 10, 2015.

The order focuses on ten key areas, which are summarized after the jump.
Continue Reading Ten Key Takeaways From Last Week’s TCPA Order

In an order adopted at Thursday’s Open Meeting, the Federal Communications Commission acted on 23 petitions or other requests for clarification regarding the application of the Telephone Consumer Protection Act, a federal law that restricts telemarketing  and certain other types of calls.  The FCC has issued a news release describing yesterday’s order as an effort to “clos[e] loopholes and strengthen[] consumer protections already on the books.”  The text of the order is expected to be released in the coming days.
Continue Reading FCC Ruling Tightens TCPA Restrictions; Dissenters Warn of Increased Class-Action Abuse

On June 1, the Northern District of California dismissed a putative TCPA class action against AOL, finding that the plaintiff had failed to allege that AOL utilized an automated telephone dialing system (ATDS), as required to state a cause of action under the TCPA.  In dismissing the plaintiff’s complaint in Derby v. AOL, the court rejected the plaintiff’s arguments that AOL Instant Messenger (AIM), which allows individuals to send instant messages as text messages to cell phones, constitutes an ATDS.  Instead, the court agreed with AOL’s argument that AIM relied on “human intervention” to send the messages at issue, which foreclosed the possibility of potential TCPA liability.  (Covington represented AOL in this case.)  The decision should be beneficial to a variety of services that enable their users to send text messages to cell phones.
Continue Reading Court Dismisses Text-Message TCPA Suit Against AOL, Finding Instant Messaging Service Does Not Constitute an ATDS

Last Tuesday, District Judge Lucy Koh of the Northern District of California partially granted the plaintiffs’ motion for class certification in In re Yahoo Mail Litig., allowing the plaintiffs to pursue their claims for injunctive relief on behalf of class members under the Stored Communications Act (“SCA”) and California’s Invasion of Privacy Act (“CIPA”).  The plaintiffs, none of whom has a Yahoo email account, originally filed suit alleging that Yahoo scanned emails they exchanged with other individuals’ Yahoo email addresses and used the results for advertising purposes.  Last August, Judge Koh partially granted Yahoo’s motion to dismiss, eliminating the plaintiff’s claims under the Wiretap Act and the California Constitution but allowing the SCA and CIPA claims to proceed.
Continue Reading Court Certifies Nationwide Class in Yahoo Email Scanning Litigation

On Tuesday, March 31, the U.S. District Court for the Northern District of California granted Hulu’s motion for summary judgment in a complaint alleging that Hulu had violated the Video Privacy Protection Act (VPPA) by sharing user information with Facebook.  In granting summary judgment, the court found no genuine issue of material fact regarding whether Hulu “knowingly” disclosed video viewing information connected to individual Hulu users to Facebook, a required element for VPPA liability.  While the court’s holding may be too fact-bound to have widespread impact on other VPPA cases, it does highlight the important role of the VPPA’s knowledge requirement in determining liability under the statute.
Continue Reading Court Grants Summary Judgment on VPPA Claims Against Hulu Based on Lack of ‘Knowing’ Disclosure

Regulators and courts in the EU are increasingly vigilant in relation to privacy practices and policies of large online companies.  In recent years and months, the pressure increases not only through privacy-specific regulations and enforcement, but also through the application of consumer legislation.  As the below examples from France and Germany show, some courts or regulators assess privacy practices and policies against the rules on unfair or abusive trade practices — in some countries, the legislator is even proposing new laws to that end.  This is a worrying trend, as it could trigger the application of an additional set of rules to privacy policies, and implies that EU consumer protection authorities may acquire competence in relation to online privacy policies, in addition to the EU data protection regulators.


Continue Reading European Consumer Legislation and Online Privacy Policies: Opening Pandora’s Box?

Pursuant to a press release of the German Federal Ministry for Justice and Consumer Protection, the German Government approved a draft law to strengthen the private enforcement of certain data protection law provisions that aim to protect consumers.  In particular, the draft law empowers consumers and other qualified associations to send cease-and-desist letters and to

By Ani Gevorkian

Last week, the U.S. District Court for the Southern District of California issued an opinion regarding the definition of  an “Automatic Telephone Dialing System” (“ATDS”) under the Telephone Consumer Protection Act (“TCPA”).  The opinion follows a small but growing number of cases holding that courts have their own ability to interpret the statutory definition of ATDS and need not follow the Federal Communication Commission’s interpretation of that term.

The case, Marks v. Crunch San Diego, involved a class action suit against gym-operator Crunch San Diego (“Crunch”) for its use of a third-party web-based platform to send promotional text messages to current and prospective member mobile phones.  The plaintiff claimed he had received three unwanted text messages from Crunch over the course of about a month, in violation of the TCPA.  The motion for summary judgment turned on the issue of whether the platform Crunch used could be classified as an ATDS.  The court held that it could not.


Continue Reading Another Court Finds That an Automated SMS Platform is Not an ATDS