Introduction In late 2018, the Upper Tribunal of the Administrative Appeals Tribunal released two significant decisions as to the Freedom of Information Act 2000, section 35, which provides the government a limited basis to withhold communications from disclosure. These are Department for Education v Information Commissioner & Whitmey [2018] UKUT 348 and Cabinet Office v … Continue Reading
On September 26, 2018, New Jersey federal district judge Madeline Cox Arleo dismissed an eight-count class action complaint in its entirety against three smart TV makers: Samsung, LG, and Sony. The plaintiffs alleged that defendants’ smart TVs continuously monitored and tracked their viewing habits, recorded their voices, and then transmitted that information to defendants’ servers, … Continue Reading
By Melanie Ramey Yesterday, the Federal Communications Commission (“FCC”) released a Public Notice seeking comment on a range of issues relevant to its interpretation of the Telephone Consumer Protection Act (“TCPA”), including how the FCC should interpret what constitutes an “automatic telephone dialing system” in the wake of a recent decision by the U.S. Court … Continue Reading
The Virginia Supreme Court held that license plate images taken by law enforcement agencies constitute “personal information,” reviving a challenge to the police storage of license plate data. Automatic license plate readers (“ALPRs”) are used by police departments across the country to take thousands of photos of license plates per hour. Officers check these numbers … Continue Reading
On January 25, 2018, the Court of Justice of the European Union (“CJEU”) handed down a ruling permitting consumer privacy actions to be brought in the consumer’s home jurisdiction — as opposed to the jurisdiction in which the defendant data controller has its main establishment — but not permitting consumer privacy class actions to be … Continue Reading
On Monday, the U.S. District Court for the District of Kansas ruled that the named plaintiff for a putative class of CareCentrix employees whose personal information was compromised had alleged enough harm for standing under Spokeo, Inc. v. Robins. The case is Hapka v. CareCentrix, Inc. In early 2016, a phishing attack compromised defendant CareCentrix’s systems, … Continue Reading
In an order released last week, the Eleventh Circuit temporarily delayed enforcement of the Federal Trade Commission’s (FTC) order in the LabMD case. As we reported earlier, the FTC ruled in July that LabMD’s data security practices violated the FTC Act, clarifying and expanding upon the FTC’s authority to regulate corporate data security practices. After … Continue Reading
On Monday, a panel of the Ninth Circuit unanimously ruled that Section 230 of the Communications Decency Act (“CDA”) protected Yelp from liability relating to an allegedly defamatory user-generated review. In doing so, the Court rejected several attempts by the Plaintiff to plead around the CDA’s broad immunity provisions by accusing Yelp of playing a … Continue Reading
In a 2-1 decision on August 16, the Sixth Circuit refused to dismiss a claim against the maker of an online surveillance tool for wiretapping under both federal and state laws, and for intrusion against seclusion. While the breadth of this holding is unclear, and the case may be an outlier, the Sixth Circuit’s reasoning … Continue Reading
In a decision released Tuesday, the Ninth Circuit held that the Computer Fraud and Abuse Act’s (“CFAA”) prohibition on accessing a computer “without authorization” is violated when a person whose access to a computer system has been “affirmatively revoked” nonetheless accesses that computer system by other means. In United States v. Nosal, the Ninth Circuit … Continue Reading
Last week, the Seventh Circuit handed down another friendly ruling for data breach class action plaintiffs, reversing a district court’s dismissal of a class action complaint over a 2014 data breach at P.F. Chang’s restaurants. In reversing the district court’s holding that the plaintiffs had not demonstrated Article III standing, the Seventh Circuit ruled that … Continue Reading
A federal judge in the Northern District of Illinois has denied Neiman Marcus Group LLC’s (“Neiman”) motion to dismiss a consumer class action lawsuit arising from a December 2013 data breach at the retailer that exposed about 350,000 credit cards. As we previously reported, the plaintiffs sued Neiman alleging various claims arising from fraudulent charges … Continue Reading
Wyndham Hotels and Resorts has agreed to settle the FTC’s charges that its corporate data security practices were deficient under the unfairness prong of Section 5 of the FTC Act. Assuming the district court approves the proposed stipulated consent order, this concludes the litigation between Wyndham and the FTC. Under the terms of the twenty-year … Continue Reading
Last Wednesday, the FTC took the next step in its ongoing Section 5 enforcement proceedings against LabMD, filing a formal notice seeking an appeal of Administrative Law Judge Chappell’s initial decision before the full Commission. Judge Chappell’s initial decision, announced on November 13, dismissed the FTC’s complaint against LabMD, finding that the FTC failed to … Continue Reading
On Friday, November 13, Federal Trade Commission (FTC) Chief Administrative Law Judge Chappell issued an Initial Decision dismissing the FTC’s complaint against LabMD, on the ground that the Commission’s staff had failed to carry its burden of demonstrating a “likely substantial injury” to consumers resulting from LabMD’s allegedly “unfair” data security practices. While Judge Chappell’s … Continue Reading
Last week, the Third Circuit revived a multi-district privacy lawsuit against Google, finding that the trial court erred in dismissing the plaintiffs’ privacy claims under California state law. The case centers around the plaintiffs’ allegations that Google violated state and federal law by circumventing the Safari browser’s default “cookie blocker” settings to track users’ online … Continue Reading
On October 9, the Eleventh Circuit affirmed in Ellis v. Cartoon Network, Inc. that a person who downloads and uses a free mobile application to view freely available content is not, without more, a “subscriber” under the Video Privacy Protection Act (“VPPA”). Cartoon Network offers a free mobile app that people can download to watch … Continue Reading
In one of the first decisions evaluating Telephone Consumer Protection Act (TCPA) claims under the FCC’s recent omnibus TCPA order, the Northern District of California dismissed a putative class action lawsuit alleging that AOL violated the TCPA when users of its Instant Messenger service (AIM) sent text messages to incorrect recipients. After the court dismissed … Continue Reading
The Third Circuit released its decision in FTC v. Wyndham Worldwide Corp. earlier today, affirming the district court’s decision that the FTC has the authority to regulate companies’ data security practices under the “unfair practices” prong of Section 5 of the FTC Act. The highly anticipated precedential opinion dismissed Wyndham’s arguments that the FTC lacks … Continue Reading
Last week, the Federal Communications Commission (FCC) released the text of its long-awaited order addressing certain aspects of the Telephone Consumer Protection Act (TCPA) and related FCC rules. The order addressed a total of 21 petitions seeking “clarification or other actions” regarding the TCPA, principally in connection with automated calls and text messages. Although the … Continue Reading
On June 22, the Supreme Court issued its decision in Los Angeles v. Patel, striking down a Los Angeles city ordinance that allowed law enforcement to inspect hotel guest registers on demand as facially unconstitutional. Writing for a 5-4 majority, Justice Sotomayor held that the ordinance violated the Fourth Amendment by failing to provide for … Continue Reading
On June 1, the Northern District of California dismissed a putative TCPA class action against AOL, finding that the plaintiff had failed to allege that AOL utilized an automated telephone dialing system (ATDS), as required to state a cause of action under the TCPA. In dismissing the plaintiff’s complaint in Derby v. AOL, the court … Continue Reading
Last Tuesday, District Judge Lucy Koh of the Northern District of California partially granted the plaintiffs’ motion for class certification in In re Yahoo Mail Litig., allowing the plaintiffs to pursue their claims for injunctive relief on behalf of class members under the Stored Communications Act (“SCA”) and California’s Invasion of Privacy Act (“CIPA”). The plaintiffs, … Continue Reading
On Monday, the U.S. Supreme Court granted certiorari and agreed to consider Robins v. Spokeo, Inc., in which the U.S. Court of Appeals for the Ninth Circuit held that Thomas Robins had adequately alleged Article III standing to sue website operator Spokeo, Inc. (“Spokeo”) under the Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681 … Continue Reading
