Last week, in a decision that confirms the viability of cy pres settlements in privacy class action cases, the Ninth Circuit affirmed approval of a class action injunctive relief and cy pres-only settlement in In re Google Inc. Street View Electronic Communications Litigation, No. 20-15616, 2021 WL 6111383.  The case featured Wiretap Act claims based on Google Street View vehicles’ collection of “payload data,” including emails, passwords, and documents that Internet users transmitted over unencrypted Wi-Fi networks.
Continue Reading Ninth Circuit Affirms Approval of Injunctive Relief and Cy Pres Settlement of Google Street View Privacy Claims

Last week, the Ninth Circuit held in United States v. Wilson, No. 18-50440, 2021 WL 4270847, that a law enforcement officer violated a criminal defendant’s Fourth Amendment rights when he opened images attached to the defendant’s emails without a warrant, even though the images had previously been flagged as child sexual abuse materials (“CSAM”) by Google’s automated CSAM-detection software.  The court based its ruling on the private search exception to the Fourth Amendment, which permits law enforcement to conduct a warrantless search only to the extent the search was previously conducted by a private party.  Because no individual at Google actually opened and viewed the images flagged as CSAM, the court held that law enforcement “exceeded the scope of the antecedent private search,” thereby “exceed[ing] the limits of the private search exception.”  Op. at 20-21.

Continue Reading Ninth Circuit’s Interpretation of Private Search Exception to the Fourth Amendment Contributes to “Growing Tension” Among Circuit Courts

Last year, Apple’s iOS14 incorporated a new feature notifying users when an app copied from the iPhone’s clipboard.  The feature resulted in media scrutiny for a number of well-known apps, some of which faced putative class action lawsuits as a result.  A court in the Eastern District of California recently dismissed one such suit, Mastel v. Miniclip SA, No. 2:21-cv-00124 (E.D. Cal.).  In that decision, the court rejected a broad interpretation of telephone “instrument” under the California Invasion of Privacy Act (“CIPA”), concluding that non-telephonic smartphone functionality does not constitute a telephone instrument.
Continue Reading California Federal Court Adopts Narrow Reading of Telephone “Instrument” Under the California Invasion of Privacy Act

On Wednesday, January 13, the Supreme Court heard arguments in AMG Capital Management LLC v. Federal Trade Commission.  This case raises the question whether the Federal Trade Commission (FTC) has been properly using Section 13(b) of the FTC Act, the provision authorizing requests for preliminary and permanent injunctions where the FTC believes the defendant

Last week, an Ohio district court found that violations of the Telephone Consumer Protection Act (“TCPA”) occurring between 2015 and July 2020 cannot be enforced because the law was unconstitutional at the time.  The case is captioned Lindenbaum v. Realgy, LLC, No. 19-CV-02862 (N.D. Ohio), and the opinion builds on an earlier decision from a Louisiana district court that reached a similar conclusion in Creasy v. Charter Communications Inc., No. 20-CV-01199 (E.D. La.).
Continue Reading Courts Find TCPA Unenforceable for Acts Prior to July 2020

The English High Court has recently awarded damages in a data privacy case, with two features of particular interest.  First, the nature of the claim is more reminiscent of a claim in defamation than for data privacy breaches, which is a development in the use of data protection legislation.  Secondly, the damages awarded (perhaps influenced by the nature of the case) were unusually high for a data privacy case.

The decision highlights an unusual use of data protection in English law, as a freestanding form of quasi-defamation claim, as the claimants sought damages for reputational harm (as well as distress) solely under the Data Protection Act 1998 (the “DPA”, since replaced by the Data Protection Act 2018, which implemented the General Data Protection Regulation ((EU) 2016/679) (GDPR) in the UK) rather than in a libel or defamation claim, or in parallel with such a claim.  It also sets a potentially unhelpful precedent by awarding two of the claimants £18,000 each for inaccurate processing of their personal data, an amount that is significantly higher than has been awarded in other data protection cases brought under the DPA.  If such awards were to be made in the context of a class action, the potential liability for data controllers could be significant.
Continue Reading English High Court Awards Damages for Quasi-Defamation Data Claim

Introduction

In late 2018, the Upper Tribunal of the Administrative Appeals Tribunal released two significant decisions as to the Freedom of Information Act 2000, section 35, which provides the government a limited basis to withhold communications from disclosure. These are Department for Education v Information Commissioner & Whitmey [2018] UKUT 348 and Cabinet Office v Information Commissioner & Webber [2018] UKUT 410. The cases relate to the 2010 – 2015 Conservative – Liberal Democrat Coalition Government (the “Coalition Government”), headed by Prime Minister David Cameron (Conservative) and Deputy Prime Minister Nick Clegg (Liberal Democrat).

FOIA, section 35

Section 35 provides a qualified exemption to disclosure as to information relating to: (1) ministerial communications and (2) the formulation or development of government policy (inter alia). Withholding information from disclosure is justified if the public interest in withholding the information outweighs the public interest in disclosing the information (section 35(2(2)(b)). Broadly, the purpose of section 35 is to promote free and frank communications between the government and its advisors.  
Continue Reading Freedom of Information Act 2000 (UK) case update: Upper Tribunal rules in favour of disclosure of ministerial communications

On September 26, 2018, New Jersey federal district judge Madeline Cox Arleo dismissed an eight-count class action complaint in its entirety against three smart TV makers: Samsung, LG, and Sony.  The plaintiffs alleged that defendants’ smart TVs continuously monitored and tracked their viewing habits, recorded their voices, and then transmitted that information to defendants’ servers,

Yesterday, the Federal Communications Commission (“FCC”) released a Public Notice seeking comment on a range of issues relevant to its interpretation of the Telephone Consumer Protection Act (“TCPA”), including how the FCC should interpret what constitutes an “automatic telephone dialing system” in the wake of a recent decision by the U.S. Court of Appeals for the District of Columbia Circuit to vacate the agency’s prior interpretation of that term.

This same issue was the focus of a petition for declaratory ruling filed earlier this month by the U.S. Chamber Institute for Legal Reform and a number of other industry organizations.

The Public Notice seeks comment on a range of other TCPA issues, some of which also were addressed by the D.C. Circuit’s recent decision.  These include how calls to reassigned mobile telephone numbers should be treated under the TCPA and the ways in which a party may revoke his or her prior express consent to receive automated or prerecorded calls under the statute. 
Continue Reading FCC Seeking Comment on Key TCPA Reform Issues in Wake of DC Circuit Ruling

The Virginia Supreme Court held that license plate images taken by law enforcement agencies constitute “personal information,” reviving a challenge to the police storage of license plate data.

Automatic license plate readers (“ALPRs”) are used by police departments across the country to take thousands of photos of license plates per hour.  Officers check these numbers against lists of stolen or wanted vehicles.  Because ALPRs also record the date, time and location of the license plate image, groups such as the American Civil Liberties Union have argued that this collection is an invasion of privacy that allows police to track a person’s movements.

The Virginia Supreme Court’s ruling marks a significant development in a case challenging the mass collection of license plate images and location data by ALPRs.  In 2015, the ACLU sued the Fairfax County Police Department (“FCPD”) on behalf of Harrison Neal, a motorist whose license plate had been captured twice and stored pursuant to a FCPD policy for one year.  Neal alleged that FCPD’s collection and storage of ALPR data violates Virginia’s Data Act, a statute designed to prevent the unnecessary collection and storage of personal information by government agencies.  However, the circuit court rejected Neal’s claim.  The court ruled that a license plate number is not “personal information” under the Data Act because the number refers to a vehicle rather than an individual.
Continue Reading Virginia Supreme Court Holds that Police License Plate Readers Collect Personal Information