Tag Archives: Litigation

Data Breach Allegations Sufficient for Standing After Spokeo, Court Says

On Monday, the U.S. District Court for the District of Kansas ruled that the named plaintiff for a putative class of CareCentrix employees whose personal information was compromised had alleged enough harm for standing under Spokeo, Inc. v. Robins.  The case is Hapka v. CareCentrix, Inc. In early 2016, a phishing attack compromised defendant CareCentrix’s systems, … Continue Reading

Appellate Court Stays Enforcement of FTC’s LabMD Order

In an order released last week, the Eleventh Circuit temporarily delayed enforcement of the Federal Trade Commission’s (FTC) order in the LabMD case.  As we reported earlier, the FTC ruled in July that LabMD’s data security practices violated the FTC Act, clarifying and expanding upon the FTC’s authority to regulate corporate data security practices.  After … Continue Reading

Ninth Circuit Upholds CDA Immunity Against Plaintiff’s Attempt to “Push[] the Envelope of Creative Pleading”

On Monday, a panel of the Ninth Circuit unanimously ruled that Section 230 of the Communications Decency Act (“CDA”) protected Yelp from liability relating to an allegedly defamatory user-generated review.  In doing so, the Court rejected several attempts by the Plaintiff to plead around the CDA’s broad immunity provisions by accusing Yelp of playing a … Continue Reading

Sixth Circuit Allows Lawsuit to Proceed Against Electronic Monitoring Software Company

In a 2-1 decision on August 16, the Sixth Circuit refused to dismiss a claim against the maker of an online surveillance tool for wiretapping under both federal and state laws, and for intrusion against seclusion.  While the breadth of this holding is unclear, and the case may be an outlier, the Sixth Circuit’s reasoning … Continue Reading

Ninth Circuit: CFAA’s Prohibition on Accessing Computer Without Authorization “Unambiguous”

In a decision released Tuesday, the Ninth Circuit held that the Computer Fraud and Abuse Act’s (“CFAA”) prohibition on accessing a computer “without authorization” is violated when a person whose access to a computer system has been “affirmatively revoked” nonetheless accesses that computer system by other means. In United States v. Nosal, the Ninth Circuit … Continue Reading

Seventh Circuit, Relying on Defendant’s Post-Breach Statements, Allows Data Breach Class Action to Proceed

Last week, the Seventh Circuit handed down another friendly ruling for data breach class action plaintiffs, reversing a district court’s dismissal of a class action complaint over a 2014 data breach at P.F. Chang’s restaurants.  In reversing the district court’s holding that the plaintiffs had not demonstrated Article III standing, the Seventh Circuit ruled that … Continue Reading

Judge Denies Neiman’s Motion to Dismiss Data Breach Class Action

A federal judge in the Northern District of Illinois has denied Neiman Marcus Group LLC’s (“Neiman”) motion to dismiss a consumer class action lawsuit arising from a December 2013 data breach at the retailer that exposed about 350,000 credit cards.  As we previously reported, the plaintiffs sued Neiman alleging various claims arising from fraudulent charges … Continue Reading

Wyndham Settles FTC Charges

Wyndham Hotels and Resorts has agreed to settle the FTC’s charges that its corporate data security practices were deficient under the unfairness prong of Section 5 of the FTC Act.  Assuming the district court approves the proposed stipulated consent order, this concludes the litigation between Wyndham and the FTC.  Under the terms of the twenty-year … Continue Reading

FTC Appeals Dismissal of Data Security Complaint Against LabMD

Last Wednesday, the FTC took the next step in its ongoing Section 5 enforcement proceedings against LabMD, filing a formal notice seeking an appeal of Administrative Law Judge Chappell’s initial decision before the full Commission.  Judge Chappell’s initial decision, announced on November 13, dismissed the FTC’s complaint against LabMD, finding that the FTC failed to … Continue Reading

Administrative Law Judge Dismisses FTC’s LabMD Complaint, Finding Insufficient Evidence of “Substantial Injury” to Consumers

On Friday, November 13, Federal Trade Commission (FTC) Chief Administrative Law Judge Chappell issued an Initial Decision dismissing the FTC’s complaint against LabMD, on the ground that the Commission’s staff had failed to carry its burden of demonstrating a “likely substantial injury” to consumers resulting from LabMD’s allegedly “unfair” data security practices. While Judge Chappell’s … Continue Reading

Third Circuit Resurrects State Law Claims Against Google in Safari Cookie Tracking Lawsuit

Last week, the Third Circuit revived a multi-district privacy lawsuit against Google, finding that the trial court erred in dismissing the plaintiffs’ privacy claims under California state law.  The case centers around the plaintiffs’ allegations that Google violated state and federal law by circumventing the Safari browser’s default “cookie blocker” settings to track users’ online … Continue Reading

Free Cartoon Network App User Not a “Subscriber” Under VPPA, Rules Eleventh Circuit

On October 9, the Eleventh Circuit affirmed in Ellis v. Cartoon Network, Inc. that a person who downloads and uses a free mobile application to view freely available content is not, without more, a “subscriber” under the Video Privacy Protection Act (“VPPA”). Cartoon Network offers a free mobile app that people can download to watch … Continue Reading

Following TCPA Omnibus Order, Court Reaffirms Prior Ruling in Dismissing TCPA Text Message Lawsuit Against AOL

In one of the first decisions evaluating Telephone Consumer Protection Act (TCPA) claims under the FCC’s recent omnibus TCPA order, the Northern District of California dismissed a putative class action lawsuit alleging that AOL violated the TCPA when users of its Instant Messenger service (AIM) sent text messages to incorrect recipients.  After the court dismissed … Continue Reading

Third Circuit Upholds FTC’s Data Security Authority in FTC v. Wyndham

The Third Circuit released its decision in FTC v. Wyndham Worldwide Corp. earlier today, affirming the district court’s decision that the FTC has the authority to regulate companies’ data security practices under the “unfair practices” prong of Section 5 of the FTC Act.  The highly anticipated precedential opinion dismissed Wyndham’s arguments that the FTC lacks … Continue Reading

Ten Key Takeaways From Last Week’s TCPA Order

Last week, the Federal Communications Commission (FCC) released the text of its long-awaited order addressing certain aspects of the Telephone Consumer Protection Act (TCPA) and related FCC rules.  The order addressed a total of 21 petitions seeking “clarification or other actions” regarding the TCPA, principally in connection with automated calls and text messages. Although the … Continue Reading

Supreme Court Strikes Down Ordinance Authorizing Warrantless Searches of Hotel Records

On June 22, the Supreme Court issued its decision in Los Angeles v. Patel, striking down a Los Angeles city ordinance that allowed law enforcement to inspect hotel guest registers on demand as facially unconstitutional.  Writing for a 5-4 majority, Justice Sotomayor held that the ordinance violated the Fourth Amendment by failing to provide for … Continue Reading

Court Dismisses Text-Message TCPA Suit Against AOL, Finding Instant Messaging Service Does Not Constitute an ATDS

On June 1, the Northern District of California dismissed a putative TCPA class action against AOL, finding that the plaintiff had failed to allege that AOL utilized an automated telephone dialing system (ATDS), as required to state a cause of action under the TCPA.  In dismissing the plaintiff’s complaint in Derby v. AOL, the court … Continue Reading

Court Certifies Nationwide Class in Yahoo Email Scanning Litigation

Last Tuesday, District Judge Lucy Koh of the Northern District of California partially granted the plaintiffs’ motion for class certification in In re Yahoo Mail Litig., allowing the plaintiffs to pursue their claims for injunctive relief on behalf of class members under the Stored Communications Act (“SCA”) and California’s Invasion of Privacy Act (“CIPA”).  The plaintiffs, … Continue Reading

Ninth Circuit Asks California Supreme Court to Define the Scope of Song-Beverly Act

The U.S. Court of Appeals for the Ninth Circuit on Tuesday asked the California Supreme Court to resolve a longstanding dispute over the interpretation of a retail privacy statute.  If the state court rules on the issue, its decision could affect the ability of California retailers to collect information from consumers who make in-store payments using … Continue Reading

Supreme Court to Consider Whether Actual Harm is Required to Recover Under the Fair Credit Reporting Act

On Monday, the U.S. Supreme Court granted certiorari and agreed to consider Robins v. Spokeo, Inc., in which the U.S. Court of Appeals for the Ninth Circuit held that Thomas Robins had adequately alleged Article III standing to sue website operator Spokeo, Inc. (“Spokeo”) under the Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681 … Continue Reading

Solicitor General Urges Supreme Court To Leave Spokeo Ruling In Place

In the closely-watched case of Spokeo, Inc. v Robins, the Solicitor General recently filed an amicus brief urging the Court to deny certiorari and leave in place the 9th Circuit’s holding, which could encourage the rising tide of privacy class action litigation.  The Solicitor General’s brief—coauthored by the Consumer Financial Protection Bureau—argued that the dissemination … Continue Reading

D.C. Circuit Hears Oral Arguments in Urban Outfitters ZIP Code Lawsuit

Last week, the D.C. Circuit heard oral argument in the lawsuit filed against Urban Outfitters and Anthropologie over their collection of customer ZIP codes at the point of sale.  The plaintiffs alleged that the practice of requesting ZIP codes at the point of sale during credit card transactions violated two D.C. statutes, the Consumer Protection … Continue Reading

Court Finds FTC Entitled to Partial Summary Judgment Against Dish Network for Telemarketing Violations

Last month a federal court found Dish Network liable for calls that were alleged by the Federal Trade Commission (“FTC”) to violate various provisions of the FTC’s Telemarketing Sales Rule (“TSR”).  Specifically, the FTC’s 2009 complaint asserted that Dish Network initiated, or caused a telemarketer to initiate, calls to numbers on the National Do Not … Continue Reading
LexBlog