Litigation

Last Thursday, the Eastern District of Virginia in United States v. Chatrie, No. 19-cr-00130, 2022 WL 628905, denied a motion to suppress evidence obtained from Google pursuant to a geofence search warrant.  Geofence warrants are a relatively new investigative tool that target private companies’ databases of location data, compelling these companies to produce the location data of every user that was in a particular area over a particular span of time.  The court invalidated the warrant for lack of particularized probable cause, but declined to suppress the evidence obtained from Google—which linked the defendant to the scene of a 2019 bank robbery—because the officers sought the warrant in good faith.
Continue Reading Federal Court Expresses Skepticism About Validity of Geofence Warrants But Declines Suppression Remedy

A California federal district court recently granted partial dismissal of privacy claims brought by several Google users in Rodriguez v. Google, LLC, No. 20-cv-5688 (N.D. Cal.).  The Rodriguez plaintiffs claimed that Google engaged in unlawful wiretapping under section 631 of the California Invasion of Privacy Act (“CIPA”) by collecting data from third-party apps after users turned off certain data tracking in their Google privacy settings; they also claimed that Google breached a unilateral contract they had formed by selecting those privacy settings.  The court disagreed, and dismissed these two claims without leave to amend.
Continue Reading Court Grants Dismissal of Wiretapping and Contract Claims in Putative Privacy Class Action Involving Google Privacy Settings

In a new post on the Inside Class Actions blog, our colleagues discuss a recent Western District of New York report and recommendation concluding that any risk of identity theft or other injury was too “speculative” to show standing in the putative data breach class action Tassmer et al
Continue Reading No Harm, No Foul: New York Federal Court Recommends Dismissing Sensitive Data Breach Class Action for Lack of Standing

Last week, in a decision that confirms the viability of cy pres settlements in privacy class action cases, the Ninth Circuit affirmed approval of a class action injunctive relief and cy pres-only settlement in In re Google Inc. Street View Electronic Communications Litigation, No. 20-15616, 2021 WL 6111383.  The case featured Wiretap Act claims based on Google Street View vehicles’ collection of “payload data,” including emails, passwords, and documents that Internet users transmitted over unencrypted Wi-Fi networks.
Continue Reading Ninth Circuit Affirms Approval of Injunctive Relief and Cy Pres Settlement of Google Street View Privacy Claims

Last week, the Ninth Circuit held in United States v. Wilson, No. 18-50440, 2021 WL 4270847, that a law enforcement officer violated a criminal defendant’s Fourth Amendment rights when he opened images attached to the defendant’s emails without a warrant, even though the images had previously been flagged as child sexual abuse materials (“CSAM”) by Google’s automated CSAM-detection software.  The court based its ruling on the private search exception to the Fourth Amendment, which permits law enforcement to conduct a warrantless search only to the extent the search was previously conducted by a private party.  Because no individual at Google actually opened and viewed the images flagged as CSAM, the court held that law enforcement “exceeded the scope of the antecedent private search,” thereby “exceed[ing] the limits of the private search exception.”  Op. at 20-21.
Continue Reading Ninth Circuit’s Interpretation of Private Search Exception to the Fourth Amendment Contributes to “Growing Tension” Among Circuit Courts

Last year, Apple’s iOS14 incorporated a new feature notifying users when an app copied from the iPhone’s clipboard.  The feature resulted in media scrutiny for a number of well-known apps, some of which faced putative class action lawsuits as a result.  A court in the Eastern District of California recently dismissed one such suit, Mastel v. Miniclip SA, No. 2:21-cv-00124 (E.D. Cal.).  In that decision, the court rejected a broad interpretation of telephone “instrument” under the California Invasion of Privacy Act (“CIPA”), concluding that non-telephonic smartphone functionality does not constitute a telephone instrument.
Continue Reading California Federal Court Adopts Narrow Reading of Telephone “Instrument” Under the California Invasion of Privacy Act

On Wednesday, January 13, the Supreme Court heard arguments in AMG Capital Management LLC v. Federal Trade Commission.  This case raises the question whether the Federal Trade Commission (FTC) has been properly using Section 13(b) of the FTC Act, the provision authorizing requests for preliminary and permanent injunctions where
Continue Reading FTC Remedial Power Under Scrutiny at U.S. Supreme Court

Last week, an Ohio district court found that violations of the Telephone Consumer Protection Act (“TCPA”) occurring between 2015 and July 2020 cannot be enforced because the law was unconstitutional at the time.  The case is captioned Lindenbaum v. Realgy, LLC, No. 19-CV-02862 (N.D. Ohio), and the opinion builds on an earlier decision from a Louisiana district court that reached a similar conclusion in Creasy v. Charter Communications Inc., No. 20-CV-01199 (E.D. La.).
Continue Reading Courts Find TCPA Unenforceable for Acts Prior to July 2020

The English High Court has recently awarded damages in a data privacy case, with two features of particular interest.  First, the nature of the claim is more reminiscent of a claim in defamation than for data privacy breaches, which is a development in the use of data protection legislation.  Secondly, the damages awarded (perhaps influenced by the nature of the case) were unusually high for a data privacy case.

The decision highlights an unusual use of data protection in English law, as a freestanding form of quasi-defamation claim, as the claimants sought damages for reputational harm (as well as distress) solely under the Data Protection Act 1998 (the “DPA”, since replaced by the Data Protection Act 2018, which implemented the General Data Protection Regulation ((EU) 2016/679) (GDPR) in the UK) rather than in a libel or defamation claim, or in parallel with such a claim.  It also sets a potentially unhelpful precedent by awarding two of the claimants £18,000 each for inaccurate processing of their personal data, an amount that is significantly higher than has been awarded in other data protection cases brought under the DPA.  If such awards were to be made in the context of a class action, the potential liability for data controllers could be significant.
Continue Reading English High Court Awards Damages for Quasi-Defamation Data Claim

Introduction

In late 2018, the Upper Tribunal of the Administrative Appeals Tribunal released two significant decisions as to the Freedom of Information Act 2000, section 35, which provides the government a limited basis to withhold communications from disclosure. These are Department for Education v Information Commissioner & Whitmey [2018] UKUT 348 and Cabinet Office v Information Commissioner & Webber [2018] UKUT 410. The cases relate to the 2010 – 2015 Conservative – Liberal Democrat Coalition Government (the “Coalition Government”), headed by Prime Minister David Cameron (Conservative) and Deputy Prime Minister Nick Clegg (Liberal Democrat).

FOIA, section 35

Section 35 provides a qualified exemption to disclosure as to information relating to: (1) ministerial communications and (2) the formulation or development of government policy (inter alia). Withholding information from disclosure is justified if the public interest in withholding the information outweighs the public interest in disclosing the information (section 35(2(2)(b)). Broadly, the purpose of section 35 is to promote free and frank communications between the government and its advisors.  
Continue Reading Freedom of Information Act 2000 (UK) case update: Upper Tribunal rules in favour of disclosure of ministerial communications