Litigation

On September 26, 2018, New Jersey federal district judge Madeline Cox Arleo dismissed an eight-count class action complaint in its entirety against three smart TV makers: Samsung, LG, and Sony.  The plaintiffs alleged that defendants’ smart TVs continuously monitored and tracked their viewing habits, recorded their voices, and then transmitted
Continue Reading New Jersey District Judge Dismisses All Counts Against Smart TVs

Yesterday, the Federal Communications Commission (“FCC”) released a Public Notice seeking comment on a range of issues relevant to its interpretation of the Telephone Consumer Protection Act (“TCPA”), including how the FCC should interpret what constitutes an “automatic telephone dialing system” in the wake of a recent decision by the U.S. Court of Appeals for the District of Columbia Circuit to vacate the agency’s prior interpretation of that term.

This same issue was the focus of a petition for declaratory ruling filed earlier this month by the U.S. Chamber Institute for Legal Reform and a number of other industry organizations.

The Public Notice seeks comment on a range of other TCPA issues, some of which also were addressed by the D.C. Circuit’s recent decision.  These include how calls to reassigned mobile telephone numbers should be treated under the TCPA and the ways in which a party may revoke his or her prior express consent to receive automated or prerecorded calls under the statute. 
Continue Reading FCC Seeking Comment on Key TCPA Reform Issues in Wake of DC Circuit Ruling

The Virginia Supreme Court held that license plate images taken by law enforcement agencies constitute “personal information,” reviving a challenge to the police storage of license plate data.

Automatic license plate readers (“ALPRs”) are used by police departments across the country to take thousands of photos of license plates per hour.  Officers check these numbers against lists of stolen or wanted vehicles.  Because ALPRs also record the date, time and location of the license plate image, groups such as the American Civil Liberties Union have argued that this collection is an invasion of privacy that allows police to track a person’s movements.

The Virginia Supreme Court’s ruling marks a significant development in a case challenging the mass collection of license plate images and location data by ALPRs.  In 2015, the ACLU sued the Fairfax County Police Department (“FCPD”) on behalf of Harrison Neal, a motorist whose license plate had been captured twice and stored pursuant to a FCPD policy for one year.  Neal alleged that FCPD’s collection and storage of ALPR data violates Virginia’s Data Act, a statute designed to prevent the unnecessary collection and storage of personal information by government agencies.  However, the circuit court rejected Neal’s claim.  The court ruled that a license plate number is not “personal information” under the Data Act because the number refers to a vehicle rather than an individual.
Continue Reading Virginia Supreme Court Holds that Police License Plate Readers Collect Personal Information

On January 25, 2018, the Court of Justice of the European Union (“CJEU”) handed down a ruling permitting consumer privacy actions to be brought in the consumer’s home jurisdiction — as opposed to the jurisdiction in which the defendant data controller has its main establishment — but not permitting consumer privacy class actions to be brought in a consumer’s home jurisdiction.

Background

Maximilian Schrems (“Schrems”) — an Austrian resident, lawyer and privacy activist (best known for his involvement in litigation relating to the EU-U.S. Safe Harbor and the EU Model Clauses) — brought a class action against Facebook’s Irish-registered office, before the Austrian courts.  Schrems’ action alleges various breaches of Austrian, Irish, and EU data privacy rules, and includes claims for damages arising from these alleged breaches.

Schrems, a Facebook user of ten years, initially registered with Facebook under a false name for personal purposes only, engaging in typical private uses of the site such as to share photos and posts with his 250 or so Facebook Friends.  Then, in 2011, Schrems created a Facebook page to report on his legal proceedings against Facebook Ireland, reference his lectures and media appearances, advertise his books and solicit public donations.

The Austrian Supreme Court sought a preliminary ruling from the CJEU on two points.

  • Whether Schrems is a “consumer” as defined and interpreted under EU law (namely Article 15 of Regulation No. 44/2001 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters), in relation to his Facebook account, specifically the use of his Facebook page (“the Consumer Issue”).
  • Whether Schrems could bring his action alongside and on behalf other consumers in contractual relationships with Facebook, those consumers numbering more than 25,000 and residing in Austria, other Member States, and outside the EU (“the Class Action Issue”).

Continue Reading CJEU Rejects Consumer Privacy Class Action

On Monday, the U.S. District Court for the District of Kansas ruled that the named plaintiff for a putative class of CareCentrix employees whose personal information was compromised had alleged enough harm for standing under Spokeo, Inc. v. Robins.  The case is Hapka v. CareCentrix, Inc.

In early
Continue Reading Data Breach Allegations Sufficient for Standing After Spokeo, Court Says

In an order released last week, the Eleventh Circuit temporarily delayed enforcement of the Federal Trade Commission’s (FTC) order in the LabMD case.  As we reported earlier, the FTC ruled in July that LabMD’s data security practices violated the FTC Act, clarifying and expanding upon the FTC’s authority to regulate corporate data security practices.  After the FTC denied LabMD’s request for a stay, the company appealed to the Eleventh Circuit, which granted the stay in a unanimous decision.
Continue Reading Appellate Court Stays Enforcement of FTC’s LabMD Order

On Monday, a panel of the Ninth Circuit unanimously ruled that Section 230 of the Communications Decency Act (“CDA”) protected Yelp from liability relating to an allegedly defamatory user-generated review.  In doing so, the Court rejected several attempts by the Plaintiff to plead around the CDA’s broad immunity provisions by
Continue Reading Ninth Circuit Upholds CDA Immunity Against Plaintiff’s Attempt to “Push[] the Envelope of Creative Pleading”

In a 2-1 decision on August 16, the Sixth Circuit refused to dismiss a claim against the maker of an online surveillance tool for wiretapping under both federal and state laws, and for intrusion against seclusion.  While the breadth of this holding is unclear, and the case may be an
Continue Reading Sixth Circuit Allows Lawsuit to Proceed Against Electronic Monitoring Software Company

Last week, the Seventh Circuit handed down another friendly ruling for data breach class action plaintiffs, reversing a district court’s dismissal of a class action complaint over a 2014 data breach at P.F. Chang’s restaurants.  In reversing the district court’s holding that the plaintiffs had not demonstrated Article III standing, the Seventh Circuit ruled that the risk of future fraudulent charges and identity theft created by the breach as reported by P.F. Chang’s constituted a “certainly impending” future injury sufficient to confer Article III standing.  This decision builds on an earlier ruling from the Seventh Circuit that revived a data breach suit filed against Neiman Marcus, and will create further incentives for future plaintiffs to file data breach class action lawsuits in the federal courts of Illinois, Indiana, and Wisconsin, when jurisdictionally possible.
Continue Reading Seventh Circuit, Relying on Defendant’s Post-Breach Statements, Allows Data Breach Class Action to Proceed

A federal judge in the Northern District of Illinois has denied Neiman Marcus Group LLC’s (“Neiman”) motion to dismiss a consumer class action lawsuit arising from a December 2013 data breach at the retailer that exposed about 350,000 credit cards.  As we previously reported, the plaintiffs sued Neiman alleging
Continue Reading Judge Denies Neiman’s Motion to Dismiss Data Breach Class Action