Two Rulings in Two Weeks on the TCPA’s Autodialer Restrictions
The last two weeks have brought two important (although unrelated) rulings on the TCPA’s Autodialer Restrictions. First, on June 25, the Federal Communications Commission limited the applicability of the autodialer restrictions in the Telephone Consumer Protection Act, 47 U.S.C. § 227 (the “TCPA”), to an emerging texting technology. Second, less than two weeks later, the Supreme Court ruled that an exception to the TCPA’s autodialer restrictions for calls to collect federal debts was unconstitutional and expanded the statute’s reach.
French Council of State Upholds €50m CNIL Fine against Google
On June 19, 2020, the French Conseil d’État (“Council of State”) issued a decision upholding the €50 Million fine imposed against Google LLC by the French Supervisory Authority (the “CNIL”). On January 21, 2019, the French CNIL had issued a fine against Google’s U.S. headquarters for failure to comply with the EU General Data Protection Regulation’s (“GDPR”) fundamental principles of transparency and legitimacy. Please refer to the relevant Sidley Data Matters’ blog post on the CNIL decision here. The CNIL found that Google had insufficiently informed Android users about their data processing activities, given the complexity of Google’s privacy policy and terms & conditions, and that the consent obtained from them through the use of pre-ticked boxes was insufficient to serve as a legal basis for processing used for targeted advertising. This was the first and highest regulatory fine the CNIL had issued on the basis of the GDPR.
UK Supreme Court Rules Morrisons Not Vicariously Liable for Malicious Data Breach by Employee
Case: WM Morrison Supermarkets plc v Various Claimants [2020] UKSC 12
In a decision that employers will welcome, the UK Supreme Court recently ruled that Morrison Supermarkets (Morrisons) was not vicariously liable for a data breach committed maliciously by a former employee who, acting to satisfy a personal vendetta against Morrisons, disclosed employee payroll data online.
CJEU Considers the Use of CCTV and Legitimate Interests
With the use of CCTV on the rise, it has become increasingly important for controllers to find a framework in which the conflicting rights of those who are subject to such surveillance are balanced. In its recent decision of TK v Asociaţia de Proprietari bloc M5A-ScaraA EU:C:2019:1064 (TK), the CJEU considered whether the processing carried out by CCTV cameras was necessary and proportionate for the purposes of legitimate interests pursued by the controller.
Highest European Court Confirms: No Presumption of Confidentiality Over Documents Submitted in Marketing Authorization Dossier
On January 22, 2020, the Court of Justice of the European Union (CJEU) found that there is not a general presumption of confidentiality over documents containing clinical and preclinical data provided to the European Medicines Agency (EMA) to support a marketing authorization application. However, the CJEU indicated that certain information may be protected if the interested party can specifically show that the disclosure will cause it harm. This is the first time the CJEU has ruled on this matter, upholding the EMA’s approach to handling access to documents requests.
The Sixth Edition of The Privacy, Data Protection and Cybersecurity Law Review is Available
The sixth edition of The Privacy, Data Protection and Cybersecurity Law Review takes a look at the evolving global privacy, data protection and cybersecurity landscape in a time when mega breaches are becoming more common, significant new data protection legislation is coming into effect, and businesses are coming under increased scrutiny from regulators, Boards of Directors and their customers. Several lawyers from Sidley’s global Privacy and Cybersecurity practice have contributed to this publication. See the chapters below for a closer look at this developing area of law. (more…)
In an Eagerly Anticipated Decision, the Ninth Circuit Sides With Web Scrapers
For years, companies seeking to block web scrapers from collecting the information on their website would invoke the Computer Fraud and Abuse Act (CFAA), a U.S. law that criminalizes accessing a computer “without authorization.” But the U.S. Court of Appeals for the Ninth Circuit has now ruled that merely instructing scrapers that they are not welcome on a public website, either through a restrictive terms of use or a cease-and-desist letter, is probably not enough to render their access “unauthorized” under the CFAA. This decision is encouraging news for the many hedge funds, academic researchers and other data aggregators that use software bots to compile information online.
11th Circuit Rules Single Text Message Not Sufficient for Article III Standing
Creating a circuit split, the U.S. Court of Appeals for the Eleventh Circuit has held that receiving a single unwanted text message is not enough to confer standing, even if the text violated the federal Telephone Consumer Protection Act (TCPA). The court disagreed with a Ninth Circuit ruling that reached the opposite conclusion in 2017. In so doing, it gave new life to an argument defendants may use to fend off class actions under the TCPA.
Carpenter and Everything After: The Supreme Court Nudges the Fourth Amendment into the Information Age
*This article was first published by the American Bar Association Infrastructure and Regulated Industries in Summer 2019.
Every year, as the calendar turns to June, the legal community looks to the Supreme Court. Eager to get to the Term’s end, the Justices rush to complete all of the outstanding opinions. Since the most difficult and important cases usually take the longest to work out, they are typically the stragglers. June is thus the time when the “blockbuster” opinions are issued—the cases that law professors analyze in their tenure pieces and that law school students study, quite possibly for years to come.
FTC’s Authority to Obtain Monetary Relief is in Doubt
The U.S. Court of Appeals for the Seventh Circuit has struck a major blow to Federal Trade Commission (FTC) enforcement authority, holding that the agency cannot seek its preferred remedy of monetary restitution in federal court.
In recent years, the FTC has used Section 13(b) of the Federal Trade Commission Act (FTC Act)1 as its preferred enforcement mechanism, and it has done so to great effect. In 2017, for example, the FTC obtained $5.29 billion in restitution under this section. Civil penalties, which are authorized under a different part of the statute, totaled just $176 million that same year.