Category

Litigation

28 December 2016

The Privacy, Data Protection and Cybersecurity Law Review

The third edition of The Privacy, Data Protection and Cybersecurity Law Review appears as the world is converging on more privacy laws that cover more areas of business and are subject to more enforcement. Several Sidley lawyers in the Privacy, Data Security and Information Law practice have contributed to this publication.

(more…)

EmailShare
15 December 2016

Changes to DMCA Safe Harbor Registration Require Action by December 31, 2017

As part of a housekeeping effort, the U.S. Copyright Office issued a final rule that changes the designated agent mechanism protecting online service providers from certain copyright infringement liability under the Digital Millennium Copyright Act (“DMCA”).  Companies will now have to re-register every three years, and existing registrations will cease to be valid by the end of next year.

(more…)

EmailShare
01 December 2016

EU Court of Justice Confirms Protection of Confidential Business Information in Environmental Matters But Uncertainty Remains

On November 23, 2016, the Court of Justice of the European Union (CJEU) set aside a judgment by the lower General Court which could have set a dangerous precedent for the protection of business secrets and confidential business information (CBI) in environmental cases in the European Union. *

(more…)

EmailShare
22 November 2016

Federal Court Grants LabMD’s Motion to Stay Enforcement of FTC’s Final Order

The U.S. Court of Appeals for the Eleventh Circuit has ordered the FTC to halt enforcement of its data security order against LabMD while LabMD challenges the action.

To recap the events leading up to this stay, a data security company allegedly obtained sensitive data from LabMD via a peer-to-peer file-sharing program.  Allegedly, after LabMD refused to purchase the company’s security products, it reported the alleged data security vulnerability to the FTC. The FTC accused LabMD of unfair practices in failing to provide reasonable and appropriate security for customers’ personal information, which was allegedly likely to cause harm to customers. In 2015, an Administrative Law Judge dismissed the case, finding that the FTC failed to prove LabMD’s practices were likely to cause substantial customer injury. In July 2016, upon appeal to the full Commission, the FTC reversed the ALJ decision. Although LabMD stopped operating in 2014, the FTC nevertheless ordered LabMD to implement several information security compliance measures because the Lab still maintains medical records. LabMD appealed to the Eleventh Circuit and filed a motion to stay the FTC’s order.

(more…)

EmailShare
08 November 2016

Applications to Intervene in Privacy Shield Challenge

Last week, we posted a brief account of the two challenges that have been filed in the General Court of the Court of Justice of the European Union challenging the Privacy Shield, first by Digital Rights Ireland in September and then by La Quadrature du Net last Monday.  Today, the Official Journal of the European Union published notice of the Digital Rights Ireland pleading, the first time it has been publicly available.

This posting means the clock has started running on applications to intervene.  Applications to intervene are due in 60 days, or January 6, 2016.   To establish a  right to intervene, an application must include a statement of the circumstances showing “an interest in the result” of  the case.

EmailShare
04 November 2016

EU-U.S. Privacy Shield challenged in CJEU

Two legal challenges have been filed at the Court of Justice of the European Union (“CJEU”) against the European Commission’s adequacy decision on the EU-U.S. Privacy Shield. Privacy Shield was adopted on July 12, 2016 after the CJEU struck down the earlier Safe Harbour agreement in October 2015 over concerns about U.S. surveillance techniques.

(more…)

EmailShare
13 October 2016

European Commission Considering Amendments to Standard Contractual Clauses for International Data Transfers

The European Commission has drafted amendments to the adequacy decisions that underpin the European Union’s Standard Contractual Clauses (“SCCs”) that allow businesses to transfer personal data originating in the European Economic Area (“EEA”) outside of the EEA.  While the Commission has not published the full text of its proposals, they may have a significant practical impact on all businesses that rely on SCCs for international data transfers, including to the United States.

(more…)

EmailShare
12 October 2016

Lessons for California Business Over Recorded Phone Calls

*This article originally appeared in L.A. Biz at bizjournals.com on Oct. 11, 2016.

Over the past few months, Taylor Swift and Kanye West’s feud over a recorded phone call has put the California Invasion of Privacy Act (CIPA) in the spotlight.

Who can record a call? What type of consent is needed? These questions are not just fodder for celebrity tabloids but fundamentally important issues for companies recording customer service calls.

CIPA, codified in California’s Penal Code Section 630 et seq., is an invasion of privacy statute originally designed to restrict wire-tapping and the recording of calls snatched from the airways at the dawn of the wireless telephone industry.

However, in recent years, plaintiffs’ lawyers have embraced Section 632.7 of the Act as a sword to attack companies that record customer service calls.

Read More

EmailShare
07 September 2016

Why Design Matters: It Can Determine Whether an Online Agreement is Enforceable

*Updated on September 8, 2016

The Southern District of New York recently issued a ruling that raises new issues with customer consent and arbitration contracts in a simple click-through agreement, adding to the increasing judicial skepticism over the enforceability of browse-wrap agreements, despite the Supreme Court’s seeming endorsement of consumer arbitration clauses in AT&T Mobility v. Concepcion, 563 U.S. 333 (2011), based on preemption by the Federal Arbitration Act. Soon after this decision, however, the Ninth Circuit issued a ruling that went the other way and found that the arbitration terms in Uber’s terms and conditions were enforceable. Central to these cases has been findings relating to the degree to which terms of use can be considered binding.

(more…)

EmailShare
29 August 2016

Despite Lenient View of Standing, Appellate Court Dismisses “Clearly Meritless” Case on 12(b)(6) Grounds Not Considered by the District Court; Lessons Abound

In Carlsen v GameStop, Inc. the Eighth Circuit held that a plaintiff had standing to bring privacy claims that his personal information, specifically web browsing data, was provided to a third party in violation of an allegedly express agreement not to do so (namely, the defendant’s privacy policy). The district court had previously dismissed the complaint on the grounds of lack of standing because the plaintiff – a paying customer of Gamestop’s online video game magazine – failed to allege that he paid any specific amount for the privacy policy or that he bargained for any additional privacy beyond what non-paying users obtained. However, even though the district court did not consider the defendant’s 12(b)(6) motion to dismiss the complaint on grounds of failure to state a claim, the appellate court nonetheless affirmed the dismissal on that basis.

(more…)

EmailShare
XSLT Plugin by BMI Calculator