Category

Litigation

13 October 2016

European Commission Considering Amendments to Standard Contractual Clauses for International Data Transfers

The European Commission has drafted amendments to the adequacy decisions that underpin the European Union’s Standard Contractual Clauses (“SCCs”) that allow businesses to transfer personal data originating in the European Economic Area (“EEA”) outside of the EEA.  While the Commission has not published the full text of its proposals, they may have a significant practical impact on all businesses that rely on SCCs for international data transfers, including to the United States.

(more…)

EmailShare
12 October 2016

Lessons for California Business Over Recorded Phone Calls

*This article originally appeared in L.A. Biz at bizjournals.com on Oct. 11, 2016.

Over the past few months, Taylor Swift and Kanye West’s feud over a recorded phone call has put the California Invasion of Privacy Act (CIPA) in the spotlight.

Who can record a call? What type of consent is needed? These questions are not just fodder for celebrity tabloids but fundamentally important issues for companies recording customer service calls.

CIPA, codified in California’s Penal Code Section 630 et seq., is an invasion of privacy statute originally designed to restrict wire-tapping and the recording of calls snatched from the airways at the dawn of the wireless telephone industry.

However, in recent years, plaintiffs’ lawyers have embraced Section 632.7 of the Act as a sword to attack companies that record customer service calls.

Read More

EmailShare
07 September 2016

Why Design Matters: It Can Determine Whether an Online Agreement is Enforceable

*Updated on September 8, 2016

The Southern District of New York recently issued a ruling that raises new issues with customer consent and arbitration contracts in a simple click-through agreement, adding to the increasing judicial skepticism over the enforceability of browse-wrap agreements, despite the Supreme Court’s seeming endorsement of consumer arbitration clauses in AT&T Mobility v. Concepcion, 563 U.S. 333 (2011), based on preemption by the Federal Arbitration Act. Soon after this decision, however, the Ninth Circuit issued a ruling that went the other way and found that the arbitration terms in Uber’s terms and conditions were enforceable. Central to these cases has been findings relating to the degree to which terms of use can be considered binding.

(more…)

EmailShare
29 August 2016

Despite Lenient View of Standing, Appellate Court Dismisses “Clearly Meritless” Case on 12(b)(6) Grounds Not Considered by the District Court; Lessons Abound

In Carlsen v GameStop, Inc. the Eighth Circuit held that a plaintiff had standing to bring privacy claims that his personal information, specifically web browsing data, was provided to a third party in violation of an allegedly express agreement not to do so (namely, the defendant’s privacy policy). The district court had previously dismissed the complaint on the grounds of lack of standing because the plaintiff – a paying customer of Gamestop’s online video game magazine – failed to allege that he paid any specific amount for the privacy policy or that he bargained for any additional privacy beyond what non-paying users obtained. However, even though the district court did not consider the defendant’s 12(b)(6) motion to dismiss the complaint on grounds of failure to state a claim, the appellate court nonetheless affirmed the dismissal on that basis.

(more…)

EmailShare
08 August 2016

Second Circuit Microsoft Ruling: A Plea for Congressional Action

*This article originally appeared in Law360 on August 1, 2016.

On July 14, 2016, the U.S. Court of Appeals for the Second Circuit issued a long-awaited decision that — to the surprise of many observers — rejected the government’s construction of the Stored Communications Act and instead embraced a more restrictive view that Microsoft Corp. had advanced, backed by much of the tech industry and many privacy groups. The decision holds that electronic communications that are stored exclusively on foreign servers cannot be reached by U.S. prosecutors under the SCA’s warrant provisions — not even where the warrant is served on a U.S. provider that can access the foreign-stored information, and deliver it to U.S. officials, entirely by using computers and personnel based here in the United States. Microsoft Corp. v. USA, In the Matter of a Warrant to Search a Certain E‐Mail Account Controlled and Maintained by Microsoft Corporation (2d Cir. July 14, 2016)( Docket No. 14‐2985).

(more…)

EmailShare
28 July 2016

EU Data Protection Authorities Adopt One-Year “Wait and See” Position On Privacy Shield

The Article 29 Working Party, on July 26, 2016 issued a statement on the final form of the EU-US Privacy Shield, which was formally adopted on July 12, 2016. Speaking at a press conference, Isabelle Falque-Pierrotin, chairman of the Article 29 Working Party, stated that the EU data protection authorities would not launch legal action of their own initiative in the next year but instead will wait until after the first annual review: “the first joint review will be a time in which we will make an evaluation of the Privacy Shield and also a time where additional propositions could be made … we want to be provided with additional clarification, additional evidence, possibly changes in the legislation.” (more…)

EmailShare
26 July 2016

Second Circuit Sides With Microsoft; Data Exclusively Stored On Foreign Servers Not Subject to SCA Search Warrant

On July 14, 2016, the U.S. Court of Appeals for the Second Circuit issued a long-awaited decision that—to the surprise of many observers—rejected the government’s construction of the Stored Communications Act (SCA) and instead embraced a more restrictive view that Microsoft had advanced, backed by much of the tech industry and many privacy groups.  Microsoft Corp. v USA, In the Matter of a Warrant to Search a Certain E‐Mail Account Controlled and Maintained by Microsoft Corporation (2d Cir. July 14, 2016)( Docket No. 14‐2985).  (Sidley Austin LLP represented a number of amici in support of Microsoft before the Court of Appeals and District Court.) The decision holds that electronic communications that are stored exclusively on foreign servers cannot be reached by U.S. prosecutors under the SCA’s warrant provisions—not even where the warrant is served on a U.S. provider that can access the foreign-stored information, and deliver it to U.S. officials, by using computers and personnel based here in the United States.

(more…)

EmailShare
11 July 2016

Lexology Navigator publishes Data Security & Cybercrime in the USA by Sidley Austin LLP

Globe Business Media Group has published a Lexology Navigator on Data Security and Cybercrime in the USA by Sidley Austin LLP.  Colleen Brown, Ed McNicholas, Alan Raul and Anna Spencer contributed to the reference guide, which also lets you compare jurisdictions on various legal topics, such as data protection, from leading practitioners in the area.

EmailShare
05 July 2016

Post-Brexit EU May Be Stranded By Its Own Data Rules

*This article first appeared in Forbes on July 1, 2016.

So now the European Union’s “sceptered isle” has voted to sever its bonds with its continental partners – with the wish that (as described in a Shakespeare passage memorized by every English schoolchild for generations) it can be set off by the sea “against the envy of less happier lands.”  The outcome demonstrates the depth of dissatisfaction with a world that has become interconnected.

In the meantime, the EU is facing its own tensions with global interconnectedness that threaten to turn it into a virtual island as it heads further down the path of cutting off the flow of data to “third countries” outside the EU.

 

EmailShare
02 June 2016

Privacy Shield and the General Data Protection Regulation: More Key Developments

Developments on the European data protection front continue at a fast pace. As the process of implementation of the now-final General Data Protection Regulation (GDPR) begins, the Article 29 Working Party (WP29) is announcing a workshop on implementation questions in Brussels in July. Meanwhile, uncertainty continues for trans-Atlantic data transfers as both the European Parliament and the European Data Protection Supervisor (EDPS) weigh in with views for negotiators on the EU-U.S. Privacy Shield, and the Irish Data Protection Commissioner (IDPC) announces the intention to initiate proceedings in the Irish High Court that may put before the Court of Justice of the European Union (CJEU) the validity of EU standard contractual clauses (or model contracts). (more…)

EmailShare
XSLT Plugin by BMI Calculator