Category

Litigation

08 August 2016

Second Circuit Microsoft Ruling: A Plea for Congressional Action

*This article originally appeared in Law360 on August 1, 2016.

On July 14, 2016, the U.S. Court of Appeals for the Second Circuit issued a long-awaited decision that — to the surprise of many observers — rejected the government’s construction of the Stored Communications Act and instead embraced a more restrictive view that Microsoft Corp. had advanced, backed by much of the tech industry and many privacy groups. The decision holds that electronic communications that are stored exclusively on foreign servers cannot be reached by U.S. prosecutors under the SCA’s warrant provisions — not even where the warrant is served on a U.S. provider that can access the foreign-stored information, and deliver it to U.S. officials, entirely by using computers and personnel based here in the United States. Microsoft Corp. v. USA, In the Matter of a Warrant to Search a Certain E‐Mail Account Controlled and Maintained by Microsoft Corporation (2d Cir. July 14, 2016)( Docket No. 14‐2985).

(more…)

EmailShare
28 July 2016

EU Data Protection Authorities Adopt One-Year “Wait and See” Position On Privacy Shield

The Article 29 Working Party, on July 26, 2016 issued a statement on the final form of the EU-US Privacy Shield, which was formally adopted on July 12, 2016. Speaking at a press conference, Isabelle Falque-Pierrotin, chairman of the Article 29 Working Party, stated that the EU data protection authorities would not launch legal action of their own initiative in the next year but instead will wait until after the first annual review: “the first joint review will be a time in which we will make an evaluation of the Privacy Shield and also a time where additional propositions could be made … we want to be provided with additional clarification, additional evidence, possibly changes in the legislation.” (more…)

EmailShare
26 July 2016

Second Circuit Sides With Microsoft; Data Exclusively Stored On Foreign Servers Not Subject to SCA Search Warrant

On July 14, 2016, the U.S. Court of Appeals for the Second Circuit issued a long-awaited decision that—to the surprise of many observers—rejected the government’s construction of the Stored Communications Act (SCA) and instead embraced a more restrictive view that Microsoft had advanced, backed by much of the tech industry and many privacy groups.  Microsoft Corp. v USA, In the Matter of a Warrant to Search a Certain E‐Mail Account Controlled and Maintained by Microsoft Corporation (2d Cir. July 14, 2016)( Docket No. 14‐2985).  (Sidley Austin LLP represented a number of amici in support of Microsoft before the Court of Appeals and District Court.) The decision holds that electronic communications that are stored exclusively on foreign servers cannot be reached by U.S. prosecutors under the SCA’s warrant provisions—not even where the warrant is served on a U.S. provider that can access the foreign-stored information, and deliver it to U.S. officials, by using computers and personnel based here in the United States.

(more…)

EmailShare
11 July 2016

Lexology Navigator publishes Data Security & Cybercrime in the USA by Sidley Austin LLP

Globe Business Media Group has published a Lexology Navigator on Data Security and Cybercrime in the USA by Sidley Austin LLP.  Colleen Brown, Ed McNicholas, Alan Raul and Anna Spencer contributed to the reference guide, which also lets you compare jurisdictions on various legal topics, such as data protection, from leading practitioners in the area.

EmailShare
05 July 2016

Post-Brexit EU May Be Stranded By Its Own Data Rules

*This article first appeared in Forbes on July 1, 2016.

So now the European Union’s “sceptered isle” has voted to sever its bonds with its continental partners – with the wish that (as described in a Shakespeare passage memorized by every English schoolchild for generations) it can be set off by the sea “against the envy of less happier lands.”  The outcome demonstrates the depth of dissatisfaction with a world that has become interconnected.

In the meantime, the EU is facing its own tensions with global interconnectedness that threaten to turn it into a virtual island as it heads further down the path of cutting off the flow of data to “third countries” outside the EU.

Read More

 

EmailShare
02 June 2016

Privacy Shield and the General Data Protection Regulation: More Key Developments

Developments on the European data protection front continue at a fast pace. As the process of implementation of the now-final General Data Protection Regulation (GDPR) begins, the Article 29 Working Party (WP29) is announcing a workshop on implementation questions in Brussels in July. Meanwhile, uncertainty continues for trans-Atlantic data transfers as both the European Parliament and the European Data Protection Supervisor (EDPS) weigh in with views for negotiators on the EU-U.S. Privacy Shield, and the Irish Data Protection Commissioner (IDPC) announces the intention to initiate proceedings in the Irish High Court that may put before the Court of Justice of the European Union (CJEU) the validity of EU standard contractual clauses (or model contracts). (more…)

EmailShare
23 May 2016

Supreme Court to Ninth Circuit in Spokeo–Get ‘Real’ on Injury

This article originally appeared in the Bloomberg BNA Privacy and Security Law Report on May 23, 2016.

In Spokeo, Inc. v. Robins, decided May 16, the U.S. Supreme Court ruled that plaintiffs who allege violations of statutes that contain a private right of action and statutory damages do not have automatic ‘‘standing’’ to sue. The Court instead found that to meet the constitutional requirement of standing, the plaintiff must establish not only the ‘‘invasion of a legally protected interest’’ defined by Congress, but also that the plaintiff suffered a “concrete and particularized” harm to that interest.

(more…)

EmailShare
18 May 2016

The Supreme Court Remands Injury Question In Spokeo Class Action Privacy Claim

On Monday, May 16, the Supreme Court addressed the question of whether an alleged violation of the Fair Credit Reporting Act (FCRA), without allegation of concrete injury, is ever sufficient for Article III standing. The case, Spokeo Inc. v. Robbins, No. 13-1339 (2016), involved a class action against data broker Spokeo Inc.. The plaintiff, Thomas Robins, alleged that Spokeo violated the FCRA by inaccurately reporting online that he was a wealthy, married man with children and a graduate degree when he was actually unmarried and out of work. He argued that those inaccuracies could have hurt his chances with potential employers. The district court dismissed Mr. Robins’s case for failure to show any actual harm from the false information, but in 2014, the U.S. Court of Appeals for the Ninth Circuit allowed the case to move forward based on its analysis that Mr. Robins’s injury allegation was particularized because he alleged that Spokeo violated his individual rights when it handled his information.

(more…)

EmailShare
06 May 2016

District Court Rules for the FTC in “Unfairness” Action Against Amazon Regarding In-app Purchasing Controls

On April 26, the US District Court in Seattle granted the FTC’s motion for summary judgment against Amazon for providing allegedly inadequate parental controls to limit their children’s in-app purchases. Case No. C14-1038-JCC.  The FTC alleged that the company’s failure to require more robust password re-entry meant that many in-app purchases by children resulted in unauthorized charges to the parents.

(more…)

EmailShare
25 April 2016

Fourth Circuit Affirms Duty to Defend Online Data Breach Allegations

In Travelers Indemnity Company of America v. Portal Healthcare Solutions, LLC, No. 14-1944 (4th Cir. Apr. 11, 2016), the U.S. Court of Appeals for the 4th Circuit affirmed the judgment on the reasoning of the federal district court in Virginia (No. 1:13-cv-00917-GBL-IDD), holding that Travelers had a duty to defend Portal in an underlying class action alleging online publication by Portal of confidential patient medical information pursuant to two commercial general liability (CGL) policies Travelers issued to Portal in 2012 and 2013.

(more…)

EmailShare
XSLT Plugin by BMI Calculator