Category

Litigation

07 September 2016

Why Design Matters: It Can Determine Whether an Online Agreement is Enforceable

*Updated on September 8, 2016

The Southern District of New York recently issued a ruling that raises new issues with customer consent and arbitration contracts in a simple click-through agreement, adding to the increasing judicial skepticism over the enforceability of browse-wrap agreements, despite the Supreme Court’s seeming endorsement of consumer arbitration clauses in AT&T Mobility v. Concepcion, 563 U.S. 333 (2011), based on preemption by the Federal Arbitration Act. Soon after this decision, however, the Ninth Circuit issued a ruling that went the other way and found that the arbitration terms in Uber’s terms and conditions were enforceable. Central to these cases has been findings relating to the degree to which terms of use can be considered binding.

(more…)

EmailShare
29 August 2016

Despite Lenient View of Standing, Appellate Court Dismisses “Clearly Meritless” Case on 12(b)(6) Grounds Not Considered by the District Court; Lessons Abound

In Carlsen v GameStop, Inc. the Eighth Circuit held that a plaintiff had standing to bring privacy claims that his personal information, specifically web browsing data, was provided to a third party in violation of an allegedly express agreement not to do so (namely, the defendant’s privacy policy). The district court had previously dismissed the complaint on the grounds of lack of standing because the plaintiff – a paying customer of Gamestop’s online video game magazine – failed to allege that he paid any specific amount for the privacy policy or that he bargained for any additional privacy beyond what non-paying users obtained. However, even though the district court did not consider the defendant’s 12(b)(6) motion to dismiss the complaint on grounds of failure to state a claim, the appellate court nonetheless affirmed the dismissal on that basis.

(more…)

EmailShare
08 August 2016

Second Circuit Microsoft Ruling: A Plea for Congressional Action

*This article originally appeared in Law360 on August 1, 2016.

On July 14, 2016, the U.S. Court of Appeals for the Second Circuit issued a long-awaited decision that — to the surprise of many observers — rejected the government’s construction of the Stored Communications Act and instead embraced a more restrictive view that Microsoft Corp. had advanced, backed by much of the tech industry and many privacy groups. The decision holds that electronic communications that are stored exclusively on foreign servers cannot be reached by U.S. prosecutors under the SCA’s warrant provisions — not even where the warrant is served on a U.S. provider that can access the foreign-stored information, and deliver it to U.S. officials, entirely by using computers and personnel based here in the United States. Microsoft Corp. v. USA, In the Matter of a Warrant to Search a Certain E‐Mail Account Controlled and Maintained by Microsoft Corporation (2d Cir. July 14, 2016)( Docket No. 14‐2985).

(more…)

EmailShare
28 July 2016

EU Data Protection Authorities Adopt One-Year “Wait and See” Position On Privacy Shield

The Article 29 Working Party, on July 26, 2016 issued a statement on the final form of the EU-US Privacy Shield, which was formally adopted on July 12, 2016. Speaking at a press conference, Isabelle Falque-Pierrotin, chairman of the Article 29 Working Party, stated that the EU data protection authorities would not launch legal action of their own initiative in the next year but instead will wait until after the first annual review: “the first joint review will be a time in which we will make an evaluation of the Privacy Shield and also a time where additional propositions could be made … we want to be provided with additional clarification, additional evidence, possibly changes in the legislation.” (more…)

EmailShare
26 July 2016

Second Circuit Sides With Microsoft; Data Exclusively Stored On Foreign Servers Not Subject to SCA Search Warrant

On July 14, 2016, the U.S. Court of Appeals for the Second Circuit issued a long-awaited decision that—to the surprise of many observers—rejected the government’s construction of the Stored Communications Act (SCA) and instead embraced a more restrictive view that Microsoft had advanced, backed by much of the tech industry and many privacy groups.  Microsoft Corp. v USA, In the Matter of a Warrant to Search a Certain E‐Mail Account Controlled and Maintained by Microsoft Corporation (2d Cir. July 14, 2016)( Docket No. 14‐2985).  (Sidley Austin LLP represented a number of amici in support of Microsoft before the Court of Appeals and District Court.) The decision holds that electronic communications that are stored exclusively on foreign servers cannot be reached by U.S. prosecutors under the SCA’s warrant provisions—not even where the warrant is served on a U.S. provider that can access the foreign-stored information, and deliver it to U.S. officials, by using computers and personnel based here in the United States.

(more…)

EmailShare
11 July 2016

Lexology Navigator publishes Data Security & Cybercrime in the USA by Sidley Austin LLP

Globe Business Media Group has published a Lexology Navigator on Data Security and Cybercrime in the USA by Sidley Austin LLP.  Colleen Brown, Ed McNicholas, Alan Raul and Anna Spencer contributed to the reference guide, which also lets you compare jurisdictions on various legal topics, such as data protection, from leading practitioners in the area.

EmailShare
05 July 2016

Post-Brexit EU May Be Stranded By Its Own Data Rules

*This article first appeared in Forbes on July 1, 2016.

So now the European Union’s “sceptered isle” has voted to sever its bonds with its continental partners – with the wish that (as described in a Shakespeare passage memorized by every English schoolchild for generations) it can be set off by the sea “against the envy of less happier lands.”  The outcome demonstrates the depth of dissatisfaction with a world that has become interconnected.

In the meantime, the EU is facing its own tensions with global interconnectedness that threaten to turn it into a virtual island as it heads further down the path of cutting off the flow of data to “third countries” outside the EU.

 

EmailShare
02 June 2016

Privacy Shield and the General Data Protection Regulation: More Key Developments

Developments on the European data protection front continue at a fast pace. As the process of implementation of the now-final General Data Protection Regulation (GDPR) begins, the Article 29 Working Party (WP29) is announcing a workshop on implementation questions in Brussels in July. Meanwhile, uncertainty continues for trans-Atlantic data transfers as both the European Parliament and the European Data Protection Supervisor (EDPS) weigh in with views for negotiators on the EU-U.S. Privacy Shield, and the Irish Data Protection Commissioner (IDPC) announces the intention to initiate proceedings in the Irish High Court that may put before the Court of Justice of the European Union (CJEU) the validity of EU standard contractual clauses (or model contracts). (more…)

EmailShare
23 May 2016

Supreme Court to Ninth Circuit in Spokeo–Get ‘Real’ on Injury

This article originally appeared in the Bloomberg BNA Privacy and Security Law Report on May 23, 2016.

In Spokeo, Inc. v. Robins, decided May 16, the U.S. Supreme Court ruled that plaintiffs who allege violations of statutes that contain a private right of action and statutory damages do not have automatic ‘‘standing’’ to sue. The Court instead found that to meet the constitutional requirement of standing, the plaintiff must establish not only the ‘‘invasion of a legally protected interest’’ defined by Congress, but also that the plaintiff suffered a “concrete and particularized” harm to that interest.

(more…)

EmailShare
18 May 2016

The Supreme Court Remands Injury Question In Spokeo Class Action Privacy Claim

On Monday, May 16, the Supreme Court addressed the question of whether an alleged violation of the Fair Credit Reporting Act (FCRA), without allegation of concrete injury, is ever sufficient for Article III standing. The case, Spokeo Inc. v. Robbins, No. 13-1339 (2016), involved a class action against data broker Spokeo Inc.. The plaintiff, Thomas Robins, alleged that Spokeo violated the FCRA by inaccurately reporting online that he was a wealthy, married man with children and a graduate degree when he was actually unmarried and out of work. He argued that those inaccuracies could have hurt his chances with potential employers. The district court dismissed Mr. Robins’s case for failure to show any actual harm from the false information, but in 2014, the U.S. Court of Appeals for the Ninth Circuit allowed the case to move forward based on its analysis that Mr. Robins’s injury allegation was particularized because he alleged that Spokeo violated his individual rights when it handled his information.

(more…)

EmailShare
XSLT Plugin by BMI Calculator