Category

Litigation

08 October 2015

The U.S. Government Largely Has Itself to Blame for the EU Court’s Safe Harbor Decision

Originally posted by the Council on Foreign Relations Net Politics Blog on October 8, 2015.

In a decision Tuesday that was as shocking as it was predictable, the Court of Justice of the European Union (CJEU) invalidated the U.S.-EU Safe Harbor for westward bound international transfers of personal data. The companies whose information flows to the United States will be impeded by the EU decision need to look to the U.S. government and not just the EU for letting this mess happen.

The case stems from a complaint Max Schrems filed with the Irish Data Protection Authority about the privacy risks of using Facebook. He was concerned that electronic communications transferred to the United States would end up in the hands of the NSA’s PRISM program. PRISM involves the NSA’s use of a provision in the Foreign Intelligence Surveillance Act, section 702, that allows it to target non-U.S. persons located outside the United States for foreign intelligence purposes. This section only applies to collections from electronic communication service providers located in the United States.

EmailShare
06 October 2015

Safe Harbor Declared Invalid by European Court of Justice

Today the European Court of Justice (“ECJ”) issued its judgment in the Max Schrems case in which it declared the European Commission’s decision on Safe Harbor as invalid. The Commission’s decision in 2000 found that companies participating in the US Department of Commerce Safe Harbor framework were operating under an “adequate” data protection regime and could thus rely on the Safe Harbor as a permissible basis to transfer personal information from the EU to the US.  The judgment comes less than two weeks after the publication of the opinion from Advocate General Bot in which he advised that national Data Protection Authorities (“DPAs”) must be able to investigate an individual request to suspend data flows to the US by a company certified under the Safe Harbor scheme, and in which he also found the Safe Harbor scheme to be invalid.

(more…)

EmailShare
24 September 2015

Opinion by ECJ Advocate General Finds Safe Harbor Invalid

In a seismic recommendation, Advocate General Yves Bot at the European Court of Justice (ECJ) issued his opinion in the closely watched Max Schrems case challenging the U.S.-EU Safe Harbor Agreement and has found Safe Harbor to be invalid. The opinion is not legally binding on the ECJ, although the Court most often follows the opinions of the Advocate General. The Advocate General recommendation makes the status of the existing Safe Harbor agreement even more uncertain, but acknowledges negotiations between the European Commission and the U.S. for an updated agreement and may leave room for a different result if such an agreement addresses concerns in the opinion about U.S. bulk surveillance.

(more…)

EmailShare
26 August 2015

Third Circuit Affirms FTC Authority to Regulate Cybersecurity

On Monday, the U.S. Court of Appeals for the Third Circuit issued its much-anticipated decision in Federal Trade Commission v. Wyndham Worldwide Corp., No. 14-3514 (3d Cir. Aug. 24, 2015), holding that the Federal Trade Commission has the authority to bring an action under Section 5 of the FTC Act for allegedly “unfair” cybersecurity practices.

(more…)

EmailShare
24 July 2015

FCC Issues Far-Reaching TCPA Declaratory Ruling

An already active TCPA class action bar is sure to become even more active after a significant Declaratory Ruling and Order from the FCC that, among other points, broadened what technologies may be considered autodialers, gave further strength to class actions based on reassigned cell numbers, and muddied the waters for constructing compliance mechanisms to support consumer revocation of consent.

On July 10, 2015, the Federal Communications Commission issued a declaratory ruling to resolve various concerns raised by 21 petitions regarding the Commission’s implementation of the Telephone Consumer Protection Act, which carries a $500 penalty for each call or text in violation.

(more…)

EmailShare
06 July 2015

Plaintiffs and Privacy in Yahoo Data Privacy Case: Judge Koh Grants Class Certification in California

On May 26, 2015, Judge Lucy Koh in the Northern District of California granted class certification to plaintiffs in In re Yahoo Mail Litigation, Case No. 13-CV-04980-LHK (N.D. Cal. May 26, 2015) (“Yahoo”). This ruling will likely have an effect on how class action claims are alleged and could impact email providers’ policies and procedures pertaining to email scanning and user consent.  In particular, companies may wish to review the impact of their privacy disclosures and consent framework to non-subscribers who may interact with users who have consented to the companies’ policies.

(more…)

EmailShare
12 May 2015

Google Inc. v. Vidal-Hall: Opening the Doors to EU Data Protection Litigation?

The English Court of Appeal has recently issued a landmark judgment against Google which could open the door to data privacy litigation in the EU.

The case concerned the collection by Google of Safari users’ browser information, allegedly without their knowledge or consent. In its opinion, the Court of Appeal held that four individuals who used Safari browsers can bring a claim for breach of privacy and that the damages claimed can include distress – even in circumstances where there is no financial loss, as this had been the intention of the EU’s Data Protection Directive. To reach this result, the Court relied on EU legal authorities to override and displace limitations on recovery under the UK Data Protection Act.

(more…)

EmailShare
XSLT Plugin by BMI Calculator