The Summer 2017 Edition of the quarterly IT & Privacy Newsletter by Reed Smith Germany has just been released. We cover the German GDPR Implementation Act, new case law on processing on the basis of legitimate interests, marketing consent, and provider liability, as well as the paper on Google Analytics by the Hamburg data protection … Continue Reading
In a watershed ruling for businesses facing the recent onslaught of Telephone Consumer Protection Act (TCPA) claims, the Second Circuit Court of Appeals held that consumers cannot revoke their consent to receive automated or prerecorded cell phone calls if they previously consented to receive those calls as part of a binding contract. See Reyes v. Lincoln … Continue Reading
In a preliminary judgment of 14 June 2017, Case C-610/15, the Court of Justice of the European Union (‘CJEU’) held that the making available and management of a peer-to-peer sharing platform may constitute a copyright infringement. Facts of the case In the underlying main proceedings before the Supreme Court of the Netherlands, Stichting Brein, a Dutch … Continue Reading
As courts continue to grapple with close calls on standing following the U.S. Supreme Court’s seminal decision in Spokeo v. Robins, another court has given defendants a win for intangible injuries and risk of future harm. On June 6, the District of New Jersey dismissed – for the second time – a putative class action … Continue Reading
According to a press release dated 16 May 2017, and following the Court of Justice of the European Union’s (CJEU) preliminary ruling in Case C-582/14 dated 19 October 2016 (see our previous blog), the German Federal Supreme Court (Bundesgerichtshof – FSC) confirmed in a judgment of 15 May 2017, case no. VI ZR 135/13 that dynamic IP addresses constitute personal data within … Continue Reading
In the recent case of Prince Moulay Hicham v Elaph Publishing Limited, the Court of Appeal held in a unanimous decision that a claimant could include an action under the UK Data Protection Act 1998 (‘DPA’) as an alternative means of redress. To read our full client alert in relation to this judgment, please click … Continue Reading
As the cherry blossoms prepare to bloom in Washington, D.C., our thoughts turn toward wondering when the D.C. Circuit will hand down its ruling in ACA International, et al v. FCC (Case No. 15-1211). This case, you will recall, is the consolidation of a number of appeals challenging the July 10, 2015, Order in which … Continue Reading
Michaels escaped a potential class action alleging Fair Credit Reporting Act (“FCRA”) violations late last month when a federal judge found the United States Supreme Court’s recent decision in Spokeo, Inc. v. Robbins, 136 S. Ct. 1540 (2016) foreclosed the plaintiffs’ claim for a bare statutory violation not resulting in concrete damages. The recent ruling … Continue Reading
Affirming a lower court decision this blog discussed here, the Superior Court of Pennsylvania held January 12 that dismissal of a proposed data breach class action was proper, because the University of Pittsburgh Medical Center lacked a legal duty to protect employee information stolen by a third party. The 2-1 majority’s finding that UPMC had … Continue Reading
It’s not uncommon for internet-based services to utilize names referencing their online presence, much like it is not uncommon for the monikers of app-based services to refer to their mobile format. But at what point does a suggestive term become merely descriptive to the point that it can be denied trademark registration? The United States … Continue Reading
A DJ asserting trademark infringement and dilution claims against a similarly named rapper failed partly due to a lack of apparent popularity on social media, the U.S. Court of Appeals for the Sixth Circuit ruled on December 13. In Kibler v. Hall, et al., No. 15-2516 (6th Cir. Dec. 13, 2016), the appellate court affirmed … Continue Reading
Officers and directors may breathe a temporary sigh of relief following the recent dismissal of the Home Depot data breach derivative case. Others will look to the facts for guidance. The complaint alleging the board had breached its fiduciary duties by “knowingly and in conscious disregard” failing to ensure that Home Depot took reasonable measures … Continue Reading
Ask any 1L – personal jurisdiction has always been a tricky issue. But in the internet era, even courts have grappled with how to determine whether an online presence is sufficient to establish personal jurisdiction over a party. Recently, the Eastern District of Louisiana ruled that an internet presence consisting of a website as well … Continue Reading
Just four months after its adoption by the European Commission, the EU-U.S. Privacy Shield is facing its first formal legal challenge. The challenge comes from the Irish advocacy group Digital Rights Ireland, who is joined by French privacy advocacy group La Quadrature du Net and non-profit internet service provider French Data Network.… Continue Reading
The Michigan attorney general intervened November 22 in a suit brought under a Michigan privacy law, making it one of the first times a state attorney general has weighed in on a case involving data use. Michigan AG Bill Schuette defended the constitutionality of the Michigan Preservation of Personal Privacy Act, otherwise known as the … Continue Reading
A recent High Court decision, TLT and others v Secretary of State for the Home Office [2016] EWHC 2217 (QB) (“TLT v SoS”), paves the way for the greater recognition of distress in cases of data breaches and the misuse of private information. The victims of a data breach, in this case asylum seekers, successfully … Continue Reading
The Court of Justice of the European Union (“CJEU”) has ruled that dynamic IP addresses can constitute personal data. Dynamic IP addresses, registered by a website provider when an individual accesses its website, shall constitute personal data where the operator has the legal means to combine the data with additional data (held by the internet … Continue Reading
Lyft, Inc. – the popular ride hailing service featuring the iconic pink moustache – is facing a second class action lawsuit in California alleging violations under the Telephone Consumer Protection Act (“TCPA”). This alleges that Lyft sent unwanted and unsolicited text messages to cellphones using an automated dialing system without first obtaining express written consent … Continue Reading
This month, the Indianapolis Colts, app developer Yinzcam, Inc., and ultrasonic technology provider Lisnr, Inc., were hit with a federal class action lawsuit in Pennsylvania for violating the Electronic Communications Privacy Act by allegedly allowing the Colts fan app to listen in on users’ personal phone conversations, and use that information for advertising purposes without … Continue Reading
In data breach class actions, standing is often the major obstacle, and has taken on renewed focus following the U.S. Supreme Court’s ruling in Spokeo v. Robins, 136 S. Ct. 1540 (May 24, 2016). See, e.g., Federal Court Finds Intangible Harm Caused by Robocalls Sufficient for Post-Spokeo Standing in TCPA Claim Alleging Privacy Invasion, Technology … Continue Reading
The High Court held, in The Software Incubator v Computer Associates [2016] EWHC 1587 (QB), that a supply of commoditised software is a sale of goods for the purposes of the Commercial Agents (Council Directive) Regulations 1993 (“Regulations”). Background Computer Associates UK Ltd (“CA”) entered into a non-exclusive agreement with The Software Incubator Limited (“TSI”). … Continue Reading
In a case demonstrating the ongoing difficulties of applying the Spokeo decision to interpret injury-in-fact, a Massachusetts federal court last week denied a motion to dismiss by USA Today parent company, Gannett Satellite Information Network Inc., where the company allegedly disclosed personal data about a user’s video-viewing history to a third-party analytics firm. The putative … Continue Reading
While the United States Supreme Court’s ruling in Spokeo v. Robins, 136 S. Ct. 1540 (2016), has garnered much attention after being cited by numerous courts as a means to dismiss data privacy class actions, defendants should never count out any potential avenues for exiting such a suit; in Pennsylvania (and in many other states … Continue Reading
The High Court in Bangura v Loughborough University [2016] EWHC 1503 (QB) ruled 19 May that Loughborough University acted lawfully under the Data Protection Act 1998 (“DPA”) in supplying Leicestershire Police with the registration form of a student suspected of sexual assault and rape. In contravention of the university’s data protection policy, the registration form … Continue Reading
