Privacy and Information Security Law Blog

Tag Archives: California

California AG’s Mobile App Case Against Delta Dismissed

Posted on May 10, 2013 by Hunton & Williams LLP

A state court has dismissed the California Attorney General’s claims that Delta Air Lines Inc. (“Delta”) violated the California Online Privacy Protection Act by failing to have an appropriately posted privacy policy for its mobile application, Bloomberg reports. The California AG sued Delta in December as part of an enforcement campaign that began with the issuance of warning letters to approximately 100 operators of mobile apps, including Delta. According to the Bloomberg report, a basis for the dismissal was the federal Airline Deregulation Act, under which a state “may not enact or enforce a law, regulation, or other provision having the force and effect of law related to a price, route, or service of an air carrier that may provide air transportation under this subpart.” 49 U.S.C. § 41713.

Tags: California, Enforcement, Mobile App, Online Privacy, Personally Identifiable Information, Privacy Policy, State Attorneys General, U.S. Federal Law, U.S. State Law

U.S. Court Finds National Security Letter Nondisclosure Provisions Unconstitutional

Posted on March 22, 2013 by Hunton & Williams LLP

On March 14, 2013, the United States District Court for the Northern District of California granted a motion to prohibit the government from issuing National Security Letters (“NSLs”) to electronic communication service providers (“ECSPs”) requesting “subscriber information” and enforcing nondisclosure clauses contained in such letters. The nondisclosure clauses are intended to prevent ECSPs from disclosing that they received an NSL. The court also held that the sections of two federal statutes relating to the nondisclosure provisions of NSLs, 18 U.S.C. §2709(c) and 18 U.S.C. §3511(b), (collectively, the “NSL Nondisclosure Statutes”) were unconstitutional because they violated the First Amendment as well as separation of powers principles. In light of the significant constitutional and national security implications, the court stayed enforcement of its judgment pending appeal to the Ninth Circuit, or for 90 days if no appeal is filed.

Tags: California, Consumer Protection, FCRA, Financial Privacy, Service Provider, U.S. Federal Law

Massachusetts Court Ruling Benefits Plaintiff in Zip Code Case

Posted on March 11, 2013 by Hunton & Williams LLP

On March 11, 2013, in Tyler v. Michaels Stores, Inc., the Massachusetts Supreme Judicial Court effectively reinstated the suit against the retailer by answering favorably for the plaintiff three certified questions from the United States District Court for the District of Massachusetts regarding Massachusetts General Laws Chapter 93, Section 105(a) entitled “Consumer Privacy in Commercial Transactions” (“Section 105(a)”). The court ruled that (1) a ZIP code constitutes personal identification information under the Massachusetts law; (2) a plaintiff may bring an action for a violation of the Massachusetts law absent identity fraud; and (3) the term “credit card transaction form” refers equally to electronic and paper transaction forms. The Massachusetts court’s determination that a ZIP code constitutes personal identification information is similar to the determination in Pineda v. Williams-Sonoma Stores, Inc., in which the California Supreme Court held that ZIP codes are “personal identification information” under California’s Song-Beverly Credit Card Act. More than 15 states, including Massachusetts and California, have statutes limiting the type of information that retailers can collect from customers.

Tags: California, Class Action, Consumer Protection, Enforcement, Identity Theft, Information Security, Litigation, Massachusetts, Payment Card, Personally Identifiable Information, Song-Beverly Act, U.S. State Law, ZIP Codes

California Ruling Finds Song-Beverly Act Does Not Apply to Online Transactions

Posted on February 5, 2013 by Hunton & Williams LLP

On February 4, 2013, the Supreme Court of California examined whether Section 1747.08 of the Song-Beverly Credit Card Act (“Song-Beverly”) prohibits an online retailer from requesting or requiring personal identification information from a customer as a condition to accepting a credit card as payment for an electronically downloadable product. In a split decision, the majority of the court ruled that Song-Beverly does not apply to online purchases in which the product is downloaded electronically.

Tags: Apple Inc., California, Class Action, Consumer Protection, Litigation, Online Privacy, Payment Card, Personally Identifiable Information, Song-Beverly Act, U.S. State Law

California Ruling Permits Collection of ZIP Codes After Receipt Is Provided to Customer

Posted on January 11, 2013 by Hunton & Williams LLP

As reported in BNA’s Privacy & Security Law Report, on December 14, 2012, a federal district court in California ruled that a retail store’s policy of collecting personal information only after providing customers with receipts does not violate the Song-Beverly Credit Card Act (“Song-Beverly”). Under Section 1747.08(a)(2) of Song-Beverly, a retailer that accepts credit cards for the transaction of business may not “[r]equest, or require as a condition to accepting the credit card as payment … the cardholder to provide personal identification information,” which the entity accepting the credit card then “writes, causes to be written, or otherwise records upon the credit card transaction form or otherwise.”

Tags: California, Class Action, Consumer Protection, Enforcement, Information Security, Litigation, Payment Card, Personally Identifiable Information, Safe Harbor, Song-Beverly Act, U.S. State Law, ZIP Codes

California AG Sues Delta for Failure to Post a Privacy Policy on Its Mobile App

Posted on December 7, 2012 by Hunton & Williams LLP

On December 6, 2012, California Attorney General Kamala D. Harris announced a lawsuit against Delta Air Lines, Inc. (“Delta”) for violations of the California Online Privacy Protection Act (“CalOPPA”). The suit, which the Attorney General filed in the San Francisco Superior Court, alleges that Delta failed to conspicuously post a privacy policy within Delta’s “Fly Delta” mobile application to inform users of what personally identifiable information is collected and how it is being used by the company. CalOPPA requires “an operator of a commercial Web site or online service that collects personally identifiable information through the Internet about individual consumers residing in California who use or visit its commercial Web site or online service,” such as a mobile application, to post a privacy policy that contains the elements set out in CalOPPA. According to Attorney General Harris’ complaint, Delta has operated the “Fly Delta” application for smartphones and other electronic devices since at least 2010. The complaint alleges that “[d]espite collecting substantial personally identifiable information (“PII”) such as user’s full name, telephone number, email address, frequent flyer account number and PIN code, photographs, and geo-location, the Fly Delta application does not have a privacy policy. It does not have a privacy policy in the application itself, in the platform stores from which the application may be downloaded, or on Delta’s website.”

Tags: California, Enforcement, Online Privacy, Penalty, Personally Identifiable Information, Privacy Policy, State Attorneys General, U.S. State Law

Time Running Out for Mobile App Operators Targeted by California Attorney General

Posted on November 26, 2012 by Hunton & Williams LLP

In late October 2012, California Attorney General Kamala D. Harris began sending letters to approximately 100 mobile app operators, informing them that they are not in compliance with the California Online Privacy Protection Act (“CalOPPA”). Pursuant to CalOPPA, “an operator of a commercial Web site or online service that collects personally identifiable information through the Internet about individual consumers residing in California who use or visit its commercial Web site or online service” must post a privacy policy that contains specified elements. A mobile app arguably could be an “online service” under CalOPPA, which provides that an online service operator that collects “personally identifiable information” and “fails to post its policy within 30 days after being notified of noncompliance” is in violation of CalOPPA. The law affects a wide range of mobile app operators because of its very broad definition of “personally identifiable information,” which includes any “individually identifiable information about an individual consumer collected online by the operator from that individual and maintained by the operator in an accessible form,” such as a name, an email address or any other identifier “that permits the physical or online contacting of a specific individual.”

Tags: California, Mobile App, Mobile Device, Online Privacy, Personally Identifiable Information, Privacy Policy, State Attorneys General, U.S. State Law

California Court Denies Hulu’s Motion to Dismiss in Video Privacy Protection Act Case

Posted on August 20, 2012 by Hunton & Williams LLP

On August 10, 2012, a federal district court in California denied Hulu’s motion to dismiss the remaining claim in a putative class action suit alleging that the online streaming video provider transmitted users’ personal information to third parties in violation of the Video Privacy Protection Act (“VPPA”). The VPPA prohibits a “video tape service provider” from transmitting personally identifiable information of “consumers,” except in certain, limited circumstances. According to the complaint, Hulu allegedly allowed KISSmetrics, a data analytics company, to place tracking codes on the plaintiffs’ computers that re-spawned previously-deleted cookies, and shared Hulu users’ video viewing choices and “personally identifiable information” with third parties, including online ad networks, metrics companies and social media networks.

Tags: Advertisement, Behavioral Advertising, California, Class Action, Congress, Consumer Protection, Enforcement, Legislation, Online Privacy, Personally Identifiable Information, Service Provider, Social Media, U.S. Federal Law, Video Privacy Protection Act

Divergent Results for Class Action Text Message Spam Suits

Posted on August 8, 2012 by Hunton & Williams LLP

In recent months we have seen a dismissal and two settlements in class action suits alleging violations of the Telephone Consumer Protection Act (“TCPA”) by companies that used text messaging as part of advertising campaigns. The TCPA is a federal privacy law that imposes restrictions on telephone solicitations, including telemarketing calls and text messages.

Tags: California, Class Action, Consumer Protection, Litigation, Marketing, Penalty, Telemarketing, Telephone Consumer Protection Act, Text Message, U.S. Federal Law

Privacy and Information Security Law Blog - Global privacy and information security law updates and analysis

Tag Archives: California

California AG’s Mobile App Case Against Delta Dismissed

U.S. Court Finds National Security Letter Nondisclosure Provisions Unconstitutional

Massachusetts Court Ruling Benefits Plaintiff in Zip Code Case

California Ruling Finds Song-Beverly Act Does Not Apply to Online Transactions

California Ruling Permits Collection of ZIP Codes After Receipt Is Provided to Customer

California AG Sues Delta for Failure to Post a Privacy Policy on Its Mobile App

Time Running Out for Mobile App Operators Targeted by California Attorney General

Divergent Results for Class Action Text Message Spam Suits

Published By Hunton & Williams

Search

Subscribe

Topics

Recent Updates

Blogroll

Stay Connected

Privacy News