New Class Action Complaint Alleges Privacy Violations by ISP Using NebuAd Device

Posted on December 15, 2009 by Hunton & Williams LLP

A class action complaint filed on December 9, 2009, in Illinois federal court alleges that WideOpen West, Finance, LLC ("WOW"), an Internet service provider, violated its users' privacy by "installing spyware devices on its broadband networks."  Valentine v. WideOpen West (N.D. Ill., No. 1:09-cv-07653).  This action against WOW follows the October 6, 2009, dismissal by a district court in California of similar claims against six out-of-state ISP defendants (including WOW) filed in November 2008 by the same lead plaintiff.  The court in Valentine v. NebuAd, Inc. et al. (N.D. Cal., No. 3:08-cv-05113) found that the ISP defendants were not subject to personal jurisdiction in California, leaving the now-defunct NebuAd as the only defendant in that case.  Plaintiff Valentine has now brought this action against WOW in the Northern District of Illinois.

The complaint alleges that some 330,000 high-speed Internet customer accounts were impacted by the "NebuAd Ultra-Transparent Appliance" that WOW used "to divert Internet traffic," including users' personal information, to NebuAd (a third party provider of tailored advertising services).  The complaint alleges that WOW provided NebuAd with intercepted communications to (i) serve advertisements on the websites users visited, and (ii) transmit code that installed tracking cookies that could not be deleted from users' computers.
 
In addition, the complaint includes charges that WOW misrepresented to Congress the content of user traffic it diverted to NebuAd by stating in response to Congressional inquiries that no personally identifiable information was collected.  The complaint also alleges that WOW's conduct constituted a tortious invasion of privacy, violations of the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act, and a violation of the Illinois Criminal Code's eavesdropping restrictions.  It remains to be seen whether the class will be certified in this case.
Tags: , , , , , , , , , , , ,

French Senate Issues Report on Right to Privacy in the Digital Age

Posted on June 11, 2009 by Hunton & Williams LLP

On June 3, 2009, the French Senate’s Commission on Laws issued a report on the right to privacy in the digital age (‘La vie privée à l’heure des mémoires numériques’) (the “Report”). The issuance of the Report is perhaps the most important legislative initiative in France in the field of privacy and data protection since the implementation of the EU Data Protection Directive in 2004.

The Report observes that new technologies developed in recent years now enable companies and organizations to track and trace individuals in various ways over space and time, retaining “digital memories” of the personal data collected. Various technologies, such as videosurveillance, RFID, geolocalization and Bluetooth, are used for different purposes (e.g., security, transportation, advertising, etc.), which may have an impact on an individual’s right to privacy. Furthermore, perceptions of risk have changed – younger generations tend to be less aware of the threats that some websites, such as blogs or social networks, may pose to their privacy.

The Report advocates developing adequate and sustainable solutions to deal with the specific challenges of our time. In particular, it recommends requiring the appointment of Data Protection Officers for companies and organizations with more than fifty employees, creating a new legal obligation for data controllers to notify the French data protection authority (“CNIL”) in the event of a data security breach, and expanding the CNIL to include a network of regional offices. The Report also advocates several points made in the CNIL’s Annual Activity Report, released May 13, including diversifying the CNIL’s financial resources, increasing its personnel and including data protection and privacy rights in the French constitution. 

These reports demonstrate the French Senate’s and the CNIL’s motivation to enhance the right to privacy at both the national and international levels. Olivier Proust, an attorney in Hunton & Williams’ Brussels office and a member of the Paris Bar, was among the legal experts who testified before the French Senate regarding the impact of new technologies on privacy issues, which is among the topics discussed in the Report. The Report and a short summary are available (in French) here. More information about the CNIL’s recently-published Annual Activity Report for 2008 is available here.
Tags: , , , , , , ,

French Data Protection Authority Issues 2008 Annual Activity Report

Posted on June 2, 2009 by Hunton & Williams LLP

On May 13, 2009, the French Data Protection Authority (“CNIL”) published its Annual Activity Report.  The Report highlights increasing enforcement activity, noting a record number of investigations, formal notifications and fines.  Having recently celebrated its thirtieth anniversary, the CNIL stated that it seeks to constantly evolve and meet the challenges of modern society by pursuing three key points: (i) diversifying its sources of financing; (ii) increasing the number of personnel; and (iii) including data protection and privacy rights in the French constitution in the near future.

The CNIL is increasingly engaged in assisting companies to ensure individuals’ privacy rights as part of diverse technology projects like Streetview, Bluetooth advertising and implementation of an electronic pharmaceutical database.  As a natural extension of these efforts, the CNIL also has positioned itself to be a key player in the field of data protection certification through its participation in the “European Privacy Seal” labeling project and recent membership in the AFNOR Groupe (an organization for certification and security standardization).

Other key initiatives include reconciling e-discovery rules and the European data protection framework (an issue the CNIL has influenced at both a national and European level) and data security (on which point the CNIL has noted business enterprises’ lack of strong security measures).  The CNIL has signaled its intention to issue recommendations on both issues, and plans to contribute to the development of security standards in order to enhance data security awareness.  The full annual report is available (in French) here.
Tags: , , , , , , , ,