The recent UK case of Soriano v Forensic News and Others tested the territorial reach of the General Data Protection Regulation and represents the first UK judgment dealing with the territorial scope of the GDPR. This was a “service out” case, where the claimant, Walter T. Soriano, sought the Court’s permission under the UK Civil Procedure Rules to serve proceedings on the defendants, who were all domiciled in the U.S.
Continue Reading UK Case Tests the Territorial Application of the GDPR to U.S. Run Website

On January 12, 2021, in Wengui v. Clark Hill, PLC, et al., the United States District Court for the District of Columbia rejected a law firm defendant’s assertions of the attorney-client privilege and work product doctrine for forensic reporting and other related information associated with its outside counsel’s data breach investigation.
Continue Reading D.C. Court Rejects Attorney-Client Privilege and Work Product Protections in Data Breach Case

On November 12, 2020, Chief Judge Nancy J. Rosenstengel of the U.S. District Court for the Southern District of Illinois rejected Apple Inc.’s (“Apple’s”) motion to dismiss a class action alleging its facial recognition software violates Illinois’ Biometric Information Privacy Act (“BIPA”). Judge Rosenstengel agreed with Apple, however, that the federal court lacks subject matter jurisdiction over portions of the complaint.

Continue Reading BIPA Lawsuit Proceeds Against Apple in Federal Court

Earlier this year, The Retail Equation and Sephora were hit with a class action lawsuit in which the plaintiff claimed Sephora improperly shared consumer data with The Retail Equation without consumers’ knowledge or consent. On August 3, 2020, the plaintiff, now joined by others, amended her complaint to cast an even wider net.
Continue Reading Multiple Retailers Sued Under CCPA for Sharing Data Used to Identify Fraudulent Returns

On June 16, 2020, the Litigation Chamber of the Belgian Data Protection Authority imposed a fine on a company for unlawful and incorrect processing of personal data and non-compliance with the EU General Data Protection Regulation’s data subject rights provisions.
Continue Reading Belgian DPA Fines Company for Unlawful Processing and Non-Compliance with Data Subject Rights

Last month, in In re: Capital One Customer Data Security Breach Litigation, E.D. Va., No. 1:19-md-02915, U.S. Magistrate Judge John Anderson (the “Judge”) ordered Capital One Financial Corp. (“Capital One”) to disclose a forensic report to the plaintiffs in a lawsuit stemming from Capital One’s 2019 data breach. In doing so, the Judge rejected Capital One’s argument that the report is protected from disclosure to the plaintiffs by the work product doctrine.

Continue Reading Forensic Report Deemed Not Privileged: Capital One Ordered to Release Report

On April 2, 2020, Hunton Andrews Kurth LLP will host a webinar on the California Consumer Privacy Act (“CCPA”): The CCPA Is Here—Are You Litigation-Ready? Most companies have now developed a framework for compliance with the CCPA. Having a compliance program in place is critical, and that includes preparing for the inevitable onslaught of class action litigation that is coming.
Continue Reading Hunton Webinar on the California Consumer Privacy Act: Preparation for Class Action Litigation

The meaning of an “automatic telephone dialing system” (“ATDS”) as defined by the Telephone Consumer Protection Act (“TCPA”) has been hotly contested since the D.C. Circuit invalidated the prior Federal Communications Commission (“FCC”) rulings interpreting the TCPA in 2018. The Ninth Circuit has held that merely calling numbers from a stored list is sufficient to meet the definition of an ATDS, while the Third Circuit has at least indicated that the ability to generate numbers randomly or sequentially is the defining characteristic.
Continue Reading Good News for TCPA Defendants