On November 10, 2021, the UK Supreme Court issued its long-awaited judgment in the Lloyd v Google case. The decision is expected to make it difficult in practice for a future class action lawsuit that is brought on behalf of a class of individuals who have not actively opted in to being represented by the lead claimant to proceed under UK law.
Continue Reading Lloyd Court Says No to Class Action-Style Lawsuits in the UK

On September 17, 2021, in Tims v. Black Horse Carriers Inc., Ill. App. Ct., 1st Dist., No. 1-20-563, the Illinois Appellate Court, in a case of first impression at the appellate level, addressed the statute of limitations under the state’s Biometric Information Privacy Act, holding that a five-year period applies to BIPA claims that allege the failure to (1) provide notice of the collection of biometric data, (2) take care in storing or transmitting biometric data, or (3) develop a publicly-available retention and destruction schedule for biometric data.
Continue Reading Illinois Biometric Law Limitation Period Clarified by Illinois Court

On July 30, 2021, the UK High Court handed down its judgment in the case of Warren v DSG Retail Ltd [2021] EWHC 2168 (QB), determining that the claimant could not seek damages on the basis of misuse of personal information, breach of confidence or common law negligence following a data breach.
Continue Reading UK High Court Dismisses Claims Following DSG Data Breach

On July 22, 2021, a Magistrate Judge in the U.S. District Court for the Middle District of Pennsylvania ordered Rutter’s to produce an investigative report prepared by a security consultant regarding a suspected data breach event, as well as all communications between the party and the company performing the investigation.
Continue Reading Another Court Deems Forensic Investigation Report Not Privileged

On June 25, 2021, the U.S. Supreme Court in TransUnion LLC v. Ramirez held in a 5-4 decision that certain members of a class action lawsuit, whose inaccurate credit reports were not provided to third parties, did not suffer a “concrete” injury sufficient to confer Article III standing.
Continue Reading Spokeo 2.0 – The Supreme Court Provides Clarity on the “Injury” Necessary to Bring Suit

On May 25, 2021, the Grand Chamber of the European Court of Human Rights handed down its judgement in the case of Big Brother Watch and Others v. the United Kingdom, determining that the former surveillance regime in the UK violated Article 8 of the European Convention on Human Rights (i.e., the right to respect for private and family life).
Continue Reading European Court of Human Rights Says Bulk Interception Is Not a Violation of Human Rights

As reported on the Hunton Retail Law Blog, the U.S. Court of Appeals for the Second Circuit has affirmed the dismissal on Article III standing grounds of a data breach class action predicated on an alleged increased risk of identity theft. Notably, the district court that dismissed the action raised the issue of standing sua sponte in advance of a scheduled class settlement fairness hearing.
Continue Reading Second Circuit Affirms Dismissal of Data Breach Class Action on Article III Standing Grounds

As reported on Hunton’s Retail Law Blog, on April 22, 2021, the U.S. Supreme Court unanimously held in a highly-anticipated case, AMG Capital Management, LLC v. FTC, that the Federal Trade Commission cannot seek or obtain equitable monetary relief pursuant to §13(b) of the FTC Act, putting an end to the use of §13(b) as a significant enforcement tool.
Continue Reading Supreme Court Rules FTC Cannot Rely on “Injunction” Provision to Obtain Equitable Monetary Relief