On January 24, 2022, a group of state attorneys general announced their commitment to ramp up enforcement work on “dark patterns” that are used to ascertain consumers’ location data.
Continue Reading Attorneys General to Increase Enforcement Efforts on “Dark Patterns”
Litigation
Lloyd Court Says No to Class Action-Style Lawsuits in the UK
Posted on
Posted in Enforcement, International
On November 10, 2021, the UK Supreme Court issued its long-awaited judgment in the Lloyd v Google case. The decision is expected to make it difficult in practice for a future class action lawsuit that is brought on behalf of a class of individuals who have not actively opted in to being represented by the lead claimant to proceed under UK law.
Continue Reading Lloyd Court Says No to Class Action-Style Lawsuits in the UK
Illinois Biometric Law Limitation Period Clarified by Illinois Court
Posted on
Posted in U.S. State Law
On September 17, 2021, in Tims v. Black Horse Carriers Inc., Ill. App. Ct., 1st Dist., No. 1-20-563, the Illinois Appellate Court, in a case of first impression at the appellate level, addressed the statute of limitations under the state’s Biometric Information Privacy Act, holding that a five-year period applies to BIPA claims that allege the failure to (1) provide notice of the collection of biometric data, (2) take care in storing or transmitting biometric data, or (3) develop a publicly-available retention and destruction schedule for biometric data.
Continue Reading Illinois Biometric Law Limitation Period Clarified by Illinois Court
Quebec Enacts a New Privacy Law
Posted on
Posted in International
On September 22, 2021, the Canadian province of Quebec enacted a new privacy law, which will impose obligations beyond what is currently required under Canada’s federal privacy law. Most of the new law’s requirements will take effect in September 2023, but some will take effect earlier (in 2022) or later (2024).
…
Continue Reading Quebec Enacts a New Privacy Law
UK High Court Dismisses Claims Following DSG Data Breach
Posted on
On July 30, 2021, the UK High Court handed down its judgment in the case of Warren v DSG Retail Ltd [2021] EWHC 2168 (QB), determining that the claimant could not seek damages on the basis of misuse of personal information, breach of confidence or common law negligence following a data breach.
Continue Reading UK High Court Dismisses Claims Following DSG Data Breach
Zoom Agrees to Pay $85M to Settle Class Action
Posted on
On July 31, 2021, Zoom Video Communications, Inc. agreed to pay $85 million to settle a class action suit that alleged the Company violated users’ privacy rights. The proposed settlement must be approved by U.S. District Judge Lucy Koh.
Continue Reading Zoom Agrees to Pay $85M to Settle Class Action
Another Court Deems Forensic Investigation Report Not Privileged
Posted on
Posted in Information Security, Security Breach
On July 22, 2021, a Magistrate Judge in the U.S. District Court for the Middle District of Pennsylvania ordered Rutter’s to produce an investigative report prepared by a security consultant regarding a suspected data breach event, as well as all communications between the party and the company performing the investigation.
Continue Reading Another Court Deems Forensic Investigation Report Not Privileged
British Airways Settles UK Breach Class Action
Posted on
On July 6, 2021, it was reported that British Airways had settled a UK class action lawsuit relating to its 2018 data breach, in which approximately 430,000 data subjects were affected.
Continue Reading British Airways Settles UK Breach Class Action
Spokeo 2.0 – The Supreme Court Provides Clarity on the “Injury” Necessary to Bring Suit
Posted on
Posted in FCRA, U.S. Federal Law
On June 25, 2021, the U.S. Supreme Court in TransUnion LLC v. Ramirez held in a 5-4 decision that certain members of a class action lawsuit, whose inaccurate credit reports were not provided to third parties, did not suffer a “concrete” injury sufficient to confer Article III standing. …
Continue Reading Spokeo 2.0 – The Supreme Court Provides Clarity on the “Injury” Necessary to Bring Suit
European Court of Human Rights Says Bulk Interception Is Not a Violation of Human Rights
Posted on
On May 25, 2021, the Grand Chamber of the European Court of Human Rights handed down its judgement in the case of Big Brother Watch and Others v. the United Kingdom, determining that the former surveillance regime in the UK violated Article 8 of the European Convention on Human Rights (i.e., the right to respect for private and family life).
Continue Reading European Court of Human Rights Says Bulk Interception Is Not a Violation of Human Rights