Court Declines to Dismiss Data Breach Claims Against Facebook Based on Access Token Incident–Bass v. Facebook
This is a data breach lawsuit against Facebook. Judge Alsup denies Facebook’s motion to dismiss, although he does find that Facebook’s contract disclaimer (likely) neutralizes numerous contract-based claims. Background: Facebook announced a vulnerability that allowed third parties to obtain “access…
Want Companies to Comply with the CCPA? Delay Its Effective Date (Guest Blog Post)
By guest blogger Jeff Kosseff [Jeff Kosseff is an assistant professor in the United States Naval Academy’s Cyber Science Department. The views expressed are only his and do not represent the Naval Academy, Department of Navy, or Department of Defense. …
New Paper Announcement: “Copyright’s Memory Hole”
I’m pleased to announce a new paper, “Copyright’s Memory Hole,” co-authored with Northeastern Law professor Jessica Silbey. The paper is still in draft form, and Jessica and I plan to do a major edit to the paper this summer. So…
Post-Charlottesville Doxxing and Misidentification Creates Legal Risks–Vangheluwe v. GotNews
This is a lawsuit brought by former owners of a car who were incorrectly identified as the driver of the vehicle (and his father, respectively) who ploughed into a crowd of pedestrians in Charlottesville. In the wake of the planned…
Top Internet Law Developments of 2018
My schedule tends to get busy around each new year, so my year-end recaps keep coming later and later. I hope it’s better late than never. It’s been a rough year for Internet law. As I tweeted in June: When…
Recap of the California Assembly Hearing on the California Consumer Privacy Act
Yesterday, the California Assembly Committee on Privacy and Consumer Protection held a hearing on the California Consumer Privacy Act. I believe this is the first legislative hearing ever on the law. The initial passage took place in a frenetic week,…
A Status Report on the California Consumer Privacy Act
Yesterday, I did a webinar for the California Lawyers Association on the status of the California Consumer Privacy Act (CCPA). This post recaps the discussion. A Quick Overview of the CCPA The CCPA imposes 6 new obligations on covered businesses:…
Illinois Supreme Court Authorizes Biometric Lawsuits Without Any Allegation of Harm–Rosenbach v. Six Flags
Six Flags, the amusement park operator, allegedly violated Illinois Biometric Privacy Statute by collecting a minor’s fingerprint without consent. The state appeals court held that plaintiff had to allege harm beyond the information collection without consent. The Illinois state supreme…
Unmasking Effort Mooted by Single Publication Rule–Glassdoor v. Andra
Glassdoor allows employees to review employers. An employer, Andra, was unhappy about ten pseudonymous reviews posted about it from June 2014 to June 2015. In August 2015, it sought pre-suit discovery of the reviewers’ identities. Glassdoor opposed the request and…
Fourth Amendment Limits NYC’s Demands for Airbnb Customer Records
As part of its ongoing crackdown on short-term lodging, New York City passed an anti-Airbnb ordinance scheduled to take effect next month. HomeAway was also affected by the law, but I’ll focus on Airbnb. The ordinance addresses the challenges faced…