Court Casts Doubt on the Legality of the Data Brokerage Industry–Brooks v. Thomson Reuters
Thomson Reuters (TR) offers a database called “CLEAR” that assembles personal information into individual dossiers. The plaintiffs are Black civil rights activists leading a class action lawsuit for publicity rights and related claims. The court denies TR’s motion to dismiss–in…
New Primer on the California Privacy Rights Act (CPRA)
In summer 2018, I wrote a short primer on the California Consumer Privacy Act (CCPA) soon after its passage. That primer proved to be quite popular, and I posted annual updated versions in summer 2019 and 2020. The passage of…
CCPA Definitions Confuse the Judge in a Data Breach Case–In re Blackbaud
Blackbaud “provides data collection and maintenance software solutions for administration, fundraising, marketing, and analytics to social good entities such as non-profit organizations, foundations, educational institutions, faith communities, and healthcare organizations.” In a very unfortunate development, cybercriminals hacked into Blackbaud’s database…
Instacart’s Privacy Policy Protects Stripe from Consumer Privacy Claims–Silver v. Stripe
Instacart uses Stripe as a payment processor. Instacart purports to bind consumers to its privacy policy via this screen: (Sorry for the poor image resolution. This is what the court’s opinion had. The applicable disclosures are in the bottom right…
Grokking the Supreme Court’s TransUnion Decision
A class of plaintiffs sued the credit bureau TransUnion, alleging that they were improperly placed on a “watch list” that TransUnion offered to supplement credit reports. TransUnion’s watch list was designed to help businesses avoid transacting with people who were…
‘365 for Business’ Users’ Privacy Lawsuit Dismissed–Russo v. Microsoft
Users of “Microsoft 365 For Business” allege oversharing by Microsoft, which translates into claims under (1) the Wiretap Act and the Stored Communications Act; (2) Washington’s Consumer Protection Act; (3) the Washington one-party consent phone statute; and (4) common law….
1H 2021 Quick Links, Part 3 (Content Moderation, Censorship, Privacy, & More)
Content Moderation * NYT: Inside Twitter’s Decision to Cut Off Trump * Axios: All the platforms that have banned or restricted Trump so far * NY Times: What Happened When Trump Was Banned on Social Media * NY Times: Mark…
Comments on Arkansas’ “Online Marketplace Consumer Inform Act” (SB 470)
It’s hard to keep up with the tsunami of new Internet laws at the state level, and I had some difficulty finding the actual text of this law as passed (I couldn’t see it at the legislative website’s page for…
Did Facebook Commit Tortious Interference Against BrandTotal?–Facebook v. BrandTotal
BrandTotal installs (with the users’ consent) researchware that collects data from Facebook, including automated pings for data that the user has the right to view but never requested to browse. BrandTotal bypasses Facebook’s API so it can obtain information not…
Section 230 Preempts Fair Credit Reporting Act (FCRA) Claims–Henderson v. Source for Public Data
Section 230 and the Fair Credit Reporting Act (FCRA) have always had an implicit conflict. The FCRA is an old-school regulation of electronic databases run by credit reporting agencies, who gather and republish third-party data. As a result, any FCRA…