A Roundup of CCPA Court Decisions (I Only Know of 7)
This post recaps the court decisions analyzing the California Consumer Privacy Act (CCPA) so far. I only know of seven opinions as of May 1, 2021, a number that struck me as surprisingly small. (If you think I’m missing any,…
Amazon Can’t Force Arbitration of Minors’ Privacy Lawsuit Over Alexa Recordings–BF v. Amazon
Minors allege that Amazon’s Alexa service improperly stores or utilizes their voiceprints. The district court denied Amazon’s request to force arbitration of the claims based on the fact that the plaintiffs, who were minors, were not signatories (or had not…
Ninth Circuit Rejects Lawsuit Over Hijacked Facebook Account–Long v. Dorset
Long is a book author. He ran a Facebook business page to promote his work. An interloper, using the alias “Tammy Dorset,” gained administrator access to the Facebook page. Once in control of the page, Dorset allegedly posted items that…
CCPA Data Breach Lawsuit Against Walmart Fails–Gardiner v. Walmart
This is a data breach lawsuit against Walmart in which plaintiff (on his own behalf and on behalf of a putative class) asserts that his data is being currently sold on the dark web. Plaintiff asserted the typical claims, but…
Section 230 (Mostly) Protects Zoom from Liability for Zoombombing
This is a privacy class action against Zoom. The opinion has several points of interest for privacy practitioners. I’m going to focus only on the court’s discussion of Zoom’s liability for Zoombombing, the COVID-era problem where malefactors crash a Zoom…
Consent Via “Clickwrap” Defeats Privacy Claims–Javier v. Assurance
Javier got a life insurance quote from Assurance. It appears this page contained javascript served from a vendor named ActiveProspect (via a service called “TrustedForm”), which tracks each user on Assurance’s site and records the users’ keystrokes. For Assurance, these…
The Anticipated Domino Effect: Virginia Passes Second State “Comprehensive” Privacy Law (Guest Blog Post)
by guest blogger Tanya Forsheit Virginia has officially become the second state in the country to enact what many have called a “comprehensive” privacy law, the Consumer Data Protection Act (“CDPA”), with Governor Northam’s signature on March 2, 2021. For…
Data Breach Plaintiff Doesn’t Have Standing in the Absence of Fraud or Identity Theft–Tsao v. Captiva
This is a data breach lawsuit. Plaintiff was a patron of a restaurant (PDQ) that suffered a breach that compromised credit card payment information. The breach occurred because a hacker gained access to customer data through “an outside vendor’s remote…
Ninth Circuit Sends Alexa Surreptitious Recording Case to Arbitration–Tice v. Amazon
Lawsuits over voice-activated assistants (and other smart home devices) are interesting. Plaintiffs have been creative about who asserts the claims to navigate around the issue that often sinks class actions: arbitration. This has resulted in claims brought by neighbors, spouses,…
Facebook Isn’t Liable for Account Hack/Hijack–Damner v. Facebook
This is a pro se lawsuit. Damner claims his Facebook account was hacked in April 2020 and the hacker(s) took it over. He notified Facebook but allegedly it never responded. Damner sued Facebook for Stored Communications Act claims and others….