CCPA Definitions Confuse the Judge in a Data Breach Case–In re Blackbaud
Blackbaud “provides data collection and maintenance software solutions for administration, fundraising, marketing, and analytics to social good entities such as non-profit organizations, foundations, educational institutions, faith communities, and healthcare organizations.” In a very unfortunate development, cybercriminals hacked into Blackbaud’s database…
Instacart’s Privacy Policy Protects Stripe from Consumer Privacy Claims–Silver v. Stripe
Instacart uses Stripe as a payment processor. Instacart purports to bind consumers to its privacy policy via this screen: (Sorry for the poor image resolution. This is what the court’s opinion had. The applicable disclosures are in the bottom right…
Grokking the Supreme Court’s TransUnion Decision
A class of plaintiffs sued the credit bureau TransUnion, alleging that they were improperly placed on a “watch list” that TransUnion offered to supplement credit reports. TransUnion’s watch list was designed to help businesses avoid transacting with people who were…
‘365 for Business’ Users’ Privacy Lawsuit Dismissed–Russo v. Microsoft
Users of “Microsoft 365 For Business” allege oversharing by Microsoft, which translates into claims under (1) the Wiretap Act and the Stored Communications Act; (2) Washington’s Consumer Protection Act; (3) the Washington one-party consent phone statute; and (4) common law….
1H 2021 Quick Links, Part 3 (Content Moderation, Censorship, Privacy, & More)
Content Moderation * NYT: Inside Twitter’s Decision to Cut Off Trump * Axios: All the platforms that have banned or restricted Trump so far * NY Times: What Happened When Trump Was Banned on Social Media * NY Times: Mark…
Comments on Arkansas’ “Online Marketplace Consumer Inform Act” (SB 470)
It’s hard to keep up with the tsunami of new Internet laws at the state level, and I had some difficulty finding the actual text of this law as passed (I couldn’t see it at the legislative website’s page for…
Did Facebook Commit Tortious Interference Against BrandTotal?–Facebook v. BrandTotal
BrandTotal installs (with the users’ consent) researchware that collects data from Facebook, including automated pings for data that the user has the right to view but never requested to browse. BrandTotal bypasses Facebook’s API so it can obtain information not…
Section 230 Preempts Fair Credit Reporting Act (FCRA) Claims–Henderson v. Source for Public Data
Section 230 and the Fair Credit Reporting Act (FCRA) have always had an implicit conflict. The FCRA is an old-school regulation of electronic databases run by credit reporting agencies, who gather and republish third-party data. As a result, any FCRA…
A Roundup of CCPA Court Decisions (I Only Know of 7)
This post recaps the court decisions analyzing the California Consumer Privacy Act (CCPA) so far. I only know of seven opinions as of May 1, 2021, a number that struck me as surprisingly small. (If you think I’m missing any,…
Amazon Can’t Force Arbitration of Minors’ Privacy Lawsuit Over Alexa Recordings–BF v. Amazon
Minors allege that Amazon’s Alexa service improperly stores or utilizes their voiceprints. The district court denied Amazon’s request to force arbitration of the claims based on the fact that the plaintiffs, who were minors, were not signatories (or had not…