Did Facebook Commit Tortious Interference Against BrandTotal?–Facebook v. BrandTotal

BrandTotal installs (with the users’ consent) researchware that collects data from Facebook, including automated pings for data that the user has the right to view but never requested to browse. BrandTotal bypasses Facebook’s API so it can obtain information not…

Section 230 Preempts Fair Credit Reporting Act (FCRA) Claims--Henderson v. Source for Public Data

Section 230 Preempts Fair Credit Reporting Act (FCRA) Claims–Henderson v. Source for Public Data

Section 230 and the Fair Credit Reporting Act (FCRA) have always had an implicit conflict. The FCRA is an old-school regulation of electronic databases run by credit reporting agencies, who gather and republish third-party data. As a result, any FCRA…

A Roundup of CCPA Court Decisions (I Only Know of 7)

A Roundup of CCPA Court Decisions (I Only Know of 7)

This post recaps the court decisions analyzing the California Consumer Privacy Act (CCPA) so far. I only know of seven opinions as of May 1, 2021, a number that struck me as surprisingly small. (If you think I’m missing any,…

Amazon Can’t Force Arbitration of Minors’ Privacy Lawsuit Over Alexa Recordings–BF v. Amazon

Minors allege that Amazon’s Alexa service improperly stores or utilizes their voiceprints. The district court denied Amazon’s request to force arbitration of the claims based on the fact that the plaintiffs, who were minors, were not signatories (or had not…

Ninth Circuit Rejects Lawsuit Over Hijacked Facebook Account--Long v. Dorset

Ninth Circuit Rejects Lawsuit Over Hijacked Facebook Account–Long v. Dorset

Long is a book author. He ran a Facebook business page to promote his work. An interloper, using the alias “Tammy Dorset,” gained administrator access to the Facebook page. Once in control of the page, Dorset allegedly posted items that…

CCPA Data Breach Lawsuit Against Walmart Fails--Gardiner v. Walmart

CCPA Data Breach Lawsuit Against Walmart Fails–Gardiner v. Walmart

This is a data breach lawsuit against Walmart in which plaintiff (on his own behalf and on behalf of a putative class) asserts that his data is being currently sold on the dark web. Plaintiff asserted the typical claims, but…

Section 230 (Mostly) Protects Zoom from Liability for Zoombombing

Section 230 (Mostly) Protects Zoom from Liability for Zoombombing

This is a privacy class action against Zoom. The opinion has several points of interest for privacy practitioners. I’m going to focus only on the court’s discussion of Zoom’s liability for Zoombombing, the COVID-era problem where malefactors crash a Zoom…

Consent Via "Clickwrap" Defeats Privacy Claims--Javier v. Assurance

Consent Via “Clickwrap” Defeats Privacy Claims–Javier v. Assurance

Javier got a life insurance quote from Assurance. It appears this page contained javascript served from a vendor named ActiveProspect (via a service called “TrustedForm”), which tracks each user on Assurance’s site and records the users’ keystrokes. For Assurance, these…

The Anticipated Domino Effect: Virginia Passes Second State “Comprehensive” Privacy Law (Guest Blog Post)

The Anticipated Domino Effect: Virginia Passes Second State “Comprehensive” Privacy Law (Guest Blog Post)

by guest blogger Tanya Forsheit Virginia has officially become the second state in the country to enact what many have called a “comprehensive” privacy law, the Consumer Data Protection Act (“CDPA”), with Governor Northam’s signature on March 2, 2021. For…

Data Breach Plaintiff Doesn't Have Standing in the Absence of Fraud or Identity Theft--Tsao v. Captiva

Data Breach Plaintiff Doesn’t Have Standing in the Absence of Fraud or Identity Theft–Tsao v. Captiva

This is a data breach lawsuit. Plaintiff was a patron of a restaurant (PDQ) that suffered a breach that compromised credit card payment information. The breach occurred because a hacker gained access to customer data through “an outside vendor’s remote…