New York Court Is the Wrong Venue for UK GDPR Class Action–Finch v. Xandr

Maybe I’ve missed other cases in this genre, but I don’t recall seeing them. Xandr self-describes as “the only open, end-to-end platform for scaled, sophisticated campaigns on premium inventory across screens on premium inventory from CTV to data-driven linear and…

Comments on HB 5502, the "INFORM" Act

Comments on HB 5502, the “INFORM” Act

Today, the House Energy and Commerce Committee is marking up the INFORM Act (I think this is the latest version but who knows). The INFORM Act is like a “know-your-customer” (KYC) law for sellers in online marketplaces. It iterates on…

Privacy Lawsuit Based on Website Tracking by Service Provider Trimmed

Privacy Lawsuit Based on Website Tracking by Service Provider Trimmed

This is a lawsuit against Nike and its service provider (FullStory), which provides Nike with “session replay” functionality for its website. FullStory’s software allows Nike to capture information regarding website visitors: (1) mouse clicks, (2) keystrokes, (3) payment card information,…

Court Orders Unmasking Subpoena of Alleged Infringers–Baugher v. GoDaddy

In the DMCA, Congress enabled copyright owners to obtain pre-litigation discovery of alleged infringers (17 USC 512(h)). After sending a takedown notice, the copyright owner can apply for an unmasking subpoena, which the clerk of the court must issue without…

TOS Supports Injunction Against Web Scraping--Southwest Airlines v. Kiwi

TOS Supports Injunction Against Web Scraping–Southwest Airlines v. Kiwi

This is a scraping lawsuit brought by Southwest airlines against Kiwi.com. The court issues an injunction restricting Kiwi from scraping Southwest’s website. Southwest does not allow online travel agencies to sell Southwest flights without the approval of Southwest. Its terms…

The SHOP SAFE Act Is a Terrible Bill That Will Eliminate Online Marketplaces

The SHOP SAFE Act Is a Terrible Bill That Will Eliminate Online Marketplaces

[Note: this blog post covers Rep. Nadler’s manager’s amendment for the SHOP SAFE Act, which I think will be the basis of a committee markup hearing tomorrow. If Congress were well-functioning, draft bills going into markup would be circulated a…

Court Casts Doubt on the Legality of the Data Brokerage Industry--Brooks v. Thomson Reuters

Court Casts Doubt on the Legality of the Data Brokerage Industry–Brooks v. Thomson Reuters

Thomson Reuters (TR) offers a database called “CLEAR” that assembles personal information into individual dossiers. The plaintiffs are Black civil rights activists leading a class action lawsuit for publicity rights and related claims. The court denies TR’s motion to dismiss–in…

New Primer on the California Privacy Rights Act (CPRA)

New Primer on the California Privacy Rights Act (CPRA)

In summer 2018, I wrote a short primer on the California Consumer Privacy Act (CCPA) soon after its passage. That primer proved to be quite popular, and I posted annual updated versions in summer 2019 and 2020. The passage of…

CCPA Definitions Confuse the Judge in a Data Breach Case--In re Blackbaud

CCPA Definitions Confuse the Judge in a Data Breach Case–In re Blackbaud

Blackbaud “provides data collection and maintenance software solutions for administration, fundraising, marketing, and analytics to social good entities such as non-profit organizations, foundations, educational institutions, faith communities, and healthcare organizations.” In a very unfortunate development, cybercriminals hacked into Blackbaud’s database…

Instacart's Privacy Policy Protects Stripe from Consumer Privacy Claims--Silver v. Stripe

Instacart’s Privacy Policy Protects Stripe from Consumer Privacy Claims–Silver v. Stripe

Instacart uses Stripe as a payment processor. Instacart purports to bind consumers to its privacy policy via this screen: (Sorry for the poor image resolution. This is what the court’s opinion had. The applicable disclosures are in the bottom right…