Class Action

Supreme Court Denies Cert Petition in CareFirst v. Attias

By Philip N. Yannella & Edward J. McAndrew on February 20, 2018

Posted in Class Action, Consumer Protection, Data Breach, Identity Theft, Litigation, U.S. Supreme Court

Earlier today, the Supreme Court of the United States denied certiorari in CareFirst v. Attias, a closely watched case that some thought provided the Court with an opportunity to clarify the standing analysis under Spokeo v. Robins in data breach class actions.

In January, we blogged about CareFirst. We noted that the core issue in the case – whether fear of identity theft flowing from a data breach is an “injury in fact” sufficient to trigger Article III standing – could have major impact on the viability of future data breach class actions. The district court’s finding in favor of CareFirst on the standing issue was reversed and remanded last August by the U.S. Court of Appeals for the D.C. Circuit, which held that plaintiffs had alleged a risk of future injury because it was at least “plausible” that the cybercriminals had the intent and ability to use the stolen data for wrongful purposes. CareFirst then filed a petition for certiorari to the United States Supreme Court, which today denied the petition leaving in place the D.C. Circuit’s ruling in favor of Plaintiffs.
Continue Reading Supreme Court Denies Cert Petition in CareFirst v. Attias

CJEU Issues Mixed Ruling for Schrems’ Class Action Against Facebook

By Philip N. Yannella & Taylor R. Steinbacher on January 29, 2018

Posted in Class Action, Cross-Border Data Flow, Data Protection, Data Transfer, EU Regulation, European Union (EU), International, Litigation, Privacy Law and Regulation

The lawsuit by Austrian lawyer and serial plaintiff, Max Schrems, against Facebook suffered a setback in a ruling by the Court of Justice of the European Union (CJEU) last week. Schrems sought to bring class action-type claims on behalf of 25,000 participants worldwide in his home country of Austria, alleging that Facebook violated European Union privacy law when it assisted the United States National Security Agency’s PRISM surveillance program. Specifically, Schrems alleged that there is no adequate level of protection of European citizens’ Facebook data when it is transferred to the United States, because it could be accessed by US authorities without individualized suspicion. According to Schrems, Facebook’s collaboration with US authorities violated the Austrian data protection law of 2000, the Irish Data Protection Act of 1998, and Directive 95/46/EC of the European Parliament.
Continue Reading CJEU Issues Mixed Ruling for Schrems’ Class Action Against Facebook

U.S. Supreme Court Rejects Second Bid for Review in Spokeo

By Joel E. Tasca on January 24, 2018

Posted in Banking and Financial Services, Class Action, Consumer Protection, Data Breach, Fair Credit Reporting Act (FCRA), Litigation, Telephone Consumer Protection Act (TCPA), U.S. Supreme Court

The U.S. Supreme Court on Monday denied the petition for certiorari seeking review of the U.S. Court of Appeals for the Ninth Circuit’s most recent decision in Spokeo v. Robins (Spokeo II), foregoing an opportunity to clarify the confusion that has ensued since the Supreme Court’s 2016 decision in Spokeo (Spokeo I…

Data Privacy Cases to Watch in 2018

By Philip N. Yannella, Gregory P. Szewczyk, Zaven A. Sargsian & Fred G. DeRitis on January 18, 2018

Posted in Class Action, Data Breach, Electronic Communications Privacy Act, Enforcement, Federal Trade Commission (FTC), Fourth Amendment, Identity Theft, Personal Information, Privacy Law and Regulation, State Legislatures, U.S. Supreme Court, Unfair, Deceptive, or Abusive Acts or Practices (UDAAP)

2018 is shaping up to be a potentially momentous year for data privacy, with a number of pending cases whose impact could fundamentally alter the scope of future privacy lawsuits and criminal investigations. This post will take a look at some of these cases and their potential impact.

Carpenter v. United States

We’ll start with Carpenter, which is pending in the U.S. Supreme Court and focuses on whether the Fourth Amendment requires the government to secure a search warrant to obtain a criminal defendant’s cell phone records from his or her cellular service provider.
Continue Reading Data Privacy Cases to Watch in 2018

Federal Court Allows Credit Union Data Breach Class Action to Proceed Against Eddie Bauer

By Edward J. McAndrew & Fred G. DeRitis on January 17, 2018

Posted in Class Action, Computer Fraud, Consumer Protection, Cybersecurity, Data Breach, Data Theft, Hacking, Identity Theft, Internet Crimes, Litigation, Payment Card Industry Data Security Standard (PCI DSS), Personal Information, Uncategorized, Unfair, Deceptive, or Abusive Acts or Practices (UDAAP)

Consumers are not the only ones suing retailers for payment card data breaches. The U.S. District Court for the Western District of Washington recently denied, in large part, a motion to dismiss a data breach class action brought by Veridian Credit Union, on behalf of itself and other financial institutions, against Eddie Bauer, LLC. The class action relates to a January 2016 payment card data breach that allegedly impacted “every Eddie Bauer store in the United States and Canada.”

The court dismissed Veridian’s negligence per se claim, but allowed Veridian’s negligence and state statutory claims to proceed. The court’s analysis of choice of law and negligence issues is worth a read.
Continue Reading Federal Court Allows Credit Union Data Breach Class Action to Proceed Against Eddie Bauer

Menu

CyberAdviser