Plaintiff lawyers’ continued search for damage theories to assert in claims arising from a data breach – or fear of a breach – received a potential setback this week when Chief Judge Michael Reagan of the United States District Court for the Southern District of Illinois permitted Fiat Chrysler and Harmon International to seek an interlocutory appeal of the court’s earlier ruling in Flynn v. Fiat Chrysler US that class plaintiffs had standing to bring their “car hacking” claims in federal court. The ruling comes just one month before the scheduled start of trial. Fiat Chrysler and Harmon moved for an appeal after the Ninth Circuit ruled in a similar case, Cahen v. Toyota Motor Corp, that plaintiffs did not have standing to pursue diminution in value damages against Toyota based on a fear that the vehicles were susceptible to hacking. Continue Reading Fiat Chrysler Car Hacking Case Put In Neutral
The U.S. Consumer Product Safety Commission (CPSC) recently announced that it will hold a hearing on May 16, 2018, to receive information on potential hazards with Internet of Things (IoT) products.
In its public notice, the CPSC explained that the “purpose of the public hearing . . . is to provide interested stakeholders a venue to discuss potential safety hazards created by a consumer product’s connection to IoT or other network-connected devices; the types of hazards (e.g., electrical, thermal, mechanical, chemical) related to the intended, unintended, or foreseeable misuse of consumer products because of an IoT connection; current standards development; industry best practices; and the proper role of the CPSC in addressing potential safety hazards with IoT-related products.” The notice also clarifies that the hearing “will not address personal data security or privacy implications of IoT devices.”
So why does this matter?
On March 6, 2018, the FTC hosted a live Twitter chat to mark the twentieth anniversary of the Children’s Online Privacy Protection Act (COPPA). The stated purpose of the chat was to discuss the FTC’s work to enforce COPPA and to ensure the FTC’s rule implementing the law stays in step with evolving technologies and data collection practices.
The chat began with the FTC pointing to its published FAQs, as well as two recent COPPA settlements: a $650,000 settlement with VTech Electronics Limited, which was the FTC’s first children’s privacy case involving Internet-connected toys, and a $235,000 settlement with Prime Sites, Inc., which focused on how a company can gain “actual knowledge” that it is collecting information from a child. Continue Reading FTC Explains Evolution of COPPA in Live Twitter Chat
For those of you heading to Legaltech in New York next week, please join me and a great panel for what promises to be a lively discussion of hot topics in IoT and Mobile Discovery. I’ve been fortunate enough to have been included in Relativity’s session on this topic at a number of conferences, and this next iteration is shaping up to be our best yet. Here’s our session description:
From the Iron Rooster to Amazon Alexa: Mobile Discovery and the Internet of Things
Whether it’s missing mobile data (Montgomery v. Iron Rooster-Annapolis, LLC), digital data in a truck (Below v. Yokohama Tire Corp.), Fitbit data (State v. Dabate), or data from an Amazon Alexa (State v. Bates) mobile discovery and data from the Internet of Things (IoT) devices present challenges, not only for litigants and their lawyers, but for corporate organizations, paralegals, and technologists as well. In this session, lawyers and consultants, including a former Department of Justice cybercrime coordinator, a prominent discovery attorney, a corporate information governance expert, and a leading legal industry analyst, will address the legal, technical, and practical considerations of mobile, social, and IoT data, including preservation requirements and data privacy limitations.
Here’s the link to the Legaltech page, in case you haven’t registered yet. Hope to see you in NYC!
The FTC has released its annual report summarizing its activity during 2017 relating to privacy and data security issues. In its self-declared role as “the nation’s primary privacy and data security enforcer,” the FTC outlines 10 privacy cases and 4 data security cases that it brought in 2017, including Uber Technologies (transportation service), Vizio (television manufacturer), Blue Global (lead generator), Upromise (college rewards program), ACDI Group (an alleged debt buyer), TaxSlayer (tax preparation service), and D-Link (wireless routers and Internet cameras). In addition, the FTC also brought its first actions to enforce the EU-US Privacy Shield in 2017. The FTC report also described its activities relating to international enforcement, children’s privacy, and Do-Not-Call. Continue Reading FTC Releases Annual Privacy and Data Security Update
One challenging aspect of privacy and data security law is that technology is constantly evolving. The near and long term future of privacy and data security will be driven by emerging technologies that developers, legislators, businesses, and lawyers may not fully understand for years to come. Last year saw a surge in technologies enabling companies to collect and analyze increasing amounts of consumer data as well as the development of technologies enabling consumers to better protect their privacy. Just as the development of new technologies is inevitable, so too is the rise of potential ways in which those technologies can be misused, which in turn provokes a legislative and regulatory response. The cycle never ends.
To help privacy and data security professionals keep pace with these changes, we will be providing regular updates throughout the course of the year on the development of emerging technologies, as well as legislation and regulation regarding privacy and data security. We begin with a review of recent developments in the Internet of Things and biometric technologies, and offer some predictions on legal and business changes to look for in 2018.