Speaker: H. Michael O’Brien, Wilson Elser Moskowitz Edelman & Dicker LLP
Mr. O’Brien’s Powerpoint slides are available here.
Program description: The rapid proliferation of objects equipped with sensors and wireless capability, colloquially known as the “Internet of Things,” has inspired privacy and data-security concerns. Less considered, but no less serious, are the tort-liability risks that accompany these technologically-complex products. This program assessed how networked products could give rise to both traditional and unique failure-to-warn, design-defect, and other product-liability claims, and how businesses in the chain of supply, production, and sales can manage such risks.
Featured Expert Contributor – Civil Justice/Class Actions
By Frank Cruz-Alvarez, Shook, Hardy & Bacon L.L.P. (co-authored with Rachel A. Canfield, an associate with the firm)
After nearly three years, United States District Judge Edward J. Davila issued an order granting Facebook, Inc.’s (Facebook’s) motion to dismiss a $15 billion lawsuit accusing the social media company of improperly embedding cookies on Plaintiffs’ computers to collect and transmit their web browsing history. Order Granting Defendant’s Motion to Dismiss at 1-2, 19, In re Facebook Internet Tracking Litigation, Case No. 5:12-md-02314-EJD (N.D. Cal. Oct. 23, 2015).
The multi-district lawsuit arose from numerous cases challenging Facebook’s tracking practices. These cases were filed in various districts and subsequently transferred to the Northern District of California where they were consolidated. Id. at 6. Plaintiffs filed the lawsuit on behalf of Facebook members in ten different states that had active accounts from May 2010 through September 2011. Id. Continue reading
by Spencer Salmon, a 2015 Judge K.K. Legett Fellow at the Washington Legal Foundation and a student at Texas Tech School of Law.
Some years ago, when data breaches first became a problem for the business community, plaintiffs’ lawyers thought class actions on behalf of consumers whose information had been stolen would be the next big moneymaker. To their disappointment, a majority of federal courts across the United States has ruled in favor of data breaches’ most direct and obvious victim—hacked businesses—because plaintiffs have failed to establish standing to sue. In order to establish constitutional standing, plaintiffs must show that the alleged injury is concrete, particularized, actual or imminent, fairly traceable to the action challenged, and redressable. Absent standing, courts lack subject matter jurisdiction over the suit under Federal Rule of Civil Procedure Rule 12(b)(1).
Recently, federal district courts from Nevada (In re Zappos.com, Inc., Customer Data Security Breach Litigation) and Minnesota (Carlsen v. Gamestop, Inc.) joined most federal courts in dismissing data-breach class-action lawsuits for lack of standing. Continue reading
by Sara Thornton, a 2015 Judge K.K. Legett Fellow at the Washington Legal Foundation and a student at Texas Tech School of Law.
What do copyright law, a WWE professional wrestler, and ESPN have in common? They were all involved in an appeal before the U.S. Court of Appeals for the Eighth Circuit in Ray v. ESPN, Inc., decided on April 22, 2015. Steve “Wild Thing” Ray sued ESPN under Missouri law for broadcasting WWE rerun matches featuring Ray in the early 1990s.
The specific claims were for (1) invasion of privacy, (2) misappropriation of name, (3) infringement of the right of publicity, and (4) interference with prospective economic advantage. ESPN moved to dismiss the suit, asserting that federal copyright law preempted the state-law claims. The district court construed Ray’s first two claims as being identical under Missouri law, so analyzed them as one. It also assumed that since Ray did not challenge ESPN’s argument that copyright law preempted his first and fourth claims, Ray had waived those claims. The court concluded that the Copyright Act preempted Ray’s remaining misappropriation and right of publicity claims. Continue reading
Federal regulatory agencies routinely act as table-setters for the plaintiffs’ bar. Class-action lawsuits can require targets of federal enforcement actions, even after those actions end in settlement, to defend against the same allegations in court. A federal judge’s April 3, 2015 dismissal of a class action on the ground that the company had already entered into a settlement with the Federal Trade Commission (FTC), therefore, was a commendable outcome. The underlying FTC action that inspired the suit, however—an industry-wide investigation into companies’ in-app purchase procedures—is far less welcome. The Commission’s investigation is yet another example of government’s steady drift away from respecting permissionless innovation and toward “mother-may-I” paternalism.
FTC’s In-App Purchase Inquest. FTC initiated an investigation in 2011 of various companies’ mobile-app sales practices. The Commission had received complaints from parents that their children were making “unauthorized” purchases on mobile app stores. On January 15, 2014, Apple agreed to settle with FTC over charges that its in-app purchase process constituted an unfair business practice under § 5 of the FTC Act. On September 4, 2014, Google entered into a similar settlement. Both app sellers agreed to provide customers with refunds and alter their app sales practices.
In addition to Google and Apple, FTC also accused Amazon of unfair business practices for failing to prevent “unauthorized” in-app purchases. Amazon, however, refused to settle the charges. The Commission filed suit on July 10, 2014 in the U.S. District Court for the Western District of Washington. On December 1, 2014, Judge John C. Coughenour denied Amazon’s motion to dismiss. Continue reading
In the 1997 futuristic thriller “Gattaca,” character Vincent Freeman, played by actor Ethan Hawke, falls victim to genetic discrimination after the government begins to track and monitor human DNA strands via the Internet in a scheme to control and manipulate societal trends.
While the film’s plot seems nothing short of fantastical, the idea behind it—that the Internet has become an unguarded playground for identity thieves and major corporations to obtain unauthorized information in a quest to influence consumer behavior—echoes recent plaintiffs’ suits regarding the protection of personal privacy under the Video Privacy and Protection Act (VPPA) that have become increasingly popular in federal courts. Continue reading
Since its release in late February, the White House’s “Discussion Draft: Consumer Privacy Bill of Rights Act of 2015” has drawn a significant amount of friendly fire from privacy activists and even federal privacy regulators. Their criticism insinuates that the Discussion Draft is at best a floor, a starting point for more stringent regulation. That perspective should be quite troubling to those who work in and benefit from the Internet Economy, for as we discuss below, certain aspects of the draft impose burdens on data use that far outpace any that currently prevail or have been proposed at the federal level.
“Privacy Risk.” The data rights and protections the Discussion Draft affords are predicated on consumers suffering a “privacy risk” harm. That harm is defined as “the potential for personal data, on its own or when linked to other information about an individual, to cause emotional distress, or physical, financial, professional or other harm to an individual” (our emphasis). This definition would enshrine into federal law broad, amorphous, and precautionary concepts of harm that are radically out of step with prevailing law. For instance, federal courts have almost uniformly rejected data-privacy-related class-action lawsuits where the injuries alleged reflect plaintiffs’ fears of financial harm or emotional concerns. One very recent example is a Middle District of Pennsylvania ruling, Storm v. Paytime, Inc. and Holt v. Paytime Harrisburg, Inc., in which the court found that plaintiffs who cannot allege harms that are “concrete in both a qualitative and temporal sense” lack standing to sue. An alleged injury that provides the basis for a federal law enforcement action should certainly be no less concrete. Some activists, however, view “privacy risk” as too difficult for consumers or regulators to prove and have called for an even broader concept of injury. Continue reading