Photo of James Brennan

James Brennan

Last week, the Attorney General for California filed a notice of appeal to overturn a federal court ruling that the state’s Age-Appropriate Design Code Act (“CAADCA”) likely violates the First Amendment.  The appeal will put the constitutionality of California’s act before the Court of Appeals for the Ninth Circuit.

Following unanimous votes by the California

The federal Video Privacy Protection Act (“VPPA”) is one of the most frequently litigated data privacy statutes. This month, a California federal court dismissed VPPA claims brought against Hershey, making clear that VPPA liability does not extend to all websites with playable video clips. Rodriguez v. The Hershey Company, et al., No. 3:23-cv-00398-L-DEB, 2023 WL

Earlier this week, the Illinois Supreme Court denied a petition for rehearing of its decision in Cothron v. White Castle, a case which has tremendous implications on the effect of Illinois’s Biometric Information Privacy Act (“BIPA”). As previously covered here on PW, the Court’s decision in February concluded that that each separate incident which is a violation of BIPA constitutes a distinct and separately actionable violation of the statute. In other words, plaintiffs may seek to collect liquidated damages per violation—$1,000 per violation, $5,000 per intentional/reckless violation—instead of per plaintiff, even if a plaintiff alleges daily violations over the course of years. This week’s ruling leaves in place the Cothron decision and its exponential expansion of the scope of damages that may be sought by an individual plaintiff.Continue Reading Illinois Supreme Court Refuses to Reconsider Decision That BIPA Claims Accrue Individually with Each Violation

This week a federal court in the Southern District of New York dismissed a privacy litigation brought against a website operator for claims under the federal Video Privacy Protection Act (“VPPA”), holding the allegation that plaintiffs had electronically subscribed to defendant’s newsletter was not sufficient for them to qualify as “subscribers” under the VPPA.  Carter v. Scripps Network LLC, Case No. 1:22-cv-02031 (S.D.N.Y.)

As Privacy World has previously covered, dozens of website operators have been named as defendants recently in putative class actions, with claims also being filed in arbitration, for alleged violation of the VPPA.  In many circumstances, plaintiff in such cases allege that the defendant improperly disclosed their video viewing history to social media companies for advertising purposes.  Because this ruling limits the scope of claims that can be brought under the VPPA and is persuasive authority in other pending cases, it will likely be relied upon by defendants going forward.Continue Reading Federal Court Dismisses Privacy Claims Brought Against Website Operator, Finding Online Subscriptions for Electronic Newsletter Insufficient To Impose Liability Under Federal Video Privacy Protection Act

The Video Privacy Protection Act (“VPPA”), 18 U.S.C. § 2710, is a federal statute that was enacted in 1988 in response to the disclosure and publication of then-Supreme Court nominee Robert Bork’s video rental history without his consent.  To prevent repeats of the Bork incident, the VPPA generally prohibits any “video tape service provider” from

Last week, on March 15, 2023, the U.S. Securities and Exchange Commission (“SEC” or “Commission”) continued its aggressive push to regulate the cybersecurity of entities in the financial services sector, proposing three rules affecting a variety of SEC-regulated entities, including broker-dealers, investment companies, and investment advisers, as we covered here on Privacy World.  These

Last month, the U.S. Securities and Exchange Commission (“SEC”) proposed revisions to its regulations under the Privacy Act of 1974, 5 U.S.C. § 552a.  The Privacy Act is a federal statute governing the collection and use of personal information by federal agencies.  The statute gives individuals a right to access records about themselves and to

Last week, the U.S. Securities and Exchange Commission (“SEC”) announced a settlement with Blackbaud, Inc., a software provider, for making misleading disclosures about a 2020 ransomware attack that impacted more than 13,000 of its customers.  The recent charges continue a flurry of activity from the SEC Enforcement Division’s Crypto Assets and Cyber Unit related to

The United States Court of Appeals for the Ninth Circuit recently affirmed a California federal district court’s dismissal of a shareholder’s securities fraud complaint against cybersecurity technology company Finjan Holdings, Inc.  In re Finjan Holdings, Inc., No. 21-16702, 2023 WL 329413 (9th Cir. Jan. 20, 2023). While the ruling is a win for

Last summer, the Court of Appeals for the Ninth Circuit buoyed plaintiffs’ lawyers  interest in “session replay” software when it revived a putative class action against a website operator and a session replay software provider for violations of the California Invasion of Privacy Act (CIPA).  Earlier this month, addressing issues left by the Ninth Circuit