Privacy Litigation

2022 saw cases continue to be filed under the California Consumer Privacy Act (“CCPA”), although perhaps reflecting the increasing reliance of the plaintiffs’ bar on negligence and tort-based privacy claims concerning a defendant’s alleged failure to maintain “reasonable security,” the number of cases of CCPA based claims declined. Read on for Privacy World’s highlights of

Last summer, the Court of Appeals for the Ninth Circuit buoyed plaintiffs’ lawyers  interest in “session replay” software when it revived a putative class action against a website operator and a session replay software provider for violations of the California Invasion of Privacy Act (CIPA).  Earlier this month, addressing issues left by the Ninth Circuit

2022 was another year of high activity and significant developments in the realm of artificial intelligence (“AI”) and biometric privacy related matters, including in regard to issues arising under the Illinois Biometric Information Privacy Act (“BIPA”) and others.  This continues to be one of the most frequently litigated areas of privacy law, with several notable rulings and emerging patterns of new activity by the plaintiffs’ bar.  Following up on Privacy World’s Q2 and Q3 2022 Artificial Intelligence & Biometric Privacy Quarterly Newsletters, be sure to read on for a recap of key developments and insight as to where 2023 may be headed.

Continue Reading Privacy World 2022 Year in Review: Biometrics and AI

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

California Federal Court Dismisses GPS Data Tracking Privacy Class Action in Ruling of First Impression For CIPA Claims Involving Devices

2022 was another eventful year in the realm of privacy, security and innovation.  Privacy World was there every step of the way, to keep you informed on key developments.  Starting next week, we will be rolling out our popular Year in Review series.  As a lead up to that, below are our ten most popular

LinkedIn and hiQ Labs agreed to a consent judgment and permanent injunction to resolve all data scraping related claims after six years of litigation. This news follows last month’s summary judgment win by LinkedIn on its breach of contract claim against hiQ, based on a finding that hiQ’s data scraping and use of fake profiles violated LinkedIn’s user agreements. 

Continue Reading LinkedIn’s Data Scraping Battle with hiQ Labs Ends with Proposed Judgment

Over the last couple of years, the High Court has been sceptical of low-value compensation claims for minor data breaches (see our previous articles here and here). Such scepticism is illustrated by the High Court:

  1. criticising the “kitchen sink” approach adopted by claimants who bring overly complex claims with multiple causes of action and narrowing the scope of claims by dismissing misuse of private information and breach of confidence claims as in Warren v DSG Retail Ltd [2021] EWHC 2168 (QB), Johnson v Eastlight Community Homes Ltd [2021] EWHC 3069 (QB) and William Stadler v Currys Group Limited [2022] EWHC 160 (QB);
  2. transferring straightforward, low-value data breach claims to the County Court as the most appropriate court to hear the claim as in Warren v DSG Retail Ltd, Johnson v Eastlight Community Homes Ltd, Ashley v Amplifon Limited [2021] EWHC 2921 and William Stadler v Currys Group Limited; and
  3. condemning data breach claims for damages when there is little to no harm or the harm claimed has no prospect of meeting the de minimis threshold for receiving damages as in Rolfe v Veale Wasbrough Vizards LLP [2021] EWHC 2809 (QB).

A recently published case in England and the Opinion of EU Advocate General, Campos Sanchez-Bordona, on UI v Österreichische Post AG in October 2022 have given further support to the approach of the High Court, although the traffic has not been all one way as the High Court decision in Driver v Crown Prosecution Service [2022] EWCH 2500 (KB) departed slightly from this emerging line of judicial thinking.

We take a closer look at these three cases below and provide you with some key takeaways.

Continue Reading English Courts’ Stance on Low-Value Data Breach Claims Continues to Harden, But There May be Hiccups Along the Way

Welcome to the 2022 Q3 edition of the Artificial Intelligence & Biometric Privacy Report, your go-to source for keeping you in the know on all recent major artificial intelligence (“AI”) and biometric privacy developments that have taken place over the course of the last three months. We invite you to share this resource with your colleagues and visit Squire Patton Boggs’ Data Privacy, Cybersecurity & Digital Assets and Privacy & Data Breach Litigation homepages for more information about our capabilities and team.

Also, we are extremely pleased to announce that our own Kristin Bryan was named as a 2022 Law360 Cybersecurity & Privacy MVP. As Law360 notes, “[t]he attorneys chosen as Law360’s 2022 MVPs have distinguished themselves from their peers by securing hard-earned successes in high-stakes litigation, complex global matters and record-breaking deals.” You can read more about Kristin’s Law360 award here: Law360 MVP Awards Go to 188 Attorneys From 78 Firms.

Continue Reading 2022 Q3 Artificial Intelligence & Biometric Privacy Report

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

WEBINAR Federal Privacy Legislation: Within Reach After a Decade of Debate. If So, What Next?

Federal Court Dismisses Biometric

For almost four years now, attorneys have remained relentless in their quest to extend the outer boundaries of the Illinois Biometric Information Privacy Act (BIPA) as far as courts are willing to allow. During this period, many defendants have struggled with procuring dismissals of BIPA class claims.

One particular defense, however, has developed into an extremely robust tool for companies engaged in biometric privacy class suits: BIPA’s “financial institution” exemption. Contrary to what its name suggests, the benefits of this entity-level carve-out extend to a range of entities well beyond traditional banks and financial institutions. A recent BIPA opinion issued by a Northern District of Illinois court demonstrates the expansive scope of the exemption and provides several key takeaways for defendants to defend against—and outright defeat—BIPA claims at a time when biometric privacy class action exposure continues to grow.

Continue Reading Federal Court Dismisses Biometric Privacy Class Action Brought Against University, On Basis It Was a Regulated “Financial Institution”