The recently released Carlton Fields 2016 Class Action Survey reports that class actions are up for the first time in four years. While data privacy class actions still make up a relatively small portion of class action filings, their growth is expected to continue.

As class actions increase, arbitration clauses remain a popular first line of defense. The Carlton Survey reported that nearly 50 percent of companies employ arbitration clauses that address class actions.  Still, enforcing such arbitration clauses often generates mini-litigations in their own right.  Two recent decisions from the Fourth Circuit are of interest in this regard.

As we previously reported, EU and US officials have reached an agreement to implement a program known as the EU-US Privacy Shield.  The Privacy Shield is a successor to the US-EU Safe Harbor program, which was invalidated last year, and is the culmination of more than two years of

Consumers can expect many benefits from their cars’ increased data collection programs, running the gamut from simple location services like GPS and OnStar to “networked” cars that can communicate their location with other cars on the road to prevent accidents. In the near-future, data collection will even allow cars to care for themselves: technologies currently exist that can spot and diagnose internal mechanical problems long before such problems would have become apparent to a cars’ owner, and cars are increasingly able to download patches directly from their automaker without ever needing to be taken to a mechanic.

As is usually the case when it comes to big data however, the benefits that come from increased collection also bring dangers. Speaking on a panel at the Washington Auto Show last Wednesday, Federal Trade Commissioner Maureen K. Olhausen advised the crowd that as the collection and disseminated of data by cars continues to increase, the automotive industry will need take reasonable steps to secure car owner and driver information or face the possibility of federal enforcement actions.

Just one week after the milestone decision rendered by the CJEU (http://curia.europa.eu/juris/celex.jsf?celex=62014CJ0362&lang1=fr&type=TXT&ancre) to invalidate the Safe Harbor program established 15 years ago between the U.S. and the EU to facilitate the transfer of personal data from the EU to the U.S., a German data protection authority (DPA) of the state of Schleswig-Holstein (one of the German DPAs) issued a position paper where it states that, in its opinion:

  • Given the mass surveillance conducted by U.S. intelligence agencies, data subjects may not be able to provide effective informed consent to the transfer of their data to the U.S., which means that such a legal basis may not be able to be used to legally transfer personal data from Europe to the U.S.;
  • Model contractual clauses are not a reliable a tool to transfer personal data from Europe to the U.S. and data exporters should consider suspending such transfers under the model contracts.  To reach this conclusion, the German DPA relied on the fact that the clauses require the data importer to represent that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter. However, the German DPA agency reasoned, U.S. data importers are not in a position to give such a representation.

After a decision denying class certification last week, claims by Hulu users that their personal information was improperly disclosed to Facebook are limited to the individual named plaintiffs (at least for now, as the decision was without prejudice).

The plaintiffs alleged Hulu violated the federal Video Privacy Protection Act by configuring its website to include a Facebook “like” button.  This functionality used cookies that disclosed users’ information to Facebook.  But, the U.S. District Court for the Northern District of California credited expert evidence presented by Hulu that three things could stop the cookies from transmitting information: 1) if the Facebook “keep me logged in” feature was not activated; 2) if the user manually cleared cookies after his or her Facebook and Hulu sessions, or 3) if the user used cookie blocking or ad blocking software. 

This past month, the European Union’s Article 29 Data Protection Working Party (the “Working Party”) issued the Working Document 02/2013 providing new guidance on obtaining consent for cookies (“Working Document”). The Working Document sets forth various mechanisms which can be utilized by websites to obtain consent