In a recently filed class action lawsuit, the plaintiffs allege Uber Technologies, Inc. (“Uber”) sent autodialed text messages to individuals after those individuals opted out of the messages by texting back “stop,” which, the plaintiffs allege, would be a violation of the Telephone Consumer Protection Act (“TCPA”). The class representative is an Uber driver applicant who allegedly provided his telephone number during the application process, which he never completed. Uber then purportedly began sending him text messages inquiring whether he needs help finishing his application. The plaintiff allegedly replied back “stop” on numerous occasions and Uber’s automated system ostensibly responded to these “stop” requests with a confirmation text stating “SMS from Uber is now disable. To re-enable, reply START.” But it apparently did not stop there. After continuously receiving text messages from Uber, the plaintiff allegedly deleted his Uber rider account, which was confirmed (you guessed it!) with a text message from Uber.
On May 16, 2016, the Supreme Court decided Spokeo, Inc. v. Robins, ruling that a plaintiff must sufficiently allege an injury that is both concrete and particularized in order to have Article III standing, and further that a “bare procedural violation” of a plaintiff’s statutory right may not be sufficiently “concrete” under this analysis. This ruling has the potential to affect class actions generally, but may prove especially influential in privacy and data security class actions. Read the full post on our Commercial Litigation Blog.
This month, the Federal Trade Commission (FTC) issued guidance on privacy and security best practices for health-related mobile apps, such as fitness apps connected with wearables, diet and weight loss apps, and health insurance portals. At the same time, the FTC unveiled an interactive tool designed to direct health app developers to federal laws and regulations that may apply to their apps. The Mobile Health Apps Interactive Tool, which is the product of collaboration among the FTC, Department of Health and Human Services’ Office of National Coordinator for Health Information Technology (ONC), Office for Civil Rights (OCR), and the Food and Drug Administration (FDA), seeks to unify guidance in a space governed by a complicated web of legal requirements. It also signals the continued focus of regulators on the protection of consumer health information in this rapidly evolving space.
On Wednesday, the EU’s Article 29 Working Party issued its much-anticipated statement on the viability of the proposed EU-US Privacy Shield. As we’ve detailed previously, EU and US officials reached agreement on the Privacy Shield arrangement, which was meant to serve as a replacement for the invalidated Safe Harbor program, back in February, and released details of the Privacy Shield scheme a few weeks later. Observers then began eagerly awaiting the Article 29 Working Party’s opinion on the Privacy Shield, because even though the group’s opinion is not binding on the European Commission – which is responsible for shepherding the Privacy Shield through the approval and adoption process – it nevertheless may prove influential as that process moves forward. Continue Reading
After a decade of winding its way through the legislative process, Turkey’s new Data Protection Law entered into force on April 7. Although Turkey previously had a few sectoral data protection laws on the books, this is the first time the country has had an omnibus data protection law. Although details remain somewhat scant at this point, this new law deserves the attention of any company that conducts business in Turkey or collects the personal data of customers, employees, or other individuals located in Turkey.
The recently released Carlton Fields 2016 Class Action Survey reports that class actions are up for the first time in four years. While data privacy class actions still make up a relatively small portion of class action filings, their growth is expected to continue.
As class actions increase, arbitration clauses remain a popular first line of defense. The Carlton Survey reported that nearly 50 percent of companies employ arbitration clauses that address class actions. Still, enforcing such arbitration clauses often generates mini-litigations in their own right. Two recent decisions from the Fourth Circuit are of interest in this regard.
Co-authored by Geoffrey Roche
On March 10, 2016, the French data protection agency (« CNIL ») pronounced a €100.000 ($111,715) fine against Google Inc. for failure to comply with its formal injunction of May, 2015 ordering the company to extend delisting to all the search engine’s extensions. Continue Reading