Photo of David Fioccola

David Fioccola

Subscribe to David Fioccola's Posts

A seasoned litigator and trial lawyer, David Fioccola specializes in the defense of complex commercial disputes and consumer class actions. With more than 20 years of experience, David has tried cases in federal and state courts and before arbitral tribunals throughout the U.S. He regularly defends Fortune 500 companies in bet-the-company litigation as well as financial institutions against claims involving federal and state law violations, including antitrust laws, trust claims, and breach of contract.

David has extensive experience handling large-scale internal investigations and represents clients before U.S. federal and state agencies, including the Department of Justice, the Consumer Financial Protection Bureau, the Office of the Comptroller of the Currency, the Federal Trade Commission, and the Securities and Exchange Commission, and state agencies, such as the New York Department of Financial Services and state attorneys general. Moreover, he has significant experience counseling clients in various U.S. federal laws and statutes, including:

  • The Consumer Financial Protection Act
  • The Unfair, Deceptive, or Abusive Acts and Practices (UDAAP)
  • The Federal Antitrust laws
  • Americans with Disabilities Act (ADA)
  • The Fair Credit Reporting Act (FCRA)
  • The Fair Debt Collection Practices Act (FDCPA)
  • The Servicemembers Civil Relief Act (SCRA)
  • The RICO Act
  • The Truth in Lending Act (TILA)
  • The Telephone Consumer Protection Act (TCPA)
  • California’s Business and Professions Code § 17200

Prior to joining Proskauer, David was the co-chair of the Class Actions and Mass Torts Practice Group at Morrison & Foerster, and the Trial Practice Group.

Contact:Read more about David Fioccola

Key Takeaways:

  • The Ninth Circuit court of appeals reviewed three separate proposed class actions against Papa John’s International Inc., Converse Inc., and Bloomingdale’s, all centered on whether certain website tracking activities violated the California Invasion of Privacy Act (CIPA).
  • The plaintiffs in these cases alleged that companies unlawfully used technologies like “session replay” software and chatbots to monitor website visitors’ interactions, intercepting their information and transmitting it to third parties without consent, thereby violating CIPA Section 631.
  • The court assessed how CIPA, an older wiretapping law, applies to modern website tracking like session replay and chatbots, focusing on definitions of “interception” and “contents.”

Key Takeaways

  • In a recent decision by the Ninth Circuit in Briskin, the court ruled that e-commerce platform Shopify purposefully directed its conduct toward California because of its nationwide operations, rejecting the need for differential targeting of a forum state.
  • Notably, the court found a direct causal nexus between Shopify’s conduct and Briskin’s claims, deeming an exercise of specific jurisdiction over Shopify in California fair and reasonable.
  • Legal scholars are concerned that the decision could broadly expand the scope of specific personal jurisdiction and increase litigation risks for online platforms.
  • Companies should reassess their data practices and anticipate forum shopping by plaintiffs following Briskin.

Key Takeaways:

  • CPPA launched its first major enforcement action in targeting connected vehicle-maker Honda.
  • Connected vehicles often collect various kinds of sensitive driver information, including geolocation, biometric and behavioral data.
  • After the CPPA found Honda in violation of several CCPA provisions, the company agreed to settle the enforcement action for approximately $650,000 while also agreeing to adopt certain remedial measures.
  • Other Connected vehicle-makers have also experienced a spike in regulatory scrutiny, signaling rising enforcement pressure and growing expectations for privacy-by-design.

Key Takeaways:

  • Ed tech company PowerSchool’s recent breach exposed the data of approximately 60 million students and 10 million educators.
  • Hacker gained access via a compromised employee password and remained undetected for nine days.
  • Sensitive personal data, including Social Security numbers and medical histories, was potentially compromised, raising a number of legal and regulatory concerns.
  • The breach underscores the urgent need for stronger third-party oversight and security requirements.

2024 marked another significant year for privacy law, with new state legislation and high-stakes litigation reshaping the landscape. Legal battles over tracking technologies, biometric data, and children’s privacy intensified, while federal agencies, including the Federal Trade Commission (“FTC”) and the U.S. Department of Health and Human Services Office for Civil Rights (“HHS OCR”), ramped up their efforts through major enforcement actions and high-profile settlements, marking a new era of increased accountability.

As part of our commitment to keeping you informed of new regulatory developments and their potential implications, we have highlighted recent statements by federal officials concerning loyalty programs, such as those involving airline miles and credit card points. These comments signal a potential shift in how these programs are viewed under consumer protection laws, and the plaintiffs’ bar is likely to take notice.