In a recent ruling, a California district court held that Apple, as operator of that App Store, was protected from liability for losses resulting from that type of fraudulent activity. (Diep v. Apple Inc., No. 21-10063 (N.D. Cal. Sept. 2, 2022)). This case is important in that, in

We have been closely following the legal and legislative developments relating to biometric privacy, and in particular, the flow of litigation under the Illinois biometrics privacy law.   It was interesting to see how the Illinois law (as well as a similar Texas law) influenced Google’s  offering of a new facial recognition feature on the Google Arts & Culture app. (It is also interesting to note that the media coverage of the app has made the Illinois and Texas laws subjects of mainstream discourse.)

The Google Arts & Culture app, which was originally released a couple years ago, offers users virtual tours of museums and a searchable database of other art-related content.  What recently made it one of the hottest free apps is a new entertaining tool that compares a selfie to a database of great works of art and presents the results that most closely match the user’s face.  [Note: My classical art doppelgänger is “Portrait of a Gentleman in Red” by Rosalba Carriera. What’s yours?].  However, out of an apparent abundance of caution, Google has disabled this art-twinning function in Illinois and Texas, presumably because those states have biometric privacy laws that regulate the collection and use of biometric identifiers like facial templates; while the Texas statute can only be enforced by the state attorney general, Illinois’s Biometric Information Privacy Act (BIPA) contains a private right of action and remedies that include statutory damages. Interestingly, Washington users are able to access this tool, despite Washington having enacted its own biometric privacy law last year.  Perhaps that is because, as described in the referenced blog post, compliance under the Washington statute is less demanding than under the Illinois or Texas statutes.

Craigslist has used a variety of technological and legal methods to prevent unauthorized parties from violating its terms of use by scraping, linking to, or accessing user postings for their own commercial purposes. For example, in April, craigslist obtained a $60.5 million judgment against a real estate listings site that had allegedly received scraped craigslist data from another entity. And craigslist recently reached a $31 million settlement and stipulated judgment with Instamotor, an online and app-based used car listing service, over claims that Instamotor scraped craigslist content to create listings on its own service and sent unsolicited emails to craigslist users for promotional purposes.  (Craigslist, Inc. v. Instamotor, Inc., No. 17-02449 (Stipulated Judgment and Permanent Injunction Aug. 3, 2017)).  

In Yershov v. Gannett Satellite Information Network, Inc., a user of the free USA Today app alleged that each time he viewed a video clip, the app transmitted his mobile Android ID, GPS coordinates and identification of the watched video to a third-party analytics company to create user profiles for the purposes of targeted advertising, in violation of the Video Privacy Protection Act (VPPA). When we last wrote about this case in May, the First Circuit reversed the dismissal by the district court and allowed the case to proceed, taking a more generous view as to who is a “consumer” under the VPPA.

On remand, Gannett moved to dismiss the complaint again for lack of subject matter jurisdiction, contending that the complaint merely alleges a “bare procedural violation” of the VPPA, insufficient to establish Article III standing to bring suit under the standard enunciated in the Supreme Court’s Spokeo decision. In essence, Gannett contended that the complaint does not allege a concrete injury in fact, and that even if it did, the complaint depends on the “implausible” assumption that the third-party analytics company receiving the data maintains a “profile” on the plaintiff.