In an effort to modernize communications, the Federal Communications Commission (“FCC”) decided to allow cable operators to deliver general subscriber notices required under so-called Subpart T rules (47 CFR §§ 76.1601 et seq.) to verified customer email addresses. This decision was announced through a Report and Order on November 15, 2018. This update is part of the greater trend towards using electronic communications and electronic contracting to replace paper as supported by the federal Electronic Signatures in Global and National Commerce Act (“E-Sign Act”) and related state laws. The E-Sign Act allows electronic records to satisfy legal requirements that certain information to be provided in writing if the consumer has affirmatively consented to such use. However, the E-Sign Act allows federal agencies like the FCC to exempt a specified category or type of record from the normally required consent requirements if it makes the agency’s requirements less burdensome and does not harm consumers. In this case, based on an understanding that it would be impractical for cable operators to attempt to receive permission from each individual customer prior to initiating electronic delivery of these general notices, the FCC waived the consent requirement pursuant to their discretion under the E-Sign Act. Continue Reading
“Cyberattack” Campaign That Purportedly Flooded YouTube Channel with “Dislikes” Not a CFAA Violation
A recent dispute between an advertiser AXTS Inc. (“AXTS”) and a video production company GY6vids (“GY6”) produced an interesting issue involving the federal Computer Fraud and Abuse Act (CFAA) – that is, whether an entity that allegedly overloaded another company’s YouTube channel content with a flood of “dislikes” following a contractual dispute is liable under the CFAA for accessing a protected computer “without authorization.” (AXTS Inc. v. GY6vids LLC, No. 18-00821 (D. Ore. Oct. 24, 2018)).
We have been closely monitoring the evolving state of the law regarding CFAA liability for certain commercial web scraping and related practices. The instant case between AXTS and GY6 is a little different in that the claim did not arise from AXTS’s alleged access to video content stored on GY6’s network, but publically-accessible videos stored on a third-party’s (e.g., YouTube) servers. Continue Reading
Illinois Supreme Court To Decide Scope of Illinois Biometric Privacy Law
On November 20, 2018, the Illinois Supreme Court heard oral argument on whether a company’s technical violation of the Illinois Biometric Information Privacy Act (“BIPA”) is sufficient to confer standing or whether a plaintiff must allege actual harm resulted from the violation. (Rosenbach v. Six Flags Entertainment Corp. et al., No. 123186) (prior decision). The Court’s forthcoming decision will have significant implications for Illinois employers and businesses given the enormous wave of BIPA class actions. [Please see our posts here and here for background on BIPA developments].
Read the full post about the Illinois Supreme Court argument on our Law and the Workplace blog. Continue Reading
Defend Trade Secrets Act Claims Subject to CDA Section 230 Immunity
In what is one of the most recent attempts to circumvent the immunity provided in Section 230 of the Communications Decency Act (“CDA” or “CDA Section 230”), the United States District Court for the District of Massachusetts made it clear that claims brought under the Defend Trade Secrets Act (18 U.S.C. §§ 1836, et seq.) (“DTSA”) are not exempt from the scope of CDA immunity. In Craft Beer Stellar, LLC v. Glassdoor, Inc., No. 18-10510, 2018 U.S. Dist. LEXIS 178960 (D. Mass. Oct. 17, 2018)), the district court found that, as stated in the DTSA itself, the DTSA is not an “intellectual property” law, and is therefore not excluded from the scope of the immunity provisions that protect online service providers from being treated as a publisher or distributor of third-party content. The ruling is a victory for online providers, affirming a robust interpretation of CDA immunity and representing what is likely the first judicial view on how federal trade secret claims should be treated under CDA Section 230. Continue Reading
WSJ Article on Geolocation Data Highlights Risks for Fund Managers
Last week the WSJ published an article detailing how companies are monetizing smartphone location data by selling it to hedge fund clients. The data vendor featured in the WSJ article obtains geolocation data from about 1,000 apps that fund managers use to predict trends involving public companies. However, as we’ve noted, the use of alternative data collection for investment research purposes may give rise to a host of potential issues under relevant laws.
Read the full post on our The Capital Commitment blog.
Biometric Suits Continue, Including Recent Action Against IoT Company
Last December, we noted the continuing robust wave of Illinois biometric privacy suits. At that time, dozens of suits had been filed in Illinois state court against Illinois-based employers and other businesses alleging violation of Illinois’s Biometric Information Privacy Act (BIPA), which generally regulates the collection, retention, and disclosure of personal biometric identifiers and biometric information, and encourages businesses that collect such personal data to employ reasonable safeguards. More and more BIPA actions against employers and businesses based upon alleged violations of the notice and consent provisions of the statute continue to be filed, even as the Illinois Supreme Court considers the appeal of the Rosenbach decision. In that case, the Illinois Supreme Court will presumably answer the question of whether a person “aggrieved” by a violation of BIPA must allege some injury or harm beyond a procedural violation. The ruling will certainly have an effect on the pending lawsuits alleging mere procedural BIPA violations. Continue Reading
Illinois Appellate Court Reinstates Biometric Privacy Action, Finding Potential Harm in Alleged Disclosure of Fingerprint to Outside Vendor
Late last month, an Illinois appellate court reversed a lower court’s dismissal of biometric privacy claims against a tanning salon franchisee that had collected the plaintiff’s fingerprint to allow entry in its own salon and any L.A. Tan salon location nationwide. (Sekura v. Krishna Schaumburg Tan, Inc., 2018 IL App (1st) 180175 (Ill. App. Sept. 28, 2018)). The plaintiff alleged that the tanning salon violated the Biometric Information Privacy Act (BIPA), which regulates the collection, retention, and disclosure of personal biometric identifiers and biometric information, by collecting her fingerprints without obtaining the required written release and providing the required disclosure concerning its retention policy, and further by disclosing her fingerprints to a third-party vendor. [Note: In 2016, in a separate suit, the same plaintiff settled BIPA claims with L.A. Tan Enterprises, Inc., operator (directly and through franchisees) of L.A. Tan tanning salons]. Continue Reading
Common Software Licensing Language at Issue in IP Dispute
Licensors of software typically utilize software license agreements providing for their ownership of the licensed software and related IP, as well as restrictions barring licensees from reverse engineering the code at issue. The scope of protection, of course, depends on the final language of the licensing agreement and disputes can arise when licensees decide to develop similar software in-house, or with a third party. Indeed, a recent case, Ford Motor Co. v. Versata Software Inc., No. 15-10628 (E.D. Mich. Sept. 7, 2018), tackled some of these issues. Continue Reading
Site Cannot Compel Arbitration Based upon Later-Amended Terms without Showing Adequate User Notification of Change
A D.C. district court ruled that an eBay user did not assent to a later-added arbitration clause to the user agreement by virtue of a provision that stated eBay could amend the agreement at any time, as the user may not have received sufficient notice of the amendment. (Daniel v. eBay, Inc., No. 15-1294 (D.D.C. July 26, 2018)). Notably, the court declined to find adequate notice sufficient to demonstrate an agreement to arbitrate merely based on the fact that the amended user agreements were posted on eBay’s website (at least under Utah, Louisiana or Texas law). This case is interesting as many websites and services have added mandatory arbitration clauses to their terms in recent years, yet may have a stable of legacy users that agreed to a prior set of terms that did not contain such a provision. Continue Reading
In a Divided Opinion, California Supreme Court Squashes End Run around CDA Immunity That Sought to Compel a Non-Party Online Platform to Remove Defamatory Content
In a closely-followed dispute, the California Supreme Court vacated a lower court order, based upon a default judgment in a defamation action, which had directed Yelp, Inc. (“Yelp”), a non-party to the original suit, to take down certain consumer reviews posted on its site. (Hassell v. Bird, No. S235968, 2018 WL 3213933 (Cal. July 2, 2018)). If the plaintiffs had included Yelp as a defendant in the original suit, such a suit would have likely been barred by Section 230 of the Communications Decency Act (“CDA” or “CDA Section 230”); instead, the plaintiffs adopted a litigation strategy to bypass such legal immunities. In refusing to allow plaintiff’s “creative pleading” to avoid the CDA, the outcome was a win for online companies and platforms that host user-generated content (“A Case for the Internet,” declared Yelp). Continue Reading
