New Media and Technology Law Blog

Personal Email Management Service Settles FTC Charges over Allegedly Deceptive Statements to Consumers over Its Access and Use of Subscribers’ Email Accounts

This week, the FTC entered into a proposed settlement with Unrollme Inc. (“Unrollme”), a free personal email management service that offers to assist consumers in managing the flood of subscription emails in their inboxes. The FTC alleged that Unrollme made certain deceptive statements to consumers, who may have had privacy concerns, to persuade them to grant the company access to their email accounts. (In re Unrolllme Inc., File No 172 3139 (FTC proposed settlement announced Aug. 8, 2019).

This settlement touches many relevant issues, including the delicate nature of online providers’ privacy practices relating to consumer data collection, the importance for consumers to comprehend the extent of data collection when signing up for and consenting to a new online service or app, and the need for downstream recipients of anonymized market data to understand how such data is collected and processed.  (See also our prior post covering an enforcement action involving user geolocation data collected from a mobile weather app). Continue Reading

Finding Article III Standing, Ninth Circuit Declines to Do an About-Face in Illinois Biometric Privacy Class Action against Facebook

In an important opinion, the Ninth Circuit affirmed a lower court’s ruling that plaintiffs in the ongoing Facebook biometric privacy class action have alleged a concrete injury-in-fact to confer Article III standing and that the class was properly certified. (Patel v. Facebook, Inc., No. 18-15982 (9th Cir. Aug. 8, 2019)). Given the California district court’s prior rulings which denied Facebook’s numerous motions to dismiss on procedural and substantive grounds, and the Illinois Supreme Court’s January 2019 blockbuster ruling in Rosenbach, which held that a person “aggrieved” by a violation of the Illinois Biometric Information Privacy Act (“BIPA”) need not allege some actual injury or harm beyond a procedural violation to have standing to bring an action under the statute, the Ninth Circuit’s decision was not entirely surprising. Still, the ruling is significant as a federal appeals court has ruled on important procedural issues in a BIPA action and found standing. The case will be sent back to the lower court with the prospect of a trial looming, and given BIPA’s statutory damage provisions, Facebook may be looking at a potential staggering damage award or substantial settlement.      Continue Reading

Facebook Shielded by CDA Immunity against Federal Claims for Allowing Use of Its Platform by Terrorists

In recent years, there have been a number of suits filed in federal courts seeking to hold social media platforms responsible for providing material support to terrorists by allowing members of such groups to use social media accounts and failing to effectively block their content and terminate such accounts. As we’ve previously written about, such suits have generally not been successful at either the district court or circuit court level and have been dismissed on the merits or on the basis of immunity under Section 230 of the Communications Decency Act (CDA).

This past month, in a lengthy, important 2-1 decision, the Second Circuit affirmed dismissal of federal Anti-Terrorism Act (ATA) claims against Facebook on CDA grounds for allegedly providing “material support” to Hamas. The court also declined to exercise supplemental jurisdiction over plaintiff’s foreign law claims. (Force v. Facebook, Inc., No. 18-397 (2d Cir. July 31, 2019)).  Despite the plaintiffs’ creative pleadings that sought to portray Facebook’s processing of third-party content as beyond the scope of CDA immunity, the court found that claims related to supplying a communication forum and failing to completely block or eliminate hateful terrorist content necessarily treated Facebook as the publisher of such content and were therefore barred under the CDA.  Continue Reading

Ticketmaster Reaches Settlement with Ticket Broker over Unauthorized Use of Automated Bots

In early July, Ticketmaster reached a favorable settlement in its action against a ticket broker that was alleged to have used automated bots to purchase tickets in bulk, thus ending a dispute that produced notable court decisions examining the potential liabilities for unwanted scraping and website access. (Ticketmaster L.L.C. v. Prestige Entertainment West Inc., No. 17-07232 (C.D. Cal. Final Judgment July 8, 2019)).

In the litigation, Ticketmaster alleged that the defendant-ticket broker, Prestige, used bots and dummy accounts to navigate Ticketmaster’s website and mobile app to purchase large quantities of tickets to popular events to resell for higher prices on the secondary market. Under the terms of the settlement, Prestige is permanently enjoined from using ticket bot software to search for, reserve or purchase tickets on Ticketmaster’s site or app (at rates faster than human users can do using standard web browsers or mobile apps) or circumventing any CAPTCHA or other access control measure on Ticketmaster’s sites that enforce ticket purchasing limits and purchasing order rules.  Prestige is also barred from violating Ticketmaster’s terms of use or conspiring with anyone else to violate the terms, or engage in any other prohibited activity. Continue Reading

New York Court Finds Warhol Series to be Fair Use of Prince Photograph

Earlier this month, in The Andy Warhol Foundation for the Visual Arts, Inc. v. Goldsmith, No. 17-cv-2532 (S.D.N.Y. July 1, 2019), a New York district court granted the Andy Warhol Foundation for the Visual Arts’ (“AWF”) motion for summary judgment that Warhol’s series of screen prints and silkscreen paintings (the “Prince Series”) did not infringe Lynn Goldsmith’s (“Goldsmith”) original 1981 photograph of the musician Prince, ruling that the Warhol works were transformative and qualified as fair use. Continue Reading

Web Scraping Decisions Consider Contract Cause of Action

Two recent web scraping disputes highlight some important issues regarding whether a website owner may successfully allege a breach of contract action against a commercial party that has scraped website content contrary to “clickwrap” and “browsewrap” website terms of use.

In Southwest Airlines Co. v. Roundpipe, LLC, No. 18-0033 (N.D. Tex. Mar. 22, 2019), a Texas district court declined to dismiss Southwest Airlines Co.’s (“Southwest”) breach of contract claim against an entity that scraped airfare data from Southwest’s site in violation of the website terms of use. Southwest brought multiple claims against Roundpipe, LLC (“Roundpipe”) after it discovered that Roundpipe had created a website, SWMonkey.com, that, using scraping, sent consumers notifications if their Southwest ticket prices decreased after purchase (which would presumably allow them to exchange the original ticket for a lower-priced ticket).

Southwest’s website terms prohibited scraping or the use of any automated tools to access its fares or other content. Soon after the launch of SWMonkey, Southwest sent a cease and desist letter stating that Roundpipe was obtaining Southwest’s data in violation of the website terms, among other reasons, and demanded that the site be taken down.  After negotiations and additional correspondence from Southwest, Roundpipe shut down the website and disabled its scraping and fare tracking functionality. Continue Reading

Locksmiths Locked Out: Court Affirms Immunity for Use of Tools That Portray Third-Party Content Pictorially or as an Aggregate Metric

In the past few months, there have been a number of notable decisions affirming broad immunity under the Communications Decency Act (CDA), 47 U.S.C. §230(c), for online providers that host third party content. The beat goes on, as in late May, a Utah district court ruled that the Tor Browser, which allows for anonymous communications and transactions on the internet, was protected by CDA Section 230 for a website’s sale of illegal substances to a minor on the dark web via the Tor Browser.

More recently, the D.C. Circuit affirmed the dismissal of claims brought by multiple locksmith companies (the “plaintiffs”) against the operators of the major search engines (the “defendants” or “providers”) for allegedly publishing the content of fraudulent locksmiths’ websites and translating street-address and area-code information on those websites into map pinpoints that were displayed in response to user search requests. (Marshall’s Locksmith Service v. Google LLC, No. 18-7018 (D.C. Cir. June 7, 2019)). According to the plaintiffs, by burying legitimate locksmiths listings (with actual, local physical locations) beneath so-called “scam” listings from locksmith call centers that act as lead generators for subcontractors, who may or may not be fully trained, plaintiffs’ legitimate businesses suffered market harm and were forced to pay for additional advertising. (Beyond this case, the issue of false local business listings appearing in Google Maps remains an ongoing concern, according to a report from the Wall Street Journal yesterday). Continue Reading

Browsewrap Terms Enforced Due to Customer Knowledge of Existence of Terms

Last month, a California district court granted a web-based service’s motion to compel arbitration of a putative class action brought by a user whose personal information was allegedly accessed in a massive 2016 data breach that involved 339 million user accounts. (Gutierrez v. FriendFinder Networks Inc., No. 18-05918 (N.D. Cal. May 3, 2019)). While the opinion noted that courts in the Ninth Circuit are traditionally “reluctant to enforce browsewrap agreements against individual consumers,” the outcome of the case suggests that enforcement of website terms is not just a straight up-or-down analysis of the method used to present the terms to the user but may involve tangential, yet important interactions between the user and the site outside the initial registration process.  Continue Reading

Fourth Amendment Appeal before Georgia Supreme Court over Airbag Crash Data Could Have Implications for Autonomous Cars and Related Technologies

Today, the Georgia Supreme Court is set to hear oral argument in an appeal brought by a defendant convicted of vehicular homicide and other charges related to a fatal car crash. (Mobley v. State, No. S18C1546).  The defendant is appealing the lower court’s order that denied his motion to suppress evidence that was downloaded and obtained from the car’s airbag control module by the police without a search warrant at the scene of the accident (note: a search warrant was obtained for the physical device the next day). Thus, the principal issue in the appeal is whether a search warrant was required to retrieve the data from the vehicle’s airbag control module. Continue Reading

LexBlog