Articles Posted in Privacy Law

Published on:

After three dismissals, a class-action consumer lawsuit filed against Barnes & Noble over a 2012 data breach has been sent back to the U.S. District Court for the Northern District of Illinois.

In September of 2012, Barnes & Noble became aware that their credit card scanners had been compromised by “skimmers” which would collect the data from the credit cards that were swiped and transfer them to a third party, which would then sell the information online. Barnes & Noble waited a month before alerting their customers to the data breach, so in addition to allegations that Barnes & Noble failed to properly protect its customers’ data, the class action lawsuit further alleged the bookstore had violated the California Security Breach Notification Act.

Nevertheless, the district court dismissed the case three times. The class of plaintiffs appealed to the Seventh Circuit Court of Appeals, which reversed the decision to dismiss it and sent the case back to the district court.

One plaintiff’s accounts were frozen for three days, meaning she had no access to her own funds in that time period. Another plaintiff had their credit card inactivated for a week, thereby denying them the use of that card. Yet another plaintiff reinstated credit monitoring on their card, which is an additional charge of $17.99 per month. Still another plaintiff was unable to receive the value of their Barnes & Noble’s bargain. Continue reading

Published on:

It was only a matter of time that a backlash would occur against one of the largest social media networks.  This time, it was because of breach of trust issues.  It was the Presidential campaign of Donald Trump that saw the retention of private data of 50 million Facebook users, despite their attempts at claiming to have deleted it. The most recent case has been filed in Cook County, Illinois.  That claim included allegations similar to the other pending lawsuits against Facebook that will be tried in the federal court.  In the complaint, an argument is made that Facebook, Cambridge Analytica, and its corporate parent, SCL Group, violated users’ privacy when they violated Illinois laws against fraud.  In their response, Mark Zuckerburg and other Facebook executives called their actions a “breach of trust.”

The public at large was concerned about the mass data collection encouraged by Facebook, which assisted developers to build on the platform and provide greater insight into market manipulation and user behavior.  It was clearly written in the complaint that, “Facebook is not a social media company; it is the largest data-mining operation in existence.”  On top of that, Cook County is the second-largest county in the USA, behind Los Angeles County.  For that reason, from an international perspective, the case also has the ability to garner a high level of interest. It must be noted that this suit is not the first of technology-based lawsuits when it comes to privacy.

The fact of the matter is simply this: knowledge of your data can make millions, and this is exactly what Facebook did.  Users of Facebook feel violated enough to go ahead and file suit.  Members whose information was collected by Cambridge Analytica, the same firm that worked closely with the Trump campaign.  Facebook had known about the security breaches and did nothing to protect its users is what is alleged in the complaint.  Users also have a higher risk of identity theft as a result.  At the very least, Facebook acted negligently. Moreover, it is not just members of Facebook that are filing.  Investors have also come on board, in the making of “misleading statements” and they failed to disclose details about party access to data which is the reason why Facebook stocks have fallen. The officers of Facebook owed a fiduciary duty to investors to deal truthfully and honestly with them.   Because of the global reach, it is likely that more venues and jurisdictions will be involved.  Out of all, the most direct liability is against Cambridge Analytica.  They have violated city, state and Federal laws. The reputation of both companies is at stake as well. Continue reading

Published on:

Google has been sued in the past and is being sued in the future.  The last time, within the USA, this time within the UK.  The accusation is for collecting personal data of millions within the UK and is the first of its kind of massive legal action.  Within the USA, this kind of case is yet to be tested.

People feel that their privacy is invaded when it harvests information by settings on iPhones, through use of cookies which collect information on devices to target advertising that will be received by users.  Apparently, this has been a trend in place since 2011 for persons that choose to implement Safari on their devices.

On what basis will people sue?  The abuse of trust is what people feel most strongly about.  A strong message from the people is being made in asserting that individuals values their rights above any abuse received due to technology giants in the Silicon Valley.  Abuse occurs when rights are violated by a breach of privacy.  Procedural and jurisdictional violations have been made by non-disclosure and this sets up a basis for grounds of the suit. Google plans to still contest on the grounds of no basis.  Some law firms have taken up a similar claim within the USA.  While no precedent has been set in the UK, there has been grounds in the USA.   Google agreed to pay a record $22.5m in a case brought by the US Federal Trade Commission (FTC) on the same issue in 2012.

The record of large civil penalties to settle Federal Trade Commission charges alleged misrepresentation to users of Apple Inc.’s Safari Internet browser that it would not place tracking “cookies” or serve targeted ads to those users, violating an earlier privacy settlement between the company and the FTC. The FTC wanted to ensure that it lived up to the privacy it offered consumers.  The order that was made required Google to disable all tracking cookies and pay a civil penalty.  Continue reading

Published on:

Vendors who share customers’ personal identifying information (name, email address, phone number, zip code, etc.) is a major issue in the world of consumer law today. Vendors (particularly online and mobile vendors) are often tempted to take a customer’s payment information and then sell it to a third party after the transaction has been completed. That third party can then use the customer’s information however they want.

Because of consumers’ numerous complaints about the flagrant mishandling of their personal information, many companies have begun either revealing in their Terms of Service contracts that they might distribute a customer’s personal information, or promising not to reveal their customers’ personal information to a third party, unless it’s required to complete a transaction, or for legal reasons. When given an option between a vendor that sells personal information and a similar vendor that maintains their customers’ privacy, most customers will choose the vendor that respects their privacy.

This issue is at the heart of a recent consumer class action lawsuit filed against Google in California. The company’s Wallet users, who can buy apps through Google Play, agreed to Google’s Terms of Service and privacy policy every time they purchased an app through Google’s Wallet feature. According to the consumer lawsuit, Google’s Terms of Service assure customers their private information will not be shared with any third-party vendors unless it is necessary to do so in order to complete the transaction, or for legal purposes. But the lawsuit alleges that, despite these promises, Google shared the personal information of its Wallet customers with third parties, even after having completed the purchase. Continue reading

Published on:

Violations of the Telephone Consumer Protection Act (TCPA) are subject to a judgment of anywhere from $400 per call to $1,200 per call, depending on whether the court deems the defendant to have been deliberately willful in its violation of consumers’ privacy.

The TCPA was enacted shortly after cell phones became prominent in the market and cell phone users were charged for the calls they received, as well as those they made. To protect consumers from having to pay for promotional calls they didn’t want to receive on their cell phones, legislators came up with the TCPA, which makes it illegal for companies to call consumers on their cell phone in a non-emergency situation, unless the company has received the consumers’ express permission to do so.

According to U.S. District Judge Catherine C. Eagles, Dish Network LLC earned the highest judgment for the promotional calls they had made to consumers using Satellite Systems Network and allegedly failing to properly regulate the calls that company made on Dish’s behalf.

The lawsuit was filed in 2014 by Thomas Krakauer, who claimed he received multiple calls from SSN on Dish’s behalf from 2009 to 2011, despite being on the National Do-Not-Call Registry. Since he filed is class action against those two companies, the North Carolina federal court has certified two more class actions with similar claims of having received telemarketing calls from Dish or SSN between 2010 and 2011.

In Krakauer’s case, the jury found that SSN had placed more than 51,000 promotional phone calls in violation of the TCPA in the relevant time period and awarded damages to the plaintiffs of $400 for each phone call, bringing the total to about $20.5 million.

But Judge Eagles found that treble damages were warranted, since Dish had willfully violated the TCPA by failing to oversee SSN’s telemarketing practices, despite having promised regulators it would do so. Judge Eagles therefore raised the damages to $1,200 per illegal phone call for a total of $61 million. Continue reading

Published on:

Many people have long given up the hope of having any privacy when we’re online. From cookies to tracking search results to targeted advertising, it’s pretty widely accepted that the internet is not a private place, although many users continue to insist internet companies stop tracking our every move.

Back in 2010, Facebook was storing digital cookies on consumers’ internet browsers and using those cookies to track the users’ visits to other sites that contained Facebook’s “like” button (which allows viewers to post a like of the article or website to their Facebook account without leaving the page). The tracking continued even after users had logged out of their Facebook accounts.

Facebook had promised consumers it would delete the cookies, but the company continued to access information on the cookies until 2011, when an independent researcher brought the issue to the attention of the public. At that point, a class of plaintiffs sued Facebook for allegedly violating federal and California state privacy laws by using the cookies. The time period for the lawsuit goes from April 2010, when the company said it had stopped using cookies, to September 2011, when the tech giant actually stopped using the cookies after it had been outed.

Although a lot can change in five years, the plaintiffs are still pursuing their claims against Facebook, having revised their allegations after the judge dismissed their original claims in the fall of 2015. Continue reading

Published on:

As more and more of our personal information ends up online (either through our own actions or someone else’s) we must all be increasingly vigilant about taking the necessary steps to insure our privacy from hackers. Businesses and website hosts need to be especially careful about protecting themselves from liability in the event of a data breach.

Class action lawsuits claiming damages against businesses that allegedly did not take the proper measures to protect against security breaches have been popping up with increasing frequency all over the country, but depending on the case, proving actual damages can be easier said than done.

Most, if not all, banks and credit card companies offer identity theft protection – for a fee. They’ll cover the costs of any unverified charges if your information gets stolen, but only if you pay them a monthly fee. The fee is usually around $5/month, but even that can be prohibitive for low-income consumers. As a result, most plaintiffs suing as a result of a data breach at least sue for the costs of purchasing identity theft protection. Continue reading

Published on:

A recent class action lawsuit filed against Facebook may end up having far-reaching implications for large companies that do business all over the country. The lawsuit has to do with the facial recognition technology the social media company utilizes to allow users to “tag” themselves and each other in photos that get posted on the site.

The named plaintiffs of the class action lawsuit sued Facebook in Illinois for allegedly violating the Illinois Biometric Information Privacy Act (BIPA). The law requires companies using facial-recognition software to inform their customers of the facial-geometry data that is being collected, how long the information is stored for, and how it gets used.

The law also requires companies to get a written release from consumers to authorize the company to collect the data. Negligent violations of BIPA come with statutory damages of $1,000 and $5,000 for violations that are considered to be intentional and reckless. Continue reading

Published on:

It is common for parties involved in a lawsuit, especially a large class action, to settle their legal claims outside of court, instead of pursuing the dispute all the way to a court ruling. But just because one party makes an offer, does not mean the other party is required to accept that offer. Each side will agree to or reject an offer to settle the dispute based on a number of factors, of which the amount of the settlement is just one.

In some cases involving statutory damages, such as allegations of violating the Telephone Consumer Protection Act (TCPA), if a defendant offers to pay the lead plaintiff all actual and statutory damages in full, the plaintiff’s claims are considered null and void, regardless of whether the plaintiff accepts the terms of the settlement. This allows defendants to avoid a large and costly class action lawsuit by paying off the claims of just one plaintiff. But that recently changed with a ruling by the Supreme Court. Continue reading

Published on:

The drastic advances in technology that have happened in recent years make many aspects of modern living much easier, but they have also put certain aspects of our lives at risk that were never at risk before. For example, as people use cash less and less and increasingly rely on their credit cards to pay for their everyday purchases, more and more people have had their credit cards compromised and used to pay for purchases they never authorized. It is now common for credit card companies to offer credit card protection, in which users won’t be made to pay for purchases they did not authorize, but credit card companies usually charge an extra fee for that protection.

Data security is doing its best to keep up with the hackers, but that’s not always possible. Many companies, especially large chains, have suffered data breaches in which hackers illegally gain access to customers’ credit card information. Since it is often very difficult, if not impossible, to locate and prosecute the hackers themselves, the company that suffered the data breach is often faced with a class action lawsuit from customers who had their credit card information exposed as a result of the company’s failure to have the proper protections in place. Continue reading