Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: class action

Posted in International/EU Privacy

GDPR Is In Effect: The French Bill Has Been Adopted…But Referred to the French Constitutional Council

The General Data Protection Regulation entered into force on 25 May 2018. In light of the urgency to adapt Law no. 78-17 dated 6 January 1978 to the new European Union law, the French Government has initiated an accelerated procedure. This procedure led to the adoption in final reading by the French National Assembly of the bill on personal data protection on 14 May 2018. However, some French Senators lodged a constitutional complaint against the said law on 16 May 2018.

Posted in Cybersecurity & Data Breaches, Privacy & Security Litigation

Seventh Circuit Finds Article III Standing Following Data Breach, but Significant Hurdles Remain for Plaintiffs Seeking Recovery

In a move counter to the trending precedent in data breach litigation, the U. S. Court of Appeals for the Seventh Circuit ruled on July 20 that data breach plaintiffs whose personal information was potentially exposed in a confirmed hacking breach of a major retailer’s network alleged enough risk of harm to meet the standing requirements of Article III of the U.S. Constitution. Plaintiffs’ lawyers will herald this decision, but standing is only the first of many hurdles data breach plaintiffs must cross to proceed to the merits in data breach litigation.

Posted in Consumer Privacy, Privacy & Security Litigation

Federal Court Certifies Consumer Class Action Alleging comScore Violated Federal Privacy Laws by Exceeding Scope of Users’ Consent

A recent federal court opinion raises concerns that privacy cases alleging violations of a standard user license agreement may be susceptible to class certification.  Last week, the U.S. District Court for the Northern District of Illinois certified a class in a consumer privacy lawsuit against comScore, Inc.   Plaintiffs allege that comScore exceeded the scope of the […]

Posted in Consumer Privacy

Another Court Dismisses for Lack of Standing a Group of Privacy Cases Where Plaintiffs Failed to Allege Concrete Harm; Other Defects Noted

The trend towards dismissal for lack of standing in privacy cases where no concrete harm is alleged continues. On a motion to dismiss, a group of consolidated privacy lawsuits against Apple and others in the Northern District of California have been dismissed for lack of standing due to the absence of any allegation of concrete injury. The court rejected attempts to invent new damage theories and while leave to re-file was granted, the court made clear the high standards of pleading required for standing and also highlighted the other pleading defects in the case that would be disabling were the plaintiffs to try again.

Posted in Financial Privacy

Ninth Circuit Holds that Courts May Not Impose Limits on FACTA Class Certification Based on Disproportionality or the Potential for Huge Statutory Damages

The Ninth Circuit recently reversed and remanded a district court denial of class certification in a FACTA case, making it easier for class certification even where there was disproportionality between the potential liability and the actual harm suffered, where the potential damages were huge and where defendant engaged in good faith compliance.

Posted in Cybersecurity & Data Breaches

New Class of Data Security Breach Plaintiffs Possible If Maine Supreme Court Rules That Economic Harm Not Required

“Do time and effort alone, spent in a reasonable effort to avert reasonably foreseeable harm, constitute a cognizable injury under Maine common law?” That is the question a federal district judge in Maine has put to the Maine Supreme Court in the data security breach litigation involiving Hannaford Brothers. “If the Maine Law Court’s answer to the certified question on the cognizable harm issue favors the plaintiffs, the plaintiffs will have both a negligence claim and an implied contract claim.” Such a development could have a profound impact on the vulnerability of companies experiencing data security breaches to civil claims, something they so far largely have avoided.