The DMCA includes provisions directed to copyright infringement on the Internet, notice and takedown procedures for copyright owners to report claimed infringement and safe harbors from copyright infringement liability for online service providers. Generally, online service providers are considered to be any provider of online services or network access, such as, Internet service providers, websites, hosting companies, mobile app publishers, others that allow users to post or store material on their systems, and search engines, directories, and other information location tools, etc. Continue Reading Online Service Providers – Important Update – Copyright Safe Harbor
While the New Jersey Truth-in-Consumer Contract, Warranty and Notice Act (the TCCWNA) has been around for over 30 years, there has been a recent surge in the filing of class action lawsuits under the statute against businesses engaged in e-commerce. The statute was enacted in 1981 to regulate “consumer contracts, warranties, notices and signs contain[ing] provisions which clearly violate the rights of consumers.” Although such provisions are legally unenforceable, the legislature reasoned that “their very inclusion in a contract, warranty, notice or sign deceives a consumer into thinking that they are enforceable and for this reason the consumer often fails to enforce his rights.”
Initially, the statute was not used very much and remained dormant during the first 30 years following its enactment. Recently, however, the plaintiffs’ bar has resurrected the statute, targeting the website terms and conditions of businesses engaged in e-commerce. This resurrection began in 2013 as a result of the New Jersey Supreme Court holding that certificates issued by restaurants and offered for purchase by an Internet marketer are subject to TCCWNA rules1, and it has continued for a few reasons. First, plaintiffs are asserting that the TCCWNA is very broad in scope. Indeed, plaintiffs’ lawyers contend that it applies to consumers who suffered no actual injury. Additionally, the statute provides for statutory damages of $100 per customer as well as attorney’s fees and costs, which creates the potential for very large monetary awards. Finally, while more guidance is necessary to determine how courts will treat e-commerce TCCWNA claims, there have been several plaintiff-friendly TCCWNA decisions in New Jersey. Continue Reading New Jersey Consumer Statute Presents Trap for Unwary Retailers Engaged in E-Commerce
This is the first in a series of blog articles relating to the topics to be discussed at the 30th Annual Media and the Law Seminar in Kansas City, Missouri on May 4-5, 2017. Blaine C. Kimrey and Bryan K. Clark of Vedder Price are on the planning committee for the conference. In this article, we explore recent developments related to “champerty,” which involves the funding of a lawsuit by a person with no direct interest in the case. The topic of revenge and retaliation against the media through litigation funding will be one of the topics at the 2017 seminar.
Earlier this month, Hulk Hogan settled his lawsuit against what remains of Gawker Media for $31 million, bringing to an end years of litigation that resulted in a stunning $140 million verdict that rocked the media defense bar. But the lasting implications of the case that ultimately shuttered Gawker.com remain unclear. For lawyers who defend media entities, the Gawker case is viewed as a cautionary tale of bad facts making bad law and the dangers of going against an adversary funded by an enemy with deep pockets. But not everyone agrees with this perspective. Speaking recently to the National Press Club, Peter Thiel (the billionaire who funded Hogan’s litigation) seemed to suggest that it was Hogan, rather than Gawker, who was unable to get fair treatment in the courts. “One of the striking things is if you are middle class, upper middle class, a single-digit millionaire like Hulk Hogan, you have no effective access to our legal system,” Thiel said. “It costs too much.” Continue Reading What Hath Hulk Wrought – Media Girds for Battle vs. Billionaires
Despite claims from the plaintiffs’ bar that the Supreme Court’s decision in Spokeo Inc. v. Robins, 136 S. Ct. 1540 (2016), did not significantly change the landscape for class actions, courts continue to rely on Spokeo to dismiss claims that have no concrete injury beyond a statutory violation. In the last month, two more cases — including one federal circuit-level decision and one TCPA decision — were dismissed because the plaintiff was unable to demonstrate Article III standing under Spokeo. These cases demonstrate the important role that Spokeo-related arguments can play in stymying class actions.
In Nicklaw v. CitiMortgage, Inc., 2016 U.S. App. LEXIS 18206 (11th Cir. Oct. 6, 2016), the court held that the plaintiff lacked Article III standing to pursue a claim where the class action complaint alleged statutory violations and sought only statutory damages. The only claim asserted by the plaintiff in Nicklaw was that the plaintiff failed to comply with a New York statute requiring it to sign and record a certificate of discharge within 30 days of a mortgage satisfaction. Based on the defendant’s alleged failure to do so, the plaintiff sought monetary damages. The court held that plaintiff alleged “neither a harm nor a material risk of harm that the district court could remedy.” This opinion marked the first time that the Eleventh Circuit had applied the Spokeo framework and will undoubtedly have a ripple effect on district court cases within the circuit (and beyond) when defendants make similar arguments. Although Nicklaw is not a media or privacy case, it certainly provides a roadmap for all manner of class actions. Continue Reading Spokeo as a Class-Action Silver Bullet? Two More Dismissals Based on Lack of Concrete Harm
A relatively new breed of data breach class action involves financial institutions suing merchants for expenses associated with credit card data breaches. Although merchants may not have contractual privity with the card issuers (and instead may have contractual privity with the credit card brands or payment processors), the financial institutions in these cases claim that the retailers should still compensate the financial institutions for costs associated with fraudulent charges and reissuance of credit cards as a result of a data breach. In the most recent decision involving these sorts of claims, an Illinois federal judge found the financial institutions’ claims against the Shnucks grocery store chain too vague to survive Rule 12 dismissal. See Cmty. Bank of Trenton v. Schnuck Mkts., 2016 U.S. Dist. LEXIS 133482 (S.D. Ill. Sept. 28, 2016). The court reasoned that although “the parties are charting relatively new territory in the data breach context by presenting a case between financial institutions and a merchant (as opposed to customers and a merchant), . . . the Court notes that the generality made it difficult to assess the plausibility of such claims.” Id. at *8-9. Continue Reading Schnucks Shakes Card Issuer Data Breach Class Action, For Now
Try as they might, Telephone Consumer Protection Act (TCPA) plaintiffs’ lawyers continue to face judicial resistance to deeming all phones autodialers (automatic telephone dialing systems or ATDS’s). In the latest example, the U.S. Southern District of California granted summary judgment to the defendant, finding the plaintiff’s “evidence” of autodialer use too speculative and too disconnected to the specific calls at issue. See Chyba v. Bayview Loan Serv., 2016 U.S. Dist. LEXIS 133849 (S.D. Cal. Sept. 27, 2016). As the court reasoned, “[N]o matter the name given to the equipment, the ‘basic function’ of an autodialer is ‘the capacity to dial numbers without human intervention.’” Id. at *5 (quoting In re Rules and Regulations Implementing the Tel. Consumer Prot Act of 1991, 18 FCC Rcd. 14014, 14092 (July 3, 2003)). Continue Reading Another Desperate TCPA ATDS Claim Bites the Dust
Telephone Consumer Protection Act (TCPA, 42 U.S.C. § 227) claims often are a waste of time and money. The plaintiffs frequently are serial (some having filed dozens of claims) and usually want to receive the alleged spam so they can sue and cash in. The harm is slim to non-existent, and the economic burden of the litigation on defendants (and the courts) is staggering. In a ruling on August 8, U.S. Northern District of Illinois Judge St. Eve ruled that she wouldn’t “stand” for this state of affairs any longer (or at least not with respect to the facts before her). She found that because the plaintiff was not in the “zone of interests” intended to be protected by the TCPA, the plaintiff lacked statutory standing. See Tel. Sci. Corp. v. Asset Recovery Solutions, 2016 U.S. Dist. LEXIS 104234, at *50 (N.D. Ill. Aug. 8, 2016).
As a result of selling a tool for screening alleged robocalls, plaintiff Telephone Science Corporation (TSC) claimed it had received a lot of calls in violation of the TCPA. Id. at *4. Judge St. Eve ruled that because the whole purpose of TSC’s business was to identify/screen robocalls, it couldn’t sue under the TCPA based on receipt of those robocalls. Id. at *48–50. In other words, TSC’s claims did not implicate the interests against privacy intrusion and nuisance underpinning the TCPA. Continue Reading Judges Can’t Stand TCPA Claims
After nine months of intense negotiations and uncertainty, and despite ongoing criticisms from powerful data protection regulators, the new EU-U.S. Privacy Shield program went into effect this week as the U.S. Department of Commerce began accepting applications online. Some companies that are self-certifying their compliance have already submitted their documentation and many more are expected to do so in the coming days and weeks as they seek shelter under the replacement for the long-standing EU-U.S. Safe Harbor arrangement that was invalidated by the European Court of Justice last year.
Companies can now “sign up” for the Privacy Shield list, but they should not expect a rubber stamp from the Commerce Department just because they have self-certified. To ensure that their applications are approved, companies should take the following steps:
- Confirm that they are eligible to participate—not all organizations are. Only companies subject to the jurisdiction of the FTC or the DOT may participate at this time
- Identify their independent recourse mechanism—under the new framework, self-certifying organizations must provide an independent recourse mechanism available to investigate unresolved complaints at no cost to the individual
- Ensure that they have compliance verification mechanisms in place
- Designate contacts within their organizations to serve as liaisons regarding the Privacy Shield
- Review the information required to self-certify
- Go online to www.privacyshield.gov to self-certify
It’s been awhile since last we published for our firm blog Media & Privacy Risk Report, and one thing is largely to blame: ransomware attacks on our clients have been keeping us very busy. We’ve learned many lessons from these attacks that we plan to share over the coming months with our readers. But the focus of this post is recent guidance from the Office of Civil Rights of the Department of Health and Human Services (OCR) indicating that any ransomware attack involving protected health information PHI) could be a data breach with Health Insurance Portability and Accountability Act (HIPAA) reporting obligations.
Often in ransomware matters, a hacker encrypts data and demands that a ransom be paid (usually in Bitcoin) before the hacker will decrypt the data and make it once again accessible to the data owner (or covered entity) or maintainer (or business associate). But just because a hacker has frozen your data, does that mean that the hacker has accessed, acquired or exfiltrated your data? Isn’t it possible that a hacker could freeze your data without accessing, acquiring or exfiltrating it? By analogy, couldn’t someone render the locks on your house unusable (and thus your house inaccessible to you without a forced break-in) without actually accessing your house, acquiring anything within your house, or taking anything out of your house? It would seem that the answer would be yes. But if the OCR is asked that question, the presumption is that the answer is no, at least in the realm of ransomware attacks. Continue Reading OCR: Ransomware Attack Often Is a Data Breach
On Wednesday, President Obama signed the federal Defend Trade Secrets Act of 2016 (the “Act”) that passed both houses of Congress in late April. The statute is the first federal statutory protection afforded to trade secrets and could have a significant impact on trade secrets litigation nationwide. The passage of the law comes as no surprise, and much has already been written about what it means for the future of these disputes. But what about those who are currently involved in trade secrets litigation —could the Act change the course of those cases? There is not a definitive answer, but it is something that all litigants should consider now that the Act has become law.
The first question is whether the Act applies at all in such instances. The Act applies to “any misappropriation of a trade secret (as defined in section 1839 of title 18, United States Code, as amended by this section) for which any act occurs on or after the date of the enactment of this Act.” S. 1890, 1144th Cong. § 2(e) (emphasis added). “Misappropriation” is defined as “(A) acquisition of a trade secret of another by a person who knows or has reason to know that the trade secret was acquired by improper means; or (B) disclosure or use of a trade secret of another without express or implied consent. 18 U.S.C. § 1839(5). So, in litigation where the “use” of trade secrets is ongoing, there may be an argument that the Act applies. Continue Reading Impact of Defend Trade Secrets Act on Pending Cases is Unclear