Photo of Blaine C. Kimrey

On May 29, 2025, the New Jersey Court of Appeals reversed dismissal in Satz v. Starr, No. A-2785-23, 2025 WL 1522032 (N.J. Super. Ct. App. Div. May 29, 2025), holding that the plaintiff’s voluntary dismissal of his claims did not preclude the defendants from seeking counsel fees and costs under New Jersey’s anti-SLAPP law, the Uniform Public Expression Protection Act (UPEPA), N.J.S.A. 2A:53A-49. While precedent in New Jersey, this decision can be looked to as persuasive authority in other UPEPA jurisdictions that a plaintiff cannot avoid liability under UPEPA simply by voluntarily dismissing the complaint.Continue Reading New Jersey SLAPPs Back: New Jersey Court of Appeals Eradicates Anti-SLAPP Loophole

California is a bellwether for privacy laws, which is why we’ve been watching carefully as recent events suggest that business-friendly interests may be gaining a foothold in what has historically been one of the most restrictive states in the country.  Since the landmark California Consumer Privacy Act (“CCPA”) went into effect in 2020, interest groups, regulators, and politicians have been battling to impact the future of the statute and related regulations.  Meanwhile, creative plaintiffs’ lawyers have turned their focus to the California Invasion of Privacy Act (“CIPA”) to argue that California’s eavesdropping statute also applies to online tracking technologies.  But recent developments related to both the CIPA and the CCPA may give businesses reason for hope.Continue Reading Is California cooling to privacy law run amok?

On April 21, 2025, a Ninth Circuit en banc panel revived (by a 10-1 decision) a putative class action against Shopify, Inc. alleging violations of privacy and data rights via use of cookies. In reversing both the district court and the original Ninth Circuit three-judge panel, the en banc panel adopted an alarmingly expansive view of specific personal jurisdiction over Internet-based companies. We hope Shopify seeks and the U.S. Supreme Court grants certiorari.Continue Reading Opening Door to Universal Jurisdiction in Internet Cases, En Banc Ninth Circuit Finds Specific Personal Jurisdiction Over Shopify

TCPA litigation, like spring flowers, is in full bloom this season. Over the past several months, major decisions have come down related to the FCC’s one-to-one consent rule (which we covered in our last update) as well as other issues that continue to delineate claims under the TCPA. We summarize here developments since our last update, listed in alphabetical order by topic area.Continue Reading TCPA Turnstile: TCPA Litigation Continues to Spring to Life in 2025 (TCPA Update Vol. 20)

As we reach the peak of this year’s Spooky Season, we thought it would be helpful to revisit some of the scariest recent developments in the realm of TCPA litigation and compliance.  The conventional wisdom is that some of the new rules and regulations coming into play around the TCPA are going to lead to even more litigation under the statute.  But at the same time, the Supreme Court’s ruling earlier this year in Loper Bright Enterprises v. Raimondo, 144 S. Ct. 2244 (2024), has called into question much of what we thought we knew about administrative law, leading to ambiguity and uncertainty surrounding the TCPA and many other statutes. 

One-to-One Consent Rule

We’re now just under three months away from the January 27, 2025 effective date of the FCC’s one-to-one consent rule.  Formally adopted in December 2023, the rule requires that prior express written consent be obtained separately for each company seeking to use such consent.  This raises significant concerns about a company’s ability to communicate with not only third-party leads but also many first-party leads, if consent is not adequate under the new rule. 

The TCPA has long required prior express written consent for calls and texts that contain an artificial or prerecorded voice or are sent using an “automatic telephone dialing system.”  But the new rule states, in relevant part, that:Continue Reading TCPA Turnstile: Four Scariest Developments (and a Potential Ray of Light Amid the Fright) (TCPA Update Vol. 19)

A federal court last week sustained a First Amendment challenge to a Utah law aimed at addressing the use of social media platforms by minors, holding that the law’s proponents failed to demonstrate that the law served a compelling interest or was narrowly tailored.Continue Reading NetChoice Succeeds in Striking Down Utah Social Media Law Under First Amendment

In a welcome change for defendants, a recent amendment to the Biometric Information Privacy Act (“BIPA”) is expected to significantly curtail potential damages under the statute. SB 2979, which passed the General Assembly on May 16, 2024, clarifies that damages are per individual, rather than per violation, for violations of the collection provision under Section 15(b) and the disclosure provision under Section 15(d). Continue Reading BIPA Bellwether: General Assembly provides relief from “per scan” damages

Last week, the U.S. Securities and Exchange Commission (“SEC”) became the latest federal regulator to implement a data breach notification law. The commissioners unanimously voted to approve amendments to Regulation S-P (the “Final Rule”)—the regulation governing the use of consumers’ personal information and records—to require certain financial institutions to adopt and maintain data incident response procedures and to require notification to consumers of the potential compromise of their data within 30 days of discovery.Continue Reading SEC Joins Chorus of Regulators Requiring Data Breach Notifications

For years, we were able to tell most clients experiencing a potential data security incident that they likely had at least 30 days to notify any third parties about the incident – if they concluded it was a breach.  There were, of course, exceptions in certain regulated industries, but most companies fell within the scope of the general state data breach notification statutes, none of which required a response sooner than 30 days. And for many years, we didn’t have to worry about more urgent deadlines created by federal authorities. Continue Reading Breach Response: Is 72 hours the new 30 days?