Topic: Dispute resolution and litigation

Subscribe to Dispute resolution and litigation RSS feed

The Long Arm of Canadian Privacy Law

Data Protection Report - Norton Rose FulbrightEarlier this year, a Canadian trial court ruled that Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) has extra-territorial application and restricts the dissemination of personal information of Canadians, even where the information is already public, and even though it is made available from outside Canada.… Continue reading

Pa. Appellate Court: Employer Owes No Duty of Care to Protect Employee Data Against Breach

Data Protection Report - Norton Rose FulbrightThe Superior Court of Pennsylvania last month dismissed a class action lawsuit, Dittman v. UPMC, brought by employees of the University of Pittsburgh Medical Center (“UPMC”) for a 2014 data breach.  The breach impacted nearly 62,000 UPMC employees and resulted in at least 788 fraudulent tax filings. The court held that UPMC had no duty to … Continue reading

UK Court of Appeal Rules that Exemptions to Access Rights are Construed Narrowly

Data Protection Report - Norton Rose FulbrightUnder the UK Data Protection Act 1998 (“DPA“), data subjects have rights to obtain copies of their personal information through a data subject access request (“DSAR“). Data subjects frequently use DSARs to obtain information in the context of non-data protection disputes with data controllers. There has been much controversy over this practice, particularly as the … Continue reading

Settlement of Target Data Breach Consumer Class Action Is Derailed On Appeal

Data Protection Report - Norton Rose FulbrightThe Eighth Circuit Court of Appeals last week reversed the district court’s approval of a settlement and settlement class in the consolidated consumer class action arising from Target Corporation’s 2013 security incident.  This decision provided a new perspective on a persistent dilemma in the evolving law of data breaches:  how to handle data breach victims … Continue reading

CJEU Judgement: Dynamic IP Addresses Constitute Personal Data

Data Protection Report - Norton Rose FulbrightOn October 19, 2016, the Court of Justice of the European Union (CJEU) decided that the dynamic IP address of a website visitor is  “personal data” under Directive 95/46EC (Data Protection Directive) in the hands of a website operator that has the means to compel an internet service provider to identify an individual based on the IP … Continue reading

Skimming Case Highlights Difference Between Having Standing and Stating a Cause of Action

Data Protection Report - Norton Rose FulbrightThe U.S. District Court for the Northern District of Illinois dismissed a putative class action against Barnes & Noble last week based on an incident in 2012 in which criminals tampered with payment card PIN pad terminals to steal customer payment card information from retail stores in nine states. The court’s decision highlights an important … Continue reading

Recent Case Highlights The Dangers Of Consequential Damage Waivers in IT Contracts

Data Protection Report - Norton Rose FulbrightThe U.S. Court of Appeals for the Eleventh Circuit—one of the highest federal courts below the Supreme Court—recently affirmed a decision in Silverpop Systems, Inc. v. Leading Market Technologies, Inc. finding that all damages flowing from a vendor’s data breach were barred by a standard provision in IT service contracts, disclaiming all liability for consequential … Continue reading

Sixth Circuit: Suit Challenging Data Breach Caused by Hacking May Proceed

Data Protection Report - Norton Rose FulbrightThe U.S. Court of Appeals for the Sixth Circuit concluded that certain allegations of harm after a data breach caused by hacking are sufficiently concrete to confer Article III standing. This case may make it more difficult for companies defending data breach suits to quickly obtain dismissal of plaintiffs’ claims.… Continue reading

Damages for Emotional Distress for Privacy Claims to Stay in the UK

Data Protection Report - Norton Rose FulbrightOn June 30, 2016, Google withdrew its appeal from the UK Supreme Court in the landmark case of Google v. Vidal-Hall after the parties reached a settlement. In the ruling on appeal, the Court of Appeal had ruled that damages for emotional distress, without any pecuniary loss, may be awarded under the Data Protection Act … Continue reading

CJEU Advocate General Opinion: Dynamic IP Addresses are Personal Data; Member States cannot limit processing permitted by the Data Protection Directive

Data Protection Report - Norton Rose FulbrightOn May 12, 2016, the Court of Justice of the European Union’s (CJEU) Advocate General, Campos Sánchez-Bordona, published his opinion on a question referred to the CJEU for a preliminary ruling. The opinion argues that dynamic IP addresses should be considered to be personal data under European law. Moreover, the opinion asserts that Member States’ … Continue reading

Increased Risk of Fraudulent Charges and Identity Theft Sufficient to Confer Article III Standing According to 7th Circuit

Data Protection Report - Norton Rose FulbrightAfter a district court dismissed a lawsuit filed by customers of restaurant chain P.F. Chang’s China Bistro whose payment card information was stolen during a data breach, the 7th Circuit Court of Appeals has revived the suit.  In a ruling last week, the appellate panel found that customers whose payment card information was stolen in … Continue reading

Fourth Circuit Holds that CGL Policy Covers Data Breach Class Action

Data Protection Report - Norton Rose FulbrightOn April 11, 2016, the Fourth Circuit Court of Appeals upheld a ruling by the Eastern District of Virginia that two Commercial General Liability (“CGL”) insurance policies required an insurer cover the defense of a medical records company in a class-action claim relating to alleged failure to secure patients’ medical records.[1]… Continue reading

Belgian court orders Facebook to stop tracking non-members, rejects FB’s assertion of lack of jurisdiction

On November 9, 2015, the President of the Brussels Court of First Instance ordered Facebook to stop tracking non-members in Belgium without their consent. The court imposed a penalty of EUR 250,000 per day for non-compliance. The proceeding is the result of a formal recommendation that the Belgian Privacy Commission (BPC) issued in May 2015 … Continue reading

Third Circuit ruling reinstates state law privacy claims related to Google’s use of cookies

Data Protection Report - Norton Rose FulbrightIn re: Google Inc. Cookie Placement Consumer Privacy Litigation, involves 24 consolidated lawsuits that were initially brought against several internet advertisers alleging violations of various state and federal privacy statutes, including the Computer Fraud and Abuse Act, the Wiretap Act and the Electronic Communications Privacy Act. In October of 2013, the District of Delaware dismissed … Continue reading

The “EMV Liability Shift” Is Coming (What Merchants Need to Know)

Data Protection Report - Norton Rose FulbrightCurrently, almost half of the world’s credit card fraud happens in the U.S where magnetic stripe technology is the standard. Outside the U.S., an estimated 40% of the world’s cards and 70% of the terminals already use the EMV technology. These countries are reporting significantly lower counterfeit fraud levels with EMV cards than with the … Continue reading

UK Court of Appeal Establishes Data Protection Rights in Privacy Case

Data Protection Report - Norton Rose FulbrightA recent English Court of Appeal judgment could significantly broaden the circumstances in which data protection litigation can be brought – and damages can be awarded – under English law. Background Vidal-Hall et al v Google ([2015] EWCA Civ 311) involves claims brought by three individual users against Google. The users alleged that Google collected private … Continue reading

Ontario Court of Appeal finds patients’ common law privacy rights not preempted by statute; allows class action to proceed

Data Protection Report - Norton Rose FulbrightIn a recent case involving a breach of patients’ privacy rights — Hopkins v Kay,[i] — the Ontario Court of Appeal ruled that a proposed class action could proceed based on allegations of violation of patients’ common law privacy rights, concluding that those rights were not preempted by the Personal Health Information Protection Act (PHIPA). … Continue reading
LexBlog