Topic: Dispute resolution and litigation

Subscribe to Dispute resolution and litigation RSS feed

Settlement of Target Data Breach Consumer Class Action Is Derailed On Appeal

By on February 7, 2017 Posted in Data breach, Dispute resolution and litigation

Data Protection Report - Norton Rose Fulbright

The Eighth Circuit Court of Appeals last week reversed the district court’s approval of a settlement and settlement class in the consolidated consumer class action arising from Target Corporation’s 2013 security incident. This decision provided a new perspective on a persistent dilemma in the evolving law of data breaches: how to handle data breach victims … Continue reading

CJEU Judgement: Dynamic IP Addresses Constitute Personal Data

By Christoph Ritzer (DE) on October 21, 2016 Posted in Dispute resolution and litigation, Regulatory response

On October 19, 2016, the Court of Justice of the European Union (CJEU) decided that the dynamic IP address of a website visitor is “personal data” under Directive 95/46EC (Data Protection Directive) in the hands of a website operator that has the means to compel an internet service provider to identify an individual based on the IP … Continue reading

Skimming Case Highlights Difference Between Having Standing and Stating a Cause of Action

By on October 13, 2016 Posted in Data breach, Dispute resolution and litigation

The U.S. District Court for the Northern District of Illinois dismissed a putative class action against Barnes & Noble last week based on an incident in 2012 in which criminals tampered with payment card PIN pad terminals to steal customer payment card information from retail stores in nine states. The court’s decision highlights an important … Continue reading

Recent Case Highlights The Dangers Of Consequential Damage Waivers in IT Contracts

By on September 26, 2016 Posted in Data breach, Dispute resolution and litigation, Vendor management and transactions

The U.S. Court of Appeals for the Eleventh Circuit—one of the highest federal courts below the Supreme Court—recently affirmed a decision in Silverpop Systems, Inc. v. Leading Market Technologies, Inc. finding that all damages flowing from a vendor’s data breach were barred by a standard provision in IT service contracts, disclaiming all liability for consequential … Continue reading

Sixth Circuit: Suit Challenging Data Breach Caused by Hacking May Proceed

By on September 18, 2016 Posted in Data breach, Dispute resolution and litigation

The U.S. Court of Appeals for the Sixth Circuit concluded that certain allegations of harm after a data breach caused by hacking are sufficiently concrete to confer Article III standing. This case may make it more difficult for companies defending data breach suits to quickly obtain dismissal of plaintiffs’ claims.… Continue reading

Damages for Emotional Distress for Privacy Claims to Stay in the UK

By Marcus Evans (UK) and Ffion Flockhart (UK) on August 8, 2016 Posted in Compliance and risk management, Dispute resolution and litigation

On June 30, 2016, Google withdrew its appeal from the UK Supreme Court in the landmark case of Google v. Vidal-Hall after the parties reached a settlement. In the ruling on appeal, the Court of Appeal had ruled that damages for emotional distress, without any pecuniary loss, may be awarded under the Data Protection Act … Continue reading

CJEU Advocate General Opinion: Dynamic IP Addresses are Personal Data; Member States cannot limit processing permitted by the Data Protection Directive

By Christoph Ritzer (DE) and Sven Jacobs (DE) on May 16, 2016 Posted in Dispute resolution and litigation, Regulatory response

On May 12, 2016, the Court of Justice of the European Union’s (CJEU) Advocate General, Campos Sánchez-Bordona, published his opinion on a question referred to the CJEU for a preliminary ruling. The opinion argues that dynamic IP addresses should be considered to be personal data under European law. Moreover, the opinion asserts that Member States’ … Continue reading

Increased Risk of Fraudulent Charges and Identity Theft Sufficient to Confer Article III Standing According to 7th Circuit

By on April 20, 2016 Posted in Data breach, Dispute resolution and litigation

After a district court dismissed a lawsuit filed by customers of restaurant chain P.F. Chang’s China Bistro whose payment card information was stolen during a data breach, the 7th Circuit Court of Appeals has revived the suit. In a ruling last week, the appellate panel found that customers whose payment card information was stolen in … Continue reading

Fourth Circuit Holds that CGL Policy Covers Data Breach Class Action

By Mark Faccenda (US) and Rafe A. Schaefer (US) on April 15, 2016 Posted in Data breach, Dispute resolution and litigation

On April 11, 2016, the Fourth Circuit Court of Appeals upheld a ruling by the Eastern District of Virginia that two Commercial General Liability (“CGL”) insurance policies required an insurer cover the defense of a medical records company in a class-action claim relating to alleged failure to secure patients’ medical records.[1]… Continue reading

Belgian court orders Facebook to stop tracking non-members, rejects FB’s assertion of lack of jurisdiction

By Marcus Evans (UK) and Jay Modrall (BE) on November 23, 2015 Posted in Compliance and risk management, Dispute resolution and litigation

On November 9, 2015, the President of the Brussels Court of First Instance ordered Facebook to stop tracking non-members in Belgium without their consent. The court imposed a penalty of EUR 250,000 per day for non-compliance. The proceeding is the result of a formal recommendation that the Belgian Privacy Commission (BPC) issued in May 2015 … Continue reading

Third Circuit ruling reinstates state law privacy claims related to Google’s use of cookies

By on November 23, 2015 Posted in Compliance and risk management, Dispute resolution and litigation

In re: Google Inc. Cookie Placement Consumer Privacy Litigation, involves 24 consolidated lawsuits that were initially brought against several internet advertisers alleging violations of various state and federal privacy statutes, including the Computer Fraud and Abuse Act, the Wiretap Act and the Electronic Communications Privacy Act. In October of 2013, the District of Delaware dismissed … Continue reading

The “EMV Liability Shift” Is Coming (What Merchants Need to Know)

By Susan Ross (US) on May 18, 2015 Posted in Compliance and risk management, Data breach, Dispute resolution and litigation

Currently, almost half of the world’s credit card fraud happens in the U.S where magnetic stripe technology is the standard. Outside the U.S., an estimated 40% of the world’s cards and 70% of the terminals already use the EMV technology. These countries are reporting significantly lower counterfeit fraud levels with EMV cards than with the … Continue reading

UK Court of Appeal Establishes Data Protection Rights in Privacy Case

By Jane Berry (UK), Ffion Flockhart (UK) and Marcus Evans (UK) on April 9, 2015 Posted in Dispute resolution and litigation

A recent English Court of Appeal judgment could significantly broaden the circumstances in which data protection litigation can be brought – and damages can be awarded – under English law. Background Vidal-Hall et al v Google ([2015] EWCA Civ 311) involves claims brought by three individual users against Google. The users alleged that Google collected private … Continue reading

Ontario Court of Appeal finds patients’ common law privacy rights not preempted by statute; allows class action to proceed

By on February 25, 2015 Posted in Dispute resolution and litigation, General

In a recent case involving a breach of patients’ privacy rights — Hopkins v Kay,[i] — the Ontario Court of Appeal ruled that a proposed class action could proceed based on allegations of violation of patients’ common law privacy rights, concluding that those rights were not preempted by the Personal Health Information Protection Act (PHIPA). … Continue reading