Topic: Dispute resolution and litigation

Subscribe to Dispute resolution and litigation RSS feed

Skimming Case Highlights Difference Between Having Standing and Stating a Cause of Action

By on October 13, 2016 Posted in Data breach, Dispute resolution and litigation

Data Protection Report - Norton Rose Fulbright

The U.S. District Court for the Northern District of Illinois dismissed a putative class action against Barnes & Noble last week based on an incident in 2012 in which criminals tampered with payment card PIN pad terminals to steal customer payment card information from retail stores in nine states. The court’s decision highlights an important difference between the legal concepts of an “injury-in-fact” (which is necessary to support a finding of Article III standing so as to be able to maintain a case in federal court) and “damages” (which must be alleged to maintain many causes of action, such as … Continue Reading

Recent Case Highlights The Dangers Of Consequential Damage Waivers in IT Contracts

By on September 26, 2016 Posted in Data breach, Dispute resolution and litigation, Vendor management and transactions

The U.S. Court of Appeals for the Eleventh Circuit—one of the highest federal courts below the Supreme Court—recently affirmed a decision in Silverpop Systems, Inc. v. Leading Market Technologies, Inc. finding that all damages flowing from a vendor’s data breach were barred by a standard provision in IT service contracts, disclaiming all liability for consequential damages.

The court’s analysis could apply to almost any breach of data provided to a vendor under an IT service contract, and highlights the need to carefully scrutinize a proposed waiver of consequential damages when confidential or sensitive data is involved in the contract.… Continue Reading

Sixth Circuit: Suit Challenging Data Breach Caused by Hacking May Proceed

By on September 18, 2016 Posted in Data breach, Dispute resolution and litigation

The U.S. Court of Appeals for the Sixth Circuit concluded that certain allegations of harm after a data breach caused by hacking are sufficiently concrete to confer Article III standing. This case may make it more difficult for companies defending data breach suits to quickly obtain dismissal of plaintiffs’ claims.… Continue Reading

Damages for Emotional Distress for Privacy Claims to Stay in the UK

By Marcus Evans (UK) and Ffion Flockhart (UK) on August 8, 2016 Posted in Compliance and risk management, Dispute resolution and litigation

On June 30, 2016, Google withdrew its appeal from the UK Supreme Court in the landmark case of Google v. Vidal-Hall after the parties reached a settlement. In the ruling on appeal, the Court of Appeal had ruled that damages for emotional distress, without any pecuniary loss, may be awarded under the Data Protection Act 1998 (the “Act”). With the appeal withdrawn, this ruling will remain valid. Therefore, companies that operate in the UK may wish to consider this ruling when conducting risk analyses and responding to litigation.… Continue Reading

CJEU Advocate General Opinion: Dynamic IP Addresses are Personal Data; Member States cannot limit processing permitted by the Data Protection Directive

By Christoph Ritzer (DE) and Sven Jacobs (DE) on May 16, 2016 Posted in Dispute resolution and litigation, Regulatory response

On May 12, 2016, the Court of Justice of the European Union’s (CJEU) Advocate General, Campos Sánchez-Bordona, published his opinion on a question referred to the CJEU for a preliminary ruling. The opinion argues that dynamic IP addresses should be considered to be personal data under European law. Moreover, the opinion asserts that Member States’ laws that limit the ability to store such personal data beyond the restrictions permitted in Directive 95/46EC (the Data Protection Directive) are non-compliant with European law. Although the CJEU’s final decision does not have to follow this opinion, the advocate general’s arguments are followed more … Continue Reading

Increased Risk of Fraudulent Charges and Identity Theft Sufficient to Confer Article III Standing According to 7th Circuit

By on April 20, 2016 Posted in Data breach, Dispute resolution and litigation

After a district court dismissed a lawsuit filed by customers of restaurant chain P.F. Chang’s China Bistro whose payment card information was stolen during a data breach, the 7th Circuit Court of Appeals has revived the suit. In a ruling last week, the appellate panel found that customers whose payment card information was stolen in the breach have standing to sue, even if they don’t allege any actual losses from identity theft or payment card fraud.… Continue Reading

Fourth Circuit Holds that CGL Policy Covers Data Breach Class Action

By Mark Faccenda (US) and Rafe A. Schaefer (US) on April 15, 2016 Posted in Data breach, Dispute resolution and litigation

On April 11, 2016, the Fourth Circuit Court of Appeals upheld a ruling by the Eastern District of Virginia that two Commercial General Liability (“CGL”) insurance policies required an insurer cover the defense of a medical records company in a class-action claim relating to alleged failure to secure patients’ medical records.[1]… Continue Reading

Belgian court orders Facebook to stop tracking non-members, rejects FB’s assertion of lack of jurisdiction

By Marcus Evans (UK) and Jay Modrall (BE) on November 23, 2015 Posted in Compliance and risk management, Dispute resolution and litigation

On November 9, 2015, the President of the Brussels Court of First Instance ordered Facebook to stop tracking non-members in Belgium without their consent. The court imposed a penalty of EUR 250,000 per day for non-compliance.

The proceeding is the result of a formal recommendation that the Belgian Privacy Commission (BPC) issued in May 2015 requesting Facebook to cease the tracking of non-users. The BPC alleged that Facebook collected information about the web browsing behavior of users who were not Facebook members by using social plug-ins and cookies, which the BPC alleged Facebook placed on users’ computers when they visited … Continue Reading

Third Circuit ruling reinstates state law privacy claims related to Google’s use of cookies

By on November 23, 2015 Posted in Compliance and risk management, Dispute resolution and litigation

In re: Google Inc. Cookie Placement Consumer Privacy Litigation, involves 24 consolidated lawsuits that were initially brought against several internet advertisers alleging violations of various state and federal privacy statutes, including the Computer Fraud and Abuse Act, the Wiretap Act and the Electronic Communications Privacy Act. In October of 2013, the District of Delaware dismissed the consolidated case, finding that “that plaintiffs have not alleged injury-in-fact sufficient to confer Article III standing” and that they had failed to “[plead] sufficient facts to establish a plausible invasion of the rights” under various statutes asserted in the complaints. However, on November … Continue Reading

The “EMV Liability Shift” Is Coming (What Merchants Need to Know)

By Susan Ross (US) on May 18, 2015 Posted in Compliance and risk management, Data breach, Dispute resolution and litigation

Currently, almost half of the world’s credit card fraud happens in the U.S where magnetic stripe technology is the standard. Outside the U.S., an estimated 40% of the world’s cards and 70% of the terminals already use the EMV technology. These countries are reporting significantly lower counterfeit fraud levels with EMV cards than with the magnetic stripe cards.

By October 1, 2015, many people in the U.S. who use credit cards will likely notice changes when they pay for purchases at retail stores. The reason for the change is the “EMV liability shift” scheduled to occur on October … Continue Reading

UK Court of Appeal Establishes Data Protection Rights in Privacy Case

By Jane Berry (UK), Ffion Flockhart (UK) and Marcus Evans (UK) on April 9, 2015 Posted in Dispute resolution and litigation

A recent English Court of Appeal judgment could significantly broaden the circumstances in which data protection litigation can be brought – and damages can be awarded – under English law.

Background

Vidal-Hall et al v Google ([2015] EWCA Civ 311) involves claims brought by three individual users against Google. The users alleged that Google collected private information about their internet usage (“Browser-Generated Information”) via their web browser, Apple Safari, without their knowledge or consent.

The users argued that, by the automatic use of cookies in a work-around to the default privacy setting, Google was able to obtain and record Browser-Generated … Continue Reading

Ontario Court of Appeal finds patients’ common law privacy rights not preempted by statute; allows class action to proceed

By on February 25, 2015 Posted in Dispute resolution and litigation, General

In a recent case involving a breach of patients’ privacy rights — Hopkins v Kay,^[i] — the Ontario Court of Appeal ruled that a proposed class action could proceed based on allegations of violation of patients’ common law privacy rights, concluding that those rights were not preempted by the Personal Health Information Protection Act (PHIPA). Specifically, the court determined that PHIPA is not a “complete code” and therefore did not “oust” the plaintiff’s common law tort claim for breach of privacy (the tort of intrusion upon seclusion). Hopkins provides important guidance in the fields of privacy law and class … Continue Reading