US PRIVACY Archives – Technethics

Illinois District court finds that improper collection and retention of face-scan measurements doesn’t constituted an injury-in-fact sufficient to meet Article III standing requirements

Date 06/11/2021.

On December 28, 2018, Google won summary judgment in a class action alleging that the company handles images in violation of the Illinois 2008 Biometric Information Privacy Act (BIPA). According to the District Court, “plaintiffs have not suffered an injury sufficient to establish Article III standing and their claims are dismissed.” In a (putative) class […]

Class action against Facebook’s processing of personal biometric data continues

Date 10/02/2019.

Updated on October 18th, 2019: On August 8, 2019, the United States Court of Appeals for the Ninth Circuit held that the plaintiffs have constitutional standing to sue Facebook for violating statutory privacy rights under the Illinois Biometric Information Privacy Act of 2008. Facebook had filed a motion to dismiss arguing that plaintiffs lacked standing […]

Sixth Circuit holds that card brand assessments expenses constituted consequential damages and the merchant shall not bear them

Date 06/19/2019.

On June 7, 2019, the US Court of Appeal for the Sixth Circuit held that the district court did not err in awarding judgment in favor of business as it was exempt from liability under a “consequential damages waiver” contained in the “Merchant Agreement” executed with the data processing company. By way of background. Two […]

Ninth Circuit holds that websites and mobile apps of public accommodations must be ADA complaint

Date 02/07/2019.

On January 15, 2019, the United States Court of Appeals for the Ninth Circuit held that websites and mobile applications (app) of places of public accommodation must be fully accessible to persons with disabilities. By way of background, Plaintiff – a blind man – alleged that Defendant Domino’s Pizza, LLC, (Domino’s) failed to design, […]

Illinois Supreme Court found improper collection and retention of handprints constitutes injury-in-fact sufficient to grant standing

Date 02/05/2019.

On January 25, 2019, the Illinois Supreme Court found that data subjects do not need to allege a concrete injury in order to sue under the Biometric Information Privacy Act (Act) (740 ILCS 14/1 et seq., BIPA). Contrary to the appellate court’s view, the Illinois Supreme Court found that “actual injury or adverse […]

After Alabama passed its data breach law, there is no American jurisdiction without a data breach statute

Date 01/25/2019.

On March 28, 2018, Alabama was the last State, after South Dakota, to adopt a data breach notification statute. The Alabama Data Breach Notification Act of 2018 (S.B. 318) went into effect on June 1, 2018. According to the Alabama Statute, any “covered entity” and “third-party agent” must comply. Written notification must be made to all affected […]

NY A.G. settled with five companies whose mobile apps were not secure

Date 01/16/2019.

On December 14, 2018, New York Attorney General Barbara D. Underwood announced settlements with Western Union Financial Services, Inc., Priceline.com, LLC, Equifax Consumer Services, LLC, Spark Networks, Inc., and Credit Sesame, Inc., “for having mobile apps that failed to keep sensitive user information secure when transmitted over the Internet.” No fraud had happened with those […]

County in NY strengthens privacy on wage and salary history to protect women and minorities

Date 12/20/2018.

On October 2, 2018, the Suffolk County, NY Legislature introduced a local law to restrict access to information regarding salary and earnings (“RISE” act). The legislature of Suffolk County found that “women and racial and ethnic minority workers have historically encountered lower wages and salaries causing a wage gap that pervades all industries,” and that they have been negatively […]

The California Consumers Privacy Act

Date 07/03/2018.

On June 28, 2018, California passes Bill 375 (Chau, Hertzberg, Dodd), which will provide Californians with fundamental new consumer privacy rights. In summary, the broad private right of action in the initiative covers instances of data breach – violations are subject to enforcement by the Attorney General – the right to know all a consumer’s […]

Computer Fraud and Abuse Act

Date 04/13/2018.

The Computer Fraud and Abuse Act (CFAA) is a United States cybersecurity bill that was enacted in 1986 as an amendment to existing computer fraud law (18 U.S.C. § 1030), which had been included in the Comprehensive Crime Control Act of 1984. The law prohibits accessing a computer without authorization, or in excess of authorization.

US PRIVACY

Training