Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Tech giant denied summary judgment in private browsing lawsuit

    Courts

    On August 7, the U.S. District Court for the Northern District of California entered an order denying a multinational technology company’s motion for summary judgment on claims that the company invaded consumers’ privacy by tracking the consumers’ browsing history in the company’s private browsing mode. After reviewing the company’s disclosed general terms of service and privacy notices and disclosures, the court found that the company never explicitly told users that it would be collecting their data while browsing in private mode.  Without evidence that the company explicitly told users of this practice, the court concluded that it could not “find as a matter of law that users explicitly consented to the at-issue data collection,” and therefore, could not grant the company’s motion for summary judgment.

    Plaintiffs, who are account holders (Class 1 for Incognito users and Class 2 for users of other private browsing modes), brought a class action suit against the company for the “surreptitious interception and collection of personal and sensitive user data” while the users were in a “private browsing mode.” Along with invasion of privacy, intrusion upon seclusion, and breach of contract, plaintiffs asserted violations of (i) the Federal Wiretap Act; (ii) The California Invasion of Privacy Act; (iii) Comprehensive Data Access and Fraud Act; and (iv) California’s Unfair Competition Law.

    The court previously denied the defendant’s two motions to dismiss. 

    Courts Privacy, Cyber Risk & Data Security Consumer Protection CIPA Wiretap Act California Data Collection / Aggregation

  • District Court grants motion to dismiss in CIPA class action

    Privacy, Cyber Risk & Data Security

    On January 25, the U.S. District Court for the Northern District of California granted a motion to dismiss a class action suit, in which plaintiffs alleged that the defendant continued to monitor mobile users’ browsing history even after being asked to cease and desist. In their third amended complaint, the plaintiffs alleged that the defendant violated the California Invasion of Privacy Act (CIPA) because, among other things, although “developers and consumers consented to [the defendant] uploading data to its servers for the developers’ use, … [the defendant] also retained a copy for its own use.” The defendant argued that the plaintiffs’ “conclusory statement that communications are intercepted is not enough to make out a § 631 claim [of the CIPA].”

    The CIPA claims against the defendant were previously dismissed because they “failed to aver simultaneous interception.” The plaintiffs also attempted to revitalize their breach of contract claim by arguing it was a unilateral contract, but the district court noted that “[u]nder this theory, a contract was created by [the defendant’s] provision of a button to adjust privacy settings, text describing what the button supposedly did, and [the plaintiffs’] clicking of that button.” The district court further noted that it is not enough to create a unilateral contract, and that “[the defendant] was not asking [the plaintiffs’] to click the button, let alone bargain for such performance, and [the plaintiffs’] could not have reasonably expected they were entering into a contract simply by adjusting their account settings.”

    Privacy/Cyber Risk & Data Security Courts Class Action CIPA

Upcoming Events