Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Tech giant denied summary judgment in private browsing lawsuit

    Courts

    On August 7, the U.S. District Court for the Northern District of California entered an order denying a multinational technology company’s motion for summary judgment on claims that the company invaded consumers’ privacy by tracking the consumers’ browsing history in the company’s private browsing mode. After reviewing the company’s disclosed general terms of service and privacy notices and disclosures, the court found that the company never explicitly told users that it would be collecting their data while browsing in private mode.  Without evidence that the company explicitly told users of this practice, the court concluded that it could not “find as a matter of law that users explicitly consented to the at-issue data collection,” and therefore, could not grant the company’s motion for summary judgment.

    Plaintiffs, who are account holders (Class 1 for Incognito users and Class 2 for users of other private browsing modes), brought a class action suit against the company for the “surreptitious interception and collection of personal and sensitive user data” while the users were in a “private browsing mode.” Along with invasion of privacy, intrusion upon seclusion, and breach of contract, plaintiffs asserted violations of (i) the Federal Wiretap Act; (ii) The California Invasion of Privacy Act; (iii) Comprehensive Data Access and Fraud Act; and (iv) California’s Unfair Competition Law.

    The court previously denied the defendant’s two motions to dismiss. 

    Courts Privacy, Cyber Risk & Data Security Consumer Protection CIPA Wiretap Act California Data Collection / Aggregation

  • District Court dismisses state law claims concerning scanned email allegations

    Privacy, Cyber Risk & Data Security

    On April 26, the U.S District Court for the Northern District of California granted a defendant tech company’s motion for reconsideration to dismiss a plaintiffs’ Washington Privacy Act (WPA) claims that it shared customer data with third parties without first obtaining consent. According to the amended complaint, the defendant allegedly misrepresented its privacy and security practices in violation of federal and state law by, among other things, sharing customer data with unauthorized third parties (some of which suffered data breaches), using customer data to develop products and services to sell to other companies, and falsely promising it complied with privacy and confidentiality standards. Plaintiffs alleged the company scanned 400 billion customer emails to obtain insights for its API, which it then sold to others.

    In its prior ruling, the court dismissed plaintiffs’ Wiretap Act and Stored Communications Act claims but allowed the WPA claims to proceed. The defendant then filed a motion for partial reconsideration, arguing that the WPA claim is also premised on the same scanned email theory as with the other two claims that were already dismissed. The court agreed that the plaintiffs failed to sufficiently allege that their emails were scanned and dismissed the WPA claims without leave to amend because the “interception or disclosure of a communication” was necessary “in order for the conduct to be actionable.”

    Privacy/Cyber Risk & Data Security Courts State Issues Washington Class Action Data Breach Wiretap Act

Upcoming Events