Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
9th Circuit revives data breach class action against French cryptocurrency wallet provider
On December 1, the U.S. Court of Appeals for the Ninth Circuit affirmed in part and reversed in part a district court’s dismissal of a putative class action brought against a French cryptocurrency wallet provider and its e-commerce vendor for lack of personal jurisdiction. As previously covered by InfoBytes, plaintiffs—customers who purchased hardware wallets through the vendor’s platform between July 2017 and June 2020—alleged violations of state-level consumer protection laws after a 2020 data breach exposed the personal contact information of thousands of customers. Plaintiffs contended, among other things, that when the breach was announced in 2020, the wallet provider failed to inform them that their data was involved in the breach, downplayed the seriousness of the attack, and did not disclose that the attack on its website and the vendor’s data theft were connected. The district court held that it did not have jurisdiction over the French wallet provider, and ruled, among other things, that the plaintiffs did not establish that the wallet provider “expressly aimed” its activities towards California in a way that would establish specific jurisdiction, and “did not cause harm in California that it knew was likely to be suffered there.” The district court further held that the fact that the vendor was headquartered in California at the time the breach occurred was not sufficient to establish general jurisdiction because the vendor moved to Canada before the class action was filed. “Courts have uniformly held that general jurisdiction is to be determined no earlier than the time of filing of the complaint,” the district court wrote, dismissing the case with prejudice.
The 9th Circuit also determined that the district court abused its discretion in disallowing any jurisdictional discovery concerning the defendant e-commerce vendor. Explaining that the e-commerce vendor employs more than 200 people who work remotely from California, including a data-protection officer (DPO) who may have played a role related to the data breach, the appellate court wrote that “[b]ecause more facts are needed to determine whether those activities support the exercise of jurisdiction, we reverse the district court’s denial of jurisdictional discovery with respect to the DPO’s role and responsibilities and his relationship to [the e-commerce vendor], which processed and stored the data.”
FCC signs robocall enforcement MOU with Canada
Recently, the FCC announced that it entered into a memorandum of understanding (MOU) with the Canadian Radio-television and Telecommunications Commission (CRTC) to develop a global and coordinated approach for addressing unlawful automated telephone calls. According to the MOU, the FCC and CRTC understand that it is in their common public interest to, among other things: (i) “cooperate with respect to the enforcement against Covered Violations, including sharing complaints and other relevant information and providing investigative assistance”; (ii) “facilitate research and education related to unlawful robocalls and caller ID spoofing”; (iii) “facilitate mutual exchange of knowledge and expertise through training programs and staff exchanges”: (iv) encourage awareness of economic and legal conditions and theories related to the enforcement of applicable laws as identified in Annex 1 to the MOU; and (v) update each other regarding developments related to the MOU in their respective countries in a timely manner. In a related statement, FCC acting Chairwoman Rosenworcel noted that robocall scamming is an “international problem,” and that it is “critical that we work closely with partners like our colleagues in Canada who share our commitment to fighting robocall scams and unmasking the bad actors behind them.”
U.S., Canada, and Mexico announce annual financial regulatory forum
On November 30, the U.S. Treasury Department, the Canadian Department of Finance, and the Ministry of Finance and Public Credit of Mexico (collectively, the “authorities”) announced the creation of the Canada-Mexico-United States Financial Regulatory Forum (Forum) to share information on financial sector developments and financial regulatory practices and procedures. The authorities published a joint “understanding,” which outlines the Forum’s intentions, including: (i) sharing information to allow for timely identification of potential cross-border financial regulatory issues; (ii) exchanging views on emerging financial sector developments and financial stability risks; and (iii) discussing regulatory issues that arise in bilateral and multilateral contexts or which relate to international standards. The Forum intends to meet annually.