On December 8, 2020, the Supreme Court heard argument in Facebook, Inc. v. Duguid,1 a case addressing a split among federal circuit courts as to what constitutes an “automatic telephone dialing system”—often referred to as an “autodialer”—under the Telephone Consumer Protection Act (TCPA).2 The Court’s decision could significantly reduce the risk of TCPA litigation directed at online platforms and apps with text messaging functionality.
Continue Reading U.S. Supreme Court Hears Argument over Frequently Litigated Provision of the TCPA

On May 22, 2019, a federal district court largely denied a facial challenge by Disney, Viacom, and several online advertising networks to claims alleging these defendants violated the privacy rights of children by collecting data through online gaming apps.

In McDonald v. Kiloo APS,[1] the defendants consisted of two groups: the developers who created the gaming apps and made them available for download, and the mobile advertising and app monetization companies who provided software code inserted into the gaming apps to collect user data for advertising purposes. The defendants allegedly collected a variety of data from the children’s devices without appropriate consent, including the IP address; the specific device name; IDs for Apple and Android devices; the device’s International Mobile Equipment Identity; the timestamp at which an advertising event was recorded; and device fingerprint data (the user’s language, time zone, country, and mobile network).Continue Reading Federal Court Allows Children’s Online Privacy Claims Against Disney, Viacom, and Online Ad Networks That Collected Data from Gaming Apps to Go Forward

On May 8, 2019, the Brussels Court of Appeal referred the Belgian Data Protection Authority’s (DPA) case against Facebook to the European Court of Justice (CJEU) to address jurisdictional issues regarding which DPA is competent to bring enforcement actions against Facebook. The case deals with Facebook’s collection of individuals’ data through cookies stored in Facebook’s social plugins. The Belgian DPA alleges that Facebook’s data collection is unlawful as it lacks valid consent and does not provide appropriate notice to individuals. Several courts in Belgium have already examined the issues, but it now reaches a new phase as the Brussels Court of Appeal Court referred critical questions to the CJEU dealing with the interpretation of the concept of “Lead Supervisory Authority” under the General Data Protection Regulation (GDPR). 
Continue Reading Belgian Facebook Case Referred to the European Court of Justice

On April 30,2018, the Federal Trade Commission (FTC) announced a settlement with mobile phone manufacturer BLU Products and its owner over allegations that the company failed to implement appropriate procedures to oversee their service providers’ security practices, which allowed the service provider to install software containing commonly known security vulnerabilities on consumers’ mobile devices and to collect detailed personal information about consumers, such as text messages and location information, without consumers’ notice and consent.

According to the FTC’s complaint, BLU and its owner contracted with China-based ADUPS Technology to preinstall certain security software on BLU devices. The complaint alleged that, unbeknownst to consumers, the ADUPS software on BLU devices transmitted their personal information to ADUPS servers, including contents of text messages, real-time location data, call and text message logs, contact lists, and a list of applications installed on the device. The FTC did not allege that ADUPS used or disclosed consumers’ personal information.Continue Reading Feeling BLU: What You Need to Know About Overseeing Your Service Providers

On March 30, 2018, in Sandvig v. Sessions,1 the U.S. District Court for the District of Columbia held that a group of academic researchers can move forward with their First Amendment challenge to the Computer Fraud and Abuse Act (CFAA),2 a federal law that criminalizes, among other things, accessing a computer in a manner that “exceeds authorized access.”

The CFAA was enacted in the early 1980s in response to concerns that there were not enough criminal laws on the books to address emerging computer crimes.3 In its early days, the statute narrowly prohibited harmful computer misuse such as malicious hacking and attempts to break into government computers. In 1986, however, Congress began passing a series of amendments that significantly expanded the statute’s reach. Today, many view the CFAA as an overbroad, vague law that criminalizes standard computer conduct in the digital age. Others view it as a pragmatic tool to deter unwanted computer misuse that harms businesses and consumers alike. As a result, the outcome of this case will have implications for individuals who seek to obtain data through means like scraping, and websites that seek to deter unwanted conduct through contract-based restrictions on access to their services.
Continue Reading Federal Judge Allows Researchers’ First Amendment Challenge to CFAA’s “Access” Provision to Move Forward

In a novel interpretation of the Federal Trade Commission (FTC) Act, the U.S. District Court for the District of Delaware recently held in FTC v. Shire ViroPharma that the FTC had failed to plead the facts necessary to invoke its authority to sue for permanent injunction in federal court because it did not allege an ongoing or imminent violation of the FTC Act. This ruling could broadly impact the FTC’s authority to litigate cases in federal court for past violations of the FTC Act and prevent the FTC from seeking permanent injunctive relief in federal court unless the defendant is currently violating, or is about to violate, the act.

Factual Background

The FTC had brought suit against Shire for anti-competitive use of the U.S. Food and Drug Administration’s (FDA’s) citizen petition process to delay generic competition. The FTC alleged that the company exploited the FDA’s petition process to an extraordinary degree, submitting more than 46 regulatory and court filings. The company’s attempts to delay competition were ultimately unsuccessful, as Shire lost its legal challenges to the FDA, and the company was no longer engaged in the practice at the time the FTC’s complaint was filed. Nevertheless, the FTC’s complaint alleged that Shire had succeeded in delaying generic entry at great cost to consumers and demanded relief.
Continue Reading Federal Court Challenges FTC’s Litigation Authority in FTC v Shire ViroPharma

Let’s face it: The residential phone line is on the verge of suffering the same fate as the 8-track tape. Anyone who doesn’t know what an 8-track tape is most assuredly uses a cell phone—and only a cell phone—to communicate. Email takes too long. And younger generations don’t even use the actual phone part of their cell phones.

The reality is that if you want to communicate with a very large segment of the U.S. population, you have to text. This explains why everyone is doing it. Doctors, dentists, veterinary practices, hair salons, airlines, car dealerships—businesses that make appointments—all send text reminders. Schools notify parents of school cancellations by texts. Hotels offer “virtual concierge” services entirely by texts. Retailers offer special discounts via texts. Should your business jump on the text message bandwagon? Maybe. The reward is high, but so is the risk.Continue Reading To Text or Not to Text? That Is the Question