In a recent decision, a federal judge granted summary judgment for the Securities and Exchange Commission (SEC) finding that the LBC cryptocurrency token qualifies as a security.  While the ruling is confined to this specific token, it represents a victory for the SEC’s assertions that many cryptocurrencies, including so called “utility tokens,” represent securities that need to be registered with the agency.  The Court also held that the makers of the LBC token, LBRY, Inc., had fair notice that the token was subject to the securities laws.  Considering the ongoing class actions and enforcement proceedings litigating this issue across several cases, companies operating in the cryptocurrency space, including cryptocurrency exchanges, should follow this development to assess any possible impact on their businesses.

Continue Reading S.E.C. Wins Summary Judgment Determination That Cryptocurrency Token Qualifies as a Security

On October 17, the District of Massachusetts added to the growing line of federal courts that have held a mere data breach, without additional harm, is insufficient to grant customers Article III standing.  See Webb v. Injured Workers Pharmacy, LLC, 2022 WL 10483751, at *1 (D. Mass. Oct. 17, 2022).  In February 2022, a home delivery pharmacy notified over 75,000 affected customers that hackers broke through its defenses and accessed patients’ personal data.  Two of these customers filed a putative class action against the pharmacy, alleging various tort and contract theories.  The court dismissed their claims for lack of standing, holding that plaintiffs had failed to allege any actionable harm stemming from the data breach despite their allegations that the breach caused them significant emotional harm.

Continue Reading Data Breach, Without Allegations of Misuse, Isn’t Enough for Article III Standing

A court in the District of Kansas recently remanded a data breach class action against a hospital to state court for lack of standing, holding that the named plaintiffs had failed to demonstrate any injury in fact that was fairly traceable to the exposure of their personal and health information.  See Memorandum and Order, Blood v. Labette County Medical Center, No. 5:22-cv-04036-HLT-KGG (D. Kansas Oct. 20, 2022), ECF 27.

Continue Reading Hospital Data Breach Class Action Fails Due to “Speculative” Injury

Following a week-long trial, a jury in Illinois awarded a plaintiff class of truck drivers a $228 million verdict against BNSF Railways for violations of the Illinois Biometric Information Privacy Act (“BIPA”).  The large verdict, arising from the first case to go to trial under the 2008 law, highlights the potential impact of class actions brought under this statute.

Continue Reading Illinois BIPA jury verdict highlights rising prominence of class actions based on state privacy statutes

On Monday, the Supreme Court granted certiorari in Gonzalez v. Google LLC, 2 F.4th 871 (9th Cir. 2021) on the following question presented:  “Does section 230(c)(1) immunize interactive computer services when they make targeted recommendations of information provided by another information content provider, or only limit the liability of interactive computer services when they engage in traditional editorial functions (such as deciding whether to display or withdraw) with regard to such information?”  This is the first opportunity the Court has taken to interpret 47 U.S.C. § 230 (“Section 230”) since the law was enacted in 1996.

Continue Reading Supreme Court Grants Certiorari in Gonzalez v. Google, Marking First Time Court Will Review Section 230

The Third Circuit recently reinstated the putative class action Clemens v. ExecuPharm Inc., concluding there was sufficient risk of imminent harm after a data breach to confer standing on the named plaintiff when the information had been posted on the Dark Web.

Continue Reading Data Breach and the Dark Web: Third Circuit Allows Class Action Standing With Sufficient Risk of Harm

Last week the Third Circuit reversed a summary judgment ruling in favor of Harriet Carter Gifts and NaviStone for alleged violations of Pennsylvania’s Wiretapping and Electronic Surveillance Control Act, or WESCA.  See Popa v. Harriet Carter Gifts, Inc., Case No. 21-2203, 2022 WL 3366425 (3rd Cir. Aug. 16, 2022). This lawsuit is one of many recent putative class actions attempting to apply decades-old wiretapping laws against websites and their service providers.  The named plaintiff is a consumer that allegedly shopped on Harriet Carter Gifts’ website while NaviStone’s marketing software was installed on the website.  Plaintiff argued that defendants violated WESCA by simultaneously sending her interactions with Harriet Carter’s website to NaviStone.

Continue Reading Third Circuit Revives Wiretapping Claims Against Marketing Software Company

A settlement class that Judge Lewis A. Kaplan (S.D.N.Y.) was likely to approve circa June 2021 was rejected “on further reflection” last week, due to a lack of information about how the lead plaintiff stacked up against a class of largely “anonymous” crypto investors. 

Continue Reading Crypto Class Settlement Nixed Due to Insufficient Data on “Anonymous” Investors 

The Northern District of California denied class certification in a data breach suit against Zoosk, an online dating service, concluding that the lead plaintiff had waived any right to represent a class by agreeing to a class-action waiver.  See Order Denying Class Certification, Flores-Mendez v. Zoosk, Inc., No. 3:20-04929-WHA (N.D. Cal. July 27, 2022).

Continue Reading Class Certification Denied in Data Breach Class Action Based on Class-Action Waiver in Terms of Service

Last week, the Northern District of California dismissed a putative class action lawsuit against Google, which alleged that the company used a secret program called “Android Lockbox” to spy on Android smartphone users.  See Order Granting Motion to Dismiss, Hammerling v. Google LLC, No. 21-cv-09004-CRB (N.D. Cal. July 18, 2022).  The complaint alleged ten different claims for relief under a variety of legal theories, including privacy, fraud, contract, and California’s Unfair Competition Law.  The Court granted Google’s motion to dismiss on all claims.  Although the Court gave plaintiffs leave to amend, it noted that the deficiencies in the complaint “will be difficult to cure,” signaling that plaintiffs face an uphill battle in keeping this lawsuit alive.

Continue Reading Court Tosses “Android Lockbox” Secret Spying Program Class Action