Cyber-Security
Ninth Circuit Court of Appeals Finds Standing under FCRA in Spokeo
By Sara Beth A.R. Kohut, Young Conaway Stargatt & Taylor, LLP
Following remand from the U.S. Supreme Court, the Ninth Circuit Court of Appeals held in Robins v. Spokeo that plaintiff Thomas Robins had established Article III standing in his lawsuit against Spokeo, Inc. for allegedly violating the Fair Credit Reporting Act.. Robins alleged that Spokeo’s website, which aggregates various data about individuals, had published inaccurate information about Robins’s marital status, age, employment, education, and wealth level, causing harm to his prospects for employment and emotional distress. Previously, the Ninth Circuit had reversed the lower court’s dismissal based on lack of standing, but the U.S. Supreme Court vacated that reversal on the ground that the Court of Appeals had not addressed whether Robins’s alleged injury was sufficiently concrete. On remand, the three-judge panel unanimously concluded that the implicated FCRA procedures were crafted to protect consumers’ concrete interest in accurate credit reporting and that Robins sufficiently alleged he suffered a concrete injury that was not trivial or too speculative.
Uber Reaches Settlement with FTC Over Allegedly Deceptive Privacy and Security Claims
By Sara Beth A.R. Kohut, Young Conaway Stargatt & Taylor, LLP
The Federal Trade Commission recently announced it had reached a settlement with Uber Technologies Inc. with respect to allegations that Uber misrepresented the privacy and security protections it had in place for the personal information of its drivers and consumers. The FTC had filed a complaint against Uber after a 2014 data breach revealed that Uber employees were improperly accessing consumers’ personal information because Uber did not have effective measures in place to protect and monitor access to that information. Under the settlement, Uber does not face a monetary penalty. However, Uber must establish a comprehensive privacy program that ensures the personal information of its consumers is secured, and must undergo biennial audits by an independent third party for the next 20 years to verify implementation of the privacy program.
Data Privacy
FTC Updates COPPA Compliance Plan
By Sara Beth A.R. Kohut, Young Conaway Stargatt & Taylor, LLP
The Federal Trade Commission recently updated its six-step guidance for complying with the Children’s Online Privacy Protection Act. The revisions acknowledge that evolving technology may affect whether a company’s business model or products are subject to COPPA. As an example, the changes clarify that companies providing “connected toys or other Internet of Things devices” are subject to COPPA. In addition, the guidelines now permit obtaining parental consent by asking knowledge-based authentication questions and employing facial recognition technology.
International Law
Amazon Wins gTLD Appeal
By Sara Beth A.R. Kohut, Young Conaway Stargatt & Taylor, LLP
An Independent Review Panel of the International Centre for Dispute Resolution has issued a 2-1 Final Declaration siding with Amazon in its quest for the generic top-level domain (gTLD) “.amazon”. The Internet Corporation for Assigned Names and Numbers (ICANN) denied the applications of Amazon EU S.A.R.L. to use the gTLD based on objections by the countries of Brazil and Peru, which erroneously (and contrary to ICANN’s guidelines) claimed the gTLD was protected as a geographic region. The panel found that ICANN’s board improperly gave complete deference to its Government Advisory Committee (which supported the Amazonian countries but failed to provide procedural fairness to Amazon to challenge their position) without providing a “well-founded and merits-based public policy reason for denying Amazon’s applications” as required by ICANN’s governing documents. Accordingly, the panel recommended that ICANN’s board reevaluate Amazon’s application and awarded Amazon reimbursement of certain expenses for the proceeding in the amount of $163,046.