Court Finds Statutory Violations Sufficient To Confer Standing

While Yahoo! is alleged to have allowed an unnamed foreign state actor to spy on its email users by hacking into Yahoo!’s network, Google continues to face claims that it unlawfully spies on email users itself. On September 23, in Matera v. Google Inc., the U.S. District Court for the Northern District of California allowed a proposed class action to proceed against Google related to its scanning of e-mails for targeted advertising purposes. The plaintiff alleged that Google’s scanning violates the California Invasion of Privacy Act and federal Wiretap Act. The court rejected Google’s argument that the plaintiff lacked standing and found that the alleged statutory violations, without any additional allegations of harm, constituted a sufficiently concrete injury for standing purposes.

Court Approves LifeLock Class Action Settlement

On September 20, the U.S. District Court for the Northern District of California approved a settlement between LifeLock, Inc. and a class of plaintiffs that had alleged that LifeLock made false and deceptive statements about the effectiveness and security of its identity theft protection services. The settlement provides for a $68 million fund to provide monetary relief to customers who purchased the LifeLock subscription during the relevant time period. The funds will be taken from the $100 million judgment LifeLock agreed to with the Federal Trade Commission, which we reported on last December.

EU Court Protects Rights Of Internet Access Providers, But Threatens User Anonymity

On September 15, the Court of Justice of the European Union issued a decision in McFadden v. Sony Music Entertainment Germany GmbH finding that businesses offering free Wi-Fi access are not liable for copyright infringements committed by users of their networks. However, the court also found that EU law does not preclude national authorities from requiring Wi-Fi providers to take action to end or prevent such infringements. And it cited approvingly the idea of requiring Wi-Fi providers to secure their networks by means of a password, which users could obtain only after identifying themselves, in order to deter copyright infringement.

Sixth Circuit Adopts Broad View Of Standing In Data Breach Case

On September 12, the U.S. Court of Appeals for the Sixth Circuit (in an unpublished decision ‒ Galaria v. Nationwide Mutual Insurance Company) allowed a class action to proceed against Nationwide related to a data breach it suffered in 2012. In doing so, it adopted a somewhat broad view of standing that cuts against some other recent decisions from other courts, which have denied standing where the plaintiffs could not point to actual misuse of the stolen data. The Sixth Circuit held that allegations of substantial risk of future harm, plus reasonably incurred mitigation costs, are sufficient to establish a cognizable injury.