Main Menu
Print PDF

Court Crier: Cyber Law and Data Protection

In Jardim v. Overly, the Superior Court of New Jersey, Appellate Division, addressed the constitutional principles of personal jurisdiction and due process in the context of a retail sale contract made over the internet. The court held the seller in this one-time sale scenario did not “purposely avail” himself of this state’s retail market to a degree that rises to the level of “minimum contacts” needed to support personal jurisdiction under the Due Process Clause. The court specifically noted its holding did not foreclose a finding of specific jurisdiction in future internet retail sale contexts in which more extensive transactional activities connected the defendant to the forum. (November 14, 2019)

In Lamps Plus v. Valera, the United States Supreme Court addressed whether a putative class action, instituted by an employee after a hacker tricked his employer into disclosing the tax information of 1,300 employees, was subject to the arbitration clause in the employee’s employment contract. Specifically, the Court considered whether arbitration could be compelled when the agreement was ambiguous on the availability of class arbitration. The Court held that, under the Federal Arbitration Act, an ambiguous agreement cannot provide the necessary contractual basis for concluding that the parties agreed to submit to class arbitration. (April 24, 2019)

In Dittman v. UPMC, the Supreme Court of Pennsylvania addressed whether an employer must safeguard its employees’ personal information. The court held that when an employer stores sensitive employee information on internet-accessible computer systems, the employer has a legal duty to exercise reasonable care to safeguard that information. (November 21, 2018)

In Carpenter v. United States, the United States Supreme Courtconsidered whether the government must obtain a warrant before it can obtain cell-site location information from a suspect’s wireless carrier. The Court ruled that a warrant is required because the government’s acquisition of cell-site records is a Fourth Amendment search. (June 22, 2018)

In Armata v. Target Corporation, the Supreme Judicial Court of Massachusetts addressed whether the revised Massachusetts debt collection regulations, which limit the frequency with which a creditor may attempt to contact a debtor via telephone, applies to creditors who use an automatic dialer. Holding that it does, the court explained that the creditor violated the regulation by telephoning the debtor with an automatic dialing device more than twice per week when the creditor had the ability to reach the debtor or leave them a voicemail (and chose not to) on those occasions. The court explained that its holding was in accord with the purpose of the regulation, which was intended to prevent creditors from harassing, oppressing, or abusing debtors. (June 25, 2018)

In Cullinane v. Uber Technologies, Inc., the United States Court of Appeals for the First Circuit addressed the enforceability of an arbitration clause contained in an online contract. The contract was a ten-page document that was available to Uber App users via hyperlinkin the registration process. Holding that arbitration could not be compelled, the court explained that the design of the application diminished the conspicuousness of the hyperlink because of the presence of other terms that had similar or larger size, typeface, and more noticeable attributes than the hyperlink to the agreement. Thus, the court reasoned that the terms of the agreement were not reasonably communicated to the users of the Uber App. (June 25, 2018)

In CDx Laboratories, Inc. v. Zila, Inc., the New York Supreme Court, Appellate Division, 2d Department, addressed whether the statute of limitations was tolled in an action for trade secret misappropriation. The date of accrual in such actions may be extended under the continuing tort doctrine “where the plaintiff alleges that a defendant has kept a secret confidential but continued to use it for commercial advantage.” The court determined that the doctrine was not applicable because the plaintiff failed to establish that the defendant disclosed new portions of a customer list between the relevant dates. (June 27, 2018)

In In Re Horizon Health Services Inc. Data Breach Litigation, the United States Court of Appeals for the Third Circuit addressed whether a violation of the Fair Credit Reporting Act (FCRA) gave rise to an injury sufficient for Article III standing purposes. The court held that, in light of the congressional decision to create a remedy for the unauthorized transfer of personal information, even without evidence that the plaintiffs’ personal information was in fact used improperly, the alleged disclosure of their personal information created a de facto injury sufficient for Article III standing. (January 20, 2017)

In Spokeo, Inc. v. Robins, the United States Supreme Court addressed whether an individual has standing to maintain an action in federal court against a “people search engine” under the Fair Credit Reporting Act of 1970, which seeks to ensure “fair and accurate credit reporting.” The Court held that in order to invoke federal jurisdiction, the individual must establish standing by demonstrating an injury in fact that is both “concrete and particularized.” Because the lead plaintiff alleged a violation of statutory rights and a personal interest in the handling of his credit information, the plaintiff adequately alleged an injury in fact. (May 16, 2016)

In Fanning v. Federal Trade Commission, the United States Court of Appeals for the First Circuit addressed whether a website founder and his company were liable for misrepresentations contained on a website in violation of section 5(a) of the Federal Trade Commission Act. The court held that the website contained false and material statements about the source of its content and the benefits of a paid membership, but portions of the remedial order were overbroad regarding recordkeeping provisions.(May 9, 2016)

Back to Page