Photo of Kyle Dull

Kyle Dull

We have been covering the hiQ-LinkedIn data-scraping saga for several years now on CPW. (See previous posts here, here, here, and here).

After well-publicized litigation that made its way to the Supreme Court and back again, the United States District Court for the Northern District of California ruled[1] that the provisions of a website user agreement that prohibit anti-scraping and fake profiles are enforceable in a breach of contract claim. Businesses should take note and ensure that their own conduct enforces their terms and conditions in order to prevent violators from successfully claiming affirmative defenses. If a business knows of a violation, and wants to have enforceable terms, it should pursue remedying that violation.

Continue Reading Federal Court Rules in Favor of LinkedIn’s Breach of Contract Claim after Six Years of CFAA Data Scraping Litigation

Continuing the recent trend of holding company executives personally liable for a company’s alleged violation of Section 5 of the Federal Trade Commission Act (“FTC Act”), the Federal Trade Commission (FTC) announced a complaint and consent agreement with Drizly, LLC (“Drizly”), an alcohol delivery app, and Chief Executive Officer James Cory Rellas over the failure

The Interactive Advertising Bureau (IAB) and IAB Tech Lab have proposed updates their industry level agreements and privacy signal program to support the efforts of marketers, agencies, publishers, and ad tech companies to comply with the US state privacy laws going into effect in 2023. The comment period on the updates is open until October 27.
Continue Reading Ad Industry Group Modifies Its Compliance Program to Address 2023 US State Privacy Laws

Is an online-only business a place of public accommodation under Title III of the Americans with Disabilities Act of 1990 (ADA)? Yes, claimed the plaintiff in Martinez v. Cot’n Wash, Inc., 81 Cal. App. 5th 1026 (Cal. App. August 1, 2022). The Martinez plaintiff, who was permanently blind and used screen readers (i.e., software that audibly reads website content), alleged that “well-established industry standards” require websites to allow blind or visually impaired people access to websites, which one of the defendant’s websites—an e-commerce site—did not. No, said the California Court of Appeal, disagreeing with the plaintiff.

Continue Reading Online-Only Businesses Are Not a Place of Public Accommodation: California State Appellate Court Follows the Ninth Circuit in ADA-Related Ruling

The Federal Trade Commission (FTC) has released a staff reportBringing Dark Patterns to Light, which discusses misleading and manipulative design practices—dark patterns—in web and mobile apps. These design choices take advantage of users’ cognitive biases to influence their behavior and prevent them from making fully informed decisions about their data and purchases. Dark patterns are employed to get users to surrender their personal information, unwittingly sign up for services, and purchase products they do not intend to purchase. The consequences of dark patterns have been increasingly noticed in the regulatory and legislative sphere, both in the United States and Europe

Continue Reading Dark Patterns under the Regulatory Spotlight Again

Shea Leitch (Of Counsel, Washington, DC) and Kyle Dull (Senior Associate, New York/Miami) will speak on Friday, September 16, at the Association of Corporate Counsel (ACC) South Florida Chapter’s 12th Annual CLE Conference, “Casino Royale: Accepting the In-House Mission.” Shea and Kyle’s aptly named panel, “For Your Eyes Only: Dealing with Security Risks, New

The California Consumer Privacy Act (CCPA) currently has limited carve-outs for personal information (PI) collected from a job applicant, employee, owner, director, officer, medical staff member, or independent contractor of a business acting in such capacity (including, without limitation, communications, emergency contact and benefits PI) (HR data). An even broader exception applies to B-to-B communications and related PI (e.g., vendor, supplier and business customer contacts and communications) (B-to-B data). As a result, businesses subject to the CCPA are not currently required to honor CCPA rights requests received from persons concerning HR data and B-to-B data. These carve-outs are set to sunset on January 1, 2023, when the California Privacy Rights Act (CPRA), which substantially amends the CCPA, goes into full effect, at which point HR data and B-to-B data will be fully subject to all of the requirements of the CCPA/CPRA. Many business administrators had hoped that either the California legislature would extend the HR data exceptions (or maybe even make them permanent), or a federal law that limited data subject rights to traditional consumers would pass and preempt CCPA/CPRA. It is now clear that the former is impossible and the latter is highly unlikely. Accordingly, many companies have a lot to do by year-end to prepare to stand up a CCPA/CPRA program for HR data and B-to-B data.

Continue Reading HR and B-to-B Data Compliance Deadline Looming – Legislative Efforts to Extend California Consumer Privacy Act Exemptions Fail

On August 24, 2022, California Attorney General Rob Bonta issued a press release announcing the first public settlement by the Office of the Attorney General (OAG) involving alleged violations of the CCPA. The settlement involves a judicial judgment, civil penalties and ongoing monitoring and reporting. The use of noncompliance letters to cajole companies into compliance over many months now appears to be a closed chapter in the CCPA saga. Season 2 promises more drama, more action and more money. Entertaining unless you are the next target!

Continue Reading The Cookie Crumbles – Lessons from First California Consumer Privacy Act (CCPA) Monetary Settlement

Legislatures, regulators, and enforcement agencies across the United States and in Germany have turned up the heat on subscription plans within the past year by updating their automatic renewal law (ARL). California and Germany have new ARL requirements starting July 1, 2022. Generally, an automatic renewal or negative option is a paid subscription plan that

Last week, the Federal Trade Commission (“FTC”) held an open meeting focused on issues related to children’s privacy and those pertaining to the use of endorsements and testimonials in advertising. In the meeting, the FTC adopted a new policy statement targeting data collection practices in educational technology. Further, the FTC proposed amendments to the Guides Concerning the Use of Endorsements and Testimonials in Advertising (“Endorsement Guides”) which would target child-directed marketing. Of note, one of the amendments would recognize that children may react to advertising practices differently than adults and thus advertising practices directed towards children may be treated differently by the FTC compared to those practices directed towards adults.
Continue Reading FTC Targets Children’s Privacy and Stealth Advertising Directed at Children