Photo of Shing Tse

Shing Tse

We have been covering the hiQ-LinkedIn data-scraping saga for several years now on CPW. (See previous posts here, here, here, and here).

After well-publicized litigation that made its way to the Supreme Court and back again, the United States District Court for the Northern District of California ruled[1] that the provisions of a website user agreement that prohibit anti-scraping and fake profiles are enforceable in a breach of contract claim. Businesses should take note and ensure that their own conduct enforces their terms and conditions in order to prevent violators from successfully claiming affirmative defenses. If a business knows of a violation, and wants to have enforceable terms, it should pursue remedying that violation.

Continue Reading Federal Court Rules in Favor of LinkedIn’s Breach of Contract Claim after Six Years of CFAA Data Scraping Litigation

CPW’s Kristin Bryan, a 2022 Law360 Privacy & Cybersecurity MVP as well as a featured subject matter expert for LexisNexis, Jesse Taylor and Shing Tse teamed up to co-author a chapter of the Lexis Practical Guidance titled “Privacy, Cybersecurity and Data Breach Litigation: Key Laws and Considerations. In this practice

A Seventh Circuit district court recently clarified that a Fair Debt Collection Practice (“FDCPA”) plaintiff may not satisfy Article III’s injury-in-fact requirement by alleging confusion and aggravation, even where a complaint generally alleges actual damages.

In Suxstorf v. Portfolio Recovery Assocs. LLC, Plaintiff brought claims under the FDCPA, 15 U.S.C. § 1692e against Defendant, Portfolio Recovery Associates LLC, a debt collector. In connection with an outstanding debt, Defendant sent Plaintiff a “permanent hardship” letter, in which Defendant offered to pause or cease its collection efforts upon a showing of permanent hardship. Defendant attached to the letter a “Permanent Hardship Request Form,” in which it requested certain consumer information to evidence permanent hardship, including: the consumer’s date of birth, the last four digits of the consumer’s Social Security number, the consumer’s employment status, whether the consumer is receiving unemployment benefits, whether the consumer is receiving Social Security benefits or any other financial assistance from the government, any other sources of income and a description of any financial hardship and the duration of that hardship.

Plaintiff alleged that Defendant’s request for such information was under false pretenses and that the actual purpose of requesting the information was to determine whether to bring suit against the consumer based on the information obtained from the permanent hardship letter. Plaintiff alleged that this practice violated, among other statutes, the FDCPA, 15 U.S.C. § 1692e(10), which prohibits a debt collector from using “any false representation or deceptive means to collect or attempt to collect any debt or to obtain information concerning a consumer.” 15 U.S.C. § 1692e(10). Plaintiff alleges that he was confused and misled by the letter and that he was required to spend time and money investigating the letter and the consequences of his response.  

Continue Reading Federal Court Clarifies the Article III Standing Requirement for FDCPA Violations

Recently, a federal court in California held that the loss of stored data, without more, is insufficient to establish Article III standing to withstand a motion to dismiss.  In so doing, the court joined a number of other courts in holding that allegations of speculative harm devoid of allegations that personal information was stolen or

Earlier this week, the Ninth Circuit, yet again, concluded that data scraping public websites is not unlawful. In hiQ Labs, Inc. v. LinkedIn Corp., a case that has been ongoing for nearly five years, the Ninth Circuit affirmed its earlier decision that LinkedIn may not rely on the Computer Fraud and Abuse Act (“CFAA”)

Recently, a federal court in Kansas joined a number of other courts in finding that allegations of future, speculative harm unadorned with actual theft or misuse of personal information are insufficient to establish Article III standing. 

In Ex rel Situated v. Med-Data Inc., Case No. 21-2301-DDC-GEB, 2022 U.S. Dist. LEXIS 60555 (D. Kan. Mar.