ECPE Brief Bank
With the reification of the common law, the current challenge for privacy plaintiffs involves attempting to fit outdated, sectoral privacy laws to new invasive practices. We have curated these briefs as examples of well-drafted attempts to apply these laws to new contexts. Not all of these attempts have succeeded, but they all represent interesting approaches and elucidate the context and possible application of privacy laws to new technologies.
Computer Fraud and Abuse Act (CFAA)
The CFAA is the federal anti-hacking law. It has both civil and criminal provisions, and over the years, Congress has significantly broadened its application. The amended complaint In re Quantcast Cookie Litigation demonstrates how the CFAA may apply to increasingly invasive advertising practices.
Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003 (CAN-SPAM)
In Asis Internet Servs. v. Rausch, No. 08-03186 EDL (N.D. Cal.) (May 03, 2010), Jason K. Singleton and Richard E. Grabowski, obtained a $2.5M award on behalf of its client, a small ISP. The second amended complaint and motion for summary judgment details the practice of email harvesting and aggravating factors justifying treble damages.
Electronic Communications Privacy Act (ECPA)
In re Google Inc. Street View, 5:10-md-02184 JW (N.D. Cal.), concerns the application of a very complex statutory scheme to protect the privacy of electronic communications to Google’s Street View program. The plaintiff’s response to Google’s motion to dismiss addresses the complex provisions of the ECPA, and an amicus brief by the Electronic Privacy Information Center focuses upon the ECPA’s statutory history. Dunbar v. Google (E.D. Tx.) invokes the ECPA in the context of Google’s Gmail service, which scans the content of user and non-user email for the purpose of targeting advertising. The amended complaint and response to the motion to dismiss explore the ordinary course of business exception, the consent exception, "necessary incident to rendition" of service exception of the ECPA.
Fair Credit Reporting Act (FCRA)
Litigators often have to fit new privacy harms into the framework of old privacy laws. In Robins v. Spokeo, No. CV10-05306 ODW (C.D. Cal.), a team at Edelson McGuire LLC have argued that an online data broker has violated the FCRA of 1970 by assembling profiles and selling them for background checks. The complaint has an overview of the case, while the first and second opposition to summary judgment addresses the key factors for determining that an entity is a consumer reporting agency, standing issues, and immunity issues under the Communications Decency Act (CDA § 230).
Security Breach Cases
While many security breach cases settle, those that are litigated face a number of hurdles, starting with standing. In Ruiz v. Gap, 622 F.Supp.2d 908 (2009), a team from Finkelstein Thompson successfully argued that plaintiffs (750,000 job applicants) had standing to sue Gap because a laptop stolen from Gap increased their likelihood of fraud victimization. The amended complaint outlines the case, and the reply brief addresses the merits of the standing issue.
Telephone Consumer Protection Act (TCPA)
Enacted originally to address consumer protection and privacy problems in traditional telemarketing, the TCPA can be employed to address new forms of privacy-invasive marketing. For instance, in Satterfield v. Simon & Schuster, 539 F.3d 946 (9th Cir. 2009), the 9th Circuit held that a text message delivered to a cell phone was a “call” for purposes of the TCPA. The plaintiff’s opposition to summary judgment details the complexity of the TCPA, and its application to new forms of telemarketing.