Previous month:
July 2015
Next month:
November 2015

October 2015

Data Transfer From The EU Just Got More Complicated

By Mary Ellen Callahan

On October 6, 2015, the Court of Justice of the European Union (CJEU) decided to agree in large part with the Advocate General’s recommendation in the matter Schrems v. Facebook (Ireland), and invalidated the U.S./EU Safe Harbor mechanism for transferring data.  Safe Harbor was first established in 2000 as an additional mechanism to transfer personal data from the EU to the U.S., provided that companies publicly agreed to Safe Harbor privacy principles (“Commission decision 2000/520).  The enforcement for Safe Harbor non-compliance was set with the Federal Trade Commission; the FTC could also accept complaints from EU Data Protection Authorities (DPA). 

In Schrems, the Irish DPA determined that he did not have the authority to review whether the Commission’s Safe Harbor decision was valid.  The Irish High Court concurred, and therefore the CJEU took the case.

The CJEU takes the findings of the (non-binding) Advocate General recommendation in whole, including that the U.S. legal system has “systemic failures” in data protection because of national security programs revealed in June 2013 after a series of unauthorized disclosures of PRISM and other national security programs.  However, the Advocate General’s opinion does not accurately describe PRISM and other national security programs as they operated in 2013, and despite indicating that his decision must take into account the regime as currently in operation, the Advocate General’s sweeping generalities are not accurate.  (see, e.g., analysis of Advocate General recommendations by Peter Swire, member of the independent Review Group on Intelligence and Communications Technology, created by President Obama in 2013). 

Continue reading "Data Transfer From The EU Just Got More Complicated " »

US Supreme Court Considers Whether Mere Statutory Violation Provides Standing in Spokeo, Inc. v. Robins

By Jeremy M. Creelan

Supreme Court 35719-0001
On November 2, the U.S. Supreme Court will hear oral argument in Spokeo, Inc. v. Robins, No. 13-1339, which could have far-reaching implications for consumer-related class actions. 

The plaintiff, Thomas Robins, filed a putative class action in federal district court in California alleging that Spokeo, Inc., willfully violated the Fair Credit Reporting Act (“FCRA”), 15 U.S.C. § 1681 et seq..  Robins alleged that Spokeo published inaccurate information about him, and thus threatened his employment prospects. 

Among other requirements, the FCRA requires consumer credit reporting agencies to “follow reasonable procedures to assure maximum possible accuracy of” consumer reports, 15 U.S.C. § 1681e(b), and includes a private right of action for consumers to obtain actual damages for violation of these requirements.

The district court dismissed Robins’ complaint under FRCP 12(b)(1) for lack of Article III standing. The district court reasoned that he lacked standing because he had failed to allege that the statutory violations he identified had caused him any “actual or imminent harm.” 

The Ninth Circuit reversed, finding that “the violation of a statutory right is usually a sufficient injury in fact to confer standing.” The court rejected the argument that, to have standing under Article III, a plaintiff must allege actual harm instead of just the violation of a statutory right. 

Continue reading "US Supreme Court Considers Whether Mere Statutory Violation Provides Standing in Spokeo, Inc. v. Robins" »