Internet Law

Class Action and the Song-Beverly Credit Card Act

Published on: September 7, 2015 | by Law Offices of Salar Atrizadeh

Class certification can be a complicated issue that does not just rely on fulfilling the usual requirements. For example, in Gass v Best Buy Co., Inc., an issue of fact had to be determined in order to confirm the class action certification.

What was the court’s decision in Gass v. Best Buy Co., Inc.?

Gass v. Best Buy Co., Inc. was a class action that failed due to the way plaintiffs’ claim was brought. In this case, multiple parties brought separate lawsuits against Best Buy claiming that its practices were against the Song-Beverly Credit Card Act. The claimants then merged their claims. The “class” claimed to be representing “[a]ll persons from whom Defendant requested and recorded personal identification information in conjunction with a credit card transaction… and a subclass of those who were asked for their information relating to the pre-enrollment . . . in Defendant’s Reward Zone program in conjunction with a credit card transaction.” The Song-Beverly Credit Card Act says that companies may not request or require, as a condition to accepting the credit card, the cardholder to provide personal identification information. The practices in question were: (1) when employees asked customers for additional information if they agreed to be in the Rewards program; (2) when customers were asked for their phone number if they forgot their member cards; and (3) if a card failed to swipe on a charge over $100, the customer would be asked for a zip code in order to look up his/her information. First, the court determined that these requests for identification were not illegal. Second, since the requests for information were not a violation, the court ruled that plaintiffs could not be certified as a class. This was because the definition of those affected was overbroad and included customers who may not have suffered any violation. The court ruled that, if the plaintiffs wished to pursue a specific violation, each could proceed individually.

Internet of Things and Privacy

Published on: September 3, 2015 | by Law Offices of Salar Atrizadeh

The Internet of Things (a/k/a “IoT”) functions through smart devices that communicate with each other and collect data without human interaction. These devices include smart cars, smart homes, smart hospitals, smart highways, or smart factories. However, the lack of security protecting information is creating privacy concerns as data is collected by companies and shared with third parties (e.g., marketing firms, governmental agencies). Also, the smart device can be accessed without authorization (i.e., hacked) by third parties and its information can be used for various illegal purposes.

What is the Internet of Things and what private information does it hold?

According to the Organization for Economic Cooperation and Development (“OECD”), one of the Fair Information Practice Principles is the collection limitation of personal data. Stated otherwise, data should be collected with the owner’s consent, through fair and lawful means, and should be limited. The OECD has issued its guidelines that are considered as minimum standards for the protection of privacy and individual liberties. From a practical standpoint, these principles (and relevant guidelines) should be uniformly enforced in the United States and other countries.

Internet Fraud and Class Action Lawsuits

Published on: August 31, 2015 | by Law Offices of Salar Atrizadeh

The term “fraud” invokes the same general meaning whether applied to acts on the Internet or in more traditional forms. The difference with Internet fraud is that it occurs on the web and the number of people who may fall victim to the same violation. This situation lends itself to class action lawsuits due to large numbers of consumers alleging the same harm against the same defendant.

What is Internet fraud?

The term “Internet fraud” includes a wide range of actions. In general, “fraud” is defined in Black’s Law Dictionary as “[a] knowing misrepresentation or knowing concealment of a material fact made to induce another to act to his or her detriment.” Therefore, incidents such as emails promising money or misrepresentations in website’s terms of use are considered fraud. Under California law, a plaintiff must show that: (1) a misrepresentation occurred; (2) defendant knew the information was false; (3) defendant had the intent to induce reliance; (4) plaintiff relied on the false information; and (5) reliance was the cause of damages to plaintiff.

What Is A Class Action Lawsuit?

Published on: August 24, 2015 | by Law Offices of Salar Atrizadeh

Although, most people may think they understand what a class action is, however, the reality is more complex. A group of people cannot just bring a class action without following specific procedures. Notwithstanding the procedural impediments, however, in recent times, more class actions have been filed as the Internet is used as a primary source of communications, research, and transactions.

What is a class action lawsuit?

A class action is brought by a large group, usually under the name of one of the claimants or plaintiffs. In fact, Rule 23 of the Federal Rules of Civil Procedure clarifies when and how a class action can be brought to federal court. First, the class must be so numerous that joinder of all members is impracticable. In the past, classes have been certified with as few as 35 members, but normally there are large number of individuals in the class. Second, there must be questions of law or fact common to the class. One or more persons who are members of the class may sue or be sued as representatives of everyone in the class if their claims or defenses are typical of the claims or defenses of the class, and if they will fairly and adequately protect the interests of the class. These four basic requirements are often referred to as numerosity, commonality, typicality, and adequacy of representation.

Cloud Computing and International Laws

Published on: August 17, 2015 | by Law Offices of Salar Atrizadeh

Cloud computing is subject to certain complexities due to the interplay of international organizations, international users, and Cloud Computing Service Providers (collectively “CCSPs”). In essence, the owners, operators, and users of CCSPs may be subject to both national and international laws. Furthermore, as recent events have indicated, they may face risks when it comes to data privacy and security.

What does international law mean for cloud computing?

The authority that each state has in regards to jurisdiction is a grey area. For example, the Permanent Court of International Justice considers states as having no restriction on exercising jurisdiction on other states. This is the case, unless there is a prohibition under international law. For the most part, international law is considered private law, which revolves around contractual provisions. On the contrary, organizations like the European Union, which regulate cloud computing, operate under public law. For this reason, cloud computing falls under both public and private laws. Because of this, it is difficult to coin cloud computing as a public structure for the purpose of protecting against CCSPs. Additionally, the Restatement of Foreign Relations Law, Section 403, affects jurisdictional issues. This section provides that “a state may not exercise jurisdiction to prescribe law with respect to a person or activity having connections with another state when the exercise of such jurisdiction is unreasonable.”

Cloud Computing and Security

Published on: August 10, 2015 | by Law Offices of Salar Atrizadeh

Security issues related to cloud computing must be dealt with carefully because of the legal uncertainties that surround its regulation. At this time, the European Union and the United States deal differently with cloud computing and its security.

What methods are used to deal with cloud computing security issues?

Security issues can be dealt with by breaking them down, which is how the United States approaches them. The European Union, on the other hand, prefers to directly control cloud-computing issues. In the case of the European Union, all states must be in agreement about regulations in order for them to become rules. However, when specifically evaluating the United States, the Stored Communications Act (“SCA”) proves to be an issue. Because the SCA is a subpart of the Electronic Communications Privacy Act (“ECPA”), certain transactions within cloud computing fall separately under the statutes. This is significant because only certain classifications of stored data are protected by the SCA. Thus, different data transmission processes have varying levels of protection. Because the ECPA was drafted in 1986, it is outdated, and brings concerns about data security. Additionally, security concerns exist when it comes to the power of the federal government in regards to data, especially in the hands of the Department of Justice or National Security Agency.

Cloud Computing and Privacy

Published on: August 3, 2015 | by Law Offices of Salar Atrizadeh

Cloud computing is a service that is offered by service providers and allows for large amounts of information to be stored in virtual servers. These organizations are referred to as Cloud Computing Service Providers (collectively “CCSPs”) and operate within the “cloud.” They are able to operate on a global scale, which makes their activities subject to international laws and places their users at the risk of loss of privacy.

What steps have been taken to protect user data?

In general, users of cloud computing relinquish their data, which may include confidential information, in order to store large amounts of information. Thus, CCSPs must be careful to protect privacy according to industry standards. The failure to establish proper safeguards may result in legal action by private individuals or governmental agencies (e.g., Federal Trade Commission). However, due to the security risk that users face by storing their data, governments have taken active roles in protecting against information loss. For example, the European Commission has instituted a Data Protection Directive. The purpose of this directive is to to give citizens control over of their personal data and to simplify the regulatory environment for business.

Internet Privacy: Social Media and Search Warrants

Published on: August 2, 2015 | by Law Offices of Salar Atrizadeh

The New York State Court of Appeals recently upheld a lower court’s verdict against Facebook’s claim that it had legal standing to challenge search warrants on behalf of its members. Facebook claimed that it had the ability to challenge search warrants that it saw as illegal before the warrants were executed. This verdict is considered a major setback for companies that seek to increase internet privacy.

What were the claims?

Facebook claims that, as an online entity which stores customer information, it had standing to contest search warrants brought to obtain information about its users, including, private personal messages and photographs. The company made the argument that search warrants for electronic information are different from a physical search of someone’s home. Someone else at a company has to do the searching, not the police, and more private information is accessible than would be found through a search of a defendant’s home. Therefore, Facebook claimed that the warrants served on social media companies are more like civil subpoenas for records and should be able to be challenged in court. Facebook also claimed its right to contest the warrants under the federal Stored Communications Act, but the court held that it had misinterpreted the law, which only applied to subpoenas and court orders. Although, the five-judge panel expressed concern over the scope of the search warrants and the large amounts of warrants executed, versus the small amount of those charged with a crime, however, it held that federal and state laws specify that the only person who can challenge a search warrant is the defendant. In general, the challenge takes place at a hearing before the trial court.

eDiscovery and Arbitration

Published on: July 27, 2015 | by Law Offices of Salar Atrizadeh

In recent years, with lawyers and their clients calling for alternate methods of dispute resolution, the discovery of electronic documents has become more difficult to manage. In fact, this dilemma is due to the expansive nature of technology and related software and hardware platforms. As such, it has increased the costs and burdens of litigation.

What is Arbitration?

Arbitration came about as an alternative method to resolve litigation. It exists as a way to provide a way for the parties to resolve their disputes before trial. An arbitrator is granted the authority to ask for electronic data to be presented in a case. Although, arbitration is cost effective, however, flaws exist regarding the scope of electronically-stored information that may be discovered during litigation. Due to the large amount of electronically stored information, arbitral institutions like the International Institute for Conflict Prevention and Resolution (“IICPR”) have proposed guidelines for discovery.

Internet Law and Class Action Lawsuits

Published on: July 20, 2015 | by Law Offices of Salar Atrizadeh

In recent times, the concern over the distribution of, and access to, users’ data on the web continues due to rising cyber activity. This has lead to an increase in Internet-related class action lawsuits.

What are the different types of class action categories?

One category of class actions relates to the use of internet cookies, which are utilized by websites and applications to obtain information about users’ activities. These files are saved on a user’s hard drive, so the host server gains access to certain information (e.g., user’s identity and recent transactions). “Zombie cookies” have become a concern leading to class action lawsuits, as they cannot be deleted and lead to online surveillance of users. Online advertising has also become a source of class action lawsuits, as third-party advertisers have teamed up with websites to use cookies without consent. As a result, online behavioral advertising is created based on a user’s browsing history in order to create relevant advertisements, which may violate privacy policies. Another category of class action is brought when a company website violates its own terms of service or privacy policies, sometimes leading to breached databases. The last category has to do with information contained on social media platforms. As a general matter, user profiles on social media platforms (e.g., LinkedIn, Facebook) yield a large quantity of information. These social media platforms create user profiles that are shared with third parties such as advertising firms.