Articles Posted in US Court of Appeals for the District of Columbia Circuit

by
These consolidated appeals stemmed from the cyberattack of multiple OPM databases that resulted in the data breach of sensitive personal information from more than 21 million people. Plaintiffs alleged that OPM's cybersecurity practices were inadequate, enabling the hackers to gain access to the agency's database of employee information, in turn exposing plaintiffs to heightened risks of identity theft and other injuries. The district court dismissed the complaints based on lack of Article III standing and failure to state a claim. The DC Circuit held that both sets of plaintiffs have alleged facts sufficient to satisfy Article III standing requirements; the Arnold Plaintiffs have stated a claim for damages under the Privacy Act, and have unlocked OPM's waiver of sovereign immunity, by alleging OPM's knowing refusal to establish appropriate information security safeguards; KeyPoint was not entitled to derivative sovereign immunity because it has not shown that its alleged security faults were directed by the government, and it is alleged to have violated the Privacy Act standards incorporated into its contract with OPM; and, assuming a constitutional right to informational privacy, NTEU Plaintiffs have not alleged any violation of such a right. Accordingly, the court affirmed in part, reversed in part, and remanded for further proceedings. View "In re: U.S. Office of Personnel Management Data Security Breach Litigation" on Justia Law

by
Plaintiffs, 14 locksmith companies, filed suit alleging that Google, Microsoft, and Yahoo! have conspired to "flood the market" of online search results with information about so-called "scam" locksmiths, in order to extract additional advertising revenue. The DC Circuit affirmed the district court's dismissal of the amended complaint as barred by section 230 of the Communications Decency Act, which states that no provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider. The parties agreed as to the first and third prongs of the section 230 test for determining whether the Act mandates dismissal, holding that defendants were a provider or user of an interactive computer service and that the complaint sought to hold defendants liable as the publisher or speaker of that information. As to the contested second prong of the section 230 test, the court held that the information for which plaintiff seeks to hold defendants liable was information provided by another information content provider and thus dismissal was warranted under the Act. In this case, defendants' translation of information that comes from the scam locksmiths' webpages fell within the scope of section 230 immunity. View "Marshall's Locksmith Service v. Google, LLC" on Justia Law

by
The DC Circuit affirmed the district court's grant of Google's motion to dismiss in an action brought by plaintiff and her company against Google for failing to remove an offensive blog post. Plaintiff alleged three state law causes of action: defamation; tortious interference with a business relationship; and intentional infliction of emotional distress. The district court concluded that the Communications Decency Act (CDA), 47 U.S.C. 230, immunized Google from liability for the publication of third-party content. The court applied the three part test in Klayman v. Zuckerberg, 753 F.3d 1354, 1357 (D.C. Cir. 2014), to determine that Google had established immunity. In this case, Google qualified as an interactive computer service provider; plaintiff alleged that a third party created the offensive content on the blog; and plaintiff sought to establish that Google was liable as a publisher of the content. View "Bennett v. Google LLC" on Justia Law

by
The DC Circuit affirmed the district court's grant of Google's motion to dismiss in an action brought by plaintiff and her company against Google for failing to remove an offensive blog post. Plaintiff alleged three state law causes of action: defamation; tortious interference with a business relationship; and intentional infliction of emotional distress. The district court concluded that the Communications Decency Act (CDA), 47 U.S.C. 230, immunized Google from liability for the publication of third-party content. The court applied the three part test in Klayman v. Zuckerberg, 753 F.3d 1354, 1357 (D.C. Cir. 2014), to determine that Google had established immunity. In this case, Google qualified as an interactive computer service provider; plaintiff alleged that a third party created the offensive content on the blog; and plaintiff sought to establish that Google was liable as a publisher of the content. View "Bennett v. Google LLC" on Justia Law