Justia Internet Law Opinion Summaries

Plaintiffs, a class of children, appearing through their guardians ad litem, filed a lawsuit against Google LLC and others, alleging that Google used persistent identifiers to collect data and track their online behavior surreptitiously and without their consent in violation of the Children’s Online Privacy Protection Act (“COPPA”). They pled only state law claims arising under the constitutional, statutory, and common law of California, Colorado, Indiana, Massachusetts, New Jersey, and Tennessee, but also allege Google’s activities violate COPPA. The district court held that the “core allegations” in the third amended complaint were squarely covered, and preempted, by COPPA.   The Ninth Circuit reversed the district court’s dismissal on preemption grounds. The panel considered the question of whether COPPA preempts state law claims based on underlying conduct that also violates COPPA’s regulations. The Supreme Court has identified three different types of preemption—express, conflict, and field. First, express preemption is a question of statutory construction. The panel concluded that COPPA’s preemption clause does not bar state-law causes of action that are parallel to, or proscribe, the same conduct forbidden by, COPPA. Accordingly, express preemption does not apply to the plaintiff class’s claims. Second, even if express preemption is not applicable, preemptive intent may be inferred through conflict preemption principles. The panel held that although express and conflict preemption are analytically distinct inquiries, they effectively collapse into one when the preemption clause uses the term “inconsistent.” For the same reasons that the panel concluded there was no express preemption, the panel concluded that conflict preemption did not bar Plaintiffs’ claims. View "CARA JONES, ET AL V. GOOGLE LLC, ET AL" on Justia Law

YouTube, a video-sharing website, places “advertising restrictions” on certain videos to prevent the user who posted the video from realizing advertising revenues. Network administrators and individual subscribers can also elect to limit user access to YouTube videos using “Restricted Mode.” YouTube considers whether the content involves drugs, alcohol, sex, violence, tragedies, inappropriate language, and whether the content is "gratuitously incendiary, inflammatory, or demeaning towards an individual or group.” YouTube uses an “automated filtering algorithm.” Users whose videos have been restricted or demonetized may request human review. Prager has posted more than 250 YouTube videos and has been prohibited from monetizing over 50 of its videos. In some cases, other users have posted videos identical to Prager’s restricted videos; the copycat videos have not been restricted. Prager claims the restrictions are based on its political identity or viewpoints.After a district court dismissed its federal lawsuit, Prager sued in state court. The court of appeal affirmed the dismissal of the suit, citing immunity under the Communications Decency Act, 47 U.S.C. 230, for interactive computer service providers acting as “publishers or speakers” of content provided by others. The challenged conduct is the exercise of a publisher’s traditional editorial functions, The court rejected arguments that the defendants are themselves information content providers, that their terms of service and public pronouncements subjected them to liability notwithstanding the Act, and that the Act, in immunizing defendants from Prager’s state law claims, is unconstitutional. View "Prager University v. Google LLC" on Justia Law

In a matter of first impression before the Mississippi Supreme Court, the issue presented for review required an interpretation and application of the federal Anticybersquatting Consumer Protection Act (ACPA). 15 U.S.C. § 1125(d). Jonathan Carr registered five domain names that included variations of the identifying marks of the Mississippi Lottery Corporation (MLC). After an unfavorable decision from a national arbitration board, Carr brought a reverse domain name hijacking claim against the MLC, which countersued for cybersquatting. The Mississippi Supreme Court dismissed Carr’s first appeal in this case for lack of a final appealable judgment. Carr appealed the trial judge’s Order Granting and Denying Motions for Injunctive Relief, Order on Motion for New Trial, or In the Alternative, Motion for a Trial By Jury, and Order on Motion for New Trial and/or In the Alternative, to Alter or Amend the Judgment. After a careful review of federal and state law, the Supreme Court affirmed the decisions of the trial court on all issues. View "Carr v. Mississippi Lottery Corporation" on Justia Law

Users of Reddit, a social media platform, posted and circulated sexually explicit images and videos of minors online. The victims, or their parents, sued Reddit pursuant to Section 1595, the Trafficking Victims Protection Reauthorization Act.   The Ninth Circuit affirmed the district court’s dismissal. Rhe panel held that Section 230 of the Communications Decency Act, 47 U.S.C. Section 230(c)(1), shielded defendant Reddit, Inc., from liability. The panel held that Reddit, an “interactive computer services” provider, generally enjoys immunity from liability for user-posted content under Section 230(c)(1). However, pursuant to the Allow States and Victims to Fight Online Sex Trafficking Act of 2018 (“FOSTA”), Section 230 immunity does not apply to child sex trafficking claims if the conduct underlying the claim also violates 18 U.S.C. Section 1591, the criminal child sex trafficking statute.   The panel held that the plain text of FOSTA, as well as precedent interpreting a similar immunity exception under the Foreign Sovereign Immunities Act, established that the availability of FOSTA’s immunity exception is contingent upon a plaintiff proving that a defendant-website’s own conduct—rather than its users’ conduct—resulted in a violation of 18 U.S.C. Section 1591. The panel held that FOSTA’s wider statutory context confirmed its reading. In Section II.C, the panel held that its reading was also supported by the legislative history of FOSTA. View "JANE DOES, ET AL V. REDDIT, INC." on Justia Law

In 2016, McLaughlin, the head of a business, was arrested based on an alleged domestic dispute with his former girlfriend, Olivia. In 2018, an Illinois court ordered all records in that case expunged, and the destruction of McLaughlin’s arrest records and photographs. McLaughlin sought an order of protection against Olivia. The terms of the parties’ subsequent settlement were incorporated in a judgment, which was sealed. Doe nonetheless posted multiple Twitter messages about McLaughlin’s arrest with McLaughlin’s mugshot, tagging McLaughlin’s business contacts and clients, and media outlets. Twitter suspended Doe’s accounts. The Illinois court issued a subpoena requiring the production of documents related to Doe’s Twitter accounts and issued “letters rogatory” to the San Francisco County Superior Court. Under the authority of that court, McLaughlin's subpoena was to be served on Twitter in San Francisco, requesting information personally identifying the account holders. In a motion to quash, Doe argued he had a First Amendment right to engage in anonymous speech and a right to privacy under the California Constitution. Doe sought attorney fees, (Code of Civil Procedure1987.2(c))The court of appeal affirmed orders in favor of McLaughlin. No sanctions were awarded. Doe failed to establish he prevailed on his motion to quash or that “the underlying action arises from [his] exercise of free speech rights on the Internet.” Doe presented no legally cognizable argument that McLaughlin failed to make a prima facie showing of breach of the settlement agreement. View "Doe v. McLaughlin" on Justia Law

Clemens, then an employee, provided ExecuPharm with sensitive information, including her address, social security number, bank, and financial account numbers, insurance, and tax information, passport, and information relating to her family. Clemens’s employment agreement provided that ExecuPharm would “take appropriate measures to protect the confidentiality and security” of this information. After Clemens left ExecuPharm, a hacking group (CLOP) accessed ExecuPharm’s servers, stealing sensitive information pertaining to current and former employees, including Clemens. CLOP posted the data on the Dark Web, making available for download 123,000 data files pertaining to ExecuPharm, including sensitive employee information. ExecuPharm notified current and former employees of the breach and encouraged precautionary measures. Clemens reviewed her financial records and credit reports for unauthorized activity; placed fraud alerts on her credit reports; transferred her bank account; enrolled in ExecuPharm’s complimentary one-year credit monitoring services; and purchased three-bureau additional credit monitoring services for herself and her family for $39.99 per month.Clemens's suit under the Class Action Fairness Act, 28 U.S.C. 1332(d), was dismissed for lack of Article III standing. The court concluded that Clemens’s risk of future harm was not imminent, but “speculative.” Any money Clemens spent to mitigate the speculative risk was insufficient to confer standing; even if ExecuPharm breached the employment agreement, it would not automatically give Clemens standing to assert her breach of contract claim. The Third Circuit vacated. Clemens’s injury was sufficiently imminent to constitute an injury-in-fact for purposes of standing. View "Clemens v. Execupharm Inc" on Justia Law

NBA Properties owns the trademarks of the NBA and NBA teams. In 2020, a Properties investigator accessed HANWJH’s online Amazon store and purchased an item, designating an address in Illinois as the delivery destination. The product was delivered to the Illinois address. Properties sued, alleging trademark infringement and counterfeiting, 15 U.S.C. 1114 and false designation of origin, section 1125(a). Properties obtained a TRO and a temporary asset restraint on HANWJH’s bank account, then moved for default; despite having been served, HANWJH had not answered or otherwise defended the suit. HANWJH moved to dismiss, arguing that the court lacked personal jurisdiction over it because it did not expressly aim any conduct at Illinois. HANWJH maintained that it had never sold any other product to any consumer in Illinois nor had it any “offices, employees,” “real or personal property,” “bank accounts,” or any other commercial dealings with Illinois.The Seventh Circuit affirmed the denial of the motion to dismiss and the entry of judgment in favor of Properties. HANWJH shipped a product to Illinois after it structured its sales activity in such a manner as to invite orders from Illinois and developed the capacity to fill them. HANWJH’s listing of its product on Amazon.com and its sale of the product to counsel are related sufficiently to the harm of likelihood of confusion. Illinois has an interest in protecting its consumers from purchasing fraudulent merchandise. HANWJH alleges no unusual burden in defending the suit in Illinois. View "NBA Properties, Inc. v. HANWJH" on Justia Law

Popa browsed the website of Harriet Carter Gifts, added an item to her cart, but left the website without making a purchase. She later discovered that, unbeknownst to her, Harriet Carter’s third-party marketing service, NaviStone, tracked her activities across the site. Popa sued both entities under Pennsylvania’s Wiretapping and Electronic Surveillance Control Act (WESCA), 18 Pa. C.S. 5701, which prohibits the interception of wire, electronic, or oral communications. The district court granted the defendants summary judgment, reasoning that NaviStone could not have “intercepted” Popa’s communications because it was a “party” to the electronic conversation. Alternatively, it ruled that if any interception occurred, it happened outside Pennsylvania, so the Act did not apply.The Third Circuit vacated. Under Pennsylvania law, there is no direct-party exception to WESCA liability, except for law enforcement under specific conditions. The defendants cannot avoid liability merely by showing that Popa directly communicated with NaviStone’s servers. NaviStone intercepted Popa’s communications at the point where it routed those communications to its own servers; that was at Popa’s browser, not where the signals were received at NaviStone’s servers. The court noted that the district court never addressed whether Harriet Carter posted a privacy policy and, if so, whether that policy sufficiently alerted Popa that her communications were being sent to a third-party company to support a consent defense. View "Popa v. Harriet Carter Gifts Inc." on Justia Law

Alight provides recordkeeping services for employee healthcare and retirement benefit plans, some of which are governed by ERISA, 29 U.S.C. 1001–1461 The Department of Labor investigated Alight, following a discovery that Alight processed unauthorized distributions of plan benefits due to cybersecurity breaches, and sent Alight an administrative subpoena duces tecum, seeking documents in response to 32 inquiries, including broad demands, such as “[a]ll documents and communications relating to services offered to ERISA plan clients.” Alight produced some documents but objected to several inquiries, citing its duty to keep certain information confidential. The Department petitioned for enforcement of the subpoena. Alight produced additional materials but redacted most of the documents to remove client identifying information, preventing the Department from discerning potential ERISA violations. Alight asked the court to quash or limit the subpoena and permit redactions. Alight’s legal consultant projected full compliance would require “thousands of hours of work.” The Department clarified or narrowed its requests.The Seventh Circuit affirmed an order granting the Department’s petition to enforce the subpoena with some modifications. The court rejected Alight’s arguments that the subpoena is unenforceable because the Department lacks authority to investigate the company because it is not a fiduciary under ERISA, or cybersecurity incidents generally; that the subpoena’s demands are too indefinite and unduly burdensome, and that the district court abused its discretion by denying Alight’s request for a protective order to limit production of certain sensitive information. View "Walsh v. Alight Solutions, LLC" on Justia Law

A Romanian organization, the Alexandria Online Auction Fraud Network (AOAF), used fraudulent online advertisements on websites like eBay, Craigslist, and Amazon to convince unknowing U.S. purchasers to send payments for high-value items that did not actually exist. After receiving the payments through vehicles like gift cards and prepaid debit cards, AOAF money launderers in the U.S., including Brown, converted the payments into Bitcoin currency, which was then transferred back to Romania. Foreign Bitcoin exchange businesses including RG, Iossifov’s Bulgaria-based business, then transferred the Bitcoin balances to cash on behalf of AOAF fraudsters. About 900 victims never received the items for which they paid. The government learned about the scheme in 2014 when it discovered that an American citizen living in Kentucky was laundering funds on behalf of an online fraud organization; the individual became a confidential source.The Sixth Circuit affirmed Iossifov and Brown’s convictions and sentences under the Racketeer Influenced and Corrupt Organizations Act (RICO), 18 U.S.C. 1962(d), and Iossifov’s additional conviction for conspiring to launder money 18 U.S.C. 1956(h). The court rejected venue, jurisdiction, and Due Process claims, a contention that Bitcoin does not fall under the money laundering statute, and challenges to sentencing enhancements and evidentiary rulings. View "United States v. Iossifov" on Justia Law