Class Actions

Finkly & Sons Co. Faces Illinois Biometric Information Privacy Act Class Action

• A former employee of steelmaker A. Finkly & Sons Co. filed a putative class action against the company in Cook County, Illinois, for violations of the Illinois Biometric Information Privacy Act (BIPA).

• The case alleges the company violated BIPA by inappropriately collecting biometric data in the form of handprints for a timekeeping program without obtaining prior consent of employees, and it seeks damages of up to $5,000 per violation.

Fourth Circuit Court of Appeals Vacates Dismissal of Class Action Against National Board of Examiners in Optometry Inc.

  • The Fourth Circuit Court of Appeals vacated the dismissal of a putative class action against the National Board of Examiners in Optometry Inc. (NBEO), instead finding that the putative plaintiffs’ class alleged sufficient Article III standing.
  • The suit, which was originally filed in Maryland Federal District Court in 2016, alleges that hackers had opened credit-card accounts using information, including names and Social Security numbers, which was obtained from NBEO.
  • According to the Fourth Circuit, the complaints at issue “contained sufficient allegations that the NBEO was a plausible source of the Plaintiffs’ personal information. Accordingly, the Complaints contain ‘sufficient factual matter’ to render the Plaintiffs’ allegations plausible on their face.”

EU/GDPR

EU Parliamentary Committee Urges Suspension of Transatlantic Privacy Shield

  • The European Union (EU) Civil Liberties, Justice and Home Affairs Committee recommended the suspension of the Transatlantic Privacy Shield until the U.S. can meet the prescribed protection obligations. The committee does not believe the privacy shield does enough to protect EU citizens.
  • The Transatlantic Privacy Shield was enacted in July 2016 and details the methods necessary to transfer personal data between the U.S. and the EU.
  • The committee approved a resolution calling for more data protection, which will go to the full European Commission for a vote in July. The resolution also calls on EU data protection regulators to review United States companies for misuse of data transfer and determine whether suspension or expulsion from the privacy shield is warranted.

Federal Trade Commission

FTC Provides Guidance to Consumer Product Safety Commission on Internet of Things

  • The Federal Trade Commission (FTC) recently provided comments to the Consumer Product Safety Commission (CPSC) as part CPSC’s analysis of consumer product hazards with the internet of things (IoT).
  • The CPSC requested input regarding safety issues seen with the escalation of IoT in consumer products and devices.
  • Although it did not encourage specific regulations, the FTC recommended that CPSC enforcement should be “technology-neutral and sufficiently flexible.”
  • The FTC also noted that if the CPSC provides certification requirements for IoT devices, the CPSC also should require public posting of standards by manufacturers to allow the FTC to enforce its authority under Section 5 of the FTC Act.

Securities and Exchange Commission

SEC Provides Clarification on Bitcoin Security Status

  • This week, Security and Exchange Commission (SEC) Division of Corporation Finance Director Bill Hinman indicated that the SEC does not consider that cryptocurrencies such as bitcoin are securities.
  • By contrast, digital tokens sold in ICOs, or so-called initial coin offerings, will be considered securities by the SEC.
  • Hinman relayed that the bitcoin’s networks do not represent an investment contract where the token or coin is “sufficiently decentralized” and there is no reasonable expectation to carry out “managerial or entrepreneurial efforts.”
  • For the SEC, the primary question is “whether a third party – be it a person, entity or coordinated group of actors – drives the expectation of a return.”