A couple of significant pro-consumer, pro-privacy rulings over the last two weeks of 2014:
First, a federal district court in Minnesota rejected the argument that putative class of Target consumers harmed by the retail giant's data breach lacked standing to sue over the breach. As Law360 reports, the court "concluded that the plaintiffs' assertions that the breach had caused them to pay unlawful charges, restricted or blocked access to their bank accounts, made them unable to pay other bills, and caused them to pay unfair late charges and new card fees were sufficient to allow them to proceed with their claims at this early stage in the litigation." Read the story here. For a relevant discussion of the harms caused by data breaches, read Public Citizen's amicus brief in FTC v. Wyndham, pending in the Third Circuit.
Second, a federal district court in California rejected a motion to dismiss a class action against Facebook for intercepting the content of users' electronic messages in order to determine if users "like" a webpage (for purposes of Facebook's "like" counter) and in order to help Facebook send users targeted advertising. The putative class in the case, Campbell v. Facebook, alleges violations of both state and federal privacy law. Judge Hamilton's thoughtful opinion rejected the argument that Facebook's snooping into its users' messages is part of its "ordinary course of business" and therefore exempt from privacy protections: “An electronic communications service provider cannot simply adopt any revenue-generating practice and deem it ‘ordinary’ by its own subjective standard. The court instead finds that any interception falling within the exception must be related or connected to an electronic communication provider’s service, even if it does not actually facilitate the service.” Coverage in the Recorder is here, and the opinion is here.