March 13, 2015
What’s trending on NP Privacy Partner
A Judge refuses to unmask anonymous Twitter users, Quicken Loans’ litigation will stay in
Florida, and the FTC signs a memorandum of understanding with its Dutch counterpart.
Data Breach
Beware of the payroll data breach
When companies think about their sensitive data and work to guard against a potential breach,
customer data and company trade secrets are top of mind. But a breach of employee payroll data
can be incredibly damaging as well. Companies possess just about every type of personal identifying
information on their current and former employees, including names, addresses, dates of birth,
social security numbers, and bank account and routing information. What is more, companies
often outsource their payroll function to a third-party provider, which also needs all of this
sensitive data to process payroll. Now might be a good time to think about how your company
protects payroll data, how it transmits this data to third-party providers, and what safeguards these
providers employ when it comes to this data.— Joseph A. Carello
Consumer and Children’s Privacy
FTC signs information sharing memorandum with Dutch authorities
FTC Chairwoman Edith Ramirez signed a memorandum of understanding with the Dutch Data
Protection Authority, hoping to enhance information sharing and cooperation when it comes to
privacy initiatives.
The FTC and Dutch Data Protection Authority have worked together on previous international
privacy initiatives. Recognizing the importance of cross-border cooperation, the authorities agreed
to engage in mutual assistance and exchange of information in investigating, enforcing or securing
privacy compliance. According to Chairwoman Ramirez: “This arrangement with our Dutch
counterpart will strengthen FTC efforts to protect the privacy of consumers on both sides of the
Atlantic.”
This newsletter is intended as an information source for the clients and friends of Nixon Peabody LLP. The content should not be construed
as legal advice, and readers should not act upon information in the publication without professional counsel. This material may be considered
advertising under certain rules of professional conduct. Copyright © 2015 Nixon Peabody LLP. All rights reserved.
The memorandum recognizes the U.S. and Dutch shared interests of research and education on the
protection of personal information, mutual exchange of knowledge, and keeping each other abreast
of privacy developments in their respective countries.
The memorandum does not create any binding obligations or changes to law, but keeps a clear
pathway for the authorities to work together.—Kate A.F. Martinez
Mattel’s new Barbie causing privacy waves
Mattel recently introduced a new iteration of its Barbie doll to both fanfare and questions. The
doll—called Hello Barbie—seeks to incorporate speech-recognition software that will allow it to
interact with children. The software will reportedly allow the doll to “learn” over time and retain
information. The Wi-Fi connected doll transmits recordings of its conversations to a server, where
they are analyzed and it is determined what pre-recorded Barbie script should play back from a
speaker in the doll. Perhaps in a bid to give consumers some comfort, parents are given an option to
receive weekly e-mails containing their child’s conversations with Barbie, but even this has raised
some privacy questions.
Several privacy groups and children’s privacy advocates have jumped into the fray, expressing
concerns about how the collected information could be used for advertising and marketing
purposes.
Mattel assures consumers that security and privacy are its top concerns, that it has safeguards in
place to prevent unauthorized access to data, and that the doll complies with applicable
government regulations.—Kate A.F. Martinez
Enforcement & Litigation
Quicken Loans Inc.’s Motion to Transfer TCPA suit is denied
Recognizing that Quicken Loans Inc. (“Quicken Loans”) demonstrated that witnesses and
documents relevant to the TCPA suit against it are located at its headquarters in Michigan, District
Judge Robert Scola still found that the potential inconvenience for Quicken Loans to proceed with
trial in Florida did not outweigh the potential inconvenience that transfer of the case from Florida
to Michigan would cause to the plaintiff. This comes on the heels of the court’s rejection of
Quicken Loans’ earlier attempt to avoid this litigation on the grounds of standing.
As we have previously discussed, the Florida-based plaintiff filed the TCPA suit, a putative class
action, claiming that Quicken Loans made several thousand unsolicited marketing calls using
consumer information it had purchased from credit reporting companies.
Motions to transfer venue are not uncommon in federal courts, and here the Judge emphasized that
Quicken Loans had more than adequate resources to address litigation in Florida. This is a reminder
to companies that use text and telephone marketing across the country that you can be subject to
claims anywhere, and may be required to litigate outside of the location of your main operations.—
Kate A.F. Martinez
Social Media
Court refuses to unmask anonymous Twitter users
A federal court has refused to order Twitter to disclose the identities of anonymous users of its site
who posted “legitimate commercial speech” protected by the First Amendment. Plaintiffs, Music
Group Macao Commercial Offshore, Ltd., an affiliated company and their CEO, filed a federal
defamation lawsuit in the United States District Court for the Western District of Washington
against “John Doe Defendants,” alleging that the defendants have published on Twitter disparaging
remarks about Music Group and its employees. The tweets alleged that Music Group “designs its
products to break in 3-6 months” and that scandalous behavior occurs within the Music Group
companies. Because the plaintiffs were unable to serve process on the defendants, Music Group
sought the approval of the United States District Court for the Northern District of California to
enforce subpoenas compelling Twitter to disclose the account holders. See Music Group Macao
Commercial Offshore Limited v. Does, No. 3:14-mc-80328-LB (N.D. Cal.).
In an Opinion dated March 2, 2015, Magistrate Judge Laurel Beeler undertook a careful balancing of
the competing rights of a party alleging harmful speech and a speaker’s constitutional rights to
remain anonymous. A party seeking to discover the identity of an anonymous speaker must first
persuade the court that there is a real evidentiary basis for believing that the speaker has engaged in
wrongful conflict causing real harm. Upon such a showing, the court must balance the magnitude
of the harm caused to the parties’ competing interests by ordering the disclosure of the speaker. If
the disclosure would cause relatively little harm to the speaker’s First Amendment rights, but is
necessary to enable the allegedly aggrieved party to protect against or remedy serious wrongs, then
the court should allow the disclosure.
Judge Beeler ruled that the tweets targeting Music Group were rants expressing a grudge, one-time
snide comments, or comedic attempts (whether funny or not). Because critics should not be
deferred from exercising their First Amendment rights and a statement should not lose its
constitutional protection for poor taste, Judge Beeler refused to compel Twitter to disclose the
anonymous speakers. Other courts nationally have reached different conclusions and allowed
discovery efforts to identify and unmask anonymous social media speakers. This issue will continue
to evolve in our courts as social media postings increasingly become focal points for the basis and
proof of claims in litigation matters.—Steven M. Richard
For more information, please contact:
— Kate A.F. Martinez at kmartinez@nixonpeabody.com or 585-263-1332
— Steven M. Richard at srichard@nixonpeabody.com or 401-454-1020
— Joseph A. Carello at jcarello@nixonpeabody.com or 585-263-1434
NP Privacy Partner Blog
Staying ahead in a data-driven world: insights from our Data Privacy & Security team.