Photo of Ashley Roybal-Reid

Ashley Roybal-Reid has diverse litigation experience in federal and California courts, where she has represented clients in intellectual property, tort, class action, and complex commercial disputes.

Contact: aroybalreid@fbm.com

A few weeks ago on this blog, we addressed some of the legal issues that have arisen for Zoom, as it becomes a significant part of American daily life during the COVID-19 pandemic.

Among those legal issues was an inquiry by the New York State Attorney General into Zoom’s privacy practices, and particularly into its measures to detect and prevent hackers or other outside parties attempting to observe or interfere with online meetings. In several incidents, the third parties interrupted meetings with disturbing messages or images. In fact, two other states – Connecticut and Florida – joined the New York probe after state government officials fell victim to “zoombombing.” Based on perceived security flaws, on April 6, 2020, the New York City Department of Education implemented a ban on public schools’ use of Zoom for classes and educational purposes.
Continue Reading Zoom Successfully Addresses New York’s Privacy and Security Concerns

As we are all well aware by now, the California Consumer Privacy Act (CCPA) (Cal. Civ. Code Sections 1798.100 et seq.) went into effect on Jan. 1. Through its amendments and regulations (the latter of which have yet to be finalized as of this article’s publication), one aspect of the act has stayed largely consistent: the CCPA grants a private right of action only in limited situations. While the California Attorney General has the ability to impose fines for any CCPA violation, the private right of action is specifically limited (over significant debate and a proposed amendment that failed to pass) to data breach. Moreover, in creating that private right of action, the act specifically notes that violations “shall not be interpreted to serve as the basis for a private right of action under any other law.”

Does that mean there will not be significant litigation concerning the CCPA outside of the data breach realm? The answer is clearly a resounding “no.” Indeed, we have already seen multiple lawsuits filed taking direct aim at the CCPA’s claimed limitations on private enforcement. In those cases, in direct contravention of the stated limitation on private rights of action, plaintiffs have claimed (among other things) that the failure to provide proper notice required by the CCPA predicates a violation of California’s Unfair Competition Law (Cal Civ. Code. Section 17200) (the UCL). See, e.g., Burke v. Clearview AI, Case No. 3:20-cv-00370 (S.D. Cal., filed Feb. 27, 2020); Sheth v. Ring, Case No. 2:20-cv-01538 (C.D. Cal., filed Feb. 18, 2020). Whether such claims will fail as expressly barred by the act remains to be seen.
Continue Reading Private Rights of Action and the CCPA—Unlimited Limitation?

As large portions of society become subject to coronavirus-related quarantines, increasing numbers of people have turned to web-based communications platforms for classes, meetings, events, and socialization. One such platform, Zoom, has become, in some estimations, the most important app in the business world, and the single most downloaded mobile app in all of India.

With such rapid expansion in its user base, there was bound to be increased focus on the company. Over the last few weeks, Zoom has faced questions related to the legality of its privacy and information-gathering practices. In fact, in addition to addressing concerns on social media and national television programs, Zoom must also now defend itself in a new class action lawsuit involving the newly enacted California Consumer Privacy Act (“CCPA”), which we analyze below.
Continue Reading New CCPA Lawsuit Against Zoom: Issues to Watch

With the explosion of COVID-19 cases worldwide, companies and governments have expanded their interest in the use of the vast stores of consumer data. Even where such collection and use of personal data is ostensibly for the public good, the privacy rights and legal requirements applicable to such data must be considered carefully.[i]
Continue Reading Public Ends From Private Means: Privacy Rights and Benevolent Use of Personal Data