Court Shines Light On California Data-Sharing Law: Proskauer Litigators Obtain Dismissal

Author:Ms Kristen Mathews
Profession:Proskauer Rose LLP
 
FREE EXCERPT

On July 3, 2012, Orange County Superior Court Judge Nancy Wieben Stock issued a ruling dismissing a California "Shine the Light" consumer protection law case without leave to amend, making it the first "Shine the Light" case to come to a final decision in a trial court. Judge Stock dismissed the case against XO Group Inc. by filing a ruling sustaining demurrers to both of the plaintiff's two causes of action in the initial Complaint without leave to amend. The ruling holds that, based on the facts that the plaintiff admitted in her Complaint and that her attorney confirmed at oral argument, there is no possibility of showing that XO Group violated the Shine the Light law.

California's Shine the Light law ("STL") went into effect on January 1, 2005. STL is a part of the California Civil Code, codified at sections 1798.83-84. STL does not prohibit businesses from sharing consumer information with other businesses. According to the California Office of Privacy Protection ("OPP"), STL "lets consumers learn how their personal information is shared by companies for marketing purposes and encourages businesses to let their customers opt-out of such information sharing." (http://www.privacy.ca.gov/privacy_laws/index.shtml) 

STL has not been tested before this year, when one law firm filed several similar cases based on STL, each with a derivative Unfair Competition Law ("UCL") claim based on the STL claim.    The cases were filed as purported class actions, and most were filed in or removed to federal court. The stakes are high: if there is a violation, STL provides for damages, as well as discretionary civil penalties which could be as much as $3,000 per violation for a willful, intentional, or reckless violation, or $500 otherwise.

STL requires that companies that share California consumers' information for third party marketing purposes either give the consumers an ability to request and receive a list of the third parties with whom the company has shared their information, or, in the alternative, commit to sharing information in this way only on either an opt-in or opt-out basis. If a company chooses the first option, the company must designate contact information for customers to use to make such requests. The company can choose from three ways to provide customers with that contact information. The business can: (i) instruct personnel to provide the contact information upon request, (ii) put certain information in its Web site privacy policy,...

To continue reading

REQUEST YOUR FREE TRIAL