< Back to Previous Page
Related Practices

E-Commerce Law Week, Issue 550

March 28, 2009

New Burdens For Communications Providers in Europe?

Communications providers in Europe have faced sometimes conflicting pressures between data retention requirements, on the one hand, and data protection obligations, on the other.  The good news is that regulators appear to be reconciling the two sets of requirements.  The bad news is that the burdens on providers to both retain and protect data are likely to increase.  The European Union's Article 29 Data Protection Working Party has launched an investigation into "whether and how data protection requirements concerning the type of retained data, security measures and prevention of abuse and storage limit obligations are met within the telecom sector in [EU] member states."  The Working Party -- never a fan of mandatory data retention -- thus will not focus on compliance with the requirements of the Data Retention Directive to retain certain non-content data (which some nations still have not fully implemented through national legislation), but rather on the requirements to protect that data under both the Data Retention Directive itself and the e-Privacy Directive.  Meanwhile, the UK's Minister for Security, Counter-Terrorism, Crime and Policing has stated that he intends to introduce a "modernisation" proposal that would expand the UK's implementation of the Data Retention Directive to include communications transmitted using social networking websites.

Fourth Circuit Limits Damages Recoverable Under Stored Communications Act

The Fourth Circuit ruled late last month that "plaintiffs pursuing claims under the [Stored Communications Act (SCA)] must prove actual damages in order to be eligible for an award of statutory damages," but do not need to show actual damages in order to win punitive damages or attorney’s fees.  The Fourth Circuit acknowledged that its ruling cut against opinions from district courts in Hawaii, Connecticut, and Illinois, which have all held that plaintiffs do not need to show actual damages to recover statutory damages under the SCA. 

Court Invalidates Contract Made Through Insecure Corporate Network

A recent ruling suggests that a company's data security failings can not only lead to investigations by the Federal Trade Commission, lawsuits, and loss of customers' good will -- they can also invalidate electronic contracts.  In Kerr v. Dillard Store Services, Inc., a federal district court refused to enforce an arbitration agreement on the ground that the company's inadequate security prevented the company from proving that its former employee had genuinely executed the arbitration agreement electronically.  The company therefore had to litigate the former employee's discrimination claim in court.  Kerr thus offers a new way inadequate security can add to a company's legal risks.

Questions and comments about E-Commerce Law Week are always welcome.  Please send your feedback to Sally Albertazzie.

CONTACT US | PRIVACY | TERMS OF USE | © 2012 STEPTOE & JOHNSON LLP, ALL RIGHTS RESERVED | ATTORNEY ADVERTISING | SITE BY FIRMSEEK
Beijing | Brussels | Century City | Chicago | London | Los Angeles | New York | Phoenix | Washington