Insights

  • Home
  • Insights
  • In Privacy Litigation Over Magazine Subscription, Residency Is a Nonissue

Share

In_Privacy_Litigation_Over_Magazine_Alert_SOCIAL

In Privacy Litigation Over Magazine Subscription, Residency Is a Nonissue

A recent court decision signifies that compliance with state privacy laws cannot always be achieved by looking to the residency of data subjects.

January 2020 Alert

On January 16, 2020, a federal judge held that Michigan's Personal Privacy Protection Act applies to nonresidents who are located outside the state. The decision, Lin v. Crain Communications, No. 19-11889 (E.D. Mich. January 16, 2020), has important implications for the extraterritorial application of state privacy laws and more generally signifies that compliance with these laws cannot always be achieved by simply looking to the residency of data subjects.

Gary Lin, a resident of Virginia, sued Crain Communications under the Michigan Personal Privacy Protection Act, M.C.L. § 445.1712 ("PPPA") for allegedly disclosing information about Lin's magazine subscriptions to various data mining companies. Crain moved to dismiss the lawsuit, arguing that Lin, as a resident of Virginia, lacked standing under the PPPA. The court disagreed, noting that, because the PPPA's definition of a "customer" was not limited solely to Michigan residents, "the PPPA does not impose a residency requirement for customers to have protections under the statute." The court further pointed to the fact that Lin's allegations related to conduct that had supposedly occurred within Michigan, and therefore Lin could properly invoke the PPPA's protections.

The decision in Lin is the most recent example of a court finding that a state's data privacy law protects nonstate residents. Previously, in Monroy v. Shutterfly, No. 16 C 10984 (N.D. Ill. September 15, 2017), a federal court similarly found that a resident of Florida could bring an action under the Illinois Biometric Information Protection Act against an out-of-state defendant based on conduct that had occurred in Illinois.

The Lin decision further evidences a willingness of courts to broadly interpret state privacy protections in some contexts, which adds further complexity to the challenge of complying with state privacy laws. Jones Day will continue to closely monitor the impact of this development on future litigation as courts continue to address these types of issues.

Insights by Jones Day should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information purposes only and may not be quoted or referred to in any other publication or proceeding without the prior written consent of the Firm, to be given or withheld at our discretion. To request permission to reprint or reuse any of our Insights, please use our “Contact Us” form, which can be found on our website at www.jonesday.com. This Insight is not intended to create, and neither publication nor receipt of it constitutes, an attorney-client relationship. The views set forth herein are the personal views of the authors and do not necessarily reflect those of the Firm.
You May Also Be Interested In

April 2024 Alert

Here We Go Again: U.S. Congress Reintroduces New Comprehensive Federal Privacy Law

April 2024 Alert

FDA Proposes Updated Guidance Concerning Cybersecurity of Medical Devices

April 2024 White Paper

2023 False Claims Act Enforcement in Health Care and Life Sciences, Part II

April 2024 Alert

CISA Releases Proposed Cyber Incident and Ransom Payment Reporting Rules to Implement CIRCIA

Before sending, please note:

Information on www.jonesday.com is for general use and is not legal advice. The mailing of this email is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Anything that you send to anyone at our Firm will not be confidential or privileged unless we have agreed to represent you. If you send this email, you confirm that you have read and understand this notice.