Newsletter RSS

Mealey's Data Privacy

  • February 20, 2026

    Verizon, AT&T Tell High Court That FCC Forfeiture ‘Scheme’ Violates 7th Amendment

    WASHINGTON, D.C. — In consolidated cases before the U.S. Supreme Court asserting constitutional challenges to the Federal Communications Commission’s enforcement of  monetary forfeitures under the Communications Act, Verizon Communications Inc. and AT&T Inc. argue that “[t]he FCC’s in-house forfeiture scheme violates the Seventh Amendment and Article III” of the U.S. Constitution when “used to adjudicate legal disputes.”

  • February 20, 2026

    23andMe Data Breach MDL Dismissed After Settlements Approved In Bankruptcy Court

    The California federal judge overseeing multidistrict litigation against 23andMe Inc. and affiliates for a data breach in which millions of customers’ genetic data and personally identifiable information (PII) was hacked entered an order dismissing the MDL, following the final approval in Missouri federal bankruptcy court of a settlement worth up to $50 million to resolve U.S. customers’ claims against 23andMe and the final approval of a  $3.25 million settlement for Canadian class members.

  • February 20, 2026

    ECPA Suit Against Health Care Provider Dismissed Upon Joint Stipulation

    RIVERSIDE, Calif. — A federal judge in California dismissed a putative class action complaint alleging that a health care provider violated the Electronic Communications Privacy Act (ECPA) by using Facebook pixels to purportedly gather and share patients’ protected health information (PHI) with third parties in violation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) the day after the parties filed a joint stipulation of dismissal.

  • February 19, 2026

    Former NPR Host Accuses Google Of Stealing His Voice For Use In AI

    SAN JOSE, Calif. — Google LLC and Alphabet Inc. stole National Public Radio host David Greene’s voice without authorization and used it as the default voice in NotebookLM, its artificial intelligence broadcasting product, the award-winning journalist claims in a California state court lawsuit alleging violation of the California unfair competition law, a pair of privacy laws and unjust enrichment.

  • February 18, 2026

    9th Circuit Affirms $115M Oracle Data Collection Settlement Over Objections

    SAN FRANCISCO — A Ninth Circuit U.S. Court of Appeals affirmed the $115 million settlement of a privacy and wiretap class action against Oracle America Inc., rebuffing an objecting class member’s arguments that the class claims could have been worth $100 billion and should have been allocated based on which state’s members allegedly had more valuable claims.

  • February 18, 2026

    8th Circuit Affirms Ruling Denying Substitution In Health Center Data Breach Suit

    ST. LOUIS — The Eighth Circuit U.S. Court of Appeals affirmed a lower court ruling denying a motion to substitute as a defendant the United States in a consolidated putative class action over an unauthorized third party gaining access to confidential information in a nonprofit health center’s data breach, finding that immunity under federal law related to medical treatment does not provide immunity in claims related to data security.

  • February 17, 2026

    Delaware High Court: Insurers Properly Pleaded Claim In Suit Over Ransomware Attack

    DOVER, Del. — The Delaware Supreme Court held Feb. 13 that insurers have adequately pleaded a breach of contract claim in their subrogation lawsuit seeking recovery from an application service provider for the amount they paid to nonprofit insureds for investigative and remediation steps arising from a ransomware attack, reversing a lower court’s grant of the provider’s motion to dismiss the insurers’ amended complaint and remanding.

  • February 12, 2026

    Judge Grants Partial Dismissal In Website Data Tracking Class Suit Against Cigna

    PHILADELPHIA — A Pennsylvania federal judge granted in part dismissal to Cigna in a putative class action suit against the insurer alleging violations of federal and state privacy laws and common-law invasion of privacy for its purported use of third-party tracking technology on its webpages, finding that the privacy claims failed because the plaintiffs consented to the data collection practices when agreeing to the website’s terms of use.

  • February 11, 2026

    Panera Bread Settles Over Data Breach As More Class Complaints Mount

    ST. LOUIS — A Missouri federal judge on Feb. 10 granted final approval to a $2.5 million nonreversionary class settlement resolving data privacy claims arising from Panera LLC’s 2024 data security breach involving unauthorized access to the names and Social Security numbers of the company’s employees, authorizing reimbursements of up to $500 in ordinary losses and up to $6,500 in extraordinary losses; following a separate data breach in January, Panera has been named as the defendant in a series of class complaints in the same court.

  • February 11, 2026

    5th Circuit Affirms Remand Of Data Breach Suit Against Health Care Provider

    NEW ORLEANS — The Fifth Circuit U.S. Court of Appeals affirmed the remand of a putative class action against a Texas health care provider for allegedly failing to protect patient data from a cyberattack, writing that a federal statute allowing removal and substitution of the United States as defendant for private health centers receiving federal funds did not apply to this case in which the center was facing claims for a “criminal data breach.”

  • February 06, 2026

    9th Circuit VPPA Appeal Vacated, Held In Abeyance Pending Supreme Court Ruling

    SAN FRANCISCO — The Ninth Circuit U.S. Court of Appeals vacated submission and held in abeyance an appeal of the dismissal of a Video Privacy Protection Act (VPPA) class action that alleged that a health website operator unlawfully disclosed personal information to Meta Inc., pending resolution of a U.S. Supreme Court case addressing a circuit split over several VPPA definitions.

  • February 05, 2026

    Dismissal Denied In Privacy Suit Over Information Allegedly Shared To Facebook

    CHICAGO — An Illinois federal judge denied dismissal to a video website retailer in a putative class action alleging that the company disclosed individuals’ private information regarding the purchase of movies and television shows to Facebook in violation of the Video Privacy Protection Act (VPPA), finding that the plaintiffs have sufficiently alleged an injury and that there is “little doubt that the VPPA addresses a significant privacy interest in an appropriately tailored fashion.”

  • February 04, 2026

    Judge Seeks More Settlement Details In Class Suit Over Tire Company Data Theft

    MADISON, Wis. — A federal judge in Wisconsin denied preliminary approval of a tire company’s cyberattack class settlement that would provide the class of customers and employees with credit monitoring, losses of up to $5,000 per person or an alternative cash payment of $45, compensation for lost time and business changes and directed the lead plaintiff, a former employee of the defendant, to provide more information about the amount in controversy, the settlement class, the proposed payments to class members and the proposed attorney fees.

  • February 04, 2026

    Judge Finds Unconstitutional Provisions Of Trump Federal Election Executive Order

    WASHINGTON, D.C. — A District of Columbia federal judge granted in part and denied in part cross-motions for summary judgment in consolidated cases challenging President Donald J. Trump’s executive order (EO) in which he purported to make changes to federal election procedures, declaring provisions of the EO related to verifying the U.S. citizenship of persons registering to vote or applying for absentee ballots “inconsistent with the constitutional separation of powers.”

  • February 04, 2026

    Judge Denies Google Users’ Bid For $2.36B, Won’t Decertify Data-Gathering Classes

    SAN FRANCISCO — Following a California federal jury’s award of $425 million to two classes of mobile device users against Google LLC for tracking their online activity after telling them that it would not, a judge denied a posttrial motion by the plaintiffs for a permanent injunction and disgorgement of $2.36 billion of Google’s profits allegedly from “misconduct” and denied a motion by Google to decertify the plaintiffs’ classes.

  • February 03, 2026

    Illinois Graduate Class Certified In BIPA Case Against Ceremony Photographer

    EAST ST. LOUIS, Ill. — Illinois graduates suing the company that captured photos of their ceremonies for allegedly violating the Illinois Biometric Information Privacy Act (BIPA) by collecting their biometric identifiers to use facial recognition to identify all photos in which each graduate appears and offer them for sale may proceed as a class, a federal judge in Illinois ruled, granting a motion for class certification.

  • February 03, 2026

    Judge Approves $3M Settlement Of Consumers’, Employees’ Data Breach Claims

    SEATTLE — A federal judge in Washington granted final approval to a settlement worth $3 million, including $1 million in attorney fees, in favor of a class of more than 34,000 individuals who alleged that their sensitive data was breached during a hack of a workflow solutions company and its subsidiaries in violation of California’s unfair competition law (UCL) and other laws.

  • February 03, 2026

    23andMe Bankruptcy Judge Approves $50M Settlement; Data Breach MDL To Be Dismissed

    The parties to multidistrict litigation in California federal court against 23andMe Inc. and affiliates for a data breach in which millions of customers’ genetic data and personally identifiable information (PII) was hacked filed a joint status report on Feb. 2 stating the plaintiffs will move to dismiss the MDL following the final approval in Missouri federal bankruptcy court of a settlement worth up to $50 million to resolve U.S. customers’ claims against 23andMe, with 25% allocated for attorney fees.

  • February 03, 2026

    Iowa High Court Reverses Ruling Denying Dismissal Of Police Data Access Suit

    DES MOINES, Iowa — A unanimous Iowa Supreme Court reversed and remanded a lower court ruling denying dismissal of a common law and statutory law privacy violation suit against a police department, a police officer and related officials and entities alleging that the officer improperly accessed confidential databases of local residents for his own personal use, finding that the suit is “time-barred” under the statute of limitations.

  • February 03, 2026

    Google Assistant Users Seek Approval Of $68M Settlement For Eavesdropping Claims

    SAN JOSE, Calif. — A California federal judge terminated a hearing date after a group of plaintiffs moved for preliminary approval of a $68 million settlement of their putative class claims against Google LLC and Alphabet Inc. (collectively Google) for allegedly eavesdropping on Google Assistant (GA) users in violation of California’s unfair competition law (UCL) and privacy laws.

  • February 03, 2026

    Women’s Dating Advice App Seeks To Dismiss ‘Hyperbolic’ Data Hack Complaint

    SAN FRANCISCO — The developer of the “Tea” women’s app for posting information about men in the dating market moved in California federal court to dismiss putative class claims against it for violation of federal privacy laws and state laws including California’s unfair competition law (UCL) after its database of users’ identity-verification and driver’s license photos was hacked, writing that the plaintiffs suffered no injury and fail to state a claim.

  • February 02, 2026

    7th Circuit Dismisses Appeal In BIPA Violation Coverage Suit Following Settlement

    CHICAGO — One day after the parties filed a stipulation of dismissal, the Seventh Circuit U.S. Court of Appeals dismissed the excess insurer’s appeal of a lower federal court’s summary judgment ruling in a franchisee of the Burger King chain’s breach of contract lawsuit seeking a declaration that the insurer has a duty to defend against an underlying putative class lawsuit alleging that the insured violated the Illinois Biometric Information Protection Act (BIPA).

  • January 29, 2026

    Hacked Facebook Account Plaintiffs Don’t Plead Meta Broke A Promise, Judge Says

    SAN FRANCISCO — A California federal judge granted in part Meta Platforms Inc.’s motion to dismiss a putative class action brought against it by users of its social media platforms who claim that it failed to prevent hacking of user accounts or help users regain access to their accounts in violation of California’s unfair competition law (UCL), writing that injury can be inferred but that the plaintiffs did not directly plead that Meta breached a contract or injured them based on loss of access to personal data.

  • January 29, 2026

    Justice Denies Debt Collector’s Stay Application After Fraud Ruling For 2 Employees

    WASHINGTON, D.C. — U.S. Supreme Court Justice Samuel A. Alito Jr. on Jan. 28 denied an application for recall and stay of mandate filed by a national debt collection firm after the Third Circuit U.S. Court of Appeals ruled for the first time that when two former employees shared a spreadsheet containing passwords and login information they committed “workplace-policy infractions” and not violations of the Computer Fraud and Abuse Act (CFAA) and that the passwords themselves were not trade secrets under federal or state law.

  • January 29, 2026

    3 DOJ Suits Seeking States’ Voter Data Dismissed; More Motions Pending

    EUGENE, Ore. — A demand by the U.S. Department of Justice that Oregon provide it with an unredacted copy of its statewide voter registration list (SVRL), coupled with an allegation that the state violated Title III of the Civil Rights Act of 1960 (CRA) for not providing the full voter registration rolls to the federal government, was dismissed by an Oregon federal judge after a hearing, making it the third such suit brought by the DOJ against a state to be dismissed.