Mealey's Data Privacy

  • May 17, 2024

    9th Circuit Affirms Dismissal Of Suit Over Amazon’s Use Of Alexa Users’ Voices

    PASADENA, Calif. — Finding that Inc. clearly notified consumers that it would use voice data collected via its Alexa digital assistant to send them targeted advertisements, a Ninth Circuit U.S. Court of Appeals panel on May 16 found that invasion of privacy and bad faith claims against the online retailer failed for lack of causation or any expectation of privacy.

  • May 17, 2024

    Burger King Franchisee Seeks Summary Judgment In BIPA Violations Coverage Suit

    CHICAGO — A franchisee of the Burger King chain moved for summary judgment in its breach of contract lawsuit asking an Illinois federal judge to declare that an excess insurer has a duty to defend it against an underlying putative class lawsuit alleging that it violated the Illinois Biometric Information Protection Act (BIPA).

  • May 17, 2024

    9th Circuit Grants En Banc Rehearing Of Data Privacy Suit Against Shopify

    SAN FRANCISCO — The Ninth Circuit U.S. Court of Appeals granted a petition for rehearing en banc of its decision affirming the dismissal for lack of jurisdiction of a putative class complaint accusing a payment processor of violating California privacy and unfair competition laws by concealing that it was collecting, storing and sharing consumers’ personal information.

  • May 17, 2024

    Certification Of Blackbaud Data Breach Classes Denied; Ascertainability Not Shown

    COLUMBIA, S.C. — The named plaintiffs in a multidistrict litigation over a 2020 data breach and ransomware attack experienced by Blackbaud Inc. failed to demonstrate that their proposed classes are “administratively feasible,” a South Carolina federal judge found, denying their motion for class certification while also taking the opportunity to resolve several Daubert motions.

  • May 10, 2024

    Wawa Data Breach Settlement Attorney Fees Award Again Appealed To 3rd Circuit

    PHILADELPHIA — A class member in the consolidated class action over the 2019 data breach experienced by convenience store chain Wawa Inc. maintained his objection to a twice-approved attorney fees award that accompanied a $9 million class settlement, filing notice that he was again appealing the matter to the Third Circuit U.S. Court of Appeals.

  • May 10, 2024

    After Cert Denial, Lindell Drops 4th Amendment Suit Over FBI Phone Seizure

    ST. PAUL, Minn. — Three weeks after the U.S. Supreme Court declined to consider questions about the Fourth Amendment to the U.S. Constitution and injunctive relief raised by Michael J. Lindell in connection with the Federal Bureau of Investigation’s seizure of his cell phone, the MyPillow Inc. Chief Executive Officer’s motion on remand to dismiss the lawsuit was granted by a Minnesota federal judge.

  • May 03, 2024

    Judge Denies Letter Rogatory To Name ‘Civil Society’ Members Targeted By Spyware

    OAKLAND, Calif. — A spyware maker’s attempt to demonstrate that its surveillance software targeted terrorists and criminals, rather than members of “civil society,” can be made without obtaining discovery from a research lab, a California federal judge ruled May 2, denying the defendant’s motion to issue a letter rogatory on the nonparty Canadian entity while seeking to defend itself from computer fraud claims brought by WhatsApp Inc.

  • May 03, 2024

    COVID-19 Contact Tracing Staffing Company Will Pay $2.7M To Settle Privacy Claims

    HARRISBURG, Pa. — A company hired by the Pennsylvania Department of Health to provide staffing for COVID-19 contact tracing will pay $2.7 million to settle claims pending in a federal court in Pennsylvania that it failed to implement sufficient cybersecurity measures to protect collected data, the U.S. Department of Justice (DOJ) announced.

  • May 01, 2024

    Individual Settlement Reached In Papa John’s Website Data Collection Class Suit

    SAN DIEGO — A consumer who filed a putative class complaint accusing Papa John’s International Inc. of violating the California Invasion of Privacy Act (CIPA) through the interception and collection of users’ data on a pizza-ordering webpage filed a notice in a federal court in California stating that he reached an individual settlement.

  • April 30, 2024

    Judge Gives Initial Nod To $9.4M White Castle Finger Scan Class Action Settlement

    CHICAGO — A $9.4 million settlement between White Castle System Inc. and an employee who sued the fast food company for its finger scan policy received preliminary approval from an Illinois federal judge, who deemed the estimated $968 per class member payment to be “substantial relief” for the purported violations of Illinois’ Biometric Information Privacy Act (BIPA) by their employer.

  • April 29, 2024

    High Court Won’t Decide ‘Average’ Class Damages Issue In Chili’s Data Breach Suit

    WASHINGTON, D.C. — A question about the propriety of using an “average” damages amount suggested by the plaintiffs’ damages expert to certify a class will go unheard by the U.S. Supreme Court, which in its April 29 order list denied a petition for certiorari by the owner of the Chili’s restaurant chain, which protested the possibility that customers who suffered no damages at all in a 2018 data breach would still receive these damages awards.

  • April 25, 2024

    FTC: Ring Customers Will Be Paid $5.6 Million For Improperly Viewed Videos

    WASHINGTON, D.C. — In conjunction with a stipulated order issued in June 2023 by a District of Columbia federal court, the Federal Trade Commission announced in a press release that a $5.6 million judgment will be disbursed to customers of Ring LLC whose home security videos were viewed by the company’s employees and contractors without authorization.

  • April 24, 2024

    Parties In WhatsApp Spyware Suit Argue Whether Letter Rogatory Is Appropriate

    OAKLAND, Calif. — WhatsApp Inc., NSO Group Technologies Limited and a nonparty research lab filed briefs in California federal court disputing whether discovery NSO seeks to obtain from the lab via a letter rogatory is relevant, appropriate or necessary to the computer fraud claims at the heart of the lawsuit over the defendant’s spyware.

  • April 23, 2024

    3rd Circuit Hears Arguments In 2 Cases Over Jurisdiction For Wiretapping Software

    PITTSBURGH — Considering questions of personal jurisdiction and pleadings standards, the Third Circuit U.S. Court of Appeals heard combined oral arguments in two putative class actions that were dismissed for lack of jurisdiction, in which Pennsylvania residents alleged violations of a state surveillance statute by Papa John’s International Inc. and a software company, respectively, based on wiretapping computer code that was surreptitiously placed on the devices of website visitors.

  • April 22, 2024

    Federal Judge Stays Class Action Alleging Insurer Illegally Wiretaps Website Users

    PHILADELPHIA — A Pennsylvania federal judge granted an insurer’s motion to stay a putative class action alleging that it illegally wiretaps website users by using third-party session replay software to track and record their navigation, exercising “its considerable discretion to stay these proceedings pending guidance from the Third Circuit U.S. Court of Appeals regarding standing” in what the insurer calls a “strikingly similar” lawsuit.

  • April 22, 2024

    Judge: Disclosure Of Driver’s License Info Did Not Violate New Hampshire Privacy Law

    CONCORD, N.H. — Granting a motion to dismiss by Bath & Body Works LLC (BBW), a New Hampshire federal judge found that the retailer’s transmission of a customer’s driver’s license information to a third-party business partner did not violate the New Hampshire Driver Privacy Act (DPA) because the plaintiff did not establish that a “department record” had been sold or offered for sale.

  • April 19, 2024

    Final OK Given To $62 Million Cy Pres Settlement Of Google Location History Suit

    SAN JOSE, Calif. — The same day he presided over a fairness hearing, a California federal judge issued a minute entry on the court docket on April 18 granting final approval to a $62 million settlement of a consolidated class action over the purported collection and retention of users’ location data by Google Inc., with most of the funds going to cy pres recipients.

  • April 16, 2024

    Law Firm Agrees To $8M Class Settlement After Data Breach

    SAN FRANCISCO — Orrick, Herrington & Sutcliffe LLP has agreed to pay $8 million to end consolidated class litigation filed after the firm’s network was breached and the personal identifiable information (PII) of more than 630,000 individuals was potentially accessed, according to a motion for preliminary settlement approval filed in a federal court in California.

  • April 15, 2024

    High Court Won’t Take Up MyPillow CEO’s 4th Amendment Question Over Phone Seizure

    WASHINGTON, D.C. — In its April 15 order list, the U.S. Supreme Court denied without comment a petition for certiorari in which MyPillow Inc. Chief Executive Officer Michael J. Lindell asked it to find that a warrant used by the Federal Bureau of Investigation to seize his iPhone and all the data on it violated the Fourth Amendment to the U.S. Constitution because it did not state with particularity the data to be seized.

  • April 12, 2024

    On Remand, Judge Deems $3.2M Costs, Fees Award In Wawa Data Breach Suit Reasonable

    PHILADELPHIA — After scrutinizing the factors and negotiations that resulted in a $3.2 million award of attorney fees, costs and service awards that accompanied the $9 million settlement of a consumer class action over a 2019 data breach experienced by Wawa Inc., a Pennsylvania federal judge found the award to be reasonable in light of relevant case law and similar data breach suits and despite arguments against the award risk by an objector.

  • April 12, 2024

    23andMe Data Breach Suits Centralized In Northern California MDL

    SAN FRANCISCO — The Judicial Panel on Multidistrict Litigation (JPMDL) on April 11 granted a request by genetic testing company 23andMe to consolidate 39 pending lawsuits against it in the U.S. District Court for the Northern District of California, all of which relate to a data breach in which ancestral records for roughly 6.9 million customers were hacked and allegedly sold online.

  • April 10, 2024

    Amici Support Facebook Before High Court, Say Split Over Disclosure Must End

    WASHINGTON, D.C. — Multiple groups filed a total of three amicus curiae briefs with the U.S. Supreme Court arguing that the court should grant a petition for a writ of certiorari filed by the company formerly known as Facebook Inc., echoing the social media giant’s argument that the Ninth Circuit U.S. Court of Appeals deepened a circuit split over what public companies must disclose when it partly revived a putative class complaint brought by investors.

  • April 10, 2024

    9th Circuit Denies Objectors Rehearing Over $90 Million Facebook Tracking MDL

    SAN FRANCISCO — In a pair of almost identical one-page orders, a Ninth Circuit U.S. Court of Appeals panel denied petitions for rehearing by objectors to the $90 million settlement of a 12-year-old privacy multidistrict litigation over internet tracking activities of social network users by Facebook Inc. (now known as Meta Platforms Inc.), which received final approval in November.

  • April 08, 2024

    Judge Seals Portions Of Flint Experts’ Opinions, Guarding Minors’ Personal Data

    ANN ARBOR, Mich. — A federal judge in Michigan on April 5 issued an order granting a motion to seal certain portions of the opinions of plaintiffs’ experts in the litigation over the water crisis in Flint, Mich., ruling that some aspects of their opinions include medical and personal information of minor children.

  • April 08, 2024

    Insurer Moves To Reargue Dismissal Of Breach Of Contract Claims In Subrogation Suit

    WILMINGTON, Del. — An insurer asked a Delaware court if it can reargue the court’s dismissal of its breach of contract claims for pleading deficiencies and file an amended complaint before dismissal with prejudice is entered on the breach of contract claims in its subrogation lawsuit seeking recovery from an application service provider for the amount paid to nonprofit insureds for investigative and remediation steps arising from a ransomware attack.