Mealey's Data Privacy
-
February 03, 2025
User Dismisses Class Suit Claiming LinkedIn Trained AI On Users’ Private Messages
SAN FRANCISCO — Less than two weeks after filing a putative class action in California federal court accusing LinkedIn of violating federal law and California’s unfair competition law (UCL) by accessing its premium users’ private messages to train artificial intelligence models without their consent, the plaintiff, a premium user of LinkedIn’s professional networking and social media site, filed a notice of voluntary dismissal without prejudice.
-
January 30, 2025
Kids’ Privacy Claims Over YouTube Data Collection Trimmed Further
SAN JOSE, Calif. — In the latest ruling in favor of Google LLC over its purported collection of personally identifiable information (PII) from minor users of YouTube, a California federal magistrate judge found that although a sixth amended complaint corrected a handful of the deficiencies identified in a previous dismissal ruling, the plaintiffs’ state law unjust enrichment claims and some of their consumer protection claims merited dismissal without leave to amend.
-
January 28, 2025
Video Game Player, Amazon Announce Settling Of BIPA Suit; Judge Stays Deadlines
SEATTLE — The same day that Amazon Web Services Inc. (AWS) and Amazon.com Inc. (Amazon, collectively) and a plaintiff announced the settlement of claims under Illinois’ Biometric Information Privacy Act (BIPA) related to a basketball video game, a Washington federal judge stayed proceedings in the putative class action while the settlement is finalized.
-
January 28, 2025
Indiana High Court: Discovery Of Smartphone Data Requires ‘Some’ Evidence Of Use
INDIANAPOLIS — Weighing the need for requested discovery from a smartphone in an auto accident lawsuit with the phone owner’s privacy rights, an Indiana Supreme Court majority established an analytical framework in which it held that the party requesting such discovery “must provide ‘some evidence’” of the smartphone’s use before a court can grant a corresponding discovery motion.
-
January 28, 2025
Judge OKs $1.07 Million Settlement Of Pharmacy Service Data Breach Class Action
BOSTON — A proposed $1,075,000 settlement of class action negligence and breach of fiduciary duty claims over a pharmacy service’s 2021 data breach received final approval from a Massachusetts federal judge, who found that the agreement satisfied the requirements of Federal Rule of Civil Procedure 23.
-
January 27, 2025
Supreme Court Won’t Consider Service Awards, Attorney Fees In Meta Privacy Suit
WASHINGTON, D.C. — An objector to the $90 million settlement of a multidistrict litigation over Meta Platforms Inc.’s purported online tracking of Facebook users saw his petition for certiorari denied Jan. 27, with the U.S. Supreme Court declining to take up his questions over the propriety of plaintiff service awards and attorney fees in the settlement.
-
January 27, 2025
Oklahoma Supreme Court: Litigant Can’t Subpoena An Expert’s Financial Records
OKLAHOMA CITY — Although a litigant may discover an expert witness’ compensation on a current lawsuit, the Oklahoma Supreme Court ruled that a party may not subpoena an expert to learn compensation on past cases for the purpose of uncovering potential bias, stating that there are other methods of discovering bias that do not invade a witness’s privacy.
-
January 23, 2025
Judge Gives Final OK To $2.2M Settlement Of Data Breach Suit Against Health Care Firm
ORLANDO, Fla. — A Florida federal judge granted final approval to a dual-fund settlement of a class complaint over a health care provider’s 2021 data breach, concluding that the $2.2 million total settlement, as well as an accompanying request for more than $424,000 in attorney fees, is reasonable.
-
January 23, 2025
LinkedIn Used Private Messages To Train Generative AI, User Claims
SAN FRANCISCO — A user of the professional networking and social media site LinkedIn filed a putative class action lawsuit in California federal court accusing the company that operates the site of violating federal law and California’s unfair competition law (UCL) by accessing Premium users’ private messages to train artificial intelligence models without their consent.
-
January 23, 2025
Former Meta COO Sanctioned Over Lost E-Mails In Fiduciary Breach Suit
WILMINGTON, Del. — A Delaware Court of Chancery vice chancellor granted in part a motion for sanctions filed by plaintiffs in a breach of fiduciary suit against Facebook Inc. (now known as Meta Platforms Inc.) CEO Mark Zuckerberg, former chief operating officer (COO) Sheryl Sandberg and specified board members and related parties over Meta’s alleged “deceptive” privacy settings resulting in sharing users information without their consent, finding that because Sandberg failed to preserve emails resulting in prejudice to the plaintiffs, the court will increase the burden of proof against her on any relevant issue.
-
January 23, 2025
State Privacy Claim Against LinkedIn Dismissed For Lack Of Jurisdiction
SAN JOSE, Calif. — Two weeks after dismissing a woman’s Driver’s Privacy Protection Act (DPPA) putative class claim against LinkedIn Corp. for the second time, a California federal judge dismissed her remaining state law claim over the online professional network operator’s purported data sharing for lack of jurisdiction under the Class Action Fairness Act (CAFA).
-
January 22, 2025
On Review, ECPA Claim Over Health Care Firm’s Tracking Deemed Properly Pleaded
RIVERSIDE, Calif. — Reversing his previous dismissal of an Electronic Communications Privacy Act (ECPA) claim against a health care provider, a California federal judge granted a patient’s reconsideration motion and found that she sufficiently alleged that the defendant acted with improper purpose by using Facebook pixels to purportedly gather and share her protected health information (PHI) with third parties in violation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
-
January 22, 2025
Partial Stay Granted In Software Data Breach MDL To Finalize Agreement
MIAMI — The Florida federal judge overseeing a four-track multidistrict litigation over a 2023 data breach attributed to vulnerabilities in a file-transfer software application granted a motion by some of the parties to stay any deadlines related to two insurance company defendants to allow the corresponding parties to hammer out details of a written settlement agreement.
-
January 21, 2025
9th Circuit Dismisses Inmate’s Appeal Of $725M Facebook Profile-Sharing Suit
SAN FRANCISCO — The Ninth Circuit U.S. Court of Appeals issued a mandate, stating that a judgment in which it dismissed as untimely an inmate’s appeal of the $725 million settlement of the consolidated class action over Facebook Inc. (now known as Meta Platforms Inc.) sharing users’ profile data with Cambridge Analytica, was now in effect.
-
January 21, 2025
New DOJ Final Rule Prohibits Certain Data Transactions With ‘Countries Of Concern’
WASHINGTON, D.C. — Complying with an executive order issued by President Joe Biden in February 2024, the U.S. Department of Justice issued a final rule to address national security risks the United States faces from “the continued efforts of countries of concern to access, exploit, and weaponize Americans’ bulk sensitive personal and U.S. government-related data.”
-
January 21, 2025
MOVEit Data Breach MDL Plaintiffs Oppose Review Of Dismissal Denial
BOSTON — A December ruling that denied dismissal of three lawsuits against one of the defendants in a multidistrict litigation over a 2023 data security incident related to MOVEit software does not merit reconsideration, the consolidated plaintiffs argue in an opposition brief, telling a Massachusetts federal court that a health tech firm did not offer any new arguments or evidence to support its quest for dismissal under the home-state exception of the Class Action Fairness Act (CAFA).
-
January 21, 2025
Judge Dismisses Class Action Alleging Insurer Violated Insureds’ Right To Privacy
CHICAGO — A federal judge in Illinois granted an insurer and an association of insurance companies’ motions to dismiss a putative class action alleging that they retained and disclosed the insureds’ protected health information in violation of their right to privacy pursuant to Illinois state law, finding the negligence and invasion of privacy claims barred by the immunity provision in the Illinois Insurance Code.
-
January 17, 2025
FTC Announces New COPPA Rule Requiring Parental Consent For Targeted Ads
WASHINGTON, D.C. — In a new final rule announced Jan. 16, the Federal Trade Commission disclosed new amendments to a rule it uses to enforce the Children's Online Privacy Protection Act (COPPA), including a requirement to obtain parents’ consent for the use of their children’s personal information for targeted advertising.
-
January 15, 2025
Texas Sues Allstate For Collecting, Selling ‘Trillions Of Miles’ Of Driving Data
CONROE, Texas — Texas Attorney General Ken Paxton filed a petition in Texas state court against The Allstate Corp., accusing the “insurance giant” of secretly collecting the driving behavior of more than 45 million Americans and selling the data to third parties in violation of the state’s data privacy and insurance laws.
-
January 15, 2025
Final Approval Given To $2 Million Insurance-Funded Settlement Of Data Breach Suit
PORTLAND, Ore. — Five months after preliminarily approving a $2 million settlement of a class action over a marketing execution firm’s 2022 data breach, an Oregon federal judge granted final approval, deeming the approval “fair, reasonable, and adequate” and in accord with the requirements of Federal Rule of Civil Procedure 23.
-
January 14, 2025
Exclusion Bars Coverage For Home Depot’s Data Breach Loss, 6th Circuit Majority Affirms
CINCINNATI — A majority of the Sixth Circuit U.S. Court of Appeals on Jan. 13 affirmed an Ohio federal court’s finding that a commercial general liability insurance policy’s electronic data exclusion bars coverage for Home Depot’s losses stemming from a 2014 data breach, rejecting Home Depot’s contention that the lower court “wrongly expanded the narrow electronic-data exclusion beyond its natural meaning, based on assumed facts outside the record.”
-
January 14, 2025
AI Voice Cloning Company, Voice Actors Brief Motion To Dismiss
NEW YORK — Responding to an artificial intelligence company’s contention that voice actors’ claims were time-barred and suffered from other defects, two named class action plaintiffs told a federal judge in New York that they own the rights to their voices and that the ongoing use of cloned voices sold under different names places the case within the applicable time frame.
-
January 10, 2025
Magistrate Won’t Sanction Google For Destroying Files It Had No Clear Duty To Keep
OAKLAND, Calif. — Finding that the plaintiffs in a consolidated lawsuit over Google Inc.’s purported data sharing via its real-time bidding (RTB) process failed to establish that the internet giant had a duty to preserve and produce particular files in an unencrypted format, a California federal magistrate judge denied the plaintiffs’ motion for contempt and sanctions against Google.
-
January 10, 2025
Privacy Suit Over Zillow’s Disclosure Of Watched Videos May Proceed
SAN DIEGO — Rejecting Zillow Group Inc.’s contention that it is not “a video tape service provider,” a California federal judge found that the online real estate platform operator engaged in activities that qualify it as such under the Video Privacy Protection Act (VPPA), leading her to deny the defendant’s motion to dismiss a putative privacy class complaint against it for purportedly sharing the video-viewing history of users of its app and website.
-
January 10, 2025
Negligence Suit Over Theft Of Genetic Data Settles For $8.9 Million
ATLANTA — Finding a settlement fund of $8.9 million to be “fair, reasonable, and adequate” to resolve class claims brought against two cancer treatment health care companies that were affected by a 2021 ransomware attack, a Georgia federal judge granted final approval to an agreement that allows for payments of up to $1,000 or $5,000 and releases all claims against the defendants.