Mealey's Data Privacy
-
January 09, 2025
Hospice Provider Can’t Dodge Wiretapping, Privacy Lawsuit
SACRAMENTO, Calif. — A customer of an end-of-life care provider sufficiently alleges that the company’s use of artificial intelligence (AI) software to record clients’ telephone conversations without their consent violated the California Invasion of Privacy Act (CIPA), a California federal judge found Jan. 8, denying the defendant’s motion to dismiss.
-
January 08, 2025
Greek Restaurant’s Claims Over Identity, Funds Theft Partly Dismissed
RICHLAND, Wash. — In a pair of rulings, a Washington federal judge partly granted motions to dismiss by a payroll company and a mailing services firm that the owners of a Greek restaurant blame for a cybersecurity incident that they say resulted in the theft of the restaurant owner’s personally identifiable information (PII) and, ultimately, the theft of hundreds of thousands of dollars.
-
January 06, 2025
Meta, Users Oppose Objector’s Certiorari Bid Over Service Awards, Attorney Fees
WASHINGTON, D.C. — A class member who initially objected to the $90 million settlement of a privacy class action over the use of tracking cookies by Meta Platforms Inc. (formerly Facebook Inc.) did not present any questions meriting attention by the U.S. Supreme Court in his petition for certiorari protesting service awards and attorney fees that were approved as part of the settlement, Meta and the lead plaintiffs argue in briefs opposing certiorari.
-
January 03, 2025
9th Circuit Partly Reverses Dismissal Of Muslims’ Suit Over FBI Surveillance
SAN FRANCISCO — Nearly three years after the U.S. Supreme Court remanded a surveillance suit brought by a group of California Muslims against the Federal Bureau of Investigation, and 18 months after it heard oral argument in the matter, a Ninth Circuit U.S. Court of Appeals panel affirmed dismissal of constitutional claims against individual FBI agents while finding that a trial court erred in dismissing religious discrimination claims under the state secrets privilege without conducting the necessary inquiry.
-
January 03, 2025
Trimmed Class Certification Motion In Blackbaud Data Breach MDL Rejected
COLUMBIA, S.C. — Seven months after a South Carolina federal judge declined to certify several subclasses in a privacy multidistrict litigation against a data maintenance firm, he denied the lead plaintiffs’ motion for leave to file a renewed certification motion, finding that they had “not offered sufficient grounds for reopening class certification and further postponing resolution of [the] matter.”
-
January 02, 2025
Siri Users Seek Initial Approval Of $95 Million Eavesdropping Claims
OAKLAND, Calif. — A proposed $95 million settlement with Apple Inc. over the purported unauthorized recording of private conversations of Apple device users by its digital assistant Siri represents “the product of more than five years of litigation and months of negotiations” and merits preliminary approval, a group of plaintiffs tells a California federal judge in a Dec. 31 motion, in which they call the agreement “fair, reasonable, and adequate.”
-
December 20, 2024
After Partial Dismissal, Garda Data Breach Suit Settled, Stayed, Closed
WEST PALM BEACH, Fla. — On the heels of a ruling in which she partly granted a security firm’s motion to dismiss privacy and negligence claims over a data breach that exposed employees’ personally identifiable information (PII), a Florida federal judge granted the plaintiffs’ motion to stay the suit in light of a postruling announcement that the parties reached a conditional settlement of the putative class action.
-
December 19, 2024
$1.25 Million Settlement Approved In Onix Group Data Breach Class Action
PHILADELPHIA — A Pennsylvania federal judge presiding over a consolidated class action for negligence and consumer protection violations related to a 2023 data breach experienced by a Pennsylvania firm granted final approval to a $1.25 million settlement of the suit, overruling two objections and mostly granting requested attorney fees and service awards.
-
December 18, 2024
2 Objectors To Oracle Data Collection Suit Settlement Appeal To 9th Circuit
SAN FRANCISCO — One month after a California federal judge granted final approval to a $115 million settlement of a privacy and wiretap class action against Oracle America Inc., two class members who had lodged objections to the settlement filed notices that they were appealing the trial court’s approval ruling to the Ninth Circuit U.S. Court of Appeals.
-
December 18, 2024
9th Circuit Denies Saudi Dissident Rehearing Over Hacked Twitter Account
SAN FRANCISCO — A divided Ninth Circuit U.S. Court of Appeals panel’s decision to uphold the dismissal of negligence claims against Twitter Inc. will stand, per the panel’s denial of a petition for rehearing en banc by a political dissident from the Kingdom of Saudi Arabia (KSA) who blamed the social network company for allowing KSA moles to access his account for the purpose of obtaining personal information to be used against him.
-
December 17, 2024
Dismissal Motions Mostly Denied In MOVEit Data Breach MDL
BOSTON — In a pair of rulings, a Massachusetts federal judge declined to dismiss six of the consolidated lawsuits filed over the theft of medical data that occurred due to vulnerabilities in a file-transfer software program, finding that the home-state exception to the Class Action Fairness Act (CAFA) did not apply and concluding that plaintiffs in all but four of the hundreds of cases in the multidistrict litigation had sufficiently established standing under Article III of the U.S. Constitution.
-
December 16, 2024
Patients, Employees Settle Data Breach Suit Against Dental Chain For $2.7 Million
DETROIT — A Michigan federal judge granted final approval to a $2.7 million agreement that settles negligence and implied contract claims brought by the employees and patients of a multistate dental chain related to a February 2023 data breach that exposed the personally identifiable information (PII) of almost 2 million people.
-
December 13, 2024
Privacy Claims Over Web Marketer’s Online Tracking Dismissed By Federal Judge
PHILADELPHIA — Privacy and wiretap putative class claims alleged against an online marketer and two of its clients were dismissed by a Pennsylvania federal judge, who found that the two plaintiffs did not plead the necessary damages because the purported tracking of their web browsing did not constitute interception of communications.
-
December 11, 2024
FTC Announces Refunds Under Epic Games $245M Settlement For Fortnite Purchases
WASHINGTON, D.C. — The Federal Trade Commission (FTC) announced that it is sending the first round of refunds that will total more than $72 million as part of Epic Games Inc.’s agreement to pay $245 million to resolve allegations that users were tricked into purchasing items while playing the popular online game Fortnite and that children playing the game were allowed to purchase items without parental consent.
-
December 11, 2024
Health Data Clearinghouse Fined $250,000 By HHS For Exposure Of Patients’ Info
WASHINGTON, D.C. — The U.S. Department of Health and Human Services (HHS) on Dec. 10 announced that it had resolved “longstanding” failures by a health data clearinghouse to comply with the security rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
-
December 11, 2024
Employee Seeks Reconsideration Of Ruling On Retroactivity Of BIPA Limits Act
CHICAGO — A worker moved for reconsideration of a federal judge’s ruling that an August amendment to Illinois’ Biometric Information Privacy Act (BIPA) that places limits on an individual’s recovery for certain data release violations applies retroactively, citing a Nov. 22 ruling he says reached the opposite conclusion.
-
December 11, 2024
Credit Unions Ask Court To Deny Wawa Discovery, Approve Data Breach Suit Agreement
PHILADELPHIA — A group of financial institutions (FIs) suing Wawa Inc. over its 2019 data breach filed a motion asking a Pennsylvania federal court to deny the defendant’s motion to compel certain communications related to the claims filing process for class members and to grant final approval to a three-tiered settlement agreement that received preliminary approval more than a year ago.
-
December 10, 2024
Saudi Dissident Seeks En Banc 9th Circuit Rehearing Of Twitter Negligence Suit
SAN FRANCISCO — Arguing that a trial court improperly dismissed his negligence claims against Twitter Inc. at the pleadings stage based on the statute of limitations and constructive notice, a Saudi dissident who blames Twitter for the hacking of his account asks the Ninth Circuit U.S. Court of Appeals to rehear his appeal en banc in light of a panel decision that split on the timeliness of his complaint.
-
December 10, 2024
Insured, 2nd CGL Insurer Seek Dismissal Of Coverage Suit Over BIPA Violation Claim
CHICAGO — An insured and the remaining commercial general liability insurer in its lawsuit seeking a declaration as to coverage for an underlying putative class lawsuit alleging that it violated the Illinois Biometric Privacy Act (BIPA) filed a stipulation asking an Illinois federal court to dismiss with prejudice all claims between them.
-
December 03, 2024
COMMENTARY: The Future Of Work: Exploring The Employment And Data Protection Law Implications Of The Use Of Artificial Intelligence (AI) In European Workplaces
By Matthew Howse, Louise Skinner, Vishnu Shankar and William Mallin
-
December 06, 2024
Google, Advertising Developer Denied Early Appeal Of Minors’ Data Collection Claims
SAN FRANCISCO — A California federal judge denied Google LLC and its advertising subsidiaries’ motion to certify for interlocutory appeal the court’s earlier order denying their motion to dismiss a nationwide putative class action brought by minors under 13 who say their personal data was unlawfully collected, finding that the issues involved don’t warrant an early appeal.
-
December 05, 2024
Lobstermen’s Constitutional Challenge To Maine Electronic Tracking Rule Dismissed
BANGOR, Maine — Although a Maine federal judge sympathized with some of the privacy concerns raised by a group of lobstermen who sought to have a new electronic tracking rule declared unconstitutional, he found that their claims were precluded under sovereign immunity and that the rule meets with requirements for conducting warrantless searches in a closely regulated industry.
-
December 05, 2024
Judge Urges Immediate Appeal Of Ruling On Law Protecting Info Of Judges, Police
CAMDEN, N.J. — On the heels of denying a consolidated motion to dismiss claims against dozens of data brokers and related companies under a New Jersey law that enhances privacy protection for personal data of law enforcement and court personnel, a New Jersey federal judge issued an order recommending an immediate appeal of his ruling because it “involves a controlling question of law as to which there is a substantial ground for difference of opinion.”
-
December 05, 2024
$30M 23andMe Data Breach Settlement Gets Court’s Conditional Preliminary OK
SAN FRANCISCO — The California federal judge overseeing a multidistrict litigation involving claims against genetic testing company 23andMe Inc. for failing to protecting users’ data from hackers granted preliminary approval on Dec. 4 to a $30 million settlement of the claims on the condition that the plaintiffs amend their definition of the settlement class to exclude parties who are pursuing arbitration and despite “serious concerns” with the plaintiffs’ $7.5 million attorney fees request.
-
December 05, 2024
Target Denied Dismissal, Sanctions In Facial Scanning Privacy Class Complaint
CHICAGO — Four customers of Target Corp. have sufficiently alleged violation of Illinois’ Biometric Information Privacy Act (BIPA) via the use of in-store facial recognition technology, an Illinois federal judge found, denying the retail giant’s motions to dismiss and for sanctions in light of the early stage of litigation and the undeveloped record.