Newsletter RSS

Mealey's Data Privacy

  • September 30, 2025

    Privacy Suit Over Zillow’s Watched Videos Disclosure Dismissed At Parties’ Request

    SAN DIEGO — A federal judge in California dismissed without prejudice a putative privacy class action against Zillow Group Inc. for purportedly sharing the video-viewing history of users of its app and website after the plaintiffs and online real estate platform operator filed a joint motion and stipulation to dismiss.

  • September 30, 2025

    Judge Partly Dismisses Illinois Woman’s Privacy Suit Over Hospital’s Website

    ROCK ISLAND, Ill. — A putative class action over a hospital’s purported sharing of the private information of its website’s users was partially dismissed, with an Illinois federal judge disposing of breach of contract, bailment, eavesdropping and computer fraud claims, with leave to amend.

  • September 26, 2025

    DOJ Sues 6 States For Not Providing Full Voter Registration Information

    The U.S. Department of Justice (DOJ), on behalf of the United States, filed lawsuits against six states in corresponding federal district courts, seeking orders requiring each state to submit a computerized statewide voter registration list in compliance with the Help America Vote Act (HAVA) for the purpose of “safeguard[ing] American elections in compliance with Federal laws.”

  • September 25, 2025

    Florida Health System Granted Sovereign Immunity In Class Suit Over Data Sharing

    FORT MYERS, Fla. — A Florida health care provider that is a political subdivision of the state is entitled to sovereign immunity from putative class claims by a patient who alleged that patients’ privacy rights were violated when their medical information was transmitted to Facebook, a federal judge in Florida ruled Sept. 24.

  • September 24, 2025

    Claims Over Website’s Sharing ED Data With Google, Meta Lack Support, Judge Finds

    SAN FRANCISCO — Three men who claimed that an erectile dysfunction (ED) treatment website improperly shared their protected health information (PHI) with Google LLC and Meta Platforms Inc. failed to demonstrate that they did not consent to this sharing by agreeing to terms in the operative version of the website operator’s privacy policy, a California federal judge ruled Sept. 23.

  • September 23, 2025

    USDA Temporarily Restrained From Demanding SNAP Users’ Data From States

    SAN FRANCISCO — A group of states successfully stopped, at least for now, the U.S. Department of Agriculture from enforcing its demand that each state submit the personal data of its residents who receive benefits under the Supplemental Nutrition Assistance Program (SNAP), with a California federal judge issuing a temporary restraining order (TRO) and finding the states likely to succeed on their claim, under the Administrative Procedure Act (APA), that the data demand was contrary to law.

  • September 23, 2025

    Negligence, Contract Claims Over Organ Donation Firm’s Data Exposure May Proceed

    RICHMOND, Va. — An organ donor whose personally identifiable information (PII) was potentially exposed in an unencrypted state for 16 years adequately alleged negligence and breach of contract claims against the donor administration organization, a Virginia federal judge concluded, mostly denying the defendant’s motion to dismiss.

  • September 22, 2025

    Minors Sue Disney Over Data Collection On Videos For Children

    LOS ANGELES — Three minors filed a putative class action in California state court accusing two Disney companies of violating California’s unfair competition law (UCL) and other laws by failing to designate certain YouTube videos as “for kids” and collecting information about those viewers, which was also the subject of a recent $10 million settlement by Disney with the Federal Trade Commission.

  • September 19, 2025

    Final Approval Given To $20 Million Global Settlement Of Fortra Data Breach MDL

    MIAMI — Five months after a Florida federal judge preliminarily approved a $20 million global settlement of a multidistrict litigation over a 2023 data breach experienced by users of a file-transfer program, he granted final approval to the settlement, thus resolving all remaining claims against software firm Fortra LLC, its customers and their clients by class members who claim that their personally identifiable information (PII) was compromised in the cyberattack.

  • September 18, 2025

    Meta Denied Posttrial JMOL, Decertification Motions In Period App Privacy Suit

    SAN FRANCISCO — Rejecting an attempt by Meta Platforms Inc. “to overturn just about everything related to the verdict” in a trial over its purported eavesdropping and data collection from an ovulation-tracking app in violation of the California Invasion of Privacy Act (CIPA), a California federal judge denied the social media operator’s motions for judgment as a matter of law (JMOL) and to decertify the class of app users.

  • September 17, 2025

    Data Breach Suit Against Casino Mostly Survives Dismissal

    LAS VEGAS — The operator of a casino that was hit by a data breach in 2024 saw its motion to dismiss putative class privacy, negligence and unfair competition claims mostly denied by a Nevada federal judge, who found that a group of customers and former employees adequately alleged most of their claims and supported them with assertions of cognizable injuries.

  • September 16, 2025

    Insurers Fail To Settle Equitable Contribution Suit Over Unlawful Recording Claims

    SAN DIEGO — A federal court in California on Sept. 15 reported that following an early neutral evaluation conference, a cyber liability insurer and a defendant insurer did not reach a settlement of the cyber liability insurer’s lawsuit seeking equitable contribution and indemnification for an underlying lawsuit alleging that their mutual insured intentionally failed to disclose that hidden cameras were installed in operating rooms and recorded patient procedures in an effort to investigate drug theft.

  • September 16, 2025

    Suit Against Relocation Firm Over Data Breach Mostly Survives Dismissal Motion

    LOS ANGELES — Although a California federal judge dismissed as insufficiently pleaded a California woman’s bailment claim against a relocation service provider related to a 2024 data breach, the plaintiff’s contract, privacy and negligence putative class claims were deemed adequately alleged to withstand the defendant's dismissal motion.

  • September 16, 2025

    $95 Million Settlement Of Siri Eavesdropping Class Action Gets Final Approval

    OAKLAND, Calif. — A California federal judge gave a final OK to a $95 million settlement of a six-year-old class action accusing Apple Inc. of collecting unauthorized recordings of Apple device users via its Siri digital assistant, deeming the settlement “fair, adequate, and reasonable.”

  • September 15, 2025

    Magistrate Approves $1.5 Million Settlement Of Garda Data Breach Suit

    WEST PALM BEACH, Fla. — More than five months after he preliminarily approved a $1.5 million settlement between a security company and a group of employees that sued it over the theft of their personally identifiable information (PII) in a 2023 data breach, a Florida federal magistrate judge granted final approval, deeming the deal in compliance with federal rules and, as such, “fair, adequate and reasonable.”

  • September 12, 2025

    Investors’ Fraud Suit Against Technology Company After Data Breach Dismissed

    NEW YORK — A federal judge dismissed investors’ securities fraud class action against a global technology company, finding the investors failed to allege the company and its officers and directors made material misstatements about its internal securities controls before and after a data breach and failed to allege scienter with respect to their fraud claims.

  • September 12, 2025

    Debt Collector: 8th Circuit Suit Boosts Intrusion Upon Seclusion Certiorari Bid

    WASHINGTON, D.C. — A debt collection firm, which asked the U.S. Supreme Court to clarify whether a single errantly sent letter is sufficiently comparable to the tort of intrusion upon seclusion to establish jurisdiction for a claim under the Fair Debt Collection Practices Act (FDCPA), filed a supplemental brief telling the high court that a recent Eighth Circuit U.S. Court of Appeals ruling, which conflicted with the ruling it appeals, further supports the need for a grant of certiorari on the matter.

  • September 12, 2025

    3rd Circuit Asks N.J. High Court Whether Data Shield Law Liability Needs Mens Rea

    PHILADELPHIA — Two months after hearing oral arguments in a dispute over the constitutionality of a New Jersey law that provides for deletion of public officials’ private information from data brokers’ records, a Third Circuit U.S. Court of Appeals panel certified two questions to the New Jersey Supreme Court, asking it to clarify whether a finding of liability under the statute requires a determination of a defendant’s mental state.

  • September 11, 2025

    IRS, ICE Must Give Judge Administrative Record Of Taxpayer Info-Sharing Policy

    WASHINGTON, D.C. — In a posthearing minute order, a District of Columbia federal judge directed the Internal Revenue Service and Immigration and Customs Enforcement to submit the administrative record related to a recently enacted policy under which the IRS agreed to share certain taxpayers’ last known addresses with ICE for immigration enforcement purposes, with the judge deeming the record necessary to resolve plaintiff organizations’ motion to stay or enjoin this new information-sharing policy as barred by the Administrative Procedure Act (APA).

  • September 10, 2025

    4th Circuit Stays Mandate In Unions’ DOGE Data Access Case Until Petition Decided

    RICHMOND, Va. — The Fourth Circuit U.S. Court of Appeals temporarily stayed the mandate in an appeal over U.S. Department of Government Efficiency’s (DOGE) access to individuals’ personally identifiable information (PII) until after a petition for rehearing en banc filed by the unions and veterans who brought the complaint is considered.

  • September 09, 2025

    Judge Rules Email Subscription Does Not Confer Consumer Status Under VPPA

    NEW YORK — A Missouri woman’s Video Privacy Protection Act (VPPA) claim against NBCUniversal Media LLC was dismissed for a third time by a New York federal judge who found that although the plaintiff sufficiently pleaded that NBC knowingly collected her personally identifiable information (PII) connected with her viewing of videos on the website of the Today Show, the plaintiff did not establish that she qualified as a consumer under the statute.

  • September 05, 2025

    Chinese Toymaker Settles FTC Claims Of Kids’ Location Data Sharing For $500,000

    SAN FRANCISCO — The United States and a Chinese toy company reached a settlement of claims that the company violated minors’ privacy through its collection of their geolocation data via the firm’s robot toys, telling a California federal court that they had agreed to a penalty of $500,000 to dispose of the claims brought under the Children’s Online Privacy Protection Act (COPPA) and the Federal Trade Commission Act.

  • September 05, 2025

    Jury Awards Google Users More Than $425M For Online Data Gathering

    SAN FRANCISCO — After an 11-day trial in a five-year-old privacy class action, a California federal jury awarded two classes of mobile device users more than $425 million for invasion of privacy and intrusion upon seclusion by Google LLC for the company’s practice of tracking mobile device users’ online activity despite selecting a setting to opt out of such data collection.

  • September 05, 2025

    3rd Circuit: Policy Violations Not Federal Crimes, Passwords Not Trade Secrets

    PHILADELPHIA — Under the Computer Fraud and Abuse Act (CFAA), workplace policy infractions are not federal crimes and federal and Pennsylvania laws do not hold that passwords protecting proprietary business information are trade secrets, a Third Circuit U.S. Court of Appeals panel found “for the first time” in affirming a district court ruling that two former employees of a national debt-collection firm did not commit computer fraud, steal trade secrets or violate other state and federal laws through the creation and sharing of a spreadsheet containing passwords and login information protecting “confidential and proprietary information.”

  • September 04, 2025

    Disney Settles Children’s Online Privacy Violations With FTC For $10 Million

    LOS ANGELES — In a stipulation and proposed order filed in California federal court, Disney Worldwide Services Inc. and Disney Entertainment Operations LLC (together, Disney) have agreed to pay $10 million to settle allegations by the Federal Trade Commission that it violated the Children’s Online Privacy Protection Act (COPPA) by not properly designating whether videos it uploaded to YouTube were made for kids (MFK), which resulted in the collection of children’s personal data.

Can't find the article you're looking for? Click here to search the Mealey's Data Privacy archive.