Newsletter RSS

Mealey's Data Privacy

  • February 03, 2026

    Illinois Graduate Class Certified In BIPA Case Against Ceremony Photographer

    EAST ST. LOUIS, Ill. — Illinois graduates suing the company that captured photos of their ceremonies for allegedly violating the Illinois Biometric Information Privacy Act (BIPA) by collecting their biometric identifiers to use facial recognition to identify all photos in which each graduate appears and offer them for sale may proceed as a class, a federal judge in Illinois ruled, granting a motion for class certification (Joshua Gaertner, et al. v. Commemorative Brands, Inc., et al., No. 23-2452, S.D. Ill., 2026 U.S. Dist. LEXIS 20357).

  • February 03, 2026

    Judge Approves $3M Settlement Of Consumers’, Employees’ Data Breach Claims

    SEATTLE — A federal judge in Washington granted final approval to a settlement worth $3 million, including $1 million in attorney fees, in favor of a class of more than 34,000 individuals who alleged that their sensitive data was breached during a hack of a workflow solutions company and its subsidiaries in violation of California’s unfair competition law (UCL) and other laws.

  • February 03, 2026

    23andMe Bankruptcy Judge Approves $50M Settlement; Data Breach MDL To Be Dismissed

    The parties to multidistrict litigation in California federal court against 23andMe Inc. and affiliates for a data breach in which millions of customers’ genetic data and personally identifiable information (PII) was hacked filed a joint status report on Feb. 2 stating the plaintiffs will move to dismiss the MDL following the final approval in Missouri federal bankruptcy court of a settlement worth up to $50 million to resolve U.S. customers’ claims against 23andMe, with 25% allocated for attorney fees.

  • February 03, 2026

    Iowa High Court Reverses Ruling Denying Dismissal Of Police Data Access Suit

    DES MOINES, Iowa — A unanimous Iowa Supreme Court reversed and remanded a lower court ruling denying dismissal of a common law and statutory law privacy violation suit against a police department, a police officer and related officials and entities alleging that the officer improperly accessed confidential databases of local residents for his own personal use, finding that the suit is “time-barred” under the statute of limitations.

  • February 03, 2026

    Google Assistant Users Seek Approval Of $68M Settlement For Eavesdropping Claims

    SAN JOSE, Calif. — A California federal judge terminated a hearing date after a group of plaintiffs moved for preliminary approval of a $68 million settlement of their putative class claims against Google LLC and Alphabet Inc. (collectively Google) for allegedly eavesdropping on Google Assistant (GA) users in violation of California’s unfair competition law (UCL) and privacy laws.

  • February 03, 2026

    Women’s Dating Advice App Seeks To Dismiss ‘Hyperbolic’ Data Hack Complaint

    SAN FRANCISCO — The developer of the “Tea” women’s app for posting information about men in the dating market moved in California federal court to dismiss putative class claims against it for violation of federal privacy laws and state laws including California’s unfair competition law (UCL) after its database of users’ identity-verification and driver’s license photos was hacked, writing that the plaintiffs suffered no injury and fail to state a claim.

  • February 02, 2026

    7th Circuit Dismisses Appeal In BIPA Violation Coverage Suit Following Settlement

    CHICAGO — One day after the parties filed a stipulation of dismissal, the Seventh Circuit U.S. Court of Appeals dismissed the excess insurer’s appeal of a lower federal court’s summary judgment ruling in a franchisee of the Burger King chain’s breach of contract lawsuit seeking a declaration that the insurer has a duty to defend against an underlying putative class lawsuit alleging that the insured violated the Illinois Biometric Information Protection Act (BIPA).

  • January 29, 2026

    Hacked Facebook Account Plaintiffs Don’t Plead Meta Broke A Promise, Judge Says

    SAN FRANCISCO — A California federal judge granted in part Meta Platforms Inc.’s motion to dismiss a putative class action brought against it by users of its social media platforms who claim that it failed to prevent hacking of user accounts or help users regain access to their accounts in violation of California’s unfair competition law (UCL), writing that injury can be inferred but that the plaintiffs did not directly plead that Meta breached a contract or injured them based on loss of access to personal data.

  • January 29, 2026

    Justice Denies Debt Collector’s Stay Application After Fraud Ruling For 2 Employees

    WASHINGTON, D.C. — U.S. Supreme Court Justice Samuel A. Alito Jr. on Jan. 28 denied an application for recall and stay of mandate filed by a national debt collection firm after the Third Circuit U.S. Court of Appeals ruled for the first time that when two former employees shared a spreadsheet containing passwords and login information they committed “workplace-policy infractions” and not violations of the Computer Fraud and Abuse Act (CFAA) and that the passwords themselves were not trade secrets under federal or state law.

  • January 29, 2026

    3 DOJ Suits Seeking States’ Voter Data Dismissed; More Motions Pending

    EUGENE, Ore. — A demand by the U.S. Department of Justice that Oregon provide it with an unredacted copy of its statewide voter registration list (SVRL), coupled with an allegation that the state violated Title III of the Civil Rights Act of 1960 (CRA) for not providing the full voter registration rolls to the federal government, was dismissed by an Oregon federal judge after a hearing, making it the third such suit brought by the DOJ against a state to be dismissed.

  • January 29, 2026

    COMMENTARY: Pashman Stein Walder Hayden Attorneys Discuss The Future Of Litigation Over The Video Privacy Protection Act

    [Editor’s Note: Copyright © 2026, LexisNexis. All rights reserved.]

  • January 28, 2026

    Interlocutory Review Denied Following Ruling On Website Tracker As Pen Register

    SAN FRANCISCO — A federal judge in California denied a website owner’s motion to certify for interlocutory appeal an October order declining dismissal of a putative class case alleging that the website’s third-party trackers that collect users’ data violate the California Invasion of Privacy Act’s (CIPA) pen register/trap-and-trace law, finding that “every federal court to tackle the CIPA applicability question has rejected” the website owner’s position that the pen register prohibition doesn’t apply and rejecting the defendant’s argument that the case presents a novel issue.

  • January 28, 2026

    Pro Se Plaintiffs Denied TRO, Other Relief In Genetic Data Suit Against 23andMe

    SAN FRANCISCO — Noting that two pro se plaintiffs “expressly state in their complaint that they are not customers of 23andMe” and, therefore, it is unclear whether the bankrupt genetic testing company had any of their personal information in its possession, a federal judge in California denied their request for a temporary restraining order (TRO) barring the company and the company they claim is its successor-in-interest from selling or transferring their genetic profiles.

  • January 28, 2026

    Data-Sharing Class Claims Against Shopify Partly Dismissed By Federal Judge

    OAKLAND, Calif. — After a previous dismissal ruling was reversed and remanded by the Ninth Circuit U.S. Court of Appeals, Shopify Inc. partly succeeded in its second motion to dismiss privacy claims against it, with a California federal judge finding that some of a plaintiff’s putative class claims over the online retailer’s purported collection and sharing of customer data for the creation of individualized profiles failed for not adequately alleging an injury.

  • January 27, 2026

    6th Circuit Vacates Injunction In Social Media Sex Offender Disclosure Dispute

    CINCINNATI — The Sixth Circuit U.S. Court of Appeals on Jan. 26 vacated a preliminary injunction and remanded a putative class action filed against a county attorney by a Kentucky registered sex offender seeking to prevent enforcement of a Kentucky law requiring certain registered sex offenders to display their full legal name on their social media accounts, finding in part that the law at issue may cover conduct to which the First Amendment to the U.S. Constitution does not apply.

  • January 27, 2026

    Judge Grants Dismissal Of Agency Heads In Putative Class Suit Over HHS RIF

    WASHINGTON, D.C. — A federal judge in the District of Columbia dismissed as redundant agency heads named as defendants in a putative class complaint over an April 2025 reduction-in-force (RIF) at the U.S. Department of Health and Human Services that affected approximately 10,000 employees and was allegedly based on inaccurate records in violation of the Privacy Act; this case is one of several currently challenging various 2025 RIFs impacting numerous federal agencies.

  • January 26, 2026

    Supreme Court Grants Cert To Define ‘Goods Or Services,’ ‘Customer’ Under VPPA

    WASHINGTON, D.C. — After denying petitions for certiorari in December in two lawsuits over purported sharing of consumers’ personal viewing information (PVI) under the Video Privacy Protection Act (VPPA), the U.S. Supreme Court on Jan. 26 granted certiorari in another VPPA case in which there are similar data-sharing allegations to decide what constitutes a “customer” of a video tape service provider (VTSP) under the nearly 40-year-old statute.

  • January 26, 2026

    Florida Panel Affirms Data Breach Class Claims Barred By Sovereign Immunity

    WEST PALM BEACH, Fla. — Finding that a public, nonprofit hospital system did not waive its sovereign immunity, a Florida appellate panel affirmed the dismissal with prejudice of consolidated class breach of contract and negligence claims filed by former patients in the wake of a 2021 data breach.

  • January 23, 2026

    Dismissal Order Trims Claims In Class Case Over Apple’s Shared Analytics Setting

    SAN JOSE, Calif. — Apple Inc. mobile device users who allege in an amended consolidated putative class complaint that a setting on their devices meant to stop the sharing of their data doesn’t actually do that may proceed with breach of contract and breach of implied covenant of good faith and fair dealing claims and claims brought under New York, New Jersey and Illinois law, a federal judge in California ruled, granting Apple’s motion to partially dismiss other privacy-related, unfair competition law (UCL) and unjust enrichment claims.

  • January 23, 2026

    Only Employees’ Negligence Claim Over Cyberattack Remains After Dismissal

    ATLANTA — Three workers who filed a putative consolidated class complaint against their employer after a 2023 data breach have standing to sue by sufficiently alleging a concrete injury and may proceed with their negligence claim, a federal judge in Georgia ruled, partially granting the employer’s motion to dismiss as to three other claims and granting the workers 14 days to file an amended complaint.

  • January 22, 2026

    Nonprofits Ask High Court To Clarify Limitations Period In FBI Surveillance Suits

    WASHINGTON, D.C. — Two amicus curiae briefs were filed in the U.S. Supreme Court in support of a petition for a writ of certiorari filed by the target of Federal Bureau of Investigation surveillance warrants whose claims against the government were dismissed as time-barred, with the amici arguing that a ruling by the District of Columbia Circuit U.S. Court of Appeals that the statute of limitations on a surveillance abuse lawsuit begins when surveillance is suspected essentially creates immunity for the government in such cases.

  • January 22, 2026

    $5.48 Million Settlement Of Suit Over Analytics Firm’s Data Breach Approved

    NEWARK, N.J. — Seven months after preliminarily approving a settlement of $5,482,500 to resolve a consolidated class action over claims stemming from a 2023 data breach experienced by a health-oriented data management firm, a New Jersey federal magistrate judge granted final approval to the agreement as being “fair, reasonable, and adequate.”

  • January 21, 2026

    SSA To Court: Former DOGE Team’s Data Use Possibly Noncompliant With TRO

    BALTIMORE — The Social Security Administration (SSA) filed a notice in a federal court in Maryland stating that in December 2025 it made two Hatch Act referrals to the U.S. Office of Special Counsel and notified the U.S. Department of Justice of instances of use of SSA data “by the then-SSA DOGE [Department of Government Efficiency] Team” that were “potentially outside of SSA policy and/or noncompliant” with a temporary restraining order (TRO) entered in March 2025.

  • January 20, 2026

    Radiology Provider Settles Data Breach Class Claims For $1.5M Plus Monitoring, Fees

    FORT LAUDERDALE, Fla. — A radiology service provider will pay $1.5 million to those patients whose data were accessed during a cyberattack who can demonstrate loss, will provide medical data monitoring valued at more than $186 million to all class members and will pay class counsel $2.85 million, according to a settlement agreement granted final approval by a Florida judge.

  • January 16, 2026

    Supreme Court To Tackle 4th Amendment Implications Of Geofence Warrants

    WASHINGTON, D.C. — The U.S. Supreme Court on Jan. 16 granted certiorari to a man who was convicted of armed robbery through evidence obtained via a geofence warrant, which culls location information from users’ mobile devices, agreeing to address whether such warrants violate the Fourth Amendment to the U.S. Constitution.