Newsletter RSS

Mealey's Data Privacy

  • August 14, 2025

    Split 4th Circuit Vacates Preliminary Injunction In Unions’ DOGE Data Access Suit

    RICHMOND, Va. — A trial court abused its discretion when it found that unions and veterans were likely to prevail on each issue raised in a lawsuit opposing the sharing of individuals’ personally identifiable information (PII) with the U.S. Department of Government Efficiency (DOGE), split Fourth Circuit U.S. Court of Appeals panel ruled, vacating a preliminary injunction and remanding for further proceedings.

  • August 12, 2025

    Law Firm Credibly Alleges Breach Of Duty To Indemnify In Cyber Crime Coverage Suit

    SEATTLE — A federal judge in Washington held that a law firm insured plausibly alleges that a commercial cyber insurance policy covers its liability under the Security Breach Liability provision, refusing to dismiss the insured’s claim that the insurer breached its duty to indemnify.

  • August 07, 2025

    Woman’s Suit Over Disclosed Medical Info, Harassment Remanded To State Court

    BOSTON — Signing and adopting an order that accompanied a plaintiff’s motion to remand, a Massachusetts federal judge agreed that the dismissal of the United States as a defendant from a lawsuit over the purported intentional dissemination of her private medical information lacked the necessary diversity of citizenship to retain federal jurisdiction.

  • August 07, 2025

    Judge Approves $6.8 Million Settlement Of Rite Aid Data Breach Class Action

    PHILADELPHIA — A $6.8 million settlement of a consolidated class action over a 2024 data breach experienced by Rite Aid Corp. satisfied the requirements of Federal Rule of Civil Procedure 23 and relevant case law, a Pennsylvania federal judge found, granting final approval to the settlement as well as to the plaintiffs’ requests for attorney fees, costs and service awards.

  • August 06, 2025

    Man Tells Supreme Court Geofence Warrants Violate 4th Amendment

    WASHINGTON, D.C. — A man who was arrested for bank robbery after being tracked via a geofence warrant served on Google LLC by law enforcement filed a petition for certiorari asking the U.S. Supreme Court to decide on the constitutionality of such warrants.

  • August 05, 2025

    States Sue USDA Over Demand For SNAP Recipients’ Private Data

    SAN FRANCISCO — In a complaint filed in California federal court, a group of 21 U.S. states and the District of Columbia claim that the U.S. Department of Agriculture violated the Administrative Procedure Act (APA) with an “unprecedented demand” for the personal information of “tens of millions of Americans that have applied for benefits through the” Supplemental Nutrition Assistance Program (SNAP).

  • August 04, 2025

    Jury Finds Meta Liable For Intercepting Communications On Menstrual-Tracking App

    SAN FRANCISCO — One day after a group of plaintiffs announced a mid-trial settlement of their privacy claims against the maker of an ovulation tracking app, a California federal jury on Aug. 1 found co-defendant Meta Platforms Inc. liable under the California Invasion of Privacy Act (CIPA) for participating in the interception of the app users’ personal communications.

  • July 30, 2025

    Privacy Claims Against Meta, Google Over Prescription Website May Proceed

    SAN FRANCISCO — Consolidated claims that Google LLC and Meta Platforms Inc. intercepted and used the protected health information (PHI) of users of a health services website mostly survived a dismissal motion, with a California federal judge finding that the plaintiffs sufficiently alleged claims for invasion of privacy, unfair competition and unjust enrichment, among other things.

  • July 31, 2025

    Women’s Dating Advice App ‘Ignored’ Data Security Before Hack, Plaintiffs Say

    SAN FRANCISCO — Two women filed separate putative class action lawsuits in California federal court against the developer of the Tea app, where women post anonymously about dating men, accusing it of negligence and violation of California’s unfair competition law (UCL) after its database of users’ identity-verification photos and drivers’ license pictures was hacked and posted online.

  • July 31, 2025

    After 23andMe’s Bankruptcy Sale, States Drop Suit Over Genetic Data Ownership

    ST. LOUIS — One month after a Missouri federal bankruptcy judge approved the sale of the financially troubled 23andMe Inc. to a new company formed by one of the genetic testing company’s founders, a group of states on July 30 voluntarily dismissed their adversary proceeding in which they objected to the sale and the unilateral transfer of customers’ genetic data and personally identifiable information (PII).

  • July 30, 2025

    Biometrics Claim Over Eufy Security Products Sufficiently Pleaded, Judge Rules

    CHICAGO — A year and a half after she partly dismissed a claim against the manufacturer of “eufy” security cameras under Illinois’ Biometric Information Privacy Act (BIPA), an Illinois federal judge denied the defendant’s attempt to fully dispose of the claim, finding that the plaintiffs adequately alleged that the purported misuse of their biometric identifiers occurred in Illinois.

  • July 30, 2025

    Driver AI Surveillance Data Collection Class Suit Settled With Lytx For $4.25M

    EAST ST. LOUIS, Ill. — A $4.25 million class settlement between a class of drivers and a technology company was granted final approval by a federal judge in Illinois ending a lawsuit that accused a transportation company and a machine vision and artificial technology company of collecting and holding truck drivers’ biometric data when scanning their faces via a camera that employs artificial intelligence to monitor drivers in violation of the Illinois Biometric Information Privacy Act (BIPA); the transportation company previously paid a settlement of $56,800 for the benefit of 71 settlement class members.

  • July 30, 2025

    Truck Drivers’ BIPA Claims Over In-Cab Cameras Partly Remanded

    CHICAGO — Two truckers’ claims against their former employer under the Illinois Biometric Information Privacy Act (BIPA) were partly remanded for lack of jurisdiction under Article III of the U.S. Constitution, with an Illinois federal judge retaining jurisdiction over part of the claims while denying the trucking company’s motion to dismiss.

  • July 28, 2025

    7 Suits Over University’s Data Breach Consolidated In Tennessee Federal Court

    CHATTANOOGA, Tenn. — Seven separately filed putative class actions against a college that was hit by a data breach were consolidated by a Tennessee federal judge who granted the plaintiffs’ motion to that end, with the judge holding that maintaining separate suits “would pose unnecessary cost and delay,” while consolidation “will help ensure consistent and efficient adjudications.”

  • July 28, 2025

    Judge Trims Claims In Suit Over Mortgage Company’s Ransomware Incident

    DALLAS — A consolidated putative class action over a 2023 data breach and ransomware attack experienced by Mr. Cooper Group Inc. will proceed with fewer claims after a Texas federal judge partly granted the firm’s motion to dismiss, disposing of contractual and privacy claims.

  • July 23, 2025

    VPPA Suit Against Stock Video Site Dismissed For Failure To State A Claim

    NEW YORK — Although two plaintiffs alleged that a video-viewing website shared their viewing information with Meta Platforms Inc. via its pixel tracking tool, a New York federal judge found that they did not establish that the website shared any personal information that would permit an “ordinary person” to identify them from this viewing data, granting the site operator’s motion to dismiss for failure to state a claim.

  • July 23, 2025

    Privacy Suit Against Data Broker Mostly Survives Dismissal Motion

    OAKLAND, Calif. — A putative class action suit accusing a data broker of compiling a massive database including details on nearly every adult in the United States will largely proceed, with a California judge granting the broker’s dismissal motion only related to a claim for declaratory judgment, which he found did not qualify as a stand-alone claim.

  • July 22, 2025

    State, Federal Suits Over Health Care Firm’s Data Breach Settle For $6.5 Million

    ST. LOUIS — A Missouri state court judge granted final approval to an agreement that settles lawsuits against a health management services firm from two state courts and a federal court with a settlement fund of $6.5 million and attorney fees of $2 million.

  • July 22, 2025

    Judge Approves Injunctive Relief-Only Settlement Of CareFirst Data Breach Suit

    WASHINGTON, D.C. — A District of Columbia federal judge granted final approval to a settlement that resolved the lone remaining claim against CareFirst Inc. in a decade-old class action over a 2014 data breach, deeming the agreement, which provides only injunctive relief for the consolidated class, “fair, reasonable, and adequate.”

  • July 22, 2025

    Doctor Insured: Hidden Cameras Constitute Physical Alteration, Loss Of Use

    NEW YORK — A doctor argues to the Second Circuit U.S. Court of Appeals that a lower federal court erred in dismissing her breach of contract lawsuit seeking business interruption and umbrella coverage for her losses arising from discovery of hidden cameras at her dermatology office, asserting that the hidden cameras constituted a physical alteration and loss of use and satisfied her insurance policy’s direct physical loss or damage requirement.

  • July 21, 2025

    Judge Dismisses Privacy Suits By FBI Agents Who Worked On Trump Cases

    WASHINGTON, D.C. — Federal Bureau of Investigation agents and a nonprofit organization who in two complaints seek to stop the publication or dissemination of a list allegedly being compiled of FBI employees who were involved in investigating two events involving President Donald J. Trump have made claims that “are too speculative,” a federal judge in the District of Columbia ruled, granting a motion to dismiss filed by the U.S. Department of Justice (DOJ) and the United States.

  • July 18, 2025

    On Day 2 Of Meta Trial, Zuckerberg, Officers, Directors Settle With Shareholders

    WILMINGTON, Del. — On the second day of a trial in Delaware state court over shareholders’ claims of fiduciary breaches by the officers and directors of Meta Platforms Inc. (formerly Facebook Inc.) centering on the company’s high profile consumer privacy issues, the shareholders on July 17 filed a notice informing the court that the parties had settled the almost 15-year-old lawsuit.

  • July 18, 2025

    Lawsuit Over Database Site’s Use Of Photos, Personal Info May Proceed, Judge Rules

    SEATTLE — Two days after he denied a motion to compel arbitration by the operator of an online professional services database, a Washington federal judge also denied the company’s motions to dismiss and to strike class allegations, allowing putative class publicity rights claims to continue.

  • July 17, 2025

    Dismissal Denied In Antitrust, Hacking Lawsuits Over Car Dealership Software

    SAN FRANCISCO — A California federal judge issued rulings largely denying motions to dismiss in two lawsuits filed against each other by competitors in the auto dealership management system (DMS) market, which have accused each other of hacking proprietary data and antitrust violations blocking access to the market in violation of California’s unfair competition law (UCL) and antitrust law.

  • July 16, 2025

    9th Circuit Affirms Dismissal Of Suit Against Microsoft, Says Microsoft Owns Data

    SAN FRANCISCO — The Ninth Circuit U.S. Court of Appeals on July 15 affirmed a lower court’s order dismissing with prejudice a breach of contract suit filed by an internet security company against Microsoft Corp. alleging that Microsoft used the company’s services outside the scope of the contract to recover compromised account credential data, finding that the company’s allegations fail to show that Microsoft had a duty to limit its use of the data provided.