Newsletter RSS

Mealey's Data Privacy

  • April 07, 2026

    Political Advocacy Groups File Complaints Targeting Voter Data Executive Order

    WASHINGTON, D.C. — The National Association for the Advancement of Colored People (NAACP) and other advocacy groups filed suit in a Washington, D.C., federal court challenging as unconstitutional President Donald J. Trump’s March 2026 executive order requiring federal agencies to compile state-specific citizenship lists and directing the U.S. Postal Service (USPS) to condition the transmission of mail-in voting ballots on federally derived eligibility criteria; complaints challenging the executive order were also filed by the Democratic Senatorial Campaign Committee (DSCC) and the League of Women Voters of Massachusetts.

  • April 07, 2026

    Judge Grants Motion To Unseal Names Of DOGE Agents In Privacy Act Violations Suit

    NEW YORK — Finding that the U.S. Office of Personnel Management (OPM) and the Department of Government Efficiency (DOGE) failed in “their burden of demonstrating that continued sealing of the DOGE Agents’ identities is necessary to preserve a higher value,” a New York federal judge granted a motion filed by unions and related parties to unseal the names of 16 DOGE agents in a suit alleging that DOGE violated the Privacy Act and the Administrative Procedure Act (APA) by accessing personnel records maintained by the OPM.

  • April 06, 2026

    Partial Judgment Granted To Tesla In FOIA Dispute Over Vehicle Safety Records

    WASHINGTON, D.C. — A District of Columbia federal judge granted in part motions for summary judgment filed by Tesla Inc. and the National Highway Traffic Safety Administration in a Freedom of Information Act (FOIA) dispute with WP Company LLC d/b/a The Washington Post, which sought to compel disclosure of certain safety records for Tesla vehicles, finding that Tesla’s hardware and software version data and crash narratives qualify as confidential under a FOIA exemption because disclosure would cause competitive harm but that the court cannot conclude NHTSA met its burden to show harm if the operational design domain (ODD) data is disclosed.

  • April 06, 2026

    High Court Sends FBI’s State Secrets Privilege Case Back To District Court

    WASHINGTON, D.C. — Granting the FBI’s petition for a writ of certiorari in a state secrets privilege case about governmental surveillance and religious discrimination, the U.S. Supreme Court in its April 6 orders list vacated the challenged judgment and instructed that the case be remanded “to the district court for reconsideration in light of recent factual developments pertinent to this case and the government's motion to dismiss.”

  • April 03, 2026

    Government, Amici File Merits Briefs In High Court’s Geofence Warrant Case

    WASHINGTON, D.C. — As oral argument approaches in a U.S. Supreme Court case where the petitioner was convicted of armed robbery through cell phone location evidence obtained through a geofence warrant that he argues was unconstitutional, the U.S. government filed a merits brief contending in part that the petitioner’s “dramatic expansion of the Fourth Amendment would stifle developments in . . . evolving areas of law and handicap the investigation of major crimes,” and amici curiae including local government organizations made similar arguments.

  • April 03, 2026

    Web Tracking Wiretap Case Remanded To State Court For Lack Of Standing

    PITTSBURGH — Relying on the August opinion in Cook v. Gamestop, a Third Circuit U.S. Court of Appeals panel determined that a website user failed to allege a concrete injury to establish Article III standing, vacated a Pennsylvania federal court’s judgment and ordered the website user’s state wiretapping claim against Harriet Carter Gifts Inc. remanded to state court, holding that her alleged online browsing activity did not involve the transmission of sensitive or personal information required to establish a cognizable injury and “involved only routine conduct.”

  • April 02, 2026

    Data Breach Suit Dismissed, But Some Claims Ordered For Arbitration Resolution

    ST. LOUIS — A Missouri federal judge ruled that customers whose personally identifiable information (PII) was compromised in a 2024 data breach sufficiently alleged Article III standing in a consolidated amended class action complaint, but dismissed their claims without prejudice for failure to state a claim, compelled arbitration for two named individuals based on loan-related agreements and denied without prejudice arbitration as to two others due to a factual dispute.

  • April 02, 2026

    Protective Order Sought In Epstein Privacy Violation Suit Against Google, DOJ

    SAN JOSE, Calif. — An alleged victim of convicted sex offender Jeffrey Epstein filed a motion in California federal court seeking a protective order to proceed under a pseudonym in her putative class suit alleging that U.S. Department of Justice violated the Privacy Act by wrongfully disclosing her personally identifiable information and that of other victims of Epstein when releasing files pursuant to the Epstein Files Transparency Act and that Google LLC continues to republish that information.

  • April 02, 2026

    Judge Reduces Attorney Fee Award, Approves Settlement In Google Data Sharing Row

    OAKLAND, Calif. — Deeming the proposed settlement “fair, adequate, and reasonable,” a California federal judge approved a settlement in a consolidated class action lawsuit over Google LLC’s purported data sharing via its real-time bidding (RTB) and granted in part the plaintiffs’ motion for attorney fees, costs and service awards, applying the lodestar method to assess attorney fees due to the “speculative” nature of the plaintiffs’ evidence regarding the success of the injunctive relief sought.

  • April 01, 2026

    Summary Judgment Denied For Unions, Government On APA Claims In DOGE Access Suit

    WASHINGTON, D.C. — A federal judge in the District of Columbia on March 31 denied summary judgment to both sides — unions and nonprofits and federal government agencies — as to Administrative Procedure Act (APA) claims in a case over U.S. Digital Service and U.S. DOGE Service Temporary Organization (together, DOGE) personnel’s right to access U.S. Department of Labor (DOL) records, finding that “real disputes over facts foundational to plaintiffs’ APA claims . . . persist.”

  • April 01, 2026

    Claim Preclusion Inapplicable In Indemnification Suit Over $20M BIPA Settlement

    CHICAGO — A federal judge in Illinois held that claim preclusion does not apply to a lawsuit seeking indemnification from an insurer for an underlying $20 million settlement arising from a class action lawsuit alleging the insured violated the Illinois Biometric Information Privacy Act (BIPA), further finding that although the policy’s access or disclosure exclusion applies to the underlying class action, there are genuine disputes of material facts as to the plaintiffs’ mend-the-hold and waiver arguments that may prevent the insurer from raising the exclusion.

  • April 01, 2026

    9th Circuit Denies Rehearing In Challenge Over $115M Data Collection Settlement

    SAN FRANCISCO — A Ninth Circuit U.S. Court of Appeals panel unanimously denied an objector’s petition for rehearing en banc of its decision affirming a district court order granting final approval of a $115 million class action settlement resolving claims that Oracle America Inc. unlawfully tracked and monetized users’ online activity, noting that no judge requested a vote after the full court was advised of the petition.

  • March 26, 2026

    Judge Amends Protective Order On Use Of AI Tools In Chemical Injury Suits

    KANSAS CITY, Kan. — A U.S. magistrate judge in Kansas on March 25 amended a protective order governing the use of AI tools in chemical injury litigation, stating that any party that wishes to use an AI tool in connection with discovery materials must, prior to using the tool, provide written notice of its intent to use the tool because submission of discovery materials to an open AI tool may violate U.S. data privacy laws as well as strict disclosure rules under the European General Data Protection Regulation (GDPR).

  • March 26, 2026

    $2.9M Data Breach Class Action Settlement Receives Final Approval

    WARWICK, R.I. — A Rhode Island state judge granted final approval of a $2.9 million class action settlement that resolves claims alleging that a health care provider failed to protect patient data from a 2024 ransomware attack; the class action settlement also provides service awards of $4,000 for each class representative and attorney fees of nearly $1 million.

  • March 26, 2026

    Summary Judgment Affirmed In Favor Of Health Provider In Data-Sharing Dispute

    BALTIMORE — A Maryland appellate panel affirmed summary judgment in favor of a health care provider in a suit alleging that its website’s embedded tracking code unlawfully disclosed patient data, holding that the Maryland Electronic Surveillance Act’s definition of communication does not include the transmission of metadata such as IP addresses, cookie values and URL information.

  • March 25, 2026

    Insurer Urges High Court To Resolve Circuit Split Over Data Breach Standing

    WASHINGTON, D.C. — Writing that the lower courts “have yet to settle on a consistent standard” for Article III standing in data breach cases, an insurance group and its subsidiaries petitioned the U.S. Supreme Court for a writ of certiorari, arguing that the Fourth Circuit U.S. Court of Appeals improperly expanded standing in a data breach class action by allowing a pair of plaintiffs to proceed based on the alleged disclosure of nonsensitive personal information by a third-party hacker, creating circuit splits and warranting review.

  • March 24, 2026

    TRO Denied In Putative Class Suit Over Government’s Biometric Data Collection

    PORTLAND, Maine — A federal judge in Maine on March 23 opined that a putative class complaint that accuses the U.S. Department of Homeland Security and its various agencies of violating the constitutional rights of Maine residents by collecting their biometric and personal data while they are observing and recording public immigrant enforcement operations “raises serious constitutional issues” but declined to issue a temporary restraining order (TRO) as the plaintiffs failed to sufficiently show a likelihood that they will succeed on the merits of their claims.

  • March 24, 2026

    $68M Settlement For Google Assistant Eavesdropping Claims Gets Preliminary OK

    SAN JOSE, Calif. — A California federal judge granted a motion for preliminary approval of a $68 million settlement of a group of plaintiffs’ putative class claims against Google LLC and Alphabet Inc. (collectively Google) for allegedly eavesdropping on Google Assistant (GA) users in violation of California’s unfair competition law (UCL) and privacy laws.

  • March 23, 2026

    FCC: Constitution Allows Forfeiture Orders In Verizon, AT&T High Court Challenge

    WASHINGTON, D.C. — The Federal Communications Commission and the U.S. government on March 20 filed their response in the U.S. Supreme Court in consolidated cases where Verizon Communications Inc. and AT&T Inc. assert constitutional challenges to the FCC’s enforcement of monetary forfeitures under the Communications Act.

  • March 20, 2026

    $7.75 Million Class Action Settlement Approved In Data Breach Dispute

    GREENVILLE, S.C. — A South Carolina federal judge granted final approval to a $7.75 million class action settlement resolving claims that a financial services company and its affiliated lending subsidiaries failed to safeguard consumers’ names and Social Security numbers in a February 2023 data breach.

  • March 19, 2026

    $5M Class Deal In Geisinger Data Breach Case Wins Final Approval

    WILLIAMSPORT, Pa. — A Pennsylvania federal judge granted final approval of a $5 million settlement agreement between a Pennsylvania health care provider and its tech services vendor who were sued over a 2023 data breach, while separately approving $2,000 service awards for each of the named plaintiffs.

  • March 19, 2026

    Judge Denies Dismissal For Lack Of Standing In Stolen PII Data Breach Class Suit

    HOUSTON — A Texas federal judge adopted a magistrate judge’s memorandum and recommendation advising denying dismissal for lack of standing of a motion filed by a utility company and third-party benefits administrator in a putative class action against them and an employee benefit plan services company for failure to secure personally identifiable information (PII) in a data breach, finding that some of the plaintiffs sufficiently alleged injury from identity thefts to establish standing.

  • March 19, 2026

    Tenn. Federal Judge OKs Final Approval Of Settlement In Data Breach Class Action

    KNOXVILLE, Tenn. — A Tennessee federal judge granted final approval of an $807,500 class action settlement resolving consolidated claims that a restaurant franchisee failed to safeguard employees’ personally identifiable information (PII), resulting in a January 2023 data breach that exposed the data of more than 100,000 current and former workers.

  • March 17, 2026

    122K Cy Pres Award Approved In $27.5M Thomson Reuters Data-Selling Settlement

    SAN FRANCISCO — A California federal judge approved the cy pres distribution of $122,101.51 in remaining funds to a nonprofit consumer advocacy organization from a $27.5 million settlement of a class action over Thomson Reuters Corp.’s online gathering and sale of personally identifiable information (PII) of Californians, holding that the nonprofit has the requisite nexus to the privacy claims asserted on behalf of the class.

  • March 17, 2026

    Amici Supporting Neither Party Weigh In On High Court’s Geofence Warrant Case

    WASHINGTON, D.C. — As merits briefing continues in a case where the petitioner was convicted of armed robbery through cell phone location evidence obtained through a geofence warrant that he argues was an unconstitutional violation of the Fourth Amendment to the U.S. Constitution, the latest batch of amicus curiae briefs comes from entities that say they support neither party, including Microsoft Corp. and software and computer industry associations.