Newsletter RSS

Mealey's Data Privacy

  • September 17, 2025

    Data Breach Suit Against Casino Mostly Survives Dismissal

    LAS VEGAS — The operator of a casino that was hit by a data breach in 2024 saw its motion to dismiss putative class privacy, negligence and unfair competition claims mostly denied by a Nevada federal judge, who found that a group of customers and former employees adequately alleged most of their claims and supported them with assertions of cognizable injuries.

  • September 16, 2025

    Insurers Fail To Settle Equitable Contribution Suit Over Unlawful Recording Claims

    SAN DIEGO — A federal court in California on Sept. 15 reported that following an early neutral evaluation conference, a cyber liability insurer and a defendant insurer did not reach a settlement of the cyber liability insurer’s lawsuit seeking equitable contribution and indemnification for an underlying lawsuit alleging that their mutual insured intentionally failed to disclose that hidden cameras were installed in operating rooms and recorded patient procedures in an effort to investigate drug theft.

  • September 16, 2025

    Suit Against Relocation Firm Over Data Breach Mostly Survives Dismissal Motion

    LOS ANGELES — Although a California federal judge dismissed as insufficiently pleaded a California woman’s bailment claim against a relocation service provider related to a 2024 data breach, the plaintiff’s contract, privacy and negligence putative class claims were deemed adequately alleged to withstand the defendant's dismissal motion.

  • September 16, 2025

    $95 Million Settlement Of Siri Eavesdropping Class Action Gets Final Approval

    OAKLAND, Calif. — A California federal judge gave a final OK to a $95 million settlement of a six-year-old class action accusing Apple Inc. of collecting unauthorized recordings of Apple device users via its Siri digital assistant, deeming the settlement “fair, adequate, and reasonable.”

  • September 15, 2025

    Magistrate Approves $1.5 Million Settlement Of Garda Data Breach Suit

    WEST PALM BEACH, Fla. — More than five months after he preliminarily approved a $1.5 million settlement between a security company and a group of employees that sued it over the theft of their personally identifiable information (PII) in a 2023 data breach, a Florida federal magistrate judge granted final approval, deeming the deal in compliance with federal rules and, as such, “fair, adequate and reasonable.”

  • September 12, 2025

    Debt Collector: 8th Circuit Suit Boosts Intrusion Upon Seclusion Certiorari Bid

    WASHINGTON, D.C. — A debt collection firm, which asked the U.S. Supreme Court to clarify whether a single errantly sent letter is sufficiently comparable to the tort of intrusion upon seclusion to establish jurisdiction for a claim under the Fair Debt Collection Practices Act (FDCPA), filed a supplemental brief telling the high court that a recent Eighth Circuit U.S. Court of Appeals ruling, which conflicted with the ruling it appeals, further supports the need for a grant of certiorari on the matter.

  • September 12, 2025

    3rd Circuit Asks N.J. High Court Whether Data Shield Law Liability Needs Mens Rea

    PHILADELPHIA — Two months after hearing oral arguments in a dispute over the constitutionality of a New Jersey law that provides for deletion of public officials’ private information from data brokers’ records, a Third Circuit U.S. Court of Appeals panel certified two questions to the New Jersey Supreme Court, asking it to clarify whether a finding of liability under the statute requires a determination of a defendant’s mental state.

  • September 11, 2025

    IRS, ICE Must Give Judge Administrative Record Of Taxpayer Info-Sharing Policy

    WASHINGTON, D.C. — In a posthearing minute order, a District of Columbia federal judge directed the Internal Revenue Service and Immigration and Customs Enforcement to submit the administrative record related to a recently enacted policy under which the IRS agreed to share certain taxpayers’ last known addresses with ICE for immigration enforcement purposes, with the judge deeming the record necessary to resolve plaintiff organizations’ motion to stay or enjoin this new information-sharing policy as barred by the Administrative Procedure Act (APA).

  • September 10, 2025

    4th Circuit Stays Mandate In Unions’ DOGE Data Access Case Until Petition Decided

    RICHMOND, Va. — The Fourth Circuit U.S. Court of Appeals temporarily stayed the mandate in an appeal over U.S. Department of Government Efficiency’s (DOGE) access to individuals’ personally identifiable information (PII) until after a petition for rehearing en banc filed by the unions and veterans who brought the complaint is considered.

  • September 09, 2025

    Judge Rules Email Subscription Does Not Confer Consumer Status Under VPPA

    NEW YORK — A Missouri woman’s Video Privacy Protection Act (VPPA) claim against NBCUniversal Media LLC was dismissed for a third time by a New York federal judge who found that although the plaintiff sufficiently pleaded that NBC knowingly collected her personally identifiable information (PII) connected with her viewing of videos on the website of the Today Show, the plaintiff did not establish that she qualified as a consumer under the statute.

  • September 05, 2025

    Chinese Toymaker Settles FTC Claims Of Kids’ Location Data Sharing For $500,000

    SAN FRANCISCO — The United States and a Chinese toy company reached a settlement of claims that the company violated minors’ privacy through its collection of their geolocation data via the firm’s robot toys, telling a California federal court that they had agreed to a penalty of $500,000 to dispose of the claims brought under the Children’s Online Privacy Protection Act (COPPA) and the Federal Trade Commission Act.

  • September 05, 2025

    Jury Awards Google Users More Than $425M For Online Data Gathering

    SAN FRANCISCO — After an 11-day trial in a five-year-old privacy class action, a California federal jury awarded two classes of mobile device users more than $425 million for invasion of privacy and intrusion upon seclusion by Google LLC for the company’s practice of tracking mobile device users’ online activity despite selecting a setting to opt out of such data collection.

  • September 05, 2025

    3rd Circuit: Policy Violations Not Federal Crimes, Passwords Not Trade Secrets

    PHILADELPHIA — Under the Computer Fraud and Abuse Act (CFAA), workplace policy infractions are not federal crimes and federal and Pennsylvania laws do not hold that passwords protecting proprietary business information are trade secrets, a Third Circuit U.S. Court of Appeals panel found “for the first time” in affirming a district court ruling that two former employees of a national debt-collection firm did not commit computer fraud, steal trade secrets or violate other state and federal laws through the creation and sharing of a spreadsheet containing passwords and login information protecting “confidential and proprietary information.”

  • September 04, 2025

    Disney Settles Children’s Online Privacy Violations With FTC For $10 Million

    LOS ANGELES — In a stipulation and proposed order filed in California federal court, Disney Worldwide Services Inc. and Disney Entertainment Operations LLC (together, Disney) have agreed to pay $10 million to settle allegations by the Federal Trade Commission that it violated the Children’s Online Privacy Protection Act (COPPA) by not properly designating whether videos it uploaded to YouTube were made for kids (MFK), which resulted in the collection of children’s personal data.

  • September 03, 2025

    38 Amici Back Pregnancy Center In High Court Subpoena Row; DOJ Seeks To Argue

    WASHINGTON, D.C. — With the Sept. 2 filing of an amicus curiae brief by six pregnancy centers, 38 briefs have been filed in the U.S. Supreme Court in support of the operator of New Jersey pregnancy centers that has resisted complying with a subpoena issued by the state’s attorney general seeking, among other things, the identities of the organization’s donors.

  • September 03, 2025

    X Corp., Privacy Group Back Convicted Robber’s Geofence Warrant Certiorari Bid

    WASHINGTON, D.C. — Social network operator X Corp. and a nonprofit privacy rights organization filed amicus curiae briefs in the U.S. Supreme Court supporting a petition for certiorari challenging the constitutionality of geofence warrants, which was filed by a man who was convicted of robbery based on geofence evidence.

  • September 03, 2025

    Judge Won’t Compel Claim Forms, Documents In Wawa Data Breach Settlement

    PHILADELPHIA — A Pennsylvania federal judge found no merit to objections raised by Wawa Inc. related to class members’ claims rate in responding to a preliminarily approved settlement agreement over a 2019 data breach, leading her to deny the convenience store chain’s motion to compel production of claim forms or communications between the settlement administrator and  counsel for plaintiff financial institutions (FIs).

  • September 02, 2025

    NBA Asks Supreme Court To Reject Invitation To Combine VPPA Petitions

    WASHINGTON, D.C. — For the second time in two weeks, the National Basketball Association  on Aug. 29 filed a supplemental brief asking the U.S. Supreme Court to reject an invitation to postpone the pending conference on its petition for certiorari over how to define a consumer under the Video Privacy Protection Act (VPPA), this time opposing a suggestion by the filer of a recently submitted certiorari petition in another VPPA lawsuit that the court consider both petitions in the same conference.

  • September 02, 2025

    Online Sports Fan Suggests Supreme Court Consider VPPA Cert Petitions Together

    WASHINGTON, D.C. — Six days after a Texas woman filed a petition for certiorari asking the U.S. Supreme Court to consider the standard for what constitutes “personally identifiable information” (PII) under the Video Privacy Protection Act (VPPA), she filed a letter proposing that, because of “overlap” with another case that is currently in the certiorari petition stage, the high court “may wish to consider” the two cases “during the same Conference.”

  • August 29, 2025

    9th Circuit Affirms Dismissal Of Session-Replay Suit For Lack Of Concrete Injury

    PASADENA, Calif. — Relying largely on TransUnion LLC v. Ramirez, a Ninth Circuit U.S. Court of Appeals panel upheld a trial court’s dismissal of a privacy suit over a session-replay program created by Microsoft Corp., finding that a plaintiff did not establish standing under Article III of the U.S. Constitution because she did not show that she suffered a harm that was “remotely similar” to one that has “traditionally been actionable in our nation’s legal system.”

  • August 28, 2025

    Texas Appeals Court: Hospital Is Immune From Data Breach Suit, Subsidiary Isn’t

    HOUSTON — Partly affirming the dismissal of a consolidated lawsuit brought by patients over the exposure of their personally identifiable information (PII) in a hospital’s data breach, a Texas appeals court panel found that the hospital sufficiently established that it was immune from the claims due to its status as a government entity.

  • August 27, 2025

    Judge Issues Mixed Ruling On Federal Preemption Of New Jersey Data Shield Law

    CAMDEN, N.J. — Addressing an argument that was not covered in a June memorandum, a New Jersey federal judge delivered a mixed ruling on certain defendants’ arguments that a state law protecting law enforcement and court personnel’s private information is preempted by federal laws.

  • August 27, 2025

    Judge Dismisses Civil Rights Claims In Privacy Suit Over Educational Software

    CHICAGO — An Illinois federal judge found no jurisdiction over one defendant, dismissing it from a putative class action alleging improper collection of students’ personal information via an educational software platform, and also dismissed claims brought against other defendants under federal civil rights law.

  • August 26, 2025

    Illinois Panel Reverses Class Certification In Pepperidge Farm BIPA Case

    CHICAGO — A trial court must “make explicit findings as to whether any possible conflict of interest” exists as to class counsel in an Illinois Biometric Information Privacy Act (BIPA) case brought against Pepperidge Farm Inc. by an employee, an Illinois appellate panel ruled Aug. 25, reversing class certification after the sole named plaintiff’s daughter’s firm was permitted to remain as class counsel.

  • August 26, 2025

    BIPA Suit Against Coinbase Stayed Pending 7th Circuit Ruling In Parallel Suit

    CHICAGO — Granting a motion by Coinbase Inc., an Illinois federal judge stayed a putative class action accusing the cryptocurrency exchange operator of violating the Illinois Biometric Information Privacy Act (BIPA) by using photos in its user authentication process, with the judge concluding that the Seventh Circuit U.S. Court of Appeals’ upcoming ruling in another case pertaining to user authentication using biometric identifiers is likely to affect the issues in the present case.