Mealey's Data Privacy
-
March 21, 2025
Union, Groups Granted TRO In Suit Seeking To Stop DOGE Access To SSA Systems
BALTIMORE — A federal judge in Maryland on March 20 granted a temporary restraining order (TRO) halting access to Social Security Administration (SSA) data for anonymous individuals associated with the Department of Government Efficiency (DOGE) while calling the individuals’ actions “a fishing expedition” and stating that the federal government has not “identified or articulated even a single reason for which the DOGE Team needs unlimited access to SSA’s entire record systems, thereby exposing personal, confidential, sensitive, and private information that millions of Americans entrusted to their government.”
-
March 21, 2025
Expedited Discovery Order Reaffirmed In Union’s Suit Over DOGE Access To DOL
WASHINGTON, D.C. — A federal judge in Washington, D.C., denied reconsideration of a limited expedited discovery order in a lawsuit by labor unions and nonprofits challenging access to U.S. Department of Labor (DOL) records by personnel from U.S. Digital Service and the U.S. DOGE Service Temporary Organization (together, DOGE) and granted an amended motion for expedited discovery filed by the plaintiffs, opining that new evidence that the DOGE personnel are now also employed by the DOL “presents further reason that [DOGE’s] reporting structure needs clarifying.”
-
March 20, 2025
Wiretapping, Chatbot Class Suit Against Kroger Tossed As Lacking ‘Plausible’ Claim
LOS ANGELES — A California federal judge dismissed a putative class action suit against The Kroger Co., a U.S.-based company that operates retail grocery stores, for alleged violations of California’s wiretapping statute by using third-party software to purportedly eavesdrop on chat-based conversations on Kroger’s website, finding that the plaintiff’s “allegations do not render plausible her claim of violation” of the wiretapping statute.
-
March 20, 2025
NBA Asks Supreme Court To Decide If VPPA Harm Requires Public Disclosure
WASHINGTON, D.C. — Appealing a ruling by the Second Circuit U.S. Court of Appeals that revived a putative class claim against it for violation of the Video Privacy Protection Act of 1988 (VPPA), the National Basketball Association (NBA), in a petition for certiorari, asks the U.S. Supreme Court to clarify the standards for when a plaintiff has standing to bring a VPPA claim.
-
March 20, 2025
Judge In Snowflake MDL Won’t Disqualify Counsel For AT&T In Separate Privacy MDL
BUTTE, Mont. — The co-lead counsel in a multidistrict litigation over data breaches experienced by a data storage firm “had an ethical duty” to inform him of a potential conflict of interest with another attorney representing plaintiffs against AT&T Inc., a Montana federal judge said; however, in light of procedural and court-ordered safeguards, he declined to disqualify the attorney, who is also representing plaintiffs in another MDL over a different data breach also involving AT&T.
-
March 19, 2025
Biometric Privacy Claims Over Neutrogena Online Skin Analysis To Proceed
TRENTON, N.J. — Johnson & Johnson Consumer Inc. (J&J) must face putative claims under the Illinois Biometric Information Privacy Act (BIPA), a New Jersey federal judge held, denying the company’s second dismissal motion centering on its online Neutrogena Skin360 skin assessment product.
-
March 18, 2025
VPPA Claim Over Videos On Scientific American’s Website May Proceed, Judge Rules
NEW YORK — A Florida man has sufficiently alleged that the owner of Scientific American (SA) violated the Video Protection Privacy Act of 1988 (VPPA) by disclosing videos that he watched on the publication’s website by collecting and sharing users’ personally identifiable information (PII) via Meta Platforms Inc.’s pixel tool, a New York federal judge ruled, denying the defendant’s motion to dismiss the putative class complaint.
-
March 17, 2025
Ex-Employee’s Suit Over Food Wholesaler’s Data Breach Dismissed For Lack Of Injury
TOPEKA, Kan. — An Oklahoma man’s putative class complaint over a 2023 data breach experienced by his former employer was dismissed without prejudice by a Kansas federal judge, who found that the plaintiff lacked standing to bring negligence and privacy claims, among others, for failing to allege that his personally identifiable information (PII) was actually misused after it was stolen in the breach.
-
March 17, 2025
South Dakota Asks Supreme Court To Reject ‘Purse Exception’ To Vehicle Searches
WASHINGTON, D.C. — In a March 12 brief, South Dakota argues that the U.S. Supreme Court should reject a petition for certiorari from a woman convicted for drug possession based on evidence obtained from the search of her purse after a traffic stop, stating that, per relevant precedent, “a vehicle search extends to a purse provided there is reason to believe it contains evidence relevant to the offense of the arrest of an occupant of a vehicle.”
-
March 17, 2025
Judge Grants Hunter Biden's Request To Drop Lawsuit Over Laptop Files
SAN FRANCISCO — A California federal judge granted Hunter Biden’s ex parte application for an order of voluntary dismissal of his lawsuit against a conservative activist and his organization for violating computer fraud laws and California’s unfair competition law (UCL) by posting data from Biden’s private laptop online, but citing defense claims of “legal prejudice” and the timing of the filing entered dismissal with prejudice instead of without as Biden had requested.
-
March 17, 2025
Injunction Granted In 1st Amendment Challenge To Children’s Online Privacy Act
SAN FRANCISCO — A California federal judge again granted a motion for a preliminary injunction enjoining the enforcement of the California Age-Appropriate Design Code Act (CAADCA) in a suit filed by a trade association of online businesses challenging the CAADCA, which was enacted to provide online privacy protections for children under 18, finding that the association “is likely to prevail on its claim of facial invalidity” regarding the act’s requirement for businesses to enforce their “content policies” and “community standards.”
-
March 14, 2025
New York Alleges Insurers Violated State Data Breach Notification Laws
NEW YORK — The people of New York sued insurers in a New York court alleging that they violated state data breach notification laws by failing to alert impacted New Yorkers or state agencies of a data breach in which drivers’ license numbers of close to 200,000 consumers were exposed to attackers.
-
March 13, 2025
Judge Allows States Discovery Into DOGE’s, Musk’s Authority In Firings, Data Access
WASHINGTON, D.C. — Fourteen states that sued over purported violations of the appointments clause of the U.S. Constitution were given the opportunity to take expedited discovery on actions taken by the Department of Government Efficiency (DOGE), its personnel and Elon Musk, with a District of Columbia federal judge on March 12 finding that their discovery requests were, largely, narrowly tailored and pertinent to their forthcoming preliminary injunction motion.
-
March 13, 2025
DOL, DOGE, Others Ask Court To Rethink Expedited Discovery In Unions’ APA Suit
WASHINGTON, D.C. — The Department of Labor (DOL), the Department of Health and Human Services (DHHS), the Consumer Financial Protection Bureau (CFPB) and other parties accused of improperly providing access to citizens’ confidential information to the Department of Government Efficiency (DOGE) filed a motion asking a District of Columbia federal judge to reconsider his recent grant of expedited discovery to the plaintiff labor unions and nonprofits, asserting that changes to the “factual predicates” have “obviate[d] the need” for such discovery.
-
March 13, 2025
Appeals Court Revives 2 Data Practices Claims Against Minnesota DHS
ST. PAUL, Minn. — Although a Minnesota Appeals Court panel largely affirmed dismissal of data practices claims against the Minnesota Department of Human Services (DHS) and a vendor brought by four residents of a sex offender facility, the panel found that the plaintiffs sufficiently pleaded two claims related to the sharing of personal data without authorization and having insufficient safeguards for that data prior to contracting with the vendor.
-
March 12, 2025
Immigrant Organizations Seek To Halt DHS, ICE From Accessing IRS Records
WASHINGTON, D.C. — Filing a complaint in District of Columbia federal court on behalf of their members, two Chicago-area immigrant rights organizations seek a declaration that the Internal Revenue Service is not permitted to provide taxpayer information, including the information of immigrants, to the Department of Homeland Security (DHS) and U.S. Immigration and Customs Enforcement (ICE) for use in immigration enforcement actions in compliance with recent executive orders (EOs) of President Donald J. Trump.
-
March 11, 2025
Expedited Discovery, Dismissal Sought In States’ Suit To Halt DOGE’s Actions
WASHINGTON, D.C. — Elon Musk, President Donald J. Trump and the U.S. Department of Government Efficiency (DOGE) moved in District of Columbia federal court to dismiss a lawsuit brought by a group of 14 states opposing Musk’s involvement in DOGE’s activities, asserting that because Musk is an adviser, not an officer of the United States, the plaintiffs’ claim under the appointments clause of the U.S. Constitution is doomed.
-
March 10, 2025
No Injunction For Unions, Group To Stop DOGE Access To Treasury Data
WASHINGTON, D.C. — Two labor unions and an advocacy group that sued to stop the Department of the Treasury and the Bureau of the Fiscal Service (BFS) from allowing members of the newly formed Department of Government Efficiency (DOGE) to access BFS records saw their motion for a preliminary injunction denied March 7, with a District of Columbia federal judge concluding that they had not established a “likelihood of an irreparable injury that is ‘beyond remediation.’”
-
March 07, 2025
Privacy, Biometric Claims Over CapCot Video-Editing App Survive Dismissal
CHICAGO — An Illinois federal judge largely granted a motion by ByteDance Inc. to dismiss putative class claims over the purported collection of personal data from users of its CapCot video-editing app, finding that a group of the app’s users did not establish claims for unfair competition, unjust enrichment and violation of several federal and California state privacy laws.
-
March 07, 2025
Final Judgment Entered For $27.5 Million Thomson Reuters Data-Selling Settlement
SAN FRANCISCO — One week after a California federal judge granted final approval to a $27.5 million settlement of a class action over Thomson Reuters Corp.’s online gathering and sale of personally identifying information (PII) of Californians, he issued final judgment in the four-year-old suit, dismissing unjust enrichment and unfair competition claims against the company.
-
March 07, 2025
Judge Extends TRO Preventing DOGE Access Of OPM, DOE Data
GREENBELT, Md. — A temporary restraining order (TRO) preventing the U.S. Office of Personnel Management (OPM) and the U.S. Department of Education (DOE) from permitting access to the personally identifiable information (PII) of a group of veterans and labor organizations by personnel from the U.S. Department of Government Efficiency (DOGE) was extended March 6, with a Maryland federal judge granting the plaintiffs’ motion and ruling that the TRO will now expire on March 17, which is when a hearing on the plaintiffs’ pending preliminary injunction motion is scheduled.
-
March 05, 2025
$9.5 Million Settlement Of Payroll Firm Data Breach Suit Gets Final Approval
LOS ANGELES — Six months after a $9.5 million settlement of privacy and unfair competition claims over a payroll services provider’s 2023 data breach was preliminarily approved, a California judge gave the final stamp of approval to the agreement, also granting the plaintiffs’ motion for attorney fees, costs and class representative service awards.
-
March 05, 2025
Biometric Privacy Suit Against Adult Dating Website Stayed For Arbitration
SACRAMENTO, Calif. — A California federal judge granted a motion by a processing affiliate for the website Adult Friend Finder (AFF) to enforce a provision in the site’s terms of use (TOU) requiring a site user to arbitrate his putative claim against the affiliate under the Illinois Biometric Information Privacy Act (BIPA) for the purported collection of site users’ facial scans.
-
March 04, 2025
Parties Seek Dismissal Of Data Breach Coverage Suit Following Settlement
SEATTLE — A media tech insurer and its financial services firm insured filed a joint stipulation asking a Washington federal court to dismiss with prejudice the insurer’s lawsuit seeking a declaration that it has no duty to defend or indemnify the insured for a bank’s indemnification demand for a data breach incident and a related subrogation lawsuit brought by the bank’s insurer.
-
March 04, 2025
High Court Won’t Decide If Federal Funds Immunize Health Center From Privacy Suit
WASHINGTON, D.C. — In its March 3 order list, the U.S. Supreme Court denied certiorari to a community health center (CHC) that is the defendant in an underlying data breach lawsuit, declining to take up the center’s question over whether its status as a federally funded entity entitles it to immunity from a patient’s invasion of privacy and negligence claims.