Newsletter RSS

Mealey's Data Privacy

  • April 30, 2025

    Amici Tell 3rd Circuit Well-Intentioned Data Shield Law Violates 1st Amendment

    PHILADELPHIA — Two trade associations and a nonprofit open records advocate teamed up on an amicus curiae brief in the Third Circuit U.S. Court of Appeals, supporting a group of data brokers that seek to have a New Jersey data shield law, which protects personal data of judges and police, declared in violation of the First Amendment to the U.S. Constitution.

  • April 29, 2025

    $2.4 Million Settlement Of Anesthesia Firms’ Data Breach Gets Final Approval

    WHITE PLAINS, N.Y. — The same day that a New York federal judge presided over a fairness hearing for a $2.4 million settlement of a data breach suit against an anesthesia provider management company, he granted final approval of the agreement, disposing of putative class negligence and consumer protection violation claims against the firm and its affiliates in an April 28 order.

  • April 29, 2025

    WhatsApp, Meta File Jury Instructions In Computer Fraud Suit Against Spyware Firm

    OAKLAND, Calif. —  One day before the start of a jury trial, plaintiffs WhatsApp LLC and Meta Platforms Inc. and defendants NSI Group Technologies Limited and Q Cyber Technologies Limited filed their proposed jury instructions in a California federal court in a dispute over alleged computer fraud, with each side submitting their own instructions on the federal Computer Fraud and Abuse Act (CFAA).

  • April 29, 2025

    As 6th Circuit Mulls Rehearing 1 VPPA Suit, High Court Extends Briefing In Another

    WASHINGTON, D.C. — The U.S. Supreme Court granted a 60-day extension for a man to submit his response to a petition for certiorari pertaining to the Video Privacy Protection Act (VPPA) in light of his pending rehearing motion in a very similar VPPA lawsuit on appeal in the Sixth Circuit U.S. Court of Appeals.

  • April 28, 2025

    9th Circuit Partly Reverses Enjoining Of San Francisco Pretrial Monitoring Program

    SAN FRANCISCO — Three men who were granted a preliminary injunction of certain provisions of a San Francisco electronic monitoring program saw that ruling partly reversed by a divided Third Circuit U.S. Court of Appeals panel, which found that revisions to the program alleviated some of the plaintiffs’ constitutional concerns.

  • April 28, 2025

    Judge Partly Enjoins ‘Integrity Of Elections’ Executive Order

    WASHINGTON, D.C. — A District of Columbia federal judge granted motions headed up by nonprofit voting rights organizations the League of Women Voters (LWV) and the League of United Latin American Citizens (LULAC), as well as the Democratic National Committee (DNC) to preliminarily enjoin one section of President Donald J. Trump’s recent executive order (EO) on “Preserving and Protecting the Integrity of American Elections” that would require people registering to vote to provide certain documents containing personal information.

  • April 23, 2025

    Class Action Alleges Toyota, Progressive Violated Federal Wiretap Act

    SHERMAN, Texas — A class action was filed in a Texas federal court alleging Toyota Motor North America Inc., Progressive Casualty Insurance Co. and a provider of data analytics services in the automotive industry violated the Federal Wiretap Act and seeking to hold the defendants responsible for the injuries they inflicted on tens of thousands of class members because of their unauthorized collection and dissemination of private information from Toyota vehicles.

  • April 22, 2025

    Unions Seek Injunction In DOL DOGE Access Suit After Partial Dismissal

    WASHINGTON, D.C. — Labor unions challenging access to U.S. Department of Labor (DOL) records by personnel from U.S. Digital Service and the U.S. DOGE Service Temporary Organization (together, DOGE) filed a motion in a federal court in the District of Columbia for a preliminary injunction; the filing was made two days after a judge dismissed the plaintiffs’ standalone Privacy Act claim as well several claims brought under the Administrative Procedure Act (APA).

  • April 22, 2025

    En Banc 9th Circuit Finds Jurisdiction Over Shopping App For Cookie Collecting

    SAN FRANCISCO — The en banc Ninth Circuit U.S. Court of Appeals on April 21 reversed a panel’s ruling and found that personal jurisdiction exists over putative class claims against a payment processing and shopping app accused of violating California privacy and unfair competition laws by concealing that it was using cookies to collect California consumers’ personal data for resale.

  • April 22, 2025

    Harriet Carter Website User Appeals Wiretap Ruling To 3rd Circuit

    PITTSBURGH — In the wake of a Pennsylvania federal court’s summary judgment ruling that disposed of her state wiretapping claim against Harriet Carter Gifts Inc., a plaintiff filed a notice of appeal to the Third Circuit U.S. Court of Appeals of the ruling that found that she gave her implied consent to a third party’s interception of her communications on the website.

  • April 22, 2025

    Officer Asks 3rd Circuit For Anonymity In Police, Judge Data Shield Law Row

    PHILADELPHIA — A Jane Doe police officer moved to proceed anonymously in a coalition of data brokers’ appeal of a trial court ruling that upheld a New Jersey law requiring data brokers to remove, at a subject’s request, any data that identifies judges, law enforcement officer or family members, with Doe recounting, for the Third Circuit U.S. Court of Appeals, risks she has already faced that endangered her safety and that of her family.

  • April 21, 2025

    High Court Denies Certiorari In Dispute Over 4th Amendment ‘Purse Exception’

    WASHINGTON, D.C. — In its April 21 order list, the U.S. Supreme Court denied without comment a South Dakota woman’s petition for certiorari in which she asked whether an officer initiating a traffic stop needs probable cause to search a purse held or worn by a passenger.

  • April 18, 2025

    $20 Million Global Settlement Of Fortra Software Data Breach MDL Gets Initial OK

    MIAMI — The Florida federal judge overseeing the multidistrict litigation over a 2023 security breach, experienced by users of Fortra LLC’s file-transfer app, granted preliminary approval to a $20 million global settlement that encompasses eight of nine putative class actions filed against the software company, its clients and their customers that provides for payments of up to $5,000 for affected class members.

  • April 16, 2025

    Driver’s License Swiping Row Remanded To Oregon Court Without Attorney Fees Award

    PORTLAND, Ore. — A putative class action over a gas station chain’s practice of swiping customers’ driver’s licenses for age-restricted purchases was remanded to state court, with an Oregon federal judge fully adopting a magistrate’s recommendation to grant the plaintiff’s motion to remand for lack of standing.

  • April 16, 2025

    Judge Won’t Rethink APA Ruling Over DOGE Injunction For Treasury System Access

    NEW YORK — States that sued the U.S. Treasury Department for granting access to the payment system of the Bureau of Fiscal Services (BFS) to the U.S. Department of Government Efficiency (DOGE) failed in their motion for reconsideration of a ruling that two of their claims under the Administrative Procedure Act (APA) were unlikely to succeed, with a New York federal judge rejecting new arguments and reiterating her position that the claims under the Privacy Act and the E-Government Act (EGA) do not fall within the states’ zone of interest.

  • April 15, 2025

    Nevada High Court: Man Who Had Politicians Investigated May Not Remain Anonymous

    LAS VEGAS — In a one-paragraph order, the Nevada Supreme Court denied a petition for a writ of prohibition by a John Doe who claimed that he had a right under the First Amendment to the U.S. Constitution to proceed anonymously after he was sued for invasion of privacy by two local politicians who were surveilled by a private investigator he hired.

  • April 14, 2025

    5th Circuit: SNAP Program User Data Can’t Be Disclosed To Water System Manager

    NEW ORLEANS — The creation of a new water rate pricing structure in Jackson, Miss., that provides discounts to recipients of benefits of the Supplemental Nutrition Assistance Program (SNAP) did not constitute a federal assistance program and, therefore, the city’s water system operator is not entitled to access of SNAP recipients’ personal data as part of the efforts to implement the new rates, a Fifth Circuit U.S. Court of Appeals panel ruled.

  • April 11, 2025

    Appeals Court Revives 2 BIPA Suits Over Nursing Homes’ Biometric Timeclocks

    MT. VERNON, Ill. — In a pair of almost identical unpublished opinions, a Fifth District Appellate Court of Illinois panel reversed a trial court’s dismissal of two putative class actions by former employees alleging violations of the Illinois Biometric Information Privacy Act (BIPA) via nursing facilities’ use of biometric timeclocks.

  • April 11, 2025

    Prevailing Parties In Data Supply Agreement Row Get Almost $2.2M In Attorney Fees

    NEW YORK — Two marketing firms, which obtained a favorable summary judgment ruling over breach of contract and related claims by a data broker, were prevailing parties, a New York federal judge ruled, mostly granting their motion for attorney fees while declining to defer the ruling pending resolution of the plaintiff’s appeal.

  • April 11, 2025

    Consolidated Suit Over Medical Device Firm’s Data Breach Partly Dismissed

    BOSTON — A Massachusetts federal judge partly granted a medical device manufacturer’s motion to dismiss putative class claims against it stemming from a data breach, disposing of a fiduciary duty claim and several state law consumer protection claims, while largely allowing negligence, unjust enrichment and implied contract claims to proceed.

  • April 11, 2025

    Illinois Genetic Privacy Act Does Not Apply To Life Insurance, Judge Rules

    EAST ST. LOUIS, Ill. — The Illinois Genetic Privacy Act (GIPA) “does not apply to the underwriting practices concerning life insurance policies,” an Illinois federal judge found, granting an insurer’s motion to dismiss a putative class claim under GIPA brought against it by a woman who claimed that she was denied a life insurance policy based on information she provided about her family’s medical history.

  • April 10, 2025

    University Sued Over Lax Data Security, Delay In Breach Notification

    CHATTANOOGA, Tenn. — A university that took more than a year to notify affected individuals that their personally identifiable information (PII) was compromised in a data breach was hit with a putative class complaint in Tennessee federal court, with a prospective student alleging negligence and invasion of privacy.

  • April 09, 2025

    7th Circuit Revives MeTV VPPA Suit, Finds Website Users Are ‘Subscribers’

    CHICAGO — Reversing a trial court’s dismissal of a Video Privacy Protection Act (VPPA) putative class claim over the operator of MeTV sharing website users’ online viewing histories with Facebook, a Seventh Circuit U.S. Court of Appeals panel concluded that the plaintiffs qualify as “subscribers” or “consumers” under the act because they provided something of value — their personally identifiable information (PII) — in exchange for a subscription to the website.

  • April 09, 2025

    Harriet Carter Website User Had ‘Constructive Notice’ Of Interception, Judge Rules

    PITTSBURGH — Even though a consumer opted not to review the privacy statement on Harriet Carter Gifts Inc.’s website, a Pennsylvania federal judge found that she gave her implied consent to a third party’s interception of her communications because the practice was fully disclosed in the statement.

  • April 08, 2025

    Judge: Insurers Fail To Allege Subrogation Claims In Suit Over Ransomware Attack

    WILMINGTON, Del. — A Delaware judge granted an application service provider’s motion to dismiss with prejudice insurers’ amended complaints because the insurers failed to properly assert subrogation claims seeking recovery from the provider for the amount paid to nonprofit insureds for investigative and remediation steps arising from a ransomware attack.