Newsletter RSS

Mealey's Data Privacy

  • January 21, 2025

    9th Circuit Dismisses Inmate’s Appeal Of $725M Facebook Profile-Sharing Suit

    SAN FRANCISCO — The Ninth Circuit U.S. Court of Appeals issued a mandate, stating that a judgment in which it dismissed as untimely an inmate’s appeal of the $725 million settlement of the consolidated class action over Facebook Inc. (now known as Meta Platforms Inc.) sharing users’ profile data with Cambridge Analytica, was now in effect.

  • January 21, 2025

    New DOJ Final Rule Prohibits Certain Data Transactions With ‘Countries Of Concern’

    WASHINGTON, D.C. — Complying with an executive order issued by President Joe Biden in February 2024, the U.S. Department of Justice issued a final rule to address national security risks the United States faces from “the continued efforts of countries of concern to access, exploit, and weaponize Americans’ bulk sensitive personal and U.S. government-related data.” 

  • January 21, 2025

    MOVEit Data Breach MDL Plaintiffs Oppose Review Of Dismissal Denial

    BOSTON — A December ruling that denied dismissal of three lawsuits against one of the defendants in a multidistrict litigation over a 2023 data security incident related to MOVEit software does not merit reconsideration, the consolidated plaintiffs argue in an opposition brief, telling a Massachusetts federal court that a health tech firm did not offer any new arguments or evidence to support its quest for dismissal under the home-state exception of the Class Action Fairness Act (CAFA).

  • January 21, 2025

    Judge Dismisses Class Action Alleging Insurer Violated Insureds’ Right To Privacy

    CHICAGO — A federal judge in Illinois granted an insurer and an association of insurance companies’ motions to dismiss a putative class action alleging that they retained and disclosed the insureds’ protected health information in violation of their right to privacy pursuant to Illinois state law, finding the negligence and invasion of privacy claims barred by the immunity provision in the Illinois Insurance Code.

  • January 17, 2025

    MOVEit Data Breach MDL Plaintiffs Oppose Review Of Dismissal Denial

    BOSTON — A December ruling that denied dismissal of three lawsuits against one of the defendants in a multidistrict litigation over a 2023 data security incident related to MOVEit software does not merit reconsideration, the consolidated plaintiffs argue in an opposition brief, telling a Massachusetts federal court that a health tech firm did not offer any new arguments or evidence to support its quest for dismissal under the home-state exception of the Class Action Fairness Act (CAFA).

  • January 17, 2025

    FTC Announces New COPPA Rule Requiring Parental Consent For Targeted Ads

    WASHINGTON, D.C. — In a new final rule announced Jan. 16, the Federal Trade Commission disclosed new amendments to a rule it uses to enforce the Children's Online Privacy Protection Act (COPPA), including a requirement to obtain parents’ consent for the use of their children’s personal information for targeted advertising.

  • January 15, 2025

    Texas Sues Allstate For Collecting, Selling ‘Trillions Of Miles’ Of Driving Data

    CONROE, Texas — Texas Attorney General Ken Paxton filed a petition in Texas state court against The Allstate Corp., accusing the “insurance giant” of secretly collecting the driving behavior of more than 45 million Americans and selling the data to third parties in violation of the state’s data privacy and insurance laws.

  • January 15, 2025

    Final Approval Given To $2 Million Insurance-Funded Settlement Of Data Breach Suit

    PORTLAND, Ore. — Five months after preliminarily approving a $2 million settlement of a class action over a marketing execution firm’s 2022 data breach, an Oregon federal judge granted final approval, deeming the approval “fair, reasonable, and adequate” and in accord with the requirements of Federal Rule of Civil Procedure 23.

  • January 14, 2025

    Exclusion Bars Coverage For Home Depot’s Data Breach Loss, 6th Circuit Majority Affirms

    CINCINNATI — A majority of the Sixth Circuit U.S. Court of Appeals on Jan. 13 affirmed an Ohio federal court’s finding that a commercial general liability insurance policy’s electronic data exclusion bars coverage for Home Depot’s losses stemming from a 2014 data breach, rejecting Home Depot’s contention that the lower court “wrongly expanded the narrow electronic-data exclusion beyond its natural meaning, based on assumed facts outside the record.”

  • January 14, 2025

    AI Voice Cloning Company Voice Actors Brief Motion To Dismiss

    NEW YORK — Responding to an artificial intelligence company’s contention that voice actors’ claims were time-barred and suffered from other defects, two named class action plaintiffs told a federal judge in New York that they own the rights to their voices and that the ongoing use of cloned voices sold under different names places the case within the applicable time frame.

  • January 10, 2025

    Magistrate Won’t Sanction Google For Destroying Files It Had No Clear Duty To Keep

    OAKLAND, Calif. — Finding that the plaintiffs in a consolidated lawsuit over Google Inc.’s purported data sharing via its real-time bidding (RTB) process failed to establish that the internet giant had a duty to preserve and produce particular files in an unencrypted format, a California federal magistrate judge denied the plaintiffs’ motion for contempt and sanctions against Google.

  • January 10, 2025

    Privacy Suit Over Zillow’s Disclosure Of Watched Videos May Proceed

    SAN DIEGO — Rejecting Zillow Group Inc.’s contention that it is not “a video tape service provider,” a California federal judge found that the online real estate platform operator engaged in activities that qualify it as such under the Video Privacy Protection Act (VPPA), leading her to deny the defendant’s motion to dismiss a putative privacy class complaint against it for purportedly sharing the video-viewing history of users of its app and website.

  • January 10, 2025

    Negligence Suit Over Theft Of Genetic Data Settles For $8.9 Million

    ATLANTA — Finding a settlement fund of $8.9 million to be “fair, reasonable, and adequate” to resolve class claims brought against two cancer treatment health care companies that were affected by a 2021 ransomware attack, a Georgia federal judge granted final approval to an agreement that allows for payments of up to $1,000 or $5,000 and releases all claims against the defendants.

  • January 09, 2025

    Hospice Provider Can’t Dodge Wiretapping, Privacy Lawsuit

    SACRAMENTO, Calif. — A customer of an end-of-life care provider sufficiently alleges that the company’s use of artificial intelligence (AI) software to record clients’ telephone conversations without their consent violated the California Invasion of Privacy Act (CIPA), a California federal judge found Jan. 8, denying the defendant’s motion to dismiss.

  • January 08, 2025

    Greek Restaurant’s Claims Over Identity, Funds Theft Partly Dismissed

    RICHLAND, Wash. — In a pair of rulings, a Washington federal judge partly granted motions to dismiss by a payroll company and a mailing services firm that the owners of a Greek restaurant blame for a cybersecurity incident that they say resulted in the theft of the restaurant owner’s personally identifiable information (PII) and, ultimately, the theft of hundreds of thousands of dollars.

  • January 06, 2025

    Meta, Users Oppose Objector’s Certiorari Bid Over Service Awards, Attorney Fees

    WASHINGTON, D.C. — A class member who initially objected to the $90 million settlement of a privacy class action over the use of tracking cookies by Meta Platforms Inc. (formerly Facebook Inc.) did not present any questions meriting attention by the U.S. Supreme Court in his petition for certiorari protesting service awards and attorney fees that were approved as part of the settlement, Meta and the lead plaintiffs argue in briefs opposing certiorari.

  • January 03, 2025

    9th Circuit Partly Reverses Dismissal Of Muslims’ Suit Over FBI Surveillance

    SAN FRANCISCO — Nearly three years after the U.S. Supreme Court remanded a surveillance suit brought by a group of California Muslims against the Federal Bureau of Investigation, and 18 months after it heard oral argument in the matter, a Ninth Circuit U.S. Court of Appeals panel affirmed dismissal of constitutional claims against individual FBI agents while finding that a trial court erred in dismissing religious discrimination claims under the state secrets privilege without conducting the necessary inquiry.

  • January 03, 2025

    Trimmed Class Certification Motion In Blackbaud Data Breach MDL Rejected

    COLUMBIA, S.C. — Seven months after a South Carolina federal judge declined to certify several subclasses in a privacy multidistrict litigation against a data maintenance firm, he denied the lead plaintiffs’ motion for leave to file a renewed certification motion, finding that they had “not offered sufficient grounds for reopening class certification and further postponing resolution of [the] matter.”

  • January 02, 2025

    Siri Users Seek Initial Approval Of $95 Million Eavesdropping Claims

    OAKLAND, Calif. — A proposed $95 million settlement with Apple Inc. over the purported unauthorized recording of private conversations of Apple device users by its digital assistant Siri represents “the product of more than five years of litigation and months of negotiations” and merits preliminary approval, a group of plaintiffs tells a California federal judge in a Dec. 31 motion, in which they call the agreement “fair, reasonable, and adequate.”

  • December 20, 2024

    After Partial Dismissal, Garda Data Breach Suit Settled, Stayed, Closed

    WEST PALM BEACH, Fla. — On the heels of a ruling in which she partly granted a security firm’s motion to dismiss privacy and negligence claims over a data breach that exposed employees’ personally identifiable information (PII), a Florida federal judge granted the plaintiffs’ motion to stay the suit in light of a postruling announcement that the parties reached a conditional settlement of the putative class action.

  • December 19, 2024

    $1.25 Million Settlement Approved In Onix Group Data Breach Class Action

    PHILADELPHIA — A Pennsylvania federal judge presiding over a consolidated class action for negligence and consumer protection violations related to a 2023 data breach experienced by a Pennsylvania firm granted final approval to a $1.25 million settlement of the suit, overruling two objections and mostly granting requested attorney fees and service awards.

  • December 18, 2024

    2 Objectors To Oracle Data Collection Suit Settlement Appeal To 9th Circuit

    SAN FRANCISCO — One month after a California federal judge granted final approval to a $115 million settlement of a privacy and wiretap class action against Oracle America Inc., two class members who had lodged objections to the settlement filed notices that they were appealing the trial court’s approval ruling to the Ninth Circuit U.S. Court of Appeals.

  • December 18, 2024

    9th Circuit Denies Saudi Dissident Rehearing Over Hacked Twitter Account

    SAN FRANCISCO — A divided Ninth Circuit U.S. Court of Appeals panel’s decision to uphold the dismissal of negligence claims against Twitter Inc. will stand, per the panel’s denial of a petition for rehearing en banc by a political dissident from the Kingdom of Saudi Arabia (KSA) who blamed the social network company for allowing KSA moles to access his account for the purpose of obtaining personal information to be used against him.

  • December 17, 2024

    Dismissal Motions Mostly Denied In MOVEit Data Breach MDL

    BOSTON — In a pair of rulings, a Massachusetts federal judge declined to dismiss six of the consolidated lawsuits filed over the theft of medical data that occurred due to vulnerabilities in a file-transfer software program, finding that the home-state exception to the Class Action Fairness Act (CAFA) did not apply and concluding that plaintiffs in all but four of the hundreds of cases in the multidistrict litigation had sufficiently established standing under Article III of the U.S. Constitution.

  • December 16, 2024

    Patients, Employees Settle Data Breach Suit Against Dental Chain For $2.7 Million

    DETROIT — A Michigan federal judge granted final approval to a $2.7 million agreement that settles negligence and implied contract claims brought by the employees and patients of a multistate dental chain related to a February 2023 data breach that exposed the personally identifiable information (PII) of almost 2 million people.