Newsletter RSS

Mealey's Data Privacy

  • December 11, 2024

    FTC Announces Refunds Under Epic Games $245M Settlement For Fortnite Purchases

    WASHINGTON, D.C. — The Federal Trade Commission (FTC) announced that it is sending the first round of refunds that will total more than $72 million as part of Epic Games Inc.’s agreement to pay $245 million to resolve allegations that users were tricked into purchasing items while playing the popular online game Fortnite and that children playing the game were allowed to purchase items without parental consent.

  • December 11, 2024

    Health Data Clearinghouse Fined $250,000 By HHS For Exposure Of Patients’ Info

    WASHINGTON, D.C. — The U.S. Department of Health and Human Services (HHS) on Dec. 10 announced that it had resolved “longstanding” failures by a health data clearinghouse to comply with the security rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

  • December 11, 2024

    Employee Seeks Reconsideration Of Ruling On Retroactivity Of BIPA Limits Act

    CHICAGO — A worker moved for reconsideration of a federal judge’s ruling that an August amendment to Illinois’ Biometric Information Privacy Act (BIPA) that places limits on an individual’s recovery for certain data release violations applies retroactively, citing a Nov. 22 ruling he says reached the opposite conclusion.

  • December 11, 2024

    Credit Unions Ask Court To Deny Wawa Discovery, Approve Data Breach Suit Agreement

    PHILADELPHIA — A group of financial institutions (FIs) suing Wawa Inc. over its 2019 data breach filed a motion asking a Pennsylvania federal court to deny the defendant’s motion to compel certain communications related to the claims filing process for class members and to grant final approval to a three-tiered settlement agreement that received preliminary approval more than a year ago.

  • December 10, 2024

    Saudi Dissident Seeks En Banc 9th Circuit Rehearing Of Twitter Negligence Suit

    SAN FRANCISCO — Arguing that a trial court improperly dismissed his negligence claims against Twitter Inc. at the pleadings stage based on the statute of limitations and constructive notice, a Saudi dissident who blames Twitter for the hacking of his account asks the Ninth Circuit U.S. Court of Appeals to rehear his appeal en banc in light of a panel decision that split on the timeliness of his complaint.

  • December 10, 2024

    Insured, 2nd CGL Insurer Seek Dismissal Of Coverage Suit Over BIPA Violation Claim

    CHICAGO — An insured and the remaining commercial general liability insurer in its lawsuit seeking a declaration as to coverage for an underlying putative class lawsuit alleging that it violated the Illinois Biometric Privacy Act (BIPA) filed a stipulation asking an Illinois federal court to dismiss with prejudice all claims between them.

  • December 03, 2024

    COMMENTARY: The Future Of Work: Exploring The Employment And Data Protection Law Implications Of The Use Of Artificial Intelligence (AI) In European Workplaces

    By Matthew Howse, Louise Skinner, Vishnu Shankar and William Mallin

  • December 06, 2024

    Google, Advertising Developer Denied Early Appeal Of Minors’ Data Collection Claims

    SAN FRANCISCO — A California federal judge denied Google LLC and its advertising subsidiaries’ motion to certify for interlocutory appeal the court’s earlier order denying their motion to dismiss a nationwide putative class action brought by minors under 13 who say their personal data was unlawfully collected, finding that the issues involved don’t warrant an early appeal.

  • December 05, 2024

    Lobstermen’s Constitutional Challenge To Maine Electronic Tracking Rule Dismissed

    BANGOR, Maine — Although a Maine federal judge sympathized with some of the privacy concerns raised by a group of lobstermen who sought to have a new electronic tracking rule declared unconstitutional, he found that their claims were precluded under sovereign immunity and that the rule meets with requirements for conducting warrantless searches in a closely regulated industry.

  • December 05, 2024

    Judge Urges Immediate Appeal Of Ruling On Law Protecting Info Of Judges, Police

    CAMDEN, N.J. — On the heels of denying a consolidated motion to dismiss claims against dozens of data brokers and related companies under a New Jersey law that enhances privacy protection for personal data of law enforcement and court personnel, a New Jersey federal judge issued an order recommending an immediate appeal of his ruling because it “involves a controlling question of law as to which there is a substantial ground for difference of opinion.”

  • December 05, 2024

    $30M 23andMe Data Breach Settlement Gets Court’s Conditional Preliminary OK

    SAN FRANCISCO — The California federal judge overseeing a multidistrict litigation involving claims against genetic testing company 23andMe Inc. for failing to protecting users’ data from hackers granted preliminary approval on Dec. 4 to a $30 million settlement of the claims on the condition that the plaintiffs amend their definition of the settlement class to exclude parties who are pursuing arbitration and despite “serious concerns” with the plaintiffs’ $7.5 million attorney fees request.

  • December 05, 2024

    Target Denied Dismissal, Sanctions In Facial Scanning Privacy Class Complaint

    CHICAGO — Four customers of Target Corp. have sufficiently alleged violation of Illinois’ Biometric Information Privacy Act (BIPA) via the use of in-store facial recognition technology, an Illinois federal judge found, denying the retail giant’s motions to dismiss and for sanctions in light of the early stage of litigation and the undeveloped record.

  • December 04, 2024

    FTC Announces Actions Over Data Brokers’ Sale Of Precise Location Data

    WASHINGTON, D.C. — The Federal Trade Commission on Dec. 3 announced agency actions it has taken against data brokers that bought and sold individuals’ precise location data in violation of the Federal Trade Commission Act, simultaneously filing complaints and decisions in both actions.

  • December 04, 2024

    Policy Exclusion Bars Coverage For BIPA Suit, Illinois Panel Rules In Reversal

    CHICAGO — An Illinois appeals panel held that insurers have no duty to defend their insured against an underlying class action lawsuit alleging that the insured violated the Illinois Biometric Information Privacy Act (BIPA) because the policies’ “Recording and Distribution” exclusion barred coverage, reversing a lower court’s judgment in favor of the insured and remanding.

  • December 03, 2024

    Judge Rules On Cross-Motions For Summary Judgment In BIPA Violation Coverage Suit

    CHICAGO — A federal judge in Illinois granted in part and denied in part cross-motions for summary judgment filed by an excess insurer and a franchisee of the Burger King chain in its breach of contract lawsuit seeking a declaration that the insurer has a duty to defend it against an underlying putative class lawsuit alleging that it violated the Illinois Biometric Information Protection Act (BIPA).

  • December 03, 2024

    Judge Chides Data Breach Attorneys For ‘Sub-Par’ Work, Reduces Fees Award

    NEW HAVEN, Conn. — Despite granting final approval to a $1.5 million settlement of a lawsuit over a health care services provider’s 2022 data breach, as well as the plaintiffs’ requests for service awards and cost reimbursements, a Connecticut federal judge reduced the requested attorney fees award for using “very, very high” rates in light of “significant errors” by plaintiffs’ counsel.

  • December 02, 2024

    Insurers To Pay $11.3 Million To New York State Over Data Breaches

    ALBANY, N.Y. — New York Attorney General Letitia James and the New York State Department of Financial Services (DFS) have reached agreements with two national auto insurance companies under which they will pay a total of $11.3 million in penalties for “having poor data security,” which the attorney general said led to data breaches that exposed the personally identifiable information (PII) of their policyholders.

  • November 25, 2024

    Supreme Court Declines To Consider Res Judicata In Data Breach Arbitration Suit

    WASHINGTON, D.C. — A Texas company’s petition for certiorari on issues of the preclusive effect of a judgment on an arbitration, both related to a 2019 data breach, was denied without comment by the U.S. Supreme Court in its Nov. 25 order list.

  • November 22, 2024

    COMMENTARY: 2024 Key Insurance Decisions, Trends & Developments & A Look Ahead To 2025

    By Scott M. Seaman, Pedro E. Hernandez and Lisa M. Roccanova

  • November 22, 2024

    Federal Judge: Illinois Act Placing Limits On BIPA Recovery Applies Retroactively

    CHICAGO — An August amendment to Illinois’ Biometric Information Privacy Act (BIPA) that placed limits on an individual’s recovery for certain data release violations applies retroactively, a federal judge in Illinois ruled, dismissing for lack of subject matter jurisdiction an employee’s complaint against his employer.

  • November 22, 2024

    Judge Strikes Insurer’s Counterclaim Against Burger King Franchisee As Redundant

    CHICAGO — A federal judge in Illinois granted a franchisee of the Burger King chain’s motion to strike an excess insurer’s declaratory judgment counterclaim in its breach of contract lawsuit seeking a declaration that the insurer has a duty to defend it against an underlying putative class lawsuit alleging that it violated the Illinois Biometric Information Protection Act (BIPA), finding that the counterclaim is redundant and “serves no useful purpose.”

  • November 22, 2024

    U.S. High Court:  Data-Sharing Incident Disclosure Petition Improvidently Granted

    WASHINGTON, D.C. — The U.S. Supreme Court on Nov. 22 “dismissed as improvidently granted” a petition for a writ of certiorari filed by Meta Platforms Inc. (formerly Facebook Inc.) and the company’s senior executives after the Ninth Circuit U.S. Court of Appeals held that the company issued misleading statements about the risk of potential misuse of user data because the company was aware that it had already occurred; the one-page per curiam opinion was filed a little over two weeks after the justices heard oral arguments.

  • November 22, 2024

    California Appeals Panel Finds Tech Firm’s Claims Over Ransomware Attack Untimely

    SAN JOSE, Calif. — A trial court properly dismissed a cloud solutions firm’s amended contractual cross-claims over its client’s ransomware attack as barred by the statute of limitations, a California appeals panel ruled, finding that the company’s decision to originally name its client’s insurer and subrogee as cross-defendant was intentional and not a mistake.

  • September 17, 2024

    23andMe Asks MDL Judge To Approve $30M Data Breach Settlement

    SAN FRANCISCO — Genetic data company 23andMe Inc. filed a brief urging the U.S. District Court for the Northern District of California to grant preliminary approval to a $30 million settlement to resolve claims in a multidistrict litigation brought by plaintiffs whose genetic data on 23andMe’s website was hacked and offered for sale online and asking the court to enjoin separate litigation and arbitrations brought against it for the breach that it says could “jeopardize . . . the Settlement.”

  • November 21, 2024

    Some 23andMe Users Seek Arbitration, Not Class Action, For Data Breach Claims

    SAN FRANCISCO — In a brief filed in California federal court, several users of 23andMe Inc.’s website defend their right to pursue arbitration against the company for the theft of their genetic information by hackers, arguing that their decision to arbitrate defeats any typicality of claims between them and class members in a multidistrict litigation (MDL) over the theft and makes preliminary approval of a settlement of the MDL inappropriate.

Can't find the article you're looking for? Click here to search the Mealey's Data Privacy archive.