Mealey's Data Privacy
-
September 06, 2024
Judge ‘Cautions’ WhatsApp, Denies Reconsideration To Spyware Firm In Fraud Dispute
OAKLAND, Calif. — A California federal judge on Sept. 5 denied a spyware firm’s motion for reconsideration of the judge’s order denying as moot the firm’s request to compel WhatsApp Inc.’s production of a privilege log in WhatsApp’s suit against the firm related to its alleged computer fraud because WhatsApp has now produced the log but “caution[ed]” WhatsApp that what it calls ‘“oversights’ may be grounds for a different type of sanction.”
-
September 06, 2024
9th Circuit: Rule Requiring Sealing Medical Records In Court Case Is ‘Overbroad’
SAN FRANCISCO — A panel of the Ninth Circuit U.S. Court of Appeals has reversed a lower court and held in a case regarding the First Amendment right to access medical and health records in a court proceeding that a mandatory requirement to seal medical and health records under state rules pertaining to court records is “constitutionally overbroad.” Rather, the panel said, the least restrictive means of protecting that interest is to have Hawaii courts consider motions to seal medical and health records on a case-by-case basis.
-
September 05, 2024
Spyware Firm Seeks Reconsideration Of Denial As To WhatsApp’s Privilege Log
OAKLAND, Calif. — Pursuant to a California federal judge’s order granting its motion for leave, a spyware firm filed a motion for reconsideration of the judge’s order denying as moot the firm’s request to compel WhatsApp Inc.’s production of a privilege log, asserting that WhatsApp falsely represented that it would produce the privilege log in WhatsApp’s suit against the firm related to its alleged computer fraud.
-
September 05, 2024
Illinois Data Protection Law Covers Nonprescription Eyewear Setting, Court Says
CHICAGO — Someone trying on nonprescription eyewear through an online tool does not qualify as a patient seeking health care, and the provider’s collection of facial scans in that setting falls outside the exclusion on health care data collection in the state’s Biometric Information Privacy Act (BIPA), an Illinois appellate court said in answering a certified question.
-
September 04, 2024
Collection Agency Opposes Debtor’s High Court Petition On Intangible Harm, Standing
WASHINGTON, D.C. — No review is necessary of debtor’s petition for a writ of certiorari concerning standing in a lawsuit over the transmission of debtors’ personal data to a third party as there is no circuit split on the issue of what showing of concrete intangible harm is necessary to establish standing, a collection agency argues in its brief in opposition filed in the U.S. Supreme Court.
-
August 28, 2024
Federal Judge Grants Final Approval In Data Breach Class Action
LINCOLN. Neb. — A Nebraska federal judge dismissed a data security breach class action and issued final approval of a $850,000 class action settlement in a data security breach suit after determining that the settlement fairly and adequately represents the interests of the class members.
-
August 28, 2024
Judge Dismisses Putative Class Suit Over Alleged Data Breach For Lack Of Standing
COLUMBUS, Ohio — Granting dismissal of a putative class action against a private contractor over an alleged data breach, an Ohio federal judge said the plaintiff “has not adequately pleaded that any of his PII [personally identifiable information] was improperly accessed, let alone stolen.”
-
August 27, 2024
$725M Profile-Sharing Suit Settlement Is Fair, Facebook And Plaintiffs Tell Court
SAN FRANCISCO — Facebook and plaintiffs who successfully reached a $725 million settlement agreement in a consolidated privacy class action over the sharing of Facebook users’ profiles with Cambridge Analytica urged the Ninth Circuit U.S. Court of Appeals to reject the appeal of two objectors who argue that the settlement should be higher and the attorney fees greatly reduced.
-
August 26, 2024
Former Employees Reach Settlement With Philadelphia Inquirer Over Data Breach
PHILADELPHIA —Three employees or former employees of the Philadelphia Inquirer LLC moved for preliminary approval of a $525,000 class action settlement reached with the newspaper to settle claims for damages caused by a data breach that the newspaper did not disclose to subscribers and employees for nearly a year.
-
August 22, 2024
9th Circuit Affirms Dismissal Of Data Theft Claims Against Auto Insurer
SAN FRANCISCO — The Ninth Circuit U.S. Court of Appeals on Aug. 21 affirmed the dismissal with prejudice of a putative class action brought against an auto insurer for failure to protect three individuals’ personal data, specifically their driver’s license numbers, from a hack of its online insurance quoting system, after finding that none of the appellants suffered an injury.
-
August 21, 2024
9th Circuit Reverses Summary Judgment In Chrome Users’ Data Collection Suit
SAN FRANCISCO — A Ninth Circuit U.S. Court of Appeals panel on Aug. 20 reversed a California federal judge’s entry of summary judgment on claims brought by users of Google LLC’s web browser app Chrome for collecting their personally identifiable information (PII) allegedly in violation of privacy laws and California’s unfair competition law (UCL), writing that the District Court did not properly apply the “reasonable person” standard.
-
August 21, 2024
Sensitive Data Usage Case Against LinkedIn Survives Dismissal
SAN FRANCISCO — The California Department of Motor Vehicles is not a necessary party to a suit alleging that LinkedIn Corp. collected and used personal information, and the plaintiff adequately alleges that the social media company unlawfully read and used the information in marketing, a federal judge in California said in partially granting a motion to dismiss.
-
August 20, 2024
9th Circuit Affirms Injunction Over 1st Amendment Issues With Online Privacy Act
SAN FRANCISCO — The Ninth Circuit U.S. Court of Appeals affirmed in part a district court’s order granting a preliminary injunction to a trade association of online businesses in its suit challenging the California Age-Appropriate Design Code Act (CAADCA), which was enacted to provide online privacy protections for children under 18, finding that the association was likely to succeed in showing that the act’s requirement for covered businesses to opine on and reduce the risk of children’s exposure to possibly harmful material violates the First Amendment to the U.S. Constitution.
-
August 19, 2024
After Jarkesy, FTC Seeks Dismissal Of Meta Claims Over Consent Order Changes
WASHINGTON, D.C. — The Federal Trade Commission and its three commissioners in their official capacities (FTC, collectively) filed in a federal court in the District of Columbia a renewed motion to dismiss due process, Article II of the U.S. Constitution and nondelegation claims by Meta Platforms Inc. (formerly Facebook Inc.), following the U.S. Supreme Court ruling in SEC v. Jarkesy and arguing that that opinion “has no bearing on” the claims in which Meta challenges the FTC’s revision of a 2020 $5 billion consent order that settled a privacy investigation.
-
August 16, 2024
Enzo Biochem Pays $4.5M To 3 States After Testing Lab Ransomware Attack
Enzo Biochem Inc. and subsidiary Enzo Clinical Labs Inc. (collectively, Enzo) have agreed to pay $4.5 million to New York, New Jersey and Connecticut to settle attorney general investigations into an April 2023 ransomware attack, according to a company regulatory filing and the state prosecutors’ offices.
-
August 16, 2024
Class Action Under Utah Data Privacy Law Survives Retailer’s Dismissal Bid
SALT LAKE CITY — Finding that consumer plaintiffs have standing and have adequately alleged that a retailer violated Utah’s Notice of Intent to Sell Nonpublic Personal Information Act (NISNPIA) by disclosing their private purchase information to third parties, a federal judge in Utah denied the retailer’s motion to dismiss.
-
August 15, 2024
Magistrate Approves Fees In Data Breach Case Despite Initial, Inflated Calculation
BROOKLYN, N.Y. — A federal magistrate judge in New York has granted a plaintiffs’ motion for attorney fees and costs following a $626,985.58 settlement in litigation over a data breach, ruling that although the plaintiffs’ initial calculation was “inflated,” the fees sought were “reasonable” based on other factors including the value of the multiplier applied to a recalculated amount of hours and billing rates, often referred as a “lodestar.”
-
August 14, 2024
Data Breach Class Complaint Against Restaurant Group Sent Back To State Court
LOS ANGELES — A putative class complaint accusing Panda Restaurant Group Inc. of failing to have sufficient measures in place to protect customers’ personal data belongs in state court, a federal judge in California ruled, opining that even though the data breach affected the operator of more than 2,000 restaurants in 30 states, the plaintiff is free to limited his proposed class to California customers.
-
August 13, 2024
Planned Parenthood’s $6M Data Breach Class Settlement Granted Conditional Approval
LOS ANGELES — A California judge conditionally granted final approval of a $6 million settlement to be paid by Planned Parenthood Los Angeles (PPLA) to end a consolidated class complaint accusing the reproductive health care provider of failing to protect patients’ personally identifiable information and protected health information from being accessed and stolen.
-
August 13, 2024
Federal Judge Dismisses 1 CGL Insurer From Coverage Suit Over BIPA Violation Claim
CHICAGO — Per the parties’ stipulation, a federal judge in Illinois on Aug. 12 dismissed without prejudice the claims and counterclaims between an insured and one of its commercial general liability insurers in the insured’s lawsuit seeking a declaration as to coverage for an underlying putative class lawsuit alleging that it violated the Illinois Biometric Privacy Act (BIPA) by using biometric time clocks to track employee working hours.
-
August 12, 2024
Facebook To High Court: Risk Disclosure Statements Weren’t Misleading
WASHINGTON, D.C. — The social media giant formerly known as Facebook Inc. told the U.S. Supreme Court in an Aug. 9 brief that the Ninth Circuit U.S. Court of Appeals erred when it held that the company issued misleading statements about the risk of potential misuse of user data because the company was aware that it had already occurred; Facebook argues that it disclosed all information required under federal securities laws.
-
August 09, 2024
Judge: Retailer Doesn’t Show Software Company’s Negligence For Data Breach
NEWARK, N.J. — A federal judge in New Jersey said an online retailer’s breach of contract claims against an e-commerce software company stemming from a data breach survive the software company’s motion to dismiss, but the judge said the retailer failed to substantiate its negligence claims because it did not show it was owed a duty of reasonable care beyond what was included in the contract.
-
August 09, 2024
Judge: Biometric Data Claims Lacking In Illinois Suit Over AI Image Creation App
CHICAGO — A man’s mere belief that his photographs and other biometric information are included in datasets used to train a third-party artificial intelligence that powers an imaging rendering application does not state a claim, and the court lacks personal jurisdiction, a federal judge in Illinois said in dismissing the case.
-
August 09, 2024
TikTok Data Collection Claims Will Move Forward In California Federal Court
LOS ANGELES — A man who accessed an educational website that allegedly collected his personal information through software created by TikTok properly stated his data privacy claims against the website’s owner under California law, a California federal judge found in denying the owner’s motion to dismiss.
-
August 09, 2024
California Appeals Court: Minor Established Privacy Claims In Data Breach Suit
VENTURA, Calif. — A California appeals panel reversed a lower court’s decision to sustain a demurrer without leave to amend a putative class complaint brought by an 11-year-old who said an educational consulting company did not do enough to prevent his medical information from being accessed in a data breach, with the panel holding that the company is subject to two state data privacy acts.