Mealey's Data Privacy
-
September 21, 2023
Taco Bell Worker Settles Biometric Data Case After Arbitration Order
EAST ST. LOUIS, Ill. — A Taco Bell employee who alleged in a putative class complaint that workers’ biometric data is collected, used and stored in violation of state law dismissed the case with prejudice on Sept. 20 in a federal court in Illinois after filing a notice of settlement.
-
September 20, 2023
Plaintiffs Dismiss Suit Challenging AI Chatbot Privacy Practices
SAN FRANCISCO — After warning that the release of artificial intelligence was done with “disregard for the potentially catastrophic risk to humanity,” 16 anonymous plaintiffs voluntarily dismissed their complaint claiming that Microsoft Corp. and others violated federal privacy laws and state consumer protection laws, including California’s unfair competition law (UCL).
-
September 19, 2023
Covington, SEC Stipulate To Confidential Release Of 6 Clients’ Names
WASHINGTON, D.C. — A District of Columbia federal judge on Sept. 19 approved and signed a stipulation between Covington & Burling LLP and the Securities and Exchange Commission under which the law firm agrees to produce, under a protective order, the names of six of seven clients the judge had ordered it to provide to the commission in a July order, which both parties agree that they will not appeal.
-
September 19, 2023
Insurers Cross-Appeal In Coverage Dispute With Home Depot Over 2014 Data Breach
CINCINNATI — Insurers filed cross-appeal notices in an Ohio federal court two weeks and one day after their mutual insured, Home Depot, appealed to the Sixth Circuit U.S. Court of Appeals the lower court’s finding that an insurance policy’s electronic data exclusion bars coverage for the retailer’s losses stemming from a 2014 data breach (The Home Depot, Inc., et al. v. Steadfast Insurance Co., et al., No. 21-00242, S.D. Ohio, Western Div.).
-
September 13, 2023
VPPA Class Claims Over General Mills’ Alleged Info Sharing Dismissed A 2nd Time
LOS ANGELES — A federal judge in California granted for the second time a motion by General Mills Inc. to dismiss putative class claims under the Video Protection Privacy Act (VPPA) by two individuals who allege that the personal data of users of Bettycrocker.com were shared with a third party; the plaintiffs claimed that they are both genuine consumers of General Mills’ products as well as “testers” who “ensure that companies abide by” federal privacy laws.
-
September 13, 2023
Amazon Invokes Apex Doctrine To Avoid Deposition Of VP In Alexa Privacy Suit
SEATTLE — In a reply brief supporting its motion for a protective order, Amazon.com Inc. tells a Washington federal court that one of its senior vice presidents, who has been targeted for deposition by the plaintiffs in a putative privacy class action over alleged eavesdropping by the Alexa digital assistant, qualifies as an apex executive in the company and, as such, is exempted from being deposed under the apex doctrine.
-
September 12, 2023
Class Claims OpenAI Violated UCL, Privacy Law In Training ChatGPT
SAN FRANCISCO — Plaintiffs in a putative class action say artificial intelligence ChatGPT trained on private and personally identifiable information from hundreds of individuals of all ages in violation of federal and state privacy laws and the California unfair competition law (UCL).
-
September 11, 2023
Some Google Assistant Class Members Agreed To Arbitrate Privacy Suit, Google Says
SAN JOSE, Calif. — In a reply brief supporting its motion to compel arbitration with certain class members in a suit over its Google Assistant (GA) feature, Google LLC disputes that it waived its right to seek arbitration, citing a conclusion to that end by the California federal court where three such suits were consolidated.
-
September 08, 2023
Federal Judge Dismisses TCPA Coverage Suit After Yahoo, Insurer Reach Settlement
SAN JOSE, Calif. — One day after Yahoo! Inc. and its commercial general liability insurer filed a notice of settlement, a federal judge in California dismissed with prejudice Yahoo’s lawsuit seeking coverage for underlying class actions alleging that it violated the Telephone Consumer Protection Act (TCPA).
-
September 08, 2023
Home Depot Seeks 6th Circuit Review Of No Coverage Ruling For 2014 Data Breach Losses
CINCINNATI — Home Depot filed a notice of appeal in an Ohio federal court asking the Sixth Circuit U.S. Court of Appeals to review the lower court’s finding that an insurance policy’s electronic data exclusion bars coverage for the retailer’s losses stemming from a 2014 data breach, challenging the lower court’s grant of the insurers’ motions for summary judgment in its breach of contract and bad faith lawsuit seeking damages up to the full collective policy limits of $50 million.
-
September 08, 2023
Plaintiffs Say Bank Contract Doesn’t Require Arbitrating AI Voice Privacy Claims
OAKLAND, Calif. — A provision in customers’ contracts with a bank does not require arbitration of claims alleging privacy violations against the maker of an artificial intelligence voice confirmation program used by that bank, plaintiffs tell a federal judge in California in opposing a motion to arbitrate.
-
September 08, 2023
Meta Pixel Privacy Suit Discovery To Include Files Of Zuckerberg, Executives
SAN FRANCISCO — Meta Platforms Inc.’s searches for documents responsive to the discovery requests of the plaintiffs in a consolidated lawsuit over alleged sharing of patients’ protected health information (PHI) via Meta’s Pixel product will include searches of the files of six Meta executives, including its Chief Executive Officer Mark Zuckerberg, a California federal magistrate judge ruled, finding that their files were likely to include “unique, relevant information” that would not be available to other custodians who are junior employees.
-
September 05, 2023
Smart Insulin Pen, App User Says Company Shared Personal Data
LOS ANGELES — A user of a smart insulin pen and its corresponding app sued the manufacturer in a California federal court, alleging that the company improperly shared users’ personally identifiable information (PII) and protected health information (PHI) to Google and other third parties.
-
August 24, 2023
Negligence, UCL Claims Against Wells Fargo For $22,500 Account Hack Dismissed
SAN DIEGO — A California federal judge mostly granted a motion by Wells Fargo Bank N.A. to dismiss an account holder’s claims related to a purported theft of funds from his bank account by hackers, finding that the plaintiff did not sufficiently plead most of his claims against the financial institution, including allegations of negligence and violation of California’s unfair competition law (UCL).
-
August 24, 2023
Judge Orders Claimants To Give Names, Comply With CertainTeed Debtor’s Subpoena
CHARLOTTE, N.C. — Thousands of people who settled mesothelioma claims with CertainTeed Corp. or its spinoff debtor DBMP LLC must identify themselves and comply with the debtor’s subpoena seeking information they submitted to asbestos trusts because they did not show that there are “exceptional circumstances” allowing them to proceed anonymously, a North Carolina federal judge held in affirming a bankruptcy judge’s decision.
-
August 24, 2023
TikTok, Users Debate Whether Biometric MDL Settlement Bars New Privacy Suits
CHICAGO — In briefs filed at the behest of an Illinois federal judge, TikTok Inc. and the plaintiffs from a group of recently consolidated privacy suits against the social media operator argue over whether the year-old settlement of a multidistrict litigation over TikTok’s collection of users’ facial scans and other biometric data precludes the new lawsuits’ putative class claims of privacy violations via the company’s in-app browser (IAB).
-
August 24, 2023
Covington, SEC Given 30 More Days To Appeal Order Compelling Client List
WASHINGTON, D.C. — In response to a joint stipulation filed by Covington & Burling LLP and the Securities and Exchange Commission, a District of Columbia federal judge stayed for another 30 days the execution of an order requiring the law firm to produce a list of the names of certain of its clients that the commission wants in conjunction with an investigation related to a cyberattack.
-
August 23, 2023
Plaintiff: T-Mobile Board Beholden To Parent Company Couldn’t Stop AI Data Move
WILMINGTON, Del. — A telecommunications company was helpless to prevent an “aggressive and reckless scheme” centralizing data for use in training artificial intelligence that placed the data and shareholders at risk because its board was beholden to its parent company, plaintiffs told a Delaware judge in opposing dismissal.
-
August 22, 2023
4th Circuit Vacates Class Certification Ruling In Marriott Data Breach Suit
RICHMOND, Va. — A trial court’s failure to consider the impact of a putative class waiver, to which relevant customers of Marriott International Inc. agreed, prior to certifying several classes related to the hotel chain’s data breach was an error, a Fourth Circuit U.S. Court of Appeals panel ruled, vacating the certification ruling and remanding for consideration of the waiver.
-
August 22, 2023
Judge Remands UCL Suit Accusing Telehealth Company Of Disclosing Private Data
SAN FRANCISCO — A California federal judge granted a plaintiffs’ motion to remand to state court their putative class action against a telehealth provider for allegedly sharing their data in violation of California’s unfair competition law (UCL) after finding the provider equitably estopped from contending that its place of business is in Massachusetts, not California.
-
August 21, 2023
Magistrate Stays MOVEit Data Breach Suits Pending JPMDL Consolidation Decision
MINNEAPOLIS — Two weeks after staying a putative class action over a hacking incident attributed to a file transfer app vulnerability, a Minnesota federal magistrate judge issued a revised ruling staying other cases over related data breaches in the same district pending a ruling by the U.S. Judicial Panel on Multidistrict Litigation (JPMDL) on a motion to consolidate all such cases.
-
August 17, 2023
Judge: Electronic Data Exclusion Bars Coverage For Home Depot’s Data Breach Loss
CINCINNATI — A federal judge in Ohio held Aug. 16 that an insurance policy’s electronic data exclusion bars coverage for Home Depot’s losses stemming from a 2014 data breach, granting the insurers’ motions for summary judgment in Home Depot’s breach of contract and bad faith lawsuit seeking damages up to the full collective policy limits of $50 million.
-
August 04, 2023
Louisiana Panel Reverses Ruling For Insurer In Suit Alleging Insured Stole Files
BATON ROUGE, La. — A Louisiana appeals panel held that a residential mortgage broker’s electronic loan files are “tangible” under state law and, therefore, can be defined as “‘property’ that is susceptible to ‘loss of use’” under a competitor’s business liability insurance policy, reversing a summary judgment ruling in favor of an insurer that intervened in the broker’s lawsuit alleging that its insured used stolen files to broker mortgage loans for its customers.
-
August 04, 2023
Magistrate Again Dismisses Suit Against Google For Remote Schooling Hack
OAKLAND, Calif. — A California federal magistrate judge dismissed several claims brought against Google LLC by a minor child who claims that Google invaded his privacy while he was required to use a Google platform for remote schooling during COVID-19 and failed to prevent a hack of his computer device that resulted in a sexually explicit message being sent to his teacher.
-
August 03, 2023
Mesothelioma Defendants Defend Need For Blood Draw, Genetic Testing
LOS ANGELES — A couple alleging that a man’s asbestos exposure led to his mesothelioma cannot now seek to block a blood draw for genetic testing that could potentially identify a genetic mutation that could go to the heart of the causation question in the case, defendants tell a California judge.