Newsletter RSS

Mealey's Data Privacy

  • December 13, 2022

    Biometric Information Class Suit Over CVS Photo System Tossed By Federal Judge

    CHICAGO — Consumers’ putative class claims under the Illinois Biometric Information Privacy Act (BIPA) over a pharmacy chain’s photo system for passport and identification photos were dismissed by a federal judge in Illinois, who found that some of the claims failed to sufficiently allege that the chain could use the biometric data to determine individual’s identifies while others belonged in state court.

  • December 12, 2022

    WhatsApp To High Court: Government’s Brief Bolsters Cert Denial In Spyware Row

    WASHINGTON, D.C. — In a supplemental brief, WhatsApp Inc. again encourages the U.S. Supreme Court to deny a spyware maker’s petition for certiorari in a dispute over sovereign immunity under the Foreign Sovereign Immunities Act (FSIA), arguing that the solicitor general’s (SG’s) recently filed amicus curiae brief supports this position.

  • December 09, 2022

    2nd Circuit: Collection Of Traveler COVID Information Is Moot But Its Use Is Not

    NEW YORK — In a case in which a New Jersey state resident challenged the state of New York’s authority to perform health screening for contact tracing purposes when the resident flew into an airport in New York after traveling abroad, a panel of the Second Circuit U.S. Court of Appeals dismissed the traveler’s appeal in part as moot but vacated a New York federal court’s judgment of dismissal with prejudice and remanded the case with instructions to enter a judgment of dismissal without prejudice, finding that the traveler’s request that the state not use the personal information collected in connection with a health screening was not moot and had failed only due to a lack of standing.

  • December 09, 2022

    Magistrate: Chicago Should Remain In Marriott Data Breach MDL For Discovery

    GREENBELT, Md. — Because the claims brought by Chicago against Marriott International Inc. related to a massive data breach are identical to those alleged by a consumer track, a Maryland federal magistrate judge recommended that the city’s request to be transferred out of the multidistrict litigation over the matter be denied, citing the likelihood of duplicative discovery if such a transfer occurred.

  • December 08, 2022

    Client Sues Cloud Computing Company For Negligence After Recent Security Incident

    SAN ANTONIO — Less than a week after a cloud computing company experienced a data breach, one of its clients filed a putative class action in Texas federal court, alleging negligence and breach of implied contract for the firm’s failure to keep its clients’ personally identifiable information (PII) safe.

  • December 08, 2022

    Negligence, Privacy Class Suit Filed Over Stalking Use Of Apple’s AirTags

    SAN JOSE, Calif. — Apple Inc. was hit with a putative class action when two stalking victims filed a putative class complaint in California federal court, bringing claims for invasion of privacy, unfair competition and negligence, among others, related to incidents of stalking that have used Apple’s AirTag, which they call “the weapon of choice of stalkers and abusers.”

  • December 07, 2022

    Panel Remands TCPA Coverage Suit To Determine Yahoo’s Reasonable Expectations

    SAN FRANCISCO — Following the California Supreme Court’s answer to a certified question, the Ninth Circuit U.S. Court of Appeals on Dec. 6 reversed and remanded a coverage dispute between Yahoo! Inc. and its commercial general liability insurer over claims brought under the Telephone Consumer Protection Act (TCPA) to determine Yahoo’s reasonable expectations as to coverage.

  • December 06, 2022

    Judge Excludes Substance Abuse Treatment Records From Asbestos Discovery

    NEW ORLEANS — A woman bringing an asbestos-related lung cancer claim must authorize the release of treatment records, a judge in Louisiana said in limiting the time frame of the subpoenas and excluding evidence related to substance abuse and psychiatric treatment.

  • December 05, 2022

    Android App Data Gathering Suit Against Google Dismissed For 2nd Time

    SAN FRANCISCO — Finding that two putative class plaintiffs “fail[ed] to cure the deficiencies” in their complaint that were outlined in a previous ruling, a California federal judge again granted dismissal of privacy and unfair competition claims based on Google LLC’s purported collection of user data without notice or permission via apps on the Android operating system (OS).

  • December 02, 2022

    Judge Limits Access To Mesothelioma Victim’s Genetic Information

    OAKLAND, Calif. — The privacy rights of a mesothelioma victim’s heirs mean that while experts may access pathology materials for use in the case, they must either obtain the heirs’ permission or approval from a governing body to use the discovery outside the litigation, a California judge said in granting a protective order Dec. 1.

  • December 01, 2022

    Wisconsin Appeals Panel Reinstates Negligence Class Claim In Data Breach Suit

    MILWAUKEE — A former employee of a health system that experienced a data breach in January 2020 may proceed with putative class claim for negligence, a Wisconsin appellate panel ruled, finding that dismissal of that claim was inappropriate as the worker sufficiently alleges actual damages.

  • November 30, 2022

    Panel: T-Mobile’s $17.3M Data Breach Loss Exceeds Its Self-Insured Retention Duty

    SEATTLE — A Washington appellate panel affirmed a ruling in favor of T-Mobile USA Inc. in a coverage dispute arising from a data privacy breach incurred by one of T-Mobile’s vendors, finding that T-Mobile’s $17.3 million loss from the breach exceeded its self-insured retention obligation under the policy.

  • November 29, 2022

    7th Circuit:  Sales Of Subscriber Lists Didn’t Violate Illinois Publicity Law

    CHICAGO — A media conglomerate’s sale of lists containing personal information about subscribers doesn’t violate the Illinois Right of Publicity Act (IRPA) as the subscribers’ identities are used “to effectuate the sale of the mailing lists,” a Seventh Circuit U.S. Court of Appeals panel ruled, affirming a trial court’s dismissal of the putative class complaint by one subscriber.

  • November 28, 2022

    United States Urges Certiorari Denial For Sovereignty Issue In Computer Fraud Case

    WASHINGTON, D.C. — A question over whether a contractor can claim sovereign immunity as an agent of a foreign state does not merit a grant of certiorari, the federal government asserts in an amicus curiae brief filed at the U.S. Supreme Court’s request, citing a lack of support for such immunity in the Foreign Sovereign Immunities Act (FSIA) or from any foreign states.

  • November 28, 2022

    Final Approval Given To $63 Million Settlement Of OPM Data Breach Class Action

    WASHINGTON, D.C. — A seven-year-old consolidated class action over a data breach experienced by the U.S. Office of Personnel Management (OPM) was closed when a District of Columbia federal judge gave the final OK to a $63 million settlement.

  • November 23, 2022

    Blackbaud Data Breach Suit Will Proceed For 7 Bellwether Claims

    COLUMBIA, S.C. — Partly granting a motion by the plaintiffs in a consolidated lawsuit over a ransomware attack experienced by Blackbaud Inc., a South Carolina federal judge ruled that the class certification process will proceed for seven bellwether claims against the technology firm, while the dozens of other putative class claims will be stayed until the bellwether claims are resolved.

  • November 22, 2022

    Facebook Data-Sharing Plaintiffs Defend $2 Million Discovery Sanctions Motion

    SAN FRANCISCO — Invoking a California federal court’s “broad discretion to calculate fee awards,” the named plaintiffs in a consolidated suit alleging privacy violations over a 2015 data-sharing incident said they are entitled to sanctions of more than $2 million in costs and attorney fees due to bad faith delays and failures to comply with discovery orders by Meta Platforms Inc. (formerly Facebook Inc.).

  • November 21, 2022

    Bed Bath & Beyond Hit With Class Complaint Over Spyware Use

    PHILADELPHIA — A Pennsylvania woman brings class claims against Bed Bath & Beyond Inc. (BBB) for what she calls “one of the most egregious examples of . . . consumer tracking and Internet privacy violations,” telling a Pennsylvania federal court that the retailer used spyware to intercept consumers’ “mouse movements and clicks, keystrokes, search terms” and other information while they were visiting its website.

  • November 21, 2022

    Surveilled Muslims Tell 9th Circuit Constitutional Claims Wrongly Dismissed

    SAN FRANCISCO — A group of Muslim American appellants who sued the Federal Bureau of Investigation for statutory and constitutional violations for the government’s surreptitious surveillance of their communities filed a supplemental reply brief in the Ninth Circuit U.S. Court of Appeals, arguing that the government’s brief, which was filed on remand from the U.S. Supreme Court, misinterprets and misapplies high court precedent regarding application of the state secrets privilege.

  • November 18, 2022

    California High Court Answers Certified Question In Yahoo’s TCPA Coverage Suit

    SAN FRANCISCO — The California Supreme Court on Nov. 17 answered a certified question from the Ninth Circuit U.S. Court of Appeals in a coverage dispute between Yahoo! Inc. and its commercial general liability insurer arising from claims brought under the Telephone Consumer Protection Act (TCPA), finding that the CGL policy language at issue can cover liability for right-of-seclusion violations assuming “such coverage is consistent with the insured's objectively reasonable expectations.”

  • November 18, 2022

    4th Circuit Asked To Affirm Class Certification Ruling In Marriott Data Breach MDL

    RICHMOND, Va. — The lead class members in a multidistrict litigation over a massive data breach experienced by Marriott International Inc. filed an appellee brief in the Fourth Circuit U.S. Court of Appeals, defending a trial court order that certified classes to pursue bellwether contract, consumer protection and damages claims against the hotel chain.

  • November 17, 2022

    $2.35M Dickey’s Barbecue Data Breach Class Settlement Preliminarily Approved

    DALLAS — A federal judge in Texas adopted a magistrate judge’s findings and recommendations and preliminarily approved a $2.35 million all-cash, nonreversionary settlement by Dickey’s Barbecue Restaurants Inc. to end several consolidated data breach class complaints.

  • November 16, 2022

    Massachusetts Agency Sued For Secret Installations Of Contact-Tracing App

    BOSTON — Two owners of smartphones using the Android operating system filed a putative class action against the Massachusetts Department of Public Health (DPH), alleging constitutional, federal and state law violations for the installation of a contract-tracing app on more than 1 million Android apps “without users’ permission or awareness” as part of the state’s efforts to combat COVID-19.

  • November 15, 2022

    Final OK Given To $90 Million Settlement Of Meta Online Tracking Class Action

    SAN FRANCISCO — Seven months after he granted preliminary approval in a more than decade-old consolidated class action against Meta Platforms Inc. (formerly Facebook Inc.), a California federal judge granted final approval to the $90 million settlement of the “hard fought” suit over Meta’s purported tracking of Facebook users’ online activity.

  • November 11, 2022

    Supreme Court To Consider Scope Of Federal Identity Theft Statute

    WASHINGTON, D.C. — In a Nov. 10 miscellaneous order, the U.S. Supreme Court granted certiorari to a psychologist who was convicted under the federal aggravated identity theft statute, agreeing to take up his question of what constitutes “use” of another person’s name or identifying information.

Can't find the article you're looking for? Click here to search the Mealey's Data Privacy archive.