Newsletter RSS

Mealey's Data Privacy

  • December 03, 2024

    COMMENTARY: The Future Of Work: Exploring The Employment And Data Protection Law Implications Of The Use Of Artificial Intelligence (AI) In European Workplaces

    By Matthew Howse, Louise Skinner, Vishnu Shankar and William Mallin

  • December 06, 2024

    Google, Advertising Developer Denied Early Appeal Of Minors’ Data Collection Claims

    SAN FRANCISCO — A California federal judge denied Google LLC and its advertising subsidiaries’ motion to certify for interlocutory appeal the court’s earlier order denying their motion to dismiss a nationwide putative class action brought by minors under 13 who say their personal data was unlawfully collected, finding that the issues involved don’t warrant an early appeal.

  • December 05, 2024

    Lobstermen’s Constitutional Challenge To Maine Electronic Tracking Rule Dismissed

    BANGOR, Maine — Although a Maine federal judge sympathized with some of the privacy concerns raised by a group of lobstermen who sought to have a new electronic tracking rule declared unconstitutional, he found that their claims were precluded under sovereign immunity and that the rule meets with requirements for conducting warrantless searches in a closely regulated industry.

  • December 05, 2024

    Judge Urges Immediate Appeal Of Ruling On Law Protecting Info Of Judges, Police

    CAMDEN, N.J. — On the heels of denying a consolidated motion to dismiss claims against dozens of data brokers and related companies under a New Jersey law that enhances privacy protection for personal data of law enforcement and court personnel, a New Jersey federal judge issued an order recommending an immediate appeal of his ruling because it “involves a controlling question of law as to which there is a substantial ground for difference of opinion.”

  • December 05, 2024

    $30M 23andMe Data Breach Settlement Gets Court’s Conditional Preliminary OK

    SAN FRANCISCO — The California federal judge overseeing a multidistrict litigation involving claims against genetic testing company 23andMe Inc. for failing to protecting users’ data from hackers granted preliminary approval on Dec. 4 to a $30 million settlement of the claims on the condition that the plaintiffs amend their definition of the settlement class to exclude parties who are pursuing arbitration and despite “serious concerns” with the plaintiffs’ $7.5 million attorney fees request.

  • December 05, 2024

    Target Denied Dismissal, Sanctions In Facial Scanning Privacy Class Complaint

    CHICAGO — Four customers of Target Corp. have sufficiently alleged violation of Illinois’ Biometric Information Privacy Act (BIPA) via the use of in-store facial recognition technology, an Illinois federal judge found, denying the retail giant’s motions to dismiss and for sanctions in light of the early stage of litigation and the undeveloped record.

  • December 04, 2024

    FTC Announces Actions Over Data Brokers’ Sale Of Precise Location Data

    WASHINGTON, D.C. — The Federal Trade Commission on Dec. 3 announced agency actions it has taken against data brokers that bought and sold individuals’ precise location data in violation of the Federal Trade Commission Act, simultaneously filing complaints and decisions in both actions.

  • December 04, 2024

    Policy Exclusion Bars Coverage For BIPA Suit, Illinois Panel Rules In Reversal

    CHICAGO — An Illinois appeals panel held that insurers have no duty to defend their insured against an underlying class action lawsuit alleging that the insured violated the Illinois Biometric Information Privacy Act (BIPA) because the policies’ “Recording and Distribution” exclusion barred coverage, reversing a lower court’s judgment in favor of the insured and remanding.

  • December 03, 2024

    Judge Rules On Cross-Motions For Summary Judgment In BIPA Violation Coverage Suit

    CHICAGO — A federal judge in Illinois granted in part and denied in part cross-motions for summary judgment filed by an excess insurer and a franchisee of the Burger King chain in its breach of contract lawsuit seeking a declaration that the insurer has a duty to defend it against an underlying putative class lawsuit alleging that it violated the Illinois Biometric Information Protection Act (BIPA).

  • December 03, 2024

    Judge Chides Data Breach Attorneys For ‘Sub-Par’ Work, Reduces Fees Award

    NEW HAVEN, Conn. — Despite granting final approval to a $1.5 million settlement of a lawsuit over a health care services provider’s 2022 data breach, as well as the plaintiffs’ requests for service awards and cost reimbursements, a Connecticut federal judge reduced the requested attorney fees award for using “very, very high” rates in light of “significant errors” by plaintiffs’ counsel.

  • December 02, 2024

    Insurers To Pay $11.3 Million To New York State Over Data Breaches

    ALBANY, N.Y. — New York Attorney General Letitia James and the New York State Department of Financial Services (DFS) have reached agreements with two national auto insurance companies under which they will pay a total of $11.3 million in penalties for “having poor data security,” which the attorney general said led to data breaches that exposed the personally identifiable information (PII) of their policyholders.

  • November 25, 2024

    Supreme Court Declines To Consider Res Judicata In Data Breach Arbitration Suit

    WASHINGTON, D.C. — A Texas company’s petition for certiorari on issues of the preclusive effect of a judgment on an arbitration, both related to a 2019 data breach, was denied without comment by the U.S. Supreme Court in its Nov. 25 order list.

  • November 22, 2024

    COMMENTARY: 2024 Key Insurance Decisions, Trends & Developments & A Look Ahead To 2025

    By Scott M. Seaman, Pedro E. Hernandez and Lisa M. Roccanova

  • November 22, 2024

    Federal Judge: Illinois Act Placing Limits On BIPA Recovery Applies Retroactively

    CHICAGO — An August amendment to Illinois’ Biometric Information Privacy Act (BIPA) that placed limits on an individual’s recovery for certain data release violations applies retroactively, a federal judge in Illinois ruled, dismissing for lack of subject matter jurisdiction an employee’s complaint against his employer.

  • November 22, 2024

    Judge Strikes Insurer’s Counterclaim Against Burger King Franchisee As Redundant

    CHICAGO — A federal judge in Illinois granted a franchisee of the Burger King chain’s motion to strike an excess insurer’s declaratory judgment counterclaim in its breach of contract lawsuit seeking a declaration that the insurer has a duty to defend it against an underlying putative class lawsuit alleging that it violated the Illinois Biometric Information Protection Act (BIPA), finding that the counterclaim is redundant and “serves no useful purpose.”

  • November 22, 2024

    U.S. High Court:  Data-Sharing Incident Disclosure Petition Improvidently Granted

    WASHINGTON, D.C. — The U.S. Supreme Court on Nov. 22 “dismissed as improvidently granted” a petition for a writ of certiorari filed by Meta Platforms Inc. (formerly Facebook Inc.) and the company’s senior executives after the Ninth Circuit U.S. Court of Appeals held that the company issued misleading statements about the risk of potential misuse of user data because the company was aware that it had already occurred; the one-page per curiam opinion was filed a little over two weeks after the justices heard oral arguments.

  • November 22, 2024

    California Appeals Panel Finds Tech Firm’s Claims Over Ransomware Attack Untimely

    SAN JOSE, Calif. — A trial court properly dismissed a cloud solutions firm’s amended contractual cross-claims over its client’s ransomware attack as barred by the statute of limitations, a California appeals panel ruled, finding that the company’s decision to originally name its client’s insurer and subrogee as cross-defendant was intentional and not a mistake.

  • September 17, 2024

    23andMe Asks MDL Judge To Approve $30M Data Breach Settlement

    SAN FRANCISCO — Genetic data company 23andMe Inc. filed a brief urging the U.S. District Court for the Northern District of California to grant preliminary approval to a $30 million settlement to resolve claims in a multidistrict litigation brought by plaintiffs whose genetic data on 23andMe’s website was hacked and offered for sale online and asking the court to enjoin separate litigation and arbitrations brought against it for the breach that it says could “jeopardize . . . the Settlement.”

  • November 21, 2024

    Some 23andMe Users Seek Arbitration, Not Class Action, For Data Breach Claims

    SAN FRANCISCO — In a brief filed in California federal court, several users of 23andMe Inc.’s website defend their right to pursue arbitration against the company for the theft of their genetic information by hackers, arguing that their decision to arbitrate defeats any typicality of claims between them and class members in a multidistrict litigation (MDL) over the theft and makes preliminary approval of a settlement of the MDL inappropriate.

  • November 21, 2024

    Texas Judge OKs Settlement Reimbursing University Data Breach Victims’ Losses

    SAN ANTONIO — An agreement in which a university agrees to reimburse ordinary and extraordinary losses that class members suffered due to a 2022 data breach was deemed “fair, reasonable, and adequate” by a Texas judge as she granted final approval to the settlement of negligence and privacy class claims over the incident.

  • November 20, 2024

    Final Approval Given To $115 Million Settlement Of Oracle Data Collection Suit

    SAN FRANCISCO — A $115 million settlement of privacy class claims over data collection and brokerage activities conducted by Oracle America Inc. was found to provide “substantial benefits” to the class by a California federal judge, who granted final approval of the settlement over 28 objections received by class members.

  • November 20, 2024

    Data Brokers Settle With Calif. Privacy Agency For Not Complying With ‘Delete Act’

    SACRAMENTO, Calif. — The California Privacy Protection Agency (CPPA) announced its first two settlements with data brokers that did not comply with the requirements of the newly enacted law known as “The Delete Act.”

  • November 19, 2024

    $65 Million Data Breach Settlement By Pennsylvania Health Provider Given Final OK

    SCRANTON, Pa. — A Pennsylvania judge granted final approval of a $65 million settlement to be paid by Lehigh Valley Health Network Inc. (LVHN) to end a class complaint alleging that a February 2023 data breach resulted in the disclosure of personal information and medical records, including nude photographs.

  • November 19, 2024

    2 Claims Over Hospitals’ Data Sharing Dismissed; 4 Claims Survive

    PORTLAND, Ore. — A woman’s claims over a hospital chain’s purported sharing of her protected health information (PHI) were partly dismissed, with an Oregon federal judge finding claims for breach of implied contract and intrusion upon seclusion not sufficiently alleged, while giving the green light to four other putative class claims related to such data being allegedly shared with Meta Platforms Inc. and Google Inc.

  • November 19, 2024

    Federal Class Action Complaint Accuses Auto Insurer, Law Firm Of Barratry

    HOUSTON — Insureds filed a class action complaint in a Texas federal court against an automobile insurer and a law firm alleging that they committed barratry, conspiracy and statutory violations by illegally sharing the personal information of car accident victims for solicitation.

Can't find the article you're looking for? Click here to search the Mealey's Data Privacy archive.