Mealey's Data Privacy
-
June 06, 2024
Defendants In MOVEit Data Breach MDL File Dismissal Arbitration Motions
BOSTON — Two groups of defendants in the ever-growing multidistrict litigation over the theft of personally identifiable information (PII) from users of MOVEit software filed motions asking a Massachusetts federal court to, respectively, compel arbitration from consumers that purportedly agreed to such provisions and dismiss individual suits that they say should never have been consolidated under the home-state exception to the Class Action Fairness Act (CAFA).
-
June 06, 2024
Judge: Amazon Immune From Workers’ Temperature Scan Class Suit Under PREP Act
CHICAGO — A warehouse worker’s putative class complaint accusing her employer of violating Illinois’ Biometric Information Privacy Act (BIPA) by scanning workers’ temperatures to prevent the spread of COVID-19 was terminated by a federal magistrate judge in Illinois who found that the employer was entitled to statutory immunity based on the Public Readiness and Emergency Preparedness Act (PREP Act).
-
June 03, 2024
$8M Data Breach Class Settlement By Law Firm Preliminarily Approved
SAN FRANCISCO — A federal judge in California on May 31 preliminarily approved an $8 million class global settlement to be paid by a law firm after its network was breached and the personal identifiable information (PII) of more than 630,000 individuals was potentially accessed.
-
May 31, 2024
Putative Class Suit Filed Against Ticketmaster For Hack Of 560M Customers’ Data
LOS ANGELES — Two consumers filed a putative class action in California federal court against Ticketmaster LLC and Live Nation Entertainment Inc. accusing them of negligence and violation of California’s unfair competition law (UCL) for not protecting the data of approximately 560 million customers that was allegedly stolen from its servers in a recent hack.
-
May 30, 2024
Judge Certifies Privacy, Publicity Rights Class Action Against Data Aggregator
SAN FRANCISCO — A California federal judge on May 29 granted a group of plaintiffs’ motion to certify a class action against a personal information data-aggregator website on behalf of two statewide classes accusing the company of violating plaintiffs’ rights of publicity and against misappropriation of name and likeness and denied the parties’ competing motions to exclude each other’s experts.
-
May 29, 2024
Dating App User Dismisses Biometric Data Collection Class Suit After Settlement
CHICAGO — A dating application user and the companies associated with the operation of the app filed a stipulation of voluntary dismissal without prejudice of the user’s putative class complaint under the Illinois Biometric Information Privacy Act (BIPA); the filing in a federal court in Illinois came approximately three months after the parties stated that they reached a settlement.
-
May 23, 2024
6 Golden Corral Data Breach Suits Consolidated In North Carolina Federal Court
RALEIGH, N.C. — Citing “judicial economy” and avoiding “the risk of inconsistent rulings,” a North Carolina federal judge granted a motion to consolidate six putative negligence class actions over a 2023 data breach experienced by Golden Corral Corp., which exposed the personally identifiable information (PII) of the buffet restaurant chain’s employees.
-
May 14, 2024
COMMENTARY: The Risk In Disclosing Risk Factors
By Jordan Eth and Jocelyn Greer
-
May 22, 2024
Judge Gives Final OK To $1.5 Million Settlement Of College Data Breach Suit
KALAMAZOO, Mich. — A Michigan federal judge granted final approval of the settlement of a consolidated negligence class action over a data breach experienced by a college in 2022, deeming the $1.5 million agreement to be “fair, reasonable, and adequate.”
-
May 21, 2024
Objectors Appeal Final Approval Of Google Location History Settlement
SAN JOSE, Calif. — Three class members who had previously objected to the cy pres nature of a $62 million settlement of a consolidated class action over the purported collection of users’ location data by Google Inc., as well as an accompanying attorney fees award, on May 20 filed notice that they are appealing the final approval of the settlement and the corresponding judgment of a California federal court to the Ninth Circuit U.S. Court of Appeals.
-
May 21, 2024
7th Circuit Affirms Court In Coverage Dispute Over BIPA Violation Claims
CHICAGO — The Seventh Circuit U.S. Court of Appeals affirmed a lower federal court’s rulings in a coverage dispute arising from claims that the insured violated the Illinois Biometric Information Privacy Act (BIPA), finding that an umbrella insurance policy provides for defense and indemnity for the insured only after its underlying insurance and deductibles are exhausted.
-
May 21, 2024
Judge Preliminarily OKs $2.4 Million Settlement Of Suit Over Lender’s Data Breach
BRIDGEPORT, Conn. — Less than three months after consolidating six lawsuits over a financial services firm’s November data breach, a Connecticut federal judge granted preliminary approval to a settlement that establishes a $2.45 million fund to settle negligence and contractual claims against the lender.
-
May 20, 2024
Insureds To Address Class Exclusion, Diversity In Removed Data Breach Suits
MADISON, Wis. — The parties in seven putative class actions over a 2024 data breach experienced by a health insurance provider were directed by a Wisconsin federal judge to file briefs addressing several issues related to whether the lawsuits were properly removed from state court and whether they should be consolidated in federal court.
-
May 17, 2024
9th Circuit Affirms Dismissal Of Suit Over Amazon’s Use Of Alexa Users’ Voices
PASADENA, Calif. — Finding that Amazon.com Inc. clearly notified consumers that it would use voice data collected via its Alexa digital assistant to send them targeted advertisements, a Ninth Circuit U.S. Court of Appeals panel on May 16 found that invasion of privacy and bad faith claims against the online retailer failed for lack of causation or any expectation of privacy.
-
May 17, 2024
Burger King Franchisee Seeks Summary Judgment In BIPA Violations Coverage Suit
CHICAGO — A franchisee of the Burger King chain moved for summary judgment in its breach of contract lawsuit asking an Illinois federal judge to declare that an excess insurer has a duty to defend it against an underlying putative class lawsuit alleging that it violated the Illinois Biometric Information Protection Act (BIPA).
-
May 17, 2024
9th Circuit Grants En Banc Rehearing Of Data Privacy Suit Against Shopify
SAN FRANCISCO — The Ninth Circuit U.S. Court of Appeals granted a petition for rehearing en banc of its decision affirming the dismissal for lack of jurisdiction of a putative class complaint accusing a payment processor of violating California privacy and unfair competition laws by concealing that it was collecting, storing and sharing consumers’ personal information.
-
May 17, 2024
Certification Of Blackbaud Data Breach Classes Denied; Ascertainability Not Shown
COLUMBIA, S.C. — The named plaintiffs in a multidistrict litigation over a 2020 data breach and ransomware attack experienced by Blackbaud Inc. failed to demonstrate that their proposed classes are “administratively feasible,” a South Carolina federal judge found, denying their motion for class certification while also taking the opportunity to resolve several Daubert motions.
-
May 10, 2024
Wawa Data Breach Settlement Attorney Fees Award Again Appealed To 3rd Circuit
PHILADELPHIA — A class member in the consolidated class action over the 2019 data breach experienced by convenience store chain Wawa Inc. maintained his objection to a twice-approved attorney fees award that accompanied a $9 million class settlement, filing notice that he was again appealing the matter to the Third Circuit U.S. Court of Appeals.
-
May 10, 2024
After Cert Denial, Lindell Drops 4th Amendment Suit Over FBI Phone Seizure
ST. PAUL, Minn. — Three weeks after the U.S. Supreme Court declined to consider questions about the Fourth Amendment to the U.S. Constitution and injunctive relief raised by Michael J. Lindell in connection with the Federal Bureau of Investigation’s seizure of his cell phone, the MyPillow Inc. Chief Executive Officer’s motion on remand to dismiss the lawsuit was granted by a Minnesota federal judge.
-
May 03, 2024
Judge Denies Letter Rogatory To Name ‘Civil Society’ Members Targeted By Spyware
OAKLAND, Calif. — A spyware maker’s attempt to demonstrate that its surveillance software targeted terrorists and criminals, rather than members of “civil society,” can be made without obtaining discovery from a research lab, a California federal judge ruled May 2, denying the defendant’s motion to issue a letter rogatory on the nonparty Canadian entity while seeking to defend itself from computer fraud claims brought by WhatsApp Inc.
-
May 03, 2024
COVID-19 Contact Tracing Staffing Company Will Pay $2.7M To Settle Privacy Claims
HARRISBURG, Pa. — A company hired by the Pennsylvania Department of Health to provide staffing for COVID-19 contact tracing will pay $2.7 million to settle claims pending in a federal court in Pennsylvania that it failed to implement sufficient cybersecurity measures to protect collected data, the U.S. Department of Justice (DOJ) announced.
-
May 01, 2024
Individual Settlement Reached In Papa John’s Website Data Collection Class Suit
SAN DIEGO — A consumer who filed a putative class complaint accusing Papa John’s International Inc. of violating the California Invasion of Privacy Act (CIPA) through the interception and collection of users’ data on a pizza-ordering webpage filed a notice in a federal court in California stating that he reached an individual settlement.
-
April 30, 2024
Judge Gives Initial Nod To $9.4M White Castle Finger Scan Class Action Settlement
CHICAGO — A $9.4 million settlement between White Castle System Inc. and an employee who sued the fast food company for its finger scan policy received preliminary approval from an Illinois federal judge, who deemed the estimated $968 per class member payment to be “substantial relief” for the purported violations of Illinois’ Biometric Information Privacy Act (BIPA) by their employer.
-
April 29, 2024
High Court Won’t Decide ‘Average’ Class Damages Issue In Chili’s Data Breach Suit
WASHINGTON, D.C. — A question about the propriety of using an “average” damages amount suggested by the plaintiffs’ damages expert to certify a class will go unheard by the U.S. Supreme Court, which in its April 29 order list denied a petition for certiorari by the owner of the Chili’s restaurant chain, which protested the possibility that customers who suffered no damages at all in a 2018 data breach would still receive these damages awards.
-
April 25, 2024
FTC: Ring Customers Will Be Paid $5.6 Million For Improperly Viewed Videos
WASHINGTON, D.C. — In conjunction with a stipulated order issued in June 2023 by a District of Columbia federal court, the Federal Trade Commission announced in a press release that a $5.6 million judgment will be disbursed to customers of Ring LLC whose home security videos were viewed by the company’s employees and contractors without authorization.