Mealey's Data Privacy
-
April 24, 2024
Parties In WhatsApp Spyware Suit Argue Whether Letter Rogatory Is Appropriate
OAKLAND, Calif. — WhatsApp Inc., NSO Group Technologies Limited and a nonparty research lab filed briefs in California federal court disputing whether discovery NSO seeks to obtain from the lab via a letter rogatory is relevant, appropriate or necessary to the computer fraud claims at the heart of the lawsuit over the defendant’s spyware.
-
April 23, 2024
3rd Circuit Hears Arguments In 2 Cases Over Jurisdiction For Wiretapping Software
PITTSBURGH — Considering questions of personal jurisdiction and pleadings standards, the Third Circuit U.S. Court of Appeals heard combined oral arguments in two putative class actions that were dismissed for lack of jurisdiction, in which Pennsylvania residents alleged violations of a state surveillance statute by Papa John’s International Inc. and a software company, respectively, based on wiretapping computer code that was surreptitiously placed on the devices of website visitors.
-
April 22, 2024
Federal Judge Stays Class Action Alleging Insurer Illegally Wiretaps Website Users
PHILADELPHIA — A Pennsylvania federal judge granted an insurer’s motion to stay a putative class action alleging that it illegally wiretaps website users by using third-party session replay software to track and record their navigation, exercising “its considerable discretion to stay these proceedings pending guidance from the Third Circuit U.S. Court of Appeals regarding standing” in what the insurer calls a “strikingly similar” lawsuit.
-
April 22, 2024
Judge: Disclosure Of Driver’s License Info Did Not Violate New Hampshire Privacy Law
CONCORD, N.H. — Granting a motion to dismiss by Bath & Body Works LLC (BBW), a New Hampshire federal judge found that the retailer’s transmission of a customer’s driver’s license information to a third-party business partner did not violate the New Hampshire Driver Privacy Act (DPA) because the plaintiff did not establish that a “department record” had been sold or offered for sale.
-
April 19, 2024
Final OK Given To $62 Million Cy Pres Settlement Of Google Location History Suit
SAN JOSE, Calif. — The same day he presided over a fairness hearing, a California federal judge issued a minute entry on the court docket on April 18 granting final approval to a $62 million settlement of a consolidated class action over the purported collection and retention of users’ location data by Google Inc., with most of the funds going to cy pres recipients.
-
April 16, 2024
Law Firm Agrees To $8M Class Settlement After Data Breach
SAN FRANCISCO — Orrick, Herrington & Sutcliffe LLP has agreed to pay $8 million to end consolidated class litigation filed after the firm’s network was breached and the personal identifiable information (PII) of more than 630,000 individuals was potentially accessed, according to a motion for preliminary settlement approval filed in a federal court in California.
-
April 15, 2024
High Court Won’t Take Up MyPillow CEO’s 4th Amendment Question Over Phone Seizure
WASHINGTON, D.C. — In its April 15 order list, the U.S. Supreme Court denied without comment a petition for certiorari in which MyPillow Inc. Chief Executive Officer Michael J. Lindell asked it to find that a warrant used by the Federal Bureau of Investigation to seize his iPhone and all the data on it violated the Fourth Amendment to the U.S. Constitution because it did not state with particularity the data to be seized.
-
April 12, 2024
On Remand, Judge Deems $3.2M Costs, Fees Award In Wawa Data Breach Suit Reasonable
PHILADELPHIA — After scrutinizing the factors and negotiations that resulted in a $3.2 million award of attorney fees, costs and service awards that accompanied the $9 million settlement of a consumer class action over a 2019 data breach experienced by Wawa Inc., a Pennsylvania federal judge found the award to be reasonable in light of relevant case law and similar data breach suits and despite arguments against the award risk by an objector.
-
April 12, 2024
23andMe Data Breach Suits Centralized In Northern California MDL
SAN FRANCISCO — The Judicial Panel on Multidistrict Litigation (JPMDL) on April 11 granted a request by genetic testing company 23andMe to consolidate 39 pending lawsuits against it in the U.S. District Court for the Northern District of California, all of which relate to a data breach in which ancestral records for roughly 6.9 million customers were hacked and allegedly sold online.
-
April 10, 2024
Amici Support Facebook Before High Court, Say Split Over Disclosure Must End
WASHINGTON, D.C. — Multiple groups filed a total of three amicus curiae briefs with the U.S. Supreme Court arguing that the court should grant a petition for a writ of certiorari filed by the company formerly known as Facebook Inc., echoing the social media giant’s argument that the Ninth Circuit U.S. Court of Appeals deepened a circuit split over what public companies must disclose when it partly revived a putative class complaint brought by investors.
-
April 10, 2024
9th Circuit Denies Objectors Rehearing Over $90 Million Facebook Tracking MDL
SAN FRANCISCO — In a pair of almost identical one-page orders, a Ninth Circuit U.S. Court of Appeals panel denied petitions for rehearing by objectors to the $90 million settlement of a 12-year-old privacy multidistrict litigation over internet tracking activities of social network users by Facebook Inc. (now known as Meta Platforms Inc.), which received final approval in November.
-
April 08, 2024
Judge Seals Portions Of Flint Experts’ Opinions, Guarding Minors’ Personal Data
ANN ARBOR, Mich. — A federal judge in Michigan on April 5 issued an order granting a motion to seal certain portions of the opinions of plaintiffs’ experts in the litigation over the water crisis in Flint, Mich., ruling that some aspects of their opinions include medical and personal information of minor children.
-
April 08, 2024
Insurer Moves To Reargue Dismissal Of Breach Of Contract Claims In Subrogation Suit
WILMINGTON, Del. — An insurer asked a Delaware court if it can reargue the court’s dismissal of its breach of contract claims for pleading deficiencies and file an amended complaint before dismissal with prejudice is entered on the breach of contract claims in its subrogation lawsuit seeking recovery from an application service provider for the amount paid to nonprofit insureds for investigative and remediation steps arising from a ransomware attack.
-
April 04, 2024
D.C. Circuit Partly Vacates FCC Order Banning Chinese Firms’ Surveillance Products
WASHINGTON, D.C. — Although a District of Columbia Circuit U.S. Court of Appeals panel found that the Federal Communications Commission was within its authority to ban the video surveillance equipment of two Chinese-owned companies for certain uses in the United States, the panel partly vacated the FCC order enforcing the ban, finding the commission’s definition of “critical infrastructure” in the order to be “overly broad.”
-
April 03, 2024
Google, Privacy Plaintiffs Propose Injunctive Relief To Settle Data-Tracking Suit
SAN JOSE, Calif. — Leapfrogging over the typical procedure of seeking preliminary approval of a proposed class action settlement over Google LLC’s purported tracking of users’ internet browsing activity and data, the named plaintiffs filed a motion in California federal court seeking final approval of a “groundbreaking” agreement under which the technology giant pledges to make changes to its data collection and retention practices, among other things.
-
April 03, 2024
Judge Preliminarily Approves $350M Settlement In Securities Suit Against Google
SAN FRANCISCO — A federal judge in California granted preliminary approval to a $350 million settlement of a putative class complaint filed by investors in Google LLC and its parent company Alphabet Inc. who claimed that the companies issued false statements about the safety of the now defunct Google+ social media platform.
-
April 03, 2024
Class BIPA Case Over Truck Driver Monitoring Products Survives Dismissal Motion
CHICAGO — A putative class complaint alleging that a technology company that supplies truck driver monitoring products, including a camera device that uses artificial intelligence to track driver behavior, violates the Illinois Biometric Information Privacy Act (BIPA) by collecting data may proceed as the company in its motion to dismiss failed to show a lack of personal jurisdiction or that the facial-geometry scans are not “biometric identifiers” under BIPA, a federal judge in Illinois ruled.
-
April 03, 2024
Chili’s Customers: Class Damages Methodology Review Not Needed In Data Breach Case
WASHINGTON, D.C. — The U.S. Supreme Court does not need to review a question presented by a restaurant chain owner in a data breach case concerning the damages methodology used by the certified classes’ expert as the underlying decision doesn’t present the question Brinker International Inc. seeks to resolve, restaurant customers argue in their respondent brief.
-
April 02, 2024
Microsoft, ChatGPT Say Class Suit’s UCL, Privacy Claims Over ChatGPT Training Fail
SAN FRANCISCO — Imposing liability on companies that used information posted to the internet by “hundreds of millions of Americans” to train artificial intelligence would be unprecedented, and the plaintiffs in a putative class action have not shown that the alleged conduct violated underlying laws required for California unfair competition law (UCL) claims or that that they incurred an injury as required to proceed with those and other claims, Microsoft and OpenAI entities argue in reply briefs filed in California federal court in support of dismissal.
-
April 01, 2024
Delaware Judge Tosses Insurers’ Subrogation Suits Arising From Ransomware Attack
WILMINGTON, Del. — A Delaware judge dismissed insurers’ subrogation lawsuits seeking recovery from an application service provider for the amount they paid to their nonprofit insureds for investigative and remediation steps arising from a ransomware attack, finding that the fact that the data breach occurred and the nonprofits incurred expenses alone is not sufficient to state a claim under the policies.
-
March 21, 2024
COMMENTARY: AI Raises Stakes Across Cybersecurity And Disputes Landscape
By Lorenzo Grillo
-
March 27, 2024
Spyware Suit Judge Partly Denies Issuing Letter Rogatory On Canadian Lab
OAKLAND, Calif. — An Israeli spyware firm that is fending off computer fraud and trespass allegations by WhatsApp Inc. saw its motion to issue a letter rogatory on a third-party Canadian watchdog lab partly denied March 26 by a California federal judge who deemed some of the information sought to be duplicative of discovery already received from the plaintiff.
-
March 27, 2024
Insurer Has No Duty To Defend DPPA Violation Suit, N.C. High Court Affirms
RALEIGH, N.C. — The North Carolina Supreme Court affirmed an appeals court’s finding that an insurer has no duty to defend its law firm insured against an underlying lawsuit alleging that the firm violated the Driver's Privacy Protection Act of 1994 (DPPA) by using “protected personal information” without consent in connection with advertisements for legal services.
-
March 26, 2024
Suit Accusing Ford Of Eavesdropping, Intercepting Text Messages Dismissed
SAN DIEGO — A putative class action against Ford Motor Co. under the California Invasion of Privacy Act (CIPA) was dismissed, with a California federal judge finding that the plaintiff did not establish that the automaker engaged in aiding and abetting a spyware company in the collection and distribution of customers’ information from Ford’s online chat feature, with the judge also holding that some of the allegedly violated portions of the statute do not apply to the modern technology at issue.
-
March 22, 2024
HHS Defends Rule Barring Health Providers’ Use Of Tracking Tech Under HIPAA
FORT WORTH, Texas — Two U.S. Department of Health and Human Services officials on March 21 asked a Texas federal court to grant them summary judgment on four health care plaintiffs’ claims that a recently released bulletin violates the Health Insurance Portability and Accountability Act of 1996 (HIPAA) or the Administrative Procedure Act (APA), explaining that the bulletin properly served as a reminder to health care providers that the use of certain third-party website technologies violates HIPAA’s privacy protections by sharing users’ individually identifiable health information (IIHI).