Mealey's Data Privacy
-
October 25, 2024
Doctor Seeks To Halt Enforcement Of New HIPAA Privacy Law
AMARILLO, Texas — A Texas doctor filed a complaint against the U.S. Department of Health and Human Services (HHS) in Texas federal court, seeking a declaration that a newly passed modification to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which focuses on privacy for protected health information (PHI) related to reproductive health care, violates the Administrative Procedure Act (APA) and should be permanently enjoined from being enforced.
-
October 22, 2024
Insurer Says It Owes No Defense, Indemnification For Data Breach Claim, Suit
SEATTLE — A media tech insurer filed suit in a Washington federal court seeking a declaration that it has no duty to defend or indemnify its financial services firm insured against a bank’s indemnification demand for a data breach incident and a related subrogation lawsuit brought by the bank’s insurer.
-
October 21, 2024
Magistrate Reduces Data Sample Google Must Produce In Assistant Eavesdropping Row
SAN JOSE, Calif. — A California federal magistrate judge on Oct. 18 resolved a two-year-old discovery dispute in a class action over Google LLC’s purported eavesdropping of users of its Google Assistant (GA) app, reducing the number of user query samples the defendant must provide to the plaintiffs in light of a subsequent ruling certifying only a single class claim for unfair competition.
-
October 21, 2024
Plaintiffs Settle Data-Sharing Suit With Univision After Class Certification Denied
MIAMI — Two months after a Florida federal judge denied a motion to certify a class action against the operator of the Univision NOW website for its purported sharing of private video viewing information of the site’s users, the same judge administratively closed the lawsuit the same day the three named plaintiffs announced that they had reached a settlement with the defendant.
-
October 21, 2024
Papa John’s Website User Asks 3rd Circuit To Rethink Jurisdiction Ruling
PITTSBURGH — One month after a split Third Circuit U.S. Court of Appeals panel affirmed dismissal of a wiretapping lawsuit related to purported tracking of website activity by Papa John’s International Inc., the lead plaintiff in the putative class action filed a petition for rehearing, maintaining that he sufficiently established Pennsylvania jurisdiction over the pizza chain and contending that the majority’s ruling conflicted with Third Circuit and U.S. Supreme Court precedent.
-
October 18, 2024
Delaware High Court Briefed On T-Mobile AI-Program Shareholder Derivative Action
WILMINGTON, Del. — Instances where a director acts in the interests of a parent while sitting on the board of a subsidiary require a different standard because in such cases, there would be no paper trail evidence of an effort to provide profits only for the parent, a woman leading a shareholder derivative action says in asking the Delaware Supreme Court to revive a case alleging that a parent company directed T-Mobile US Inc. to centralize data for an artificial intelligence project, leaving the latter susceptible to cyberattack. But in an answering brief, the appellees tell the court that the woman’s appeal was full of challenges she didn’t raise below and therefore had waived and that even on the merits, she could not show that the parent company alone would have profited from the data-sharing program.
-
October 17, 2024
2nd Circuit Finds NBA Website User Is A Consumer And May Proceed With VPPA Suit
NEW YORK — Reversing a trial court’s dismissal of a putative class action against the National Basketball Association (NBA) under the Video Privacy Protection Act (VPPA), a Second Circuit U.S. Court of Appeals panel concluded that the lead plaintiff qualifies as a consumer under the statute and that he has standing to sue for the NBA’s purported sharing of his personal viewing information (PVI) related to videos he watched on the NBA’s website.
-
October 15, 2024
On Remand, News Group Dismisses Suit Over Hawaiian Medical Records Sealing Rule
HONOLULU — Six weeks after the Ninth Circuit U.S. Court of Appeals found a Hawaii Court Records Rules (HCRR) requirement that medical and health records be sealed in court proceedings to be “overbroad” under the First Amendment to the U.S. Constitution, a nonprofit news organization that had initiated the challenge to the requirement dismissed its suit in Hawaii federal court.
-
October 15, 2024
Arbitration Ordered In Class Suit Accusing Labcorp Of Sharing Health Info
PHILADELPHIA — A federal judge in Pennsylvania granted a motion to compel individual arbitration in a putative class lawsuit accusing Laboratory Corporation of America Holdings (Labcorp) of intercepting individually identifiable health information from its website users and sending the information to Google, which analyzes the data, matches the information to individuals and then shares its analysis with Labcorp.
-
October 15, 2024
Judge Tosses Class Action Alleging Insurance Provider Failed To Prevent Data Breach
NEW YORK — One day after a plaintiff filed a notice of voluntary dismissal without prejudice of her class action complaint alleging that a financial organization that offers insurance, retirement and investment services primarily to teachers failed to prevent a May 2023 data breach that resulted in the theft of the personally identifiable information (PII) of its current and former clients, a New York federal judge ordered the case dismissed.
-
October 14, 2024
Fan’s Suit Over Mets’ Use Of Biometric Identifiers Removed To Federal Court
BROOKLYN, N.Y. — The company that owns the New York Mets removed a putative class action over the alleged violation of a New York City biometrics law to federal court, citing jurisdiction under the Class Action Fairness Act (CAFA).
-
October 14, 2024
Privacy Claims Over Health Care Provider’s Use Of Facebook Pixel May Proceed
OAKLAND, Calif. — Mostly denying a health care organization’s motion to dismiss putative class privacy claims against it, a California federal judge found that a plaintiff sufficiently alleged most of her claims that the defendant’s use of Facebook Pixel to forward URLs and other information from her use of the company’s website to the social media company violates California law and the state’s constitution.
-
October 10, 2024
Marriott To Pay $52M, Improve Security In Data Breach Disputes With FTC, States
WASHINGTON, D.C. — Documents filed Oct. 9 by the Federal Trade Commission and in Massachusetts court announced the settlement of allegations of inadequate cybersecurity by the commission and a group of U.S. states, respectively, against Marriott International Inc. related to a series of data breaches that resulted in hackers obtaining the personally identifiable information (PII) of millions of customers.
-
October 10, 2024
Wiretap, Privacy Claims Over TikTok’s In-App Browser Largely Survive Dismissal
CHICAGO — Mostly denying a motion to dismiss by TikTok Inc., an Illinois federal judge found that most of the claims over the purported collection of personally identifiable information (PII) by the company’s in-app browser (IAB) were sufficiently pleaded by the named plaintiffs at this stage of a multidistrict litigation against the social media firm.
-
October 09, 2024
$6 Million Settlement Of MDL Over Health Care Firms’ Data Breach Gets Final OK
FORT LAUDERDALE, Fla. — Six months after he preliminarily approved a $6 million settlement of a multidistrict litigation over a 2020 data breach experienced by a pediatric medical services provider, a Florida federal judge granted a motion by the plaintiffs for final approval of that settlement, as well as an accompanying motion for attorney fees and costs.
-
October 09, 2024
California Brings Consumer Protection Suit Against TikTok For Harming Youth
SAN JOSE, Calif. — The California Attorney General’s Office on Oct. 8 filed a lawsuit in state court accusing the owners and operators of the TikTok social media app of violating California’s unfair competition law (UCL) and false advertising law (FAL) by intentionally targeting children, including those younger than 13, with addictive features and illegally collecting their data. Similar consumer protection suits were recently filed in more than a dozen other states.
-
October 09, 2024
Case Alleging Company Used Meta Tools To Collect Patient Data Moves Forward
PHILADELPHIA — A Pennsylvania federal judge allowed a proposed class action against a health care system to proceed after finding that the patients sufficiently asserted claims that the company used Meta Platform Inc.’s collection tools to share their health care data.
-
October 09, 2024
Customer Data Law Deemed Unconstitutional In Ruling For DoorDash, Grubhub
NEW YORK — A New York City law that would require food delivery services to provide customer data to restaurants violates the First Amendment to the U.S. Constitution, a New York federal judge ruled, granting summary judgment to three major delivery service providers in their quest to halt enforcement of the statute.
-
October 09, 2024
Labor Union Denied Early Appeal Of Partial Dismissal In Data Breach Suit
NEW YORK — Deeming a labor union’s reading of controlling case law to be “plainly wrong,” a New York federal judge declined to certify for interlocutory appeal his previous ruling that permitted most of the plaintiff union members’ claims related to a 2023 data breach to proceed.
-
October 07, 2024
U.S. Supreme Court Denies Debtor’s Petition On Intangible Harm, Standing
WASHINGTON, D.C. — The U.S. Supreme Court on Oct. 7 denied a debtor’s petition for a writ of certiorari concerning standing in a lawsuit over the transmission of debtors’ personal data to a third party.
-
October 07, 2024
Petition Challenging Constitutionality Of Texas Drone Law Denied By High Court
WASHINGTON, D.C. — The U.S. Supreme Court on Oct. 7 denied a petition for writ of certiorari of a journalist and a photographer association claiming that a Texas law that curbs the use of drones for aerial photography violates the First Amendment to the U.S. Constitution.
-
October 07, 2024
Negligence Claims Against Indiana University To Proceed In Data Breach Incident
FORT WAYNE, Ind. — A federal judge in Indiana determined that claims of negligence and breach of contract alleged against a private university in a data breach suit can proceed because the plaintiffs seek damages for more than just economic losses and because dismissal of the breach of contract claim would be premature.
-
October 03, 2024
Vermont Health Provider Pays $540,000 To Settle Data Breach Class Claims
BURLINGTON, Vt. — A federal judge in Vermont granted final approval of a $540,000 settlement to be paid by an integrated health provider in that state, ending a class suit by a patient over a 2022 data breach that allegedly exposed the personal information of more than 60,000 people.
-
October 02, 2024
Judge Partly Dismisses Hunter Biden’s Suit Against IRS, Won’t Let Agents Intervene
WASHINGTON, D.C. — A District of Columbia federal judge partly granted the United States and U.S. Internal Revenue Service’s motion to dismiss claims brought against them by Hunter Biden for failure to protect the privacy of his tax returns, but declined to dismiss Biden’s claim for damages and denied a motion to intervene filed by two IRS agents who were involved in the disclosure of Biden’s tax information.
-
October 01, 2024
Judge Dismisses Suit Disputing Coverage For BIPA Claims Over AI Food Phone Orders
CHICAGO — Following receipt of a businessowners insurer’s notice of voluntary dismissal, a federal judge in Illinois dismissed the insurer’s lawsuit seeking a declaratory judgment that it owes no coverage for two underlying putative class action lawsuits alleging that its insured and two franchise restaurants violated the Illinois Biometric Information Privacy Act (BIPA) when they used the insured’s voice artificial intelligence technology to handle phone orders from customers.