Mealey's Data Privacy

  • September 17, 2021

    4th Circuit:  State Secrets Privilege Required Dismissal Of Upstream Surveillance Suit

    RICHMOND, Va. — A challenge by the Wikimedia Foundation to the National Security Agency’s (NSA’s) upstream surveillance activities was properly dismissed under the state secrets privilege, a divided Fourth Circuit U.S. Court of Appeals panel held Sept. 15, finding that the Foreign Intelligence Surveillance Act (FISA) does not displace the privilege.

  • September 16, 2021

    UCL Claim Dismissed In Class Suit Against Apple Over Siri Recordings

    SAN JOSE, Calif. — Consumers accusing Apple Inc. in a putative class complaint of unlawfully obtaining unauthorized recordings of communications via its preinstalled digital assistant, Siri, have failed to allege economic injury, a federal judge in California ruled Sept. 2, partially granting Apple’s motion and dismissing a claim under California’s unfair competition law (UCL).

  • September 14, 2021

    Staffing Company Seeks Dismissal Of COVID-19 Contact Tracing Data Breach Suit

    HARRISBURG, Pa. — An employment staffing company accused of failing to safeguard private health information (PHI) contained in Pennsylvania Department of Health (DOH) COVID-19 contract tracing lists and then timely notify those affected after a data breach moved Sept. 10 for dismissal of a putative class complaint by one of the woman allegedly on the lists for failure to allege an injury-in-fact and state a claim upon which relief may be granted.

  • September 13, 2021

    Insurer Dismisses Suit Disputing Coverage For BIPA Violation Claim Against Wing Stop

    CHICAGO — One day after a businessowners liability insurer filed a notice of voluntary dismissal, a federal court in Illinois on Sept. 10 dismissed the insurer’s lawsuit seeking a declaration that it does not owe coverage for an underlying lawsuit alleging that the owners and operators of Wing Stop violated the Biometric Information Privacy Act (BIPA) by capturing, collecting, storing and/or disseminating its employees’ biometric information without their valid consent.

  • September 10, 2021

    Developer Investigation Data Deemed Nonprivileged In Facebook Data-Sharing Suit

    SAN FRANCISCO — Materials related to an app developer investigation (ADI) conducted by Facebook Inc. after the Cambridge Analytica data-sharing incident are nonprivileged and discoverable, a California federal magistrate judge held Sept. 8, finding that the investigation was conducted by non-attorneys primarily for business, not legal, purposes.

  • September 09, 2021

    Judge Asks DHS To Clarify Use Of Deliberative Process Privilege In FOIA Dispute

    SAN FRANCISCO — Two months after oral argument was heard in California federal court on documents withheld by the Department of Homeland Security (DHS) in response to Freedom of Information Act (FOIA) requests made by the American Civil Liberties Union Foundation (ACLUF) regarding the government’s social media surveillance program, the court, in a Sept. 8 clerk’s notice docket entry, asked DHS to clarify its position on one of the invoked FOIA exemptions.

  • September 08, 2021

    Sonic Denied Summary Judgment Over Data Breach Negligence Class Claim

    CLEVELAND — An Ohio federal judge on Sept. 7 denied Sonic Corp.’s motion for summary judgment over a negligence claim brought against it by a class of financial institutions (FIs) related to the fast food chain’s 2017 data breach, with the judge finding that questions of material fact existed and holding that the key matter of proximate cause should be decided by a jury.

  • September 07, 2021

    Wikimedia, NSA Debate 9th Circuit Case’s Relevance In Upstream Surveillance Suit

    RICHMOND, Va. — Six months after the Fourth Circuit U.S. Court of Appeals heard oral arguments in a dispute over whether the state secrets privilege precludes in camera review of documents that purportedly establish Wikimedia Foundation’s constitutional claims over surveillance activities of the National Security Agency (NSA), Wikimedia on Sept. 2 filed a brief arguing that a recent Ninth Circuit U.S. Court of Appeals surveillance-related suit is very different from, and therefore inapplicable to, the present case.

  • September 02, 2021

    Plaintiffs Defend Fraud Claims In Google Assistant Privacy Lawsuit

    SAN JOSE, Calif. — Responding to Google LLC’s latest motion to dismiss putative class claims alleging unauthorized recording of users’ conversations by Google Assistant (GA) devices, the lead plaintiffs on Aug. 30 argue that they obtained their respective devices based on Google’s representations that consumers controlled when the conversations would be recorded.

  • August 27, 2021

    Judge OKs Checkers Data Breach Settlement, Rejecting Magistrate’s Recommendation

    TAMPA, Fla. — After multiple rounds of briefing and a contrary view by a magistrate judge, a Florida federal judge on Aug. 25 granted final approval to the settlement of a class action over a 2019 data breach experienced by Checkers Drive-In Restaurants Inc., with the judge finding that the lead plaintiffs sufficiently establish standing to bring their claims, declining to adopt the magistrate’s recommendation to deny approval.

  • August 26, 2021

    5th Circuit: Intervening ADT Is A Primary Defendant In Privacy Class Suit

    NEW ORLEANS — A security company that properly intervened in a class lawsuit accusing a former employee of privacy violations when he allegedly accessed security cameras dozens of times after they were installed is a primary defendant under the Class Action Fairness Act (CAFA), a Fifth Circuit U.S. Court of Appeals panel ruled Aug. 24, reversing a trial court’s remand order that had been based on CAFA’s “home state” exception.

  • August 26, 2021

    Policyholder Sues Insurer For Surreptitiously Collecting Insureds’ Biometric Data

    NEW YORK — A policyholder with Lemonade Inc. filed suit against his insurer in New York federal court on Aug. 20, claiming that the company uses automated chatbots to collect its customers’ biometric data without notice or consent, alleging putative class claims for breach of contract and deceptive trade practices.

  • August 26, 2021

    6th Circuit Rejects Sonic’s Class Certification Appeal In Data Breach Suit

    CINCINNATI — Sonic Corp. failed to establish the need for an interlocutory appeal of a trial court’s ruling granting class certification to a group of plaintiff financial institutions (FIs) in a consolidated class action over the fast food chain’s 2017 data breach, a Sixth Circuit U.S. Court of Appeals panel ruled Aug. 24, finding that some of the defendant’s arguments pertain to causation rather than class certification.

  • August 26, 2021

    After Arbitration Ruling, Remaining Plaintiffs Amend Privacy Claims Against Ring

    LOS ANGELES — Two months after a California federal judge stayed, in favor of arbitration, claims brought against Ring LLC by plaintiffs who purchased a product from or created an account with the company, the remaining nonpurchaser plaintiffs on Aug. 23 filed a second amended class complaint (SAC) in which they accuse the security device company of an “egregious failure to provide the safety and security it ostensibly promises its customers,” alleging claims for negligence, invasion of privacy and unfair competition.

  • August 25, 2021

    Amicus Curiae Supports Motion For Full Panel Rehearing Of Data Breach Coverage Suit

    NEW ORLEANS — Amicus curiae American Property Casualty Insurance Association on Aug. 20 filed a brief in support of a commercial general liability insurer’s petition for rehearing en banc after a quorum panel of the Fifth Circuit U.S. Court of Appeals reversed a lower federal court’s finding that it has no duty to defend against an underlying lawsuit seeking to recover damages purportedly caused by a data breach of the insured’s credit card processing system.

  • August 24, 2021

    Biometric Privacy Plaintiffs Ask Court To Reject Macy’s ‘De Facto Discovery Stay’

    CHICAGO — The plaintiffs in a multidistrict litigation over a massive database of photographs created by Clearview AI Inc., ask an Illinois federal judge in an Aug. 19 reply brief to compel defendant Macy’s Inc. to comply with a court order requiring the submission of initial discovery and responses to a first round of interrogatories, asserting that the retailer is attempting to avoid its discovery obligations with its filing of a motion to stay.

  • August 24, 2021

    Federal Class Complaints Filed Over Announced T-Mobile Data Breach

    SAN FRANCISCO — With a California man’s filing of a putative class action in California federal court on Aug. 20, at least six federal complaints have now been filed against T-Mobile USA Inc., in the wake of the mobile carrier’s announcement of a data breach that compromised the personally identifiable information (PII) of millions of its customers.

  • August 20, 2021

    British Man’s GDPR Suit Against U.S. Ad Firm Dismissed For Forum Non Conveniens

    OAKLAND, Calif. — A California federal judge on Aug. 16 granted a California company’s motion to dismiss a putative class action filed against it by an England resident under the United Kingdom’s version of the European Union’s (EU’s) General Data Protection Regulation (U.K. GDPR), finding that the grounds of forum non conveniens and international comity compelled dismissal of the case with a plaintiff and proposed class composed entirely of U.K. residents.

  • August 18, 2021

    Federal Magistrate Judge Rules On Medical Records Release In COVID-19 Class Suit

    EUGENE, Ore. — A federal magistrate judge in Oregon on Aug. 13 partially granted a motion to obtain release of medical records for incarcerated individuals who died following positive tests for COVID-19; the records were requested by individuals who sued on behalf of three proposed classes and accuse Oregon and various officials of failing to properly protect those incarcerated from the coronavirus pandemic.

  • August 18, 2021

    Wiretapping, Privacy Class Suit Against Online Jewelry Store Dismissed Again

    SAN FRANCISCO — A federal magistrate judge in California on Aug. 13 dismissed for a second time a putative class complaint accusing an online jewelry store and its software provider of wiretapping and privacy violations for tracking users’ actions, finding that there are no allegations of wiretapping or injury that create a private right under California’s Invasion of Privacy Act.