Mealey's Data Privacy

  • August 16, 2017

    Web Host Opposes DOJ’s Warrant To Seize User Records From Activist Website

    WASHINGTON, D.C. — Citing concerns under the First and Fourth Amendments to the U.S. Constitution, a web-hosting firm on Aug. 11 told a District of Columbia court that a U.S. Department of Justice search warrant seeking identifying information for visitors to an anti-Donald Trump website is overbroad and in violation of federal privacy law (In re:  the Search of that Is Stored at Premises Owned, Maintained, Controlled,, or Operated by DreamHost, No. 17 CSW 3438, D.C. Super.).

  • August 16, 2017

    9th Circuit: Alleged Harm From Inaccurate Online Listing Is Concrete Injury

    SAN FRANCISCO — Considering remand instructions from the U.S. Supreme Court, a Ninth Circuit U.S. Court of Appeals panel on Aug. 15 again ruled in favor of a man that charged a data aggregator with Fair Credit Reporting Act (FCRA) violations for posting inaccurate information about him, deeming the alleged resulting harm to be sufficiently concrete to constitute an injury-in-fact to establish standing under Article III of the U.S. Constitution (Thomas Robins v. Spokeo Inc., No11-56843, 9th Cir., 2017 U.S. App. LEXIS 15211).

  • August 14, 2017

    Texas Federal Judge Finds No Injury Dooms FACTA Class Suit

    DALLAS — A lead plaintiff’s class suit under the Fair and Accurate Credit Transactions Act (FACTA) that accuses a supermarket of not properly truncating customers’ information on its receipts fails due to no showing of injury in fact, a Texas federal judge ruled Aug. 9 (Sumeet Batra, et al. v. RLS Supermarkets LLC, No. 16-2874, N.D. Texas, 2017 U.S. Dist. LEXIS 125877).

  • August 14, 2017

    Magistrate Judge Recommends No Class Certification In Computer Seller Spyware Suit

    ERIE, Pa. — A Wyoming couple’s claims that computer seller and lessor and its franchisee violated the Electronic Communications Privacy Act (ECPA) by installing spyware on its computers are not suited for class certification because individualized issues pertaining to liability predominate, a Pennsylvania federal magistrate judge ruled Aug. 4 (Crystal Byrd, et al. v. Aaron’s, Inc., et al., No. 11-101, W.D. Pa., 2017 U.S. Dist. LEXIS 124291).

  • August 11, 2017

    Judge Bars Wal-Mart’s Use Of Discovery Obtained From Deposition Of Physician

    TRENTON, N.J. — A New Jersey federal judge on Aug. 8 granted a plaintiff’s motion to strike and bar Wal-Mart Stores East Inc.’s use of the deposition transcript and documents obtained as a result of a March 28 deposition of the plaintiff’s physician, but refused to disqualify Wal-Mart’s counsel for conducting the deposition (Patricia Hone  v. Wal-Mart, Inc., No. 14-1006, D. N.J., 2017 U.S. Dist. LEXIS 124736).

  • August 10, 2017

    Viacom Faces Class Suit Alleging Violations Of Child Online Privacy Laws

    SAN FRANCISCO — Several days after filing a complaint accusing The Walt Disney Co. and its partners of violating the Children’s Online Privacy Protection Act (COPPA), a California woman on Aug. 7 filed a second nearly identical class action lawsuit in the U.S. District Court for the Northern District of California accusing Viacom Inc. and its partners of capturing and selling children’s personally identifying information (Amanda Rushing, et al. v. Viacom Inc., et al., No. 17-4492, N.D. Calif.).

  • August 10, 2017

    Nationwide Insurance Settles Attorneys General’s Data Breach Claims For $5.5 Million

    NEW YORK — The New York attorney general on Aug. 9 announced that Nationwide Mutual Insurance Co. and its subsidiary, Allied Property & Casualty Insurance Co., will pay $5.5 million to settle claims by attorneys general from 32 states and the District of Columbia over an October 2012 data breach.

  • August 9, 2017

    Split 9th Circuit Upholds Class Arbitration In Data Breach Suit

    PASADENA, Calif. — An employee who sued his employer following a data breach must arbitrate his claims but may proceed representing a class because the agreement he signed doesn’t bar class arbitration, a split Ninth Circuit U.S. Court of Appeals panel ruled Aug. 3 (Frank Varela, et al. v. Lamps Plus, Inc., et al., No. 16-56085, 9th Cir., 2017 U.S. App. LEXIS 14284).

  • August 8, 2017

    Class Suit Accuses Disney Of Tracking Children’s Data Via Apps And Selling It

    SAN FRANCISCO — The Walt Disney Co. and its partners violate the Children’s Online Privacy Protection Act (COPPA) by capturing children’s personally identifying information while they are playing Disney’s online games via smart phone apps and then selling that information to third parties, a California woman and her minor child allege in an Aug. 3 class complaint filed in the U.S. District Court for the Northern District of California (Amanda Rushing, et al. v. The Walt Disney Company, et al., No. 17-4419, N.D. Calif.).

  • August 3, 2017

    D.C. Circuit: Identity Theft Risk From Data Breach Is An Injury-In-Fact

    WASHINGTON, D.C. — The plaintiffs in a putative negligence class action against their insurer sufficiently alleged that the access of their personally identifiable information (PII) in a data breach created an increased risk of identity theft and, thus, an injury, a District of Columbia Circuit U.S. Court of Appeals ruled Aug. 1, reversing a trial court’s dismissal for lack of standing (Chantal Attias, et al. v. CareFirst Inc., et al., No. 16-7108, D.C. Cir., 2017 U.S. App. LEXIS 13913).

  • August 3, 2017

    NRA And Third Party Trim 1 Claim From Class Suit Over Calls

    SEATTLE — The National Rifle Association of America (NRA) and a third-party company responsible for placing membership calls on the NRA’s behalf convinced a Washington federal judge on July 26 to dismiss a claim under the Washington Do Not Call Statute (WDNC) related to allegedly unwanted calls, but must face allegations that the calls violated other state laws (Katharyn Kalmbach, et al. v. National Rifle Association of America, et al., No. 17-399, W.D. Wash., 2017 U.S. Dist. LEXIS 117113).

  • August 2, 2017

    FBI Settles FOIA Suit With Privacy Group For $3,000 In Costs, Fees

    WASHINGTON, D.C. — The day after the FBI and a privacy rights organization filed a stipulation of dismissal, a District of Columbia federal judge on Aug. 1 adopted the stipulation and dismissed the Freedom of Information Act (FOIA) lawsuit centering on a document request related to the FBI’s biometric identification program (Electronic Privacy Information Center v. Federal Bureau of Investigation, No. 1:16-cv-02237, D. D.C.).

  • July 28, 2017

    Preliminary Approval Sought For Settlement In Seagate Phishing Class Action

    SAN FRANCISCO — A group of Seagate Technology LLC employees on July 27 moved for preliminary approval of a putative class action over a 2016 phishing incident at the company that exposed their personally identifiable information (PII), asking a California federal court to greenlight relief in the form of restitution and identity theft protection, potentially valued at $42 million (Everett Castillo, et al. v. Seagate Technology LLC, No. 3:16-cv-01958, N.D. Calif.).

  • July 27, 2017

    Class Certification Denied For False Advertising Claims In Apple App Privacy Suit

    SAN FRANCISCO — The plaintiffs in a putative class action over the sharing of contact information on devices made by Apple Inc. saw their class certification motion denied July 25, with a California federal judge finding that the plaintiffs failed to establish the necessary predominance factors in their false advertising and unfair competition claims against Apple (Marc Opperman, et al. v. Kong Technologies Inc., et al., No. 3:13-CV-00453, N.D. Calif., 2017 U.S. Dist. LEXIS 116333).

  • July 26, 2017

    Class Complaint Over Facebook Cookie Tracking Again Dismissed

    SAN JOSE, Calif. — For the second time in two years, a California federal judge on June 30 dismissed putative privacy class clams against Facebook Inc. based on the social network’s purported use of tracking cookies, with the judge ruling that the claims all failed for lack of standing or failure to state a claim (In re:  Facebook Internet Tracking Litigation, No. 5:12-md-02314, N.D. Calif., 2017 U.S. Dist. LEXIS 102464).

  • July 26, 2017

    Vizio Smart TV Owners’ Wiretap Act Class Claim Survives Dismissal

    SANTA ANA, Calif. — A previously dismissed Wiretap Act putative class claim against Vizio Inc. survived a second dismissal motion July 25, with a California federal judge finding that the plaintiffs sufficiently alleged interception of communications via Vizio’s purported use of surreptitious software that tracked TV owners’ viewing habits (In Re:  Vizio, Inc., Consumer Privacy Litigation, No. 8:16-ml-02693, C.D. Calif.).

  • July 25, 2017

    Judge Declines To Enjoin Presidential Commission’s Collection Of Voter Data

    WASHINGTON, D.C. — The Electronic Privacy Information Center (EPIC) lacks standing to pursue constitutional or statutory claims on behalf of its members in its quest to halt the collection of voter data information from states by the newly established Presidential Advisory Commission on Election Integrity (PACEI), a District of Columbia federal judge ruled July 24, denying the privacy rights organization’s motion for a temporary restraining order (TRO) (Electronic Privacy Information Center v. Presidential Advisory Commission on Election Integrity, et al., No. 1:17-cv-01320, D. D.C., 2017 U.S. Dist. LEXIS 114576).

  • July 24, 2017

    Non-Gmail Users Again Seek Approval Of Privacy Settlement With Google

    SAN JOSE, Calif. — Four months after a prior proposed settlement with Google Inc. was rejected by a California federal judge, the lead plaintiffs in a putative class action alleging privacy violations in the scanning and processing of emails of non-Gmail users on July 21 submitted a revised proposed settlement that they say “requires Google to make significant business practice changes that will benefit” class members while retaining their ability to pursue monetary claims under the asserted statutes (Daniel Matera, et al. v. Google Inc., No. 5:15-cv-04062, N.D. Calif.).

  • July 24, 2017

    Class Claims Over VTech’s Data Breach Dismissed By Federal Judge

    CHICAGO — A group of plaintiffs alleging putative class claims against digital smart toy maker VTech Electronics North America LLC saw their complaint dismissed by an Illinois federal judge July 5, who found that they failed to properly state their contractual claims based on a 2015 breach of the company’s website that resulted in the theft of customers’ personally identifiable information (PII) (In re VTech Data Breach Litigation, No. 1:15-cv-10889, N.D. Ill.; 2017 U.S. Dist. LEXIS 103298).

  • July 20, 2017

    John Doe Virtual Currency User May Intervene In IRS Summons For Users’ Records

    SAN FRANCISCO — A John Doe customer of a virtual currency firm has established his interest in an Internal Revenue Service enforcement action seeking personal records of the firm’s customers, a California federal magistrate judge ruled July 18, granting the Doe’s motion to intervene and oppose the IRS’s summons (United States v. Coinbase Inc., No. 3:17-cv-01431, N.D. Calif., 2017 U.S. Dist. LEXIS 111756).