Mealey's Data Privacy

  • November 21, 2019

    FBI Cannot Rely On Glomar Response In FOIA Suit Over Social Media Surveillance

    SAN FRANCISCO — Denying a motion for partial summary judgment by the U.S. Department of Justice (DOJ), a California federal judge on Nov. 18 found that the Federal Bureau of Investigation did not meet its burden to invoke a “Glomar response” to a Freedom of Information Act (FOIA) request in which the American Civil Liberties Union Foundation (ACLUF) sought production of documents and information related to the bureau’s social media surveillance techniques (American Civil Liberties Union Foundation, et al. v. U.S. Department of Justice, et al., No. 3:19-cv-00290, N.D. Calif., 2019 U.S. Dist. LEXIS 199607).

  • November 21, 2019

    Judge Orders Arbitration Of Data-Selling Lawsuits Against Mobile Carriers

    BALTIMORE — The plaintiffs in four putative class actions against the four major U.S. mobile carriers failed to establish that arbitration provisions within their respective customer agreements are unconscionable, a Maryland federal judge ruled Oct. 24, granting the carriers’ motions to compel arbitration and stay the lawsuits over the companies’ purported selling of customers’ geolocation data (Paul Baron v. Sprint Corp., No. 1:19-cv-01255, D. Md.; Tyler Morrison v. AT&T Mobility LLC, No. 1:19-cv-01257, D. Md.; Michelle Morrison v. Verizon Communications Inc., et al., No. 1:19-cv-01298, D. Md.; Shawnay Ray, et al. v. T-Mobile US Inc., No. 1:19-cv-01299, D. Md.).

  • November 20, 2019

    Target Sues Insurer For Coverage Of Banks’ Settlement In Data Breach Litigation

    MINNEAPOLIS — Citing a multimillion dollar coverage dispute of more than five years with its primary insurer over its settlement with a group of financial institutions (FIs) over a 2013 data breach, Target Corp. filed breach of contract claims against the insurer in Minnesota federal court on Nov. 15, seeking coverage declarations and damages (Target Corp. v. ACE American Insurance Co., et al., No. 0:19-cv-02916, D. Minn.).

  • November 19, 2019

    Delta Customer Appeals Dismissal Of Data Breach Suit To 9th Circuit

    SAN FRANCISCO — A customer of Delta Air Lines Inc. tells the Ninth Circuit U.S. Court of Appeals in a Nov. 18 brief that The Airline Deregulation Act (ADA) does not preempt her ability to bring contractual claims against the airline related to a 2017 data breach that compromised her personally identifiable information (PII), appealing the dismissal of her putative class complaint (Teresa J. McGarry v. Delta Air Lines Inc., et al., No. 19-55790, 9th Cir.).

  • November 19, 2019

    Federal Judge Rules GPS Tracking Of Drug Suspect Did Not Violate 4th Amendment

    DOTHAN, Ala. — GPS tracking of a borrowed vehicle with the owner’s consent did not violate the driver’s rights under the Fourth Amendment to the U.S. Constitution, an Alabama federal judge ruled Nov. 15, adopting a magistrate’s recommendation to deny an indictee’s motion to suppress the GPS data because he had no reasonable expectation of privacy in his movements on public roads (United States v. Joshua Drake Howard, No. 1:19-cr-00054, M.D. Ala., 2019 U.S. Dist. LEXIS 198081).

  • November 19, 2019

    Facebook Seeks Dismissal Of IP Address Location Data Collection Class Complaint

    OAKLAND, Calif. — Asserting that it has made no misrepresentations about its collection of users’ internet protocol (IP) addresses and corresponding estimated location data, Facebook Inc. on Nov. 15 asked a California federal court to dismiss putative privacy, fraud and contract class claims against it, defending IP address collection as a necessary practice (Brendan Lundy, et al. v. Facebook Inc., No. 3:18-cv-06793, N.D. Calif.).

  • November 18, 2019

    Revised $1.6 Million Neiman Marcus Data Breach Settlement Preliminarily Approved

    CHICAGO — More than a year after she declined to approve an earlier proposed settlement between The Neiman Marcus Group LLC and a class of customers suing it over a 2013 data breach, an Illinois federal judge on Nov. 15 granted preliminary approval to a revised $1.6 million settlement agreement between the parties that addressed the judge’s previously identified concerns about the adequacy of class representation (Hilary Remijas, et al. v. The Neiman Marcus Group, LLC, No. 1:14-cv-01735, N.D. Ill.).

  • November 18, 2019

    Plaintiffs In Remanded Google Cookie Privacy Suit To Submit Revised Settlement

    WILMINGTON, Del. — Three months after the Third Circuit U.S. Court of Appeals declined to approve a cy pres-only settlement of a privacy class action over Google LLC’s surreptitious collection of user data via cookies, a Delaware federal judge on Nov. 15 directed the plaintiffs in the remanded suit to file a motion for preliminary approval of a revised settlement agreement between the parties (In Re:  Google Inc. Cookie Placement Consumer Privacy Litigation, No. 1:12-md-02358, D. Del.).

  • November 15, 2019

    Judge:  Reasonable Suspicion Needed For Border Search Of Electronic Devices

    BOSTON — Mostly granting summary judgment to a group of plaintiffs claiming violation of the Fourth Amendment to the U.S. Constitution from the warrantless searches of their electronic devices by border personnel, a Massachusetts federal judge on Nov. 12 ruled that such searches require reasonable suspicion rather than merely probable cause in light of the privacy implications from the breadth of personal information that can be stored on devices (Ghassan Alasaad, et al. v. Kirstjen Nielsen, et al., No. 1:17-cv-11730, D. Mass., 2019 U.S. Dist. LEXIS 195556). 

  • November 11, 2019

    Disclosure Of Facebook Source Code To 1 Expert Witness Nixed In Data-Scraping Row

    SAN FRANCISCO — A California federal magistrate judge delivered a mixed ruling for Facebook Inc. in a Nov. 7 discovery order, sustaining the social network’s objection to disclosing its source code to one of the proposed expert witnesses for a putative class suing it over scraping certain data from Android mobile devices, while finding that there was no risk of harm in disclosure to a second witness (Lawrence Olin, et al. v. Facebook Inc., No. 3:18-cv-01881, N.D. Calif.).

  • November 07, 2019

    NLRB: Employer Unlawfully Surveilled Private Facebook Group And Fired 2 Workers

    WASHINGTON, D.C. — An employer violated the National Labor Relations Act (NLRA) when it had an employee report back on the membership and postings in a private Facebook group where other employees were discussing unionization and by firing two workers who supported the union, a three-member National Labor Relations Board panel ruled Oct. 29 (National Captioning Institute, Inc. and National Association of Broadcast Employees & Technicians—Communications Workers of America, AFL-CIO, Nos. 16-CA-182528, 16-CA-183953, 16-CA-187150, 16-CA-188322 and 16-CA-188346, NLRB).

  • November 06, 2019

    Rent-To-Own Franchisee Denied Discovery Of Private Settlement In Spyware Suit

    ERIE, Pa. — A rent-to-own (RTO) franchisee being sued for privacy violations over the installation of spyware on customers’ computers was denied access to a confidential settlement between its franchisor and the plaintiffs on Oct. 22, with a Pennsylvania federal magistrate judge finding that the franchisee failed to establish relevance or a need for the requested information sufficient to support its motion to compel (Crystal Byrd, et al. v. Aaron’s Inc., et al., No. 1:11-cv-00101, W.D. Pa.).

  • November 05, 2019

    Facebook Denied Interlocutory Appeal Motion In Cambridge Analytica Privacy Suit

    SAN FRANCISCO — A California federal judge on Oct. 31 denied Facebook Inc.’s motion to certify for interlocutory appeal a September ruling that mostly denied dismissal of a putative class action over the 2015 incident that led to millions of the social network’s users’ personally identifiable information (PII) being shared with an analytics firm (In re Facebook Inc., Consumer Privacy User Profile Litigation, No. 3:18-md-02843, N.D. Calif.).

  • October 30, 2019

    Neiman Marcus Customers Seek Approval Of Revised Data Breach Class Settlement

    CHICAGO — More than a year after an Illinois federal judge declined to approve the settlement of a class action over a 2013 data breach experienced by The Neiman Marcus Group LLC, the plaintiffs on Oct. 28 moved for preliminary approval of a revised class action settlement that maintains the previously proposed $1.6 million settlement fund while redefining the proposed settlement class to account for the judge’s stated concerns over inadequate representation (Hilary Remijas, et al. v. The Neiman Marcus Group, LLC, No. 1:14-cv-01735, N.D. Ill.).

  • October 29, 2019

    Investor Sues Software Provider, Others Over Data Breach Misrepresentations

    SAN FRANCISCO — Zendesk Inc. and several of its senior executive officers concealed the company’s exposure to a massive data breach that affected more than 10,000 customers in addition to failing to disclose its poor financial condition in several international markets in violation of federal securities laws, a shareholder argues in an Oct. 24 complaint filed in California federal court (Charles Reidinger v. Zendesk Inc., et al., No. 19-6968, N.D. Calif.).

  • October 28, 2019

    Suit Alleging Disclosure Of ITunes Listening Data Dismissed By Federal Judge

    SAN FRANCISCO — Three iTunes users who claimed privacy violations by Apple Inc.’s purported sharing of their “personal listing information” (PLI) with third parties saw their putative class complaint dismissed on Oct. 25 by a California federal judge who deemed their evidence and exhibits insufficient to establish their claims (Leigh Wheaton, et al. v. Apple Inc., No. 3:19-cv-02883, N.D. Calif.).

  • October 25, 2019

    Facebook To Pursue Certiorari Over Class Certification In Biometric Privacy Suit

    SAN FRANCISCO — Less than a week after the Ninth Circuit U.S. Court of Appeals denied Facebook Inc.’s motion to rehear a dispute over class certification in a lawsuit accusing it of violating an Illinois biometric privacy law, the social network on Oct. 24 asked the appeals court to stay its mandate pending Facebook’s stated intention to seek certiorari from the U.S. Supreme Court (Nimesh Patel, et al. v. Facebook Inc., No. 18-15982, 9th Cir.).

  • October 25, 2019

    Privacy Claims Over Sportswear Firm’s Computer Scanning Mostly Survive Dismissal

    SAN FRANCISCO — A customer of New Moosejaw LLC sufficiently alleged most of his privacy claims against the sportswear seller over its alleged scanning of computers of visitors to its website, a California federal judge ruled Oct. 23, mostly denying motions to dismiss the putative class complaint by Moosejaw and its marketing partner (Jeremiah Revitch v. New Moosejaw LLC, et al., No. 3:18-cv-06827, N.D. Calif.).

  • October 23, 2019

    FTC Announces Proposed Settlement With Maker Of ‘Stalker’ Apps

    WASHINGTON, D.C. — On Oct. 22, the Federal Trade Commission announced charges against, and a proposed settlement with, a company that makes and distributes “stalker” apps, which allow a user to surreptitiously track another individual’s whereabouts and online activities after being installed on their mobile devices (In re Retina-X Studios LLC, et al., No. 1723118, FTC).

  • October 23, 2019

    D.C. Circuit Won’t Reconsider Ruling Reviving Union’s Suit Over OPM Data Breach

    WASHINGTON, D.C. — A panel ruling that reversed the dismissal of a labor union’s negligence and privacy claims against the U.S. Office of Personnel Management (OPM) and one of its contractors related to a 2015 data breach will stand, the District of Columbia Circuit U.S. Court of Appeals ruled Oct. 21 as it denied petitions for rehearing en banc by the agency and contractor (In Re:  U.S. Office of Personnel Management Data Security Breach Litigation, Nos. 17-5217 & 17-5232, D.C. Cir.).