WASHINGTON, D.C. — Over the opposition of Microsoft Corp., the U.S. Supreme Court on Oct. 16 granted the U.S. government’s petition for certiorari to decide whether a warrant issued under the Stored Communications Act (SCA) can be applied extraterritorially to require an email provider to produce data that is stored on foreign servers (United States v. Microsoft Corp. [In re: Warrant to Search a Certain E-Mail Account Controlled and Maintained by Microsoft Corp.], No. 17-2, U.S. Sup.).
MONTGOMERY, Ala. — While affirming that a magistrate judge had not erred in denying the U.S. government’s warrants to search 15 email accounts, an Alabama federal judge on Sept. 28 ordered that the warrants be issued “[b]ecause the constitutional infirmities can be corrected with moderate alterations” (In re Search of Information Associated with 15 Email Addresses Stored at Premises Owned, Maintained, Controlled or Operated by 1&1 Media, Inc., et al., No. 2:17-cm-03152, M.D. Ala., 2017 U.S. Dist. LEXIS 159535).
SAN JOSE, Calif. — Following an Oct. 3 disclosure by Yahoo Inc. that a 2013 data breach affected 3 billion, rather than 1 billion users, a California federal judge on Oct. 5 directed Yahoo and the plaintiffs in a consolidated class action over that and other breaches to provide input on how this latest announcement will impact the proceedings (In re: Yahoo! Inc. Customer Data Security Breach Litigation, No. 5:16-md-02752, N.D. Calif.).
SAN FRANCISCO — A Ninth Circuit U.S. Court of Appeals panel erred in granting mandamus vacating an order compelling arbitration in a suit over persistent cookies, an internet advertising firm says in an Oct. 3 petition for rehearing, asserting that the ruling conflicts with controlling case law and the principles of the Federal Arbitration Act (FAA) (Anthony Henson, et al. v. Turn Inc., et al., No. 16-71818, 9th Cir.).
ATLANTA — A Georgia federal judge on Oct. 3 granted a franchisor’s motion for summary judgment on a claim that it aided and abetted a franchisee’s conduct of unlawfully accessing computers from a remote location and collecting private information through the “Detective Mode” of spyware software program but denied the franchisee’s motion for summary judgment as to the claims for intrusion upon seclusion (Michael Peterson, et al. v. Aaron's, Inc., et al., No. 14-1919, N.D. Ga., 2017 U.S. Dist. LEXIS 163364).
PHILADELPHIA — In an Oct. 2 brief appealing dismissal of a class complaint under the Fair and Accurate Credit Transactions Act (FACTA) to the Third Circuit U.S. Court of Appeals, a plaintiff says that J. Crew Group Inc.’s inclusion of credit card digits on receipts created a threat of identity theft, thus constituting a concrete injury under the act and establishing Article III standing (Ahmed Kamal v. J. Crew Group Inc., et al., No. 17-2345 and 17-2453, 3rd Cir.).
ATLANTA — A Georgia federal judge on Oct. 3 granted a motion by Equifax Inc. to stay a putative class action over the firm’s recently announced data breach, pending a decision by the U.S. Judicial Panel on Multi-District Litigation (JPMDL) on the plaintiffs’ motion to consolidate the suit with similar suits filed across the country (James McGonnigal, et al. v. Equifax Inc., No. 1:17-cv-03422, N.D. Ga.).
SAN FRANCISCO — Facebook Inc. on Sept. 28 filed a renewed motion in California federal court to dismiss a putative class action alleging violation of Illinois’ Biometric Information Privacy Act (BIPA) via a photo-tagging feature, arguing that the plaintiffs fail to allege concrete injury sufficient to establish jurisdiction under Article III of the U.S. Constitution (In re Facebook Biometric Information Privacy Litigation, No. 3:15-cv-03747, N.D. Calif.).
WASHINGTON, D.C. — In a Sept. 25 brief to the U.S. Supreme Court, the U.S. government argues that its collection of historical cell site location information (CSLI) records via an order issued under the Stored Communications Act (SCA) during a criminal investigation did not violate a petitioner’s rights under the Fourth Amendment to the U.S. Constitution because he had no reasonable expectation of privacy in the records (Timothy Ivory Carpenter v. United States of America, No. 16-402, U.S. Sup.).
CHICAGO — A citizens group from Naperville, Ill., tells the Seventh Circuit U.S. Court of Appeals in a Sept. 8 reply brief that smart electric meters installed by the city violate residents’ privacy rights under the Fourth Amendment to the U.S. Constitution due to the frequency and detail of data collected (Naperville Smart Meter Awareness v. City of Naperville, No. 16-3766, 7th Cir.).
SAN FRANCISCO — A San Francisco city attorney on Sept. 26 sued Equifax Inc. in California state court on behalf of the people of the state of California, alleging violation of the state’s unfair competition law (UCL) based on the company’s purported failure to maintain proper security procedures prior to a recently announced data breach (California v. Equifax Inc., et al., No. CGC-17-561529, Calif. Super., San Francisco Co.).
ATLANTA — A class action brought by a group of financial institutions (FIs) over a 2014 data breach experienced by Home Depot Inc. came to a close Sept. 22, when a Georgia federal judge granted final approval of a settlement that includes enhanced data security procedures by the home improvement chain and a $25 million settlement fund (In re: Home Depot Inc., Customer Data Security Breach Litigation, No. 1:14-md-02583, N.D. Ga.).
ROME, Ga. — A group of former university students moved in Georgia federal court Sept. 22 for final approval of a settlement of negligence class claims against their alma matter based on the 2014 theft of records from the campus, which contained students’ personally identifiable information (PII) (Erin Bishop, et al. v. Shorter University Inc., No. 4:15-cv-00033, N.D. Ga.).
SAN FRANCISCO — Two former drivers with Uber Technologies Inc. argue that their putative class claims over a 2014 breach of the rideshare firm’s database are supported by claims of injuries they suffered due to their personal data being exposed, asking a California federal court in a Sept. 20 brief to deny Uber’s dismissal motion (Sasha Antman v. Uber Technologies Inc., et al., No. 3:15-cv-01175, N.D. Calif.).
SAN JOSE, Calif. — The U.S. government in a Sept. 20 brief tells a California federal court that Google Inc. should be sanctioned for its refusal to comply with a Stored Communications Act (SCA) warrant seeking production of foreign-stored emails, but the government opposes the tech firm’s motion for a contempt order, seeking a hearing to determine a sanction appropriate for Google’s willful actions (In re: Search of Content That is Stored at Premises Controlled by Google, No. 3:16-mc-80263, N.D. Calif.).
WASHINGTON, D.C. — A District of Columbia federal judge on Sept. 19 dismissed a consolidated class action against the U.S. Office of Personnel Management (OPM) related to a series of 2015 data breaches that compromised employees’ personally identifiable information (PII), finding that the two plaintiff employee unions failed to allege the necessary injuries or sufficient facts to establish standing under the asserted statutes (In Re: U.S. Office of Personnel Management Data Security Breach Litigation, No. 1:15-mc-01394, D. D.C., 2017 U.S. Dist. LEXIS 151449).
CHICAGO — An Illinois federal judge on Sept. 15 denied a motion to dismiss a class complaint accusing Shutterfly Inc. of violating Illinois’ Biometic Information Privacy Act (BIPA) by using facial recognition software to scan faces in uploaded images and then storing that data (Alejandro Monroy, et al. v. Shutterfly, Inc., No. 16-10984, N.D. Ill., 2017 U.S. Dist. LEXIS 149604).
WASHINGTON, D.C. — In a Sept. 15 brief, the U.S. government argues that a privacy rights organization has no standing to oppose a presidential commission’s collection of voter data, asking the District of Columbia Circuit U.S. Court of Appeals to affirm a trial court’s denial of the group’s request for a temporary restraining order (TRO) halting the collection program (Electronic Privacy Information Center v. Presidential Advisory Commission on Election Integrity, et al., No. 17-5171, D.C. Cir.).
SAN JOSE, Calif. — Voicing its intention to appeal a California federal judge’s ruling ordering it to comply with a warrant issued under the Stored Communications Act (SCA) seeking production of foreign-stored user emails, Google Inc. on Sept. 13 moved for an order of civil contempt related to its noncompliance, to establish appellate jurisdiction (In re: Search of Content That is Stored at Premises Controlled by Google, No. 3:16-mc-80263, N.D. Calif.).
WASHINGTON, D.C. — An appeals court correctly found that the presumption against extraterritorial application of U.S. laws prevented Microsoft Corp. from being compelled under the Stored Communications Act (SCA) to produce foreign-stored emails in response to a U.S. Department of Justice (DOJ) warrant, Microsoft argues in an Aug. 28 brief asking the U.S. Supreme Court to deny the DOJ’s petition for certiorari (United States v. Microsoft Corp. [In re: Warrant to Search a Certain E-Mail Account Controlled and Maintained by Microsoft Corp.], No. 17-2, U.S. Sup.).