SAN FRANCISCO — Denying a motion for partial summary judgment by the U.S. Department of Justice (DOJ), a California federal judge on Nov. 18 found that the Federal Bureau of Investigation did not meet its burden to invoke a “Glomar response” to a Freedom of Information Act (FOIA) request in which the American Civil Liberties Union Foundation (ACLUF) sought production of documents and information related to the bureau’s social media surveillance techniques (American Civil Liberties Union Foundation, et al. v. U.S. Department of Justice, et al., No. 3:19-cv-00290, N.D. Calif., 2019 U.S. Dist. LEXIS 199607).
BALTIMORE — The plaintiffs in four putative class actions against the four major U.S. mobile carriers failed to establish that arbitration provisions within their respective customer agreements are unconscionable, a Maryland federal judge ruled Oct. 24, granting the carriers’ motions to compel arbitration and stay the lawsuits over the companies’ purported selling of customers’ geolocation data (Paul Baron v. Sprint Corp., No. 1:19-cv-01255, D. Md.; Tyler Morrison v. AT&T Mobility LLC, No. 1:19-cv-01257, D. Md.; Michelle Morrison v. Verizon Communications Inc., et al., No. 1:19-cv-01298, D. Md.; Shawnay Ray, et al. v. T-Mobile US Inc., No. 1:19-cv-01299, D. Md.).
MINNEAPOLIS — Citing a multimillion dollar coverage dispute of more than five years with its primary insurer over its settlement with a group of financial institutions (FIs) over a 2013 data breach, Target Corp. filed breach of contract claims against the insurer in Minnesota federal court on Nov. 15, seeking coverage declarations and damages (Target Corp. v. ACE American Insurance Co., et al., No. 0:19-cv-02916, D. Minn.).
SAN FRANCISCO — A customer of Delta Air Lines Inc. tells the Ninth Circuit U.S. Court of Appeals in a Nov. 18 brief that The Airline Deregulation Act (ADA) does not preempt her ability to bring contractual claims against the airline related to a 2017 data breach that compromised her personally identifiable information (PII), appealing the dismissal of her putative class complaint (Teresa J. McGarry v. Delta Air Lines Inc., et al., No. 19-55790, 9th Cir.).
DOTHAN, Ala. — GPS tracking of a borrowed vehicle with the owner’s consent did not violate the driver’s rights under the Fourth Amendment to the U.S. Constitution, an Alabama federal judge ruled Nov. 15, adopting a magistrate’s recommendation to deny an indictee’s motion to suppress the GPS data because he had no reasonable expectation of privacy in his movements on public roads (United States v. Joshua Drake Howard, No. 1:19-cr-00054, M.D. Ala., 2019 U.S. Dist. LEXIS 198081).
OAKLAND, Calif. — Asserting that it has made no misrepresentations about its collection of users’ internet protocol (IP) addresses and corresponding estimated location data, Facebook Inc. on Nov. 15 asked a California federal court to dismiss putative privacy, fraud and contract class claims against it, defending IP address collection as a necessary practice (Brendan Lundy, et al. v. Facebook Inc., No. 3:18-cv-06793, N.D. Calif.).
CHICAGO — More than a year after she declined to approve an earlier proposed settlement between The Neiman Marcus Group LLC and a class of customers suing it over a 2013 data breach, an Illinois federal judge on Nov. 15 granted preliminary approval to a revised $1.6 million settlement agreement between the parties that addressed the judge’s previously identified concerns about the adequacy of class representation (Hilary Remijas, et al. v. The Neiman Marcus Group, LLC, No. 1:14-cv-01735, N.D. Ill.).
WILMINGTON, Del. — Three months after the Third Circuit U.S. Court of Appeals declined to approve a cy pres-only settlement of a privacy class action over Google LLC’s surreptitious collection of user data via cookies, a Delaware federal judge on Nov. 15 directed the plaintiffs in the remanded suit to file a motion for preliminary approval of a revised settlement agreement between the parties (In Re: Google Inc. Cookie Placement Consumer Privacy Litigation, No. 1:12-md-02358, D. Del.).
BOSTON — Mostly granting summary judgment to a group of plaintiffs claiming violation of the Fourth Amendment to the U.S. Constitution from the warrantless searches of their electronic devices by border personnel, a Massachusetts federal judge on Nov. 12 ruled that such searches require reasonable suspicion rather than merely probable cause in light of the privacy implications from the breadth of personal information that can be stored on devices (Ghassan Alasaad, et al. v. Kirstjen Nielsen, et al., No. 1:17-cv-11730, D. Mass., 2019 U.S. Dist. LEXIS 195556).
SAN FRANCISCO — A California federal magistrate judge delivered a mixed ruling for Facebook Inc. in a Nov. 7 discovery order, sustaining the social network’s objection to disclosing its source code to one of the proposed expert witnesses for a putative class suing it over scraping certain data from Android mobile devices, while finding that there was no risk of harm in disclosure to a second witness (Lawrence Olin, et al. v. Facebook Inc., No. 3:18-cv-01881, N.D. Calif.).
WASHINGTON, D.C. — An employer violated the National Labor Relations Act (NLRA) when it had an employee report back on the membership and postings in a private Facebook group where other employees were discussing unionization and by firing two workers who supported the union, a three-member National Labor Relations Board panel ruled Oct. 29 (National Captioning Institute, Inc. and National Association of Broadcast Employees & Technicians—Communications Workers of America, AFL-CIO, Nos. 16-CA-182528, 16-CA-183953, 16-CA-187150, 16-CA-188322 and 16-CA-188346, NLRB).
ERIE, Pa. — A rent-to-own (RTO) franchisee being sued for privacy violations over the installation of spyware on customers’ computers was denied access to a confidential settlement between its franchisor and the plaintiffs on Oct. 22, with a Pennsylvania federal magistrate judge finding that the franchisee failed to establish relevance or a need for the requested information sufficient to support its motion to compel (Crystal Byrd, et al. v. Aaron’s Inc., et al., No. 1:11-cv-00101, W.D. Pa.).
SAN FRANCISCO — A California federal judge on Oct. 31 denied Facebook Inc.’s motion to certify for interlocutory appeal a September ruling that mostly denied dismissal of a putative class action over the 2015 incident that led to millions of the social network’s users’ personally identifiable information (PII) being shared with an analytics firm (In re Facebook Inc., Consumer Privacy User Profile Litigation, No. 3:18-md-02843, N.D. Calif.).
CHICAGO — More than a year after an Illinois federal judge declined to approve the settlement of a class action over a 2013 data breach experienced by The Neiman Marcus Group LLC, the plaintiffs on Oct. 28 moved for preliminary approval of a revised class action settlement that maintains the previously proposed $1.6 million settlement fund while redefining the proposed settlement class to account for the judge’s stated concerns over inadequate representation (Hilary Remijas, et al. v. The Neiman Marcus Group, LLC, No. 1:14-cv-01735, N.D. Ill.).
SAN FRANCISCO — Zendesk Inc. and several of its senior executive officers concealed the company’s exposure to a massive data breach that affected more than 10,000 customers in addition to failing to disclose its poor financial condition in several international markets in violation of federal securities laws, a shareholder argues in an Oct. 24 complaint filed in California federal court (Charles Reidinger v. Zendesk Inc., et al., No. 19-6968, N.D. Calif.).
SAN FRANCISCO — Three iTunes users who claimed privacy violations by Apple Inc.’s purported sharing of their “personal listing information” (PLI) with third parties saw their putative class complaint dismissed on Oct. 25 by a California federal judge who deemed their evidence and exhibits insufficient to establish their claims (Leigh Wheaton, et al. v. Apple Inc., No. 3:19-cv-02883, N.D. Calif.).
SAN FRANCISCO — Less than a week after the Ninth Circuit U.S. Court of Appeals denied Facebook Inc.’s motion to rehear a dispute over class certification in a lawsuit accusing it of violating an Illinois biometric privacy law, the social network on Oct. 24 asked the appeals court to stay its mandate pending Facebook’s stated intention to seek certiorari from the U.S. Supreme Court (Nimesh Patel, et al. v. Facebook Inc., No. 18-15982, 9th Cir.).
SAN FRANCISCO — A customer of New Moosejaw LLC sufficiently alleged most of his privacy claims against the sportswear seller over its alleged scanning of computers of visitors to its website, a California federal judge ruled Oct. 23, mostly denying motions to dismiss the putative class complaint by Moosejaw and its marketing partner (Jeremiah Revitch v. New Moosejaw LLC, et al., No. 3:18-cv-06827, N.D. Calif.).
WASHINGTON, D.C. — On Oct. 22, the Federal Trade Commission announced charges against, and a proposed settlement with, a company that makes and distributes “stalker” apps, which allow a user to surreptitiously track another individual’s whereabouts and online activities after being installed on their mobile devices (In re Retina-X Studios LLC, et al., No. 1723118, FTC).
WASHINGTON, D.C. — A panel ruling that reversed the dismissal of a labor union’s negligence and privacy claims against the U.S. Office of Personnel Management (OPM) and one of its contractors related to a 2015 data breach will stand, the District of Columbia Circuit U.S. Court of Appeals ruled Oct. 21 as it denied petitions for rehearing en banc by the agency and contractor (In Re: U.S. Office of Personnel Management Data Security Breach Litigation, Nos. 17-5217 & 17-5232, D.C. Cir.).