SANTA ANA, Calif. — Calling it “one of the largest settlements in history for privacy cases,” a group of consumers suing Vizio Inc. over its surreptitious viewing habits data collection practices filed a motion in California federal court April 15, seeking final approval of a settlement agreement with the smart TV maker that would establish a $17 million fund and require clear disclosures of any future data collection (In Re: Vizio Inc., Consumer Privacy Litigation, No. 8:16-ml-02693, C.D. Calif.).
SAN FRANCISCO — Supporting its motion to dismiss a lawsuit over its now-discontinued practice of scraping call and text data from older model Android smartphones, Facebook Inc. on April 12 filed a reply brief in California federal court, arguing that the plaintiffs expressly consented to the collection of such data and that they have not established that any of the collected data was shared or that their privacy was violated (Lawrence Olin, et al. v. Facebook Inc., No. 3:18-cv-01881, N.D. Calif.).
SAN FRANCISCO — A putative class of Facebook Inc. users filed a brief in California federal court April 12, opposing the social network’s motion to dismiss privacy and negligence claims over its sharing of users’ content and information with third parties, arguing that they sufficiently established standing to sue based on the violation of their privacy rights and the diminished value of their personal information (In re Facebook Inc., Consumer Privacy User Profile Litigation, No. 3:18-md-2843, N.D. Calif.).
CHICAGO — Hotel employees’ putative class claims over the collection, storage and disclosure of their fingerprints for timekeeping purposes is not a “wage or hour violation” subject to arbitration under the hotel’s employment agreement, an Illinois appeals panel ruled April 9 (Tony Liu, et al. v. Four Seasons Hotel, Ltd., et al., No. 17 CH 14949, Ill. App., 1st Dist., 2019 Ill. App. LEXIS 233).
SAN JOSE, Calif — After the first attempt to settle a consolidated class action against Yahoo Inc. for $50 million was rejected by a California federal judge in January, the plaintiffs bringing suit over a series of data breaches filed a motion April 9 seeking approval of a newly proposed $117.5 million settlement that they say is the largest ever for a data breach suit (In re: Yahoo! Inc. Customer Data Security Breach Litigation, No. 5:16-md-02752, N.D. Calif.).
WILMINGTON, Del. — At a March 11 discovery hearing, a Delaware judge granted in part a defendant’s motion to compel an Irish medical imaging company to produce performance audit data from its Dublin, Ireland, plant, while declining to order discovery of similar data from other third-party plants and suppliers, deeming it irrelevant to the parties’ contractual dispute (Guerbet Ireland Unlimited Co., et al. v. SpecGX LLC, No. N18C-05-159, Del. Super.).
SCRANTON, Pa. — A federal judge in Pennsylvania on March 25 denied a defendant’s motion to suppress the admission of a thumb drive that contains the identifying information of more than 400 people for the purpose of filing federal income tax returns, finding that federal law applies to the charges of insurance fraud and tax fraud against the man and that the warrant that was executed to obtain the drive was not overbroad (United States v. Frank J. Capozzi, No. 16cr347, M.D. Pa., 2019 U.S. Dist. LEXIS 55075).
NEW YORK — Because a British resident chose to file a now-dismissed complaint against her former employer, which included her address, in U.S. federal court, a New York federal judge on April 3 held that the information was publicly available and, therefore, the subsequent online publication of the complaint by two websites did not violate the General Data Protection Act (GDPR) (Miheala Popa v. Robert E. Moritz, No. 1:18-cv-11300, S.D. N.Y., 2019 U.S. Dist. LEXIS 58458).
SAN FRANCISCO — The Ninth Circuit U.S. Court of Appeals on March 31 set an oral argument date of June 12 for an Illinois man’s appeal of the dismissal of his lawsuit claiming that Facebook Inc.’s facial recognition technology violates an Illinois biometric privacy law (Frederick William Gullen v. Facebook Inc., No. 18-15785, 9th Cir.).
SAN FRANCISCO — Opposing a motion by Facebook Inc. to dismiss a consolidated lawsuit over a 2018 data breach related to the user profile “View As” feature, a group of the social network’s users filed a brief in California federal court on April 4, arguing that they sufficiently alleged injuries that are fairly traceable to the breach, as well as negligence and breach of contractual duties by Facebook (Jasper Schmidt, et al. v. Facebook Inc., No. 3:18-cv-05982, N.D. Calif.).
PHILADELPHIA — In an April 2 letter brief, Google LLC tells the Third Circuit U.S. Court of Appeals that a recent ruling in which the U.S. Supreme Court declined to decide whether a cy pres privacy class action settlement was appropriate has no bearing on the present case due to differences in relief sought and damages claimed (In Re: Google Inc. Cookie Placement Consumer Privacy Litigation, No. 17-1480, 3rd Cir.).
ATLANTA — Equifax Inc. and a putative class of consumers each filed briefs in Georgia federal court on April 1, opposing a motion by three Native American tribes to establish a separate track for the tribes in the centralized multidistrict litigation MDL over the 2017 Equifax data breach, arguing that the tribes have not identified any unique claims or discovery means that would necessitate a separate track (In Re: Equifax Inc., Customer Data Security Breach Litigation, No. 1:17-md-2800, N.D. Ga.).
CHARLESTON, S.C. — A mother who filed a putative privacy class action against Google LLC and YouTube LLC for purportedly collecting her minor child’s personally identifiable information (PII) without consent, saw her claims dismissed March 31 by a South Carolina federal judge, who found that she did not sufficiently allege “highly offensive” behavior or any resulting harm (Sirdonia Lashay Manigault-Johnson, et al. v. Google LLC, et al., No. 2:18-cv-01032, D. S.C.).
ATLANTA — One day after a Georgia federal judge remanded claims by 100 California plaintiffs from a consolidated class action against Equifax Inc. over its 2017 data breach, a group of banks and financial institutions (FIs) filed a motion on March 20 to amend their claims against the credit-reporting service provider, some of which had been previously dismissed by the judge, to plead damages that they claim to have experienced due to the breach (In Re: Equifax Inc., Customer Data Security Breach Litigation, No. 1:17-md-2800, N.D. Ga.).
ROCHESTER, N.Y. — More than a year after a group of policyholders saw some of their dismissed claims over a 2013 data breach reinstated, the plaintiffs filed a second amended complaint in New York federal court on March 25 against their insurer, abandoning previously asserted claims for breach of contract and negligent misrepresentation (Matthew Fero, et al. v. Excellus Health Plan Inc., et al., No. 6:15-cv-06569, W.D. N.Y.).
JOHNSTOWN, Pa. — A former employee had a reasonable expectation of privacy in files and photographs stored in her personal cloud-based Dropbox account, even though she sometimes used the account for work-related purposes, a Pennsylvania federal judge ruled March 19, declining to dismiss a civil rights claim based on an alleged violation of the employee’s rights under the Fourth Amendment to the U.S. Constitution (Elizabeth Frankhouser v. Clearfield County Career and Technology Center, et al., No. 3:18-cv-00180, W.D. Pa., 2019 U.S. Dist. LEXIS 44559).
WASHINGTON, D.C. — More than three months after a case over a 2012 data breach was first distributed for conference, the U.S. Supreme Court on March 25 declined to consider a question presented by Zappos.com Inc. in which the online retailer sought a uniform standard to determine what constitutes a concrete injury for purposes of standing under Article III of the U.S. Constitution in class actions over data breach incidents (Zappos.com Inc. v. Theresa Stevens, et al., No. 18-225, U.S. Sup., 2019 U.S. LEXIS 2106).
CHICAGO — Border agents’ warrantless search of a traveler’s electronic devices, which revealed the existence of child pornography, was conducted in good faith and with reasonable suspicion, a Seventh Circuit U.S. Court of Appeals panel ruled March 19, finding no violation of the Fourth Amendment to the U.S. Constitution and affirming a trial court’s denial of a motion to suppress the obtained data (United States v. Donald Wanjiku, No. 18-1973, 7th Cir., 2019 U.S. App. LEXIS 8154).
NEW HAVEN, Conn. — The University of Connecticut and UCONN Health failed to properly secure patients’ personally identifiable information (PII) and protected health information (PHI), resulting in a hacker accessing the personal data of more than 326,000 patients, one patient claims in a March 18 class complaint filed in a Connecticut federal court, seeking an injunction and damages (Yoselin Martinez, et al. v. University of Connecticut, et al., No. 19-416, D. Conn.).
OAKLAND, Calif. — Google LLC, Apple Inc. and Facebook Inc. each filed motions in California federal court on March 18 to dismiss a putative class action over the social network’s purported tracking of users’ locations via their smartphone apps (Brendan Lundy, et al. v. Facebook Inc., et al., No. 4:18-cv-06793, N.D. Calif.).