Mealey's Data Privacy

  • October 16, 2017

    Supreme Court To Hear Case On Foreign Application Of Stored Communications Act

    WASHINGTON, D.C. — Over the opposition of Microsoft Corp., the U.S. Supreme Court on Oct. 16 granted the U.S. government’s petition for certiorari to decide whether a warrant issued under the Stored Communications Act (SCA) can be applied extraterritorially to require an email provider to produce data that is stored on foreign servers (United States v. Microsoft Corp. [In re:  Warrant to Search a Certain E-Mail Account Controlled and Maintained by Microsoft Corp.], No. 17-2, U.S. Sup.).

  • October 11, 2017

    Judge Grants Government’s Email Search Warrants With Alterations

    MONTGOMERY, Ala. — While affirming that a magistrate judge had not erred in denying the U.S. government’s warrants to search 15 email accounts, an Alabama federal judge on Sept. 28 ordered that the warrants be issued “[b]ecause the constitutional infirmities can be corrected with moderate alterations” (In re Search of Information Associated with 15 Email Addresses Stored at Premises Owned, Maintained, Controlled or Operated by 1&1 Media, Inc., et al., No. 2:17-cm-03152, M.D. Ala., 2017 U.S. Dist. LEXIS 159535).

  • October 9, 2017

    Yahoo, Plaintiffs To Brief On Impact Of 3 Billion User Announcement On Breach Suit

    SAN JOSE, Calif. — Following an Oct. 3 disclosure by Yahoo Inc. that a 2013 data breach affected 3 billion, rather than 1 billion users, a California federal judge on Oct. 5 directed Yahoo and the plaintiffs in a consolidated class action over that and other breaches to provide input on how this latest announcement will impact the proceedings (In re:  Yahoo! Inc. Customer Data Security Breach Litigation, No. 5:16-md-02752, N.D. Calif.).

  • October 6, 2017

    Ad Firm Seeks Rehearing Of 9th Circuit’s Mandamus Grant In ‘Zombie Cookies’ Suit

    SAN FRANCISCO — A Ninth Circuit U.S. Court of Appeals panel erred in granting mandamus vacating an order compelling arbitration in a suit over persistent cookies, an internet advertising firm says in an Oct. 3 petition for rehearing, asserting that the ruling conflicts with controlling case law and the principles of the Federal Arbitration Act (FAA) (Anthony Henson, et al. v. Turn Inc., et al., No. 16-71818, 9th Cir.).

  • October 5, 2017

    No Evidence That Franchisor Had Actual Knowledge Of Franchisee’s Use Of Spyware

    ATLANTA — A Georgia federal judge on Oct. 3 granted a franchisor’s motion for summary judgment on a claim that it aided and abetted a franchisee’s conduct of unlawfully accessing computers from a remote location and collecting private information through the “Detective Mode” of spyware software program but denied the franchisee’s motion for summary judgment as to the claims for intrusion upon seclusion (Michael Peterson, et al. v. Aaron's, Inc., et al., No. 14-1919, N.D. Ga., 2017 U.S. Dist. LEXIS 163364).

  • October 5, 2017

    J. Crew Customer Appeals Dismissal Of Credit Card Receipt Suit To 3rd Circuit

    PHILADELPHIA — In an Oct. 2 brief appealing dismissal of a class complaint under the Fair and Accurate Credit Transactions Act (FACTA) to the Third Circuit U.S. Court of Appeals, a plaintiff says that J. Crew Group Inc.’s inclusion of credit card digits on receipts created a threat of identity theft, thus constituting a concrete injury under the act and establishing Article III standing (Ahmed Kamal v. J. Crew Group Inc., et al., No. 17-2345 and 17-2453, 3rd Cir.).

  • October 4, 2017

    Equifax Data Breach Suits Stayed Pending JPMDL Consolidation Motions

    ATLANTA — A Georgia federal judge on Oct. 3 granted a motion by Equifax Inc. to stay a putative class action over the firm’s recently announced data breach, pending a decision by the U.S. Judicial Panel on Multi-District Litigation (JPMDL) on the plaintiffs’ motion to consolidate the suit with similar suits filed across the country (James McGonnigal, et al. v. Equifax Inc., No. 1:17-cv-03422, N.D. Ga.).

  • September 29, 2017

    Facebook Renews Bid To Dismiss Biometric Collection Class Action

    SAN FRANCISCO — Facebook Inc. on Sept. 28 filed a renewed motion in California federal court to dismiss a putative class action alleging violation of Illinois’ Biometric Information Privacy Act (BIPA) via a photo-tagging feature, arguing that the plaintiffs fail to allege concrete injury sufficient to establish jurisdiction under Article III of the U.S. Constitution (In re Facebook Biometric Information Privacy Litigation, No. 3:15-cv-03747, N.D. Calif.).

  • September 27, 2017

    Government To High Court: No Expectation Of Privacy In Cell Site Records

    WASHINGTON, D.C. — In a Sept. 25 brief to the U.S. Supreme Court, the U.S. government argues that its collection of historical cell site location information (CSLI) records via an order issued under the Stored Communications Act (SCA) during a criminal investigation did not violate a petitioner’s rights under the Fourth Amendment to the U.S. Constitution because he had no reasonable expectation of privacy in the records (Timothy Ivory Carpenter v. United States of America, No. 16-402, U.S. Sup.).

  • September 27, 2017

    Group Asks 7th Circuit To Weigh 4th Amendment Issues Of Smart Electric Meters

    CHICAGO — A citizens group from Naperville, Ill., tells the Seventh Circuit U.S. Court of Appeals in a Sept. 8 reply brief that smart electric meters installed by the city violate residents’ privacy rights under the Fourth Amendment to the U.S. Constitution due to the frequency and detail of data collected (Naperville Smart Meter Awareness v. City of Naperville, No. 16-3766, 7th Cir.).

  • September 27, 2017

    UCL Suit Filed Over Equifax Data Breach On Behalf Of California

    SAN FRANCISCO — A San Francisco city attorney on Sept. 26 sued Equifax Inc. in California state court on behalf of the people of the state of California, alleging violation of the state’s unfair competition law (UCL) based on the company’s purported failure to maintain proper security procedures prior to a recently announced data breach (California v. Equifax Inc., et al., No. CGC-17-561529, Calif. Super., San Francisco Co.).

  • September 26, 2017

    Final Approval Granted To $25 Million Home Depot Data Breach Suit Settlement

    ATLANTA — A class action brought by a group of financial institutions (FIs) over a 2014 data breach experienced by Home Depot Inc. came to a close Sept. 22, when a Georgia federal judge granted final approval of a settlement that includes enhanced data security procedures by the home improvement chain and a $25 million settlement fund (In re:  Home Depot Inc., Customer Data Security Breach Litigation, No. 1:14-md-02583, N.D. Ga.).

  • September 26, 2017

    Final Approval Sought For $175,000 Settlement Of School Records Theft Suit

    ROME, Ga. — A group of former university students moved in Georgia federal court Sept. 22 for final approval of a settlement of negligence class claims against their alma matter based on the 2014 theft of records from the campus, which contained students’ personally identifiable information (PII) (Erin Bishop, et al. v. Shorter University Inc., No. 4:15-cv-00033, N.D. Ga.).

  • September 25, 2017

    Uber Drivers Argue Injury, Standing Alleged In Data Breach Suit

    SAN FRANCISCO — Two former drivers with Uber Technologies Inc. argue that their putative class claims over a 2014 breach of the rideshare firm’s database are supported by claims of injuries they suffered due to their personal data being exposed, asking a California federal court in a Sept. 20 brief to deny Uber’s dismissal motion (Sasha Antman v. Uber Technologies Inc., et al., No. 3:15-cv-01175, N.D. Calif.).

  • September 22, 2017

    Government Seeks Contempt Hearing Over Google’s SCA Warrant Noncompliance

    SAN JOSE, Calif. — The U.S. government in a Sept. 20 brief tells a California federal court that Google Inc. should be sanctioned for its refusal to comply with a Stored Communications Act (SCA) warrant seeking production of foreign-stored emails, but the government opposes the tech firm’s motion for a contempt order, seeking a hearing to determine a sanction appropriate for Google’s willful actions (In re:  Search of Content That is Stored at Premises Controlled by Google, No. 3:16-mc-80263, N.D. Calif.).

  • September 21, 2017

    Unions Lack Standing To Sue OPM Over Data Breach, Judge Rules, Dismissing Suit

    WASHINGTON, D.C. — A District of Columbia federal judge on Sept. 19 dismissed a consolidated class action against the U.S. Office of Personnel Management (OPM) related to a series of 2015 data breaches that compromised employees’ personally identifiable information (PII), finding that the two plaintiff employee unions failed to allege the necessary injuries or sufficient facts to establish standing under the asserted statutes (In Re:  U.S. Office of Personnel Management Data Security Breach Litigation, No. 1:15-mc-01394, D. D.C., 2017 U.S. Dist. LEXIS 151449).

  • September 19, 2017

    Class Suit Over Shutterfly’s Facial Recognition Software Survives Motion To Dismiss

    CHICAGO — An Illinois federal judge on Sept. 15 denied a motion to dismiss a class complaint accusing Shutterfly Inc. of violating Illinois’ Biometic Information Privacy Act (BIPA) by using facial recognition software to scan faces in uploaded images and then storing that data (Alejandro Monroy, et al. v. Shutterfly, Inc., No. 16-10984, N.D. Ill., 2017 U.S. Dist. LEXIS 149604).

  • September 18, 2017

    On Appeal, Government Says Group Lacks Standing To Sue Over Voter Info Collection

    WASHINGTON, D.C. — In a Sept. 15 brief, the U.S. government argues that a privacy rights organization has no standing to oppose a presidential commission’s collection of voter data, asking the District of Columbia Circuit U.S. Court of Appeals to affirm a trial court’s denial of the group’s request for a temporary restraining order (TRO) halting the collection program (Electronic Privacy Information Center v. Presidential Advisory Commission on Election Integrity, et al., No. 17-5171, D.C. Cir.).

  • September 15, 2017

    Google Seeks Contempt Order To Appeal SCA Extraterritorial Warrant Ruling

    SAN JOSE, Calif. — Voicing its intention to appeal a California federal judge’s ruling ordering it to comply with a warrant issued under the Stored Communications Act (SCA) seeking production of foreign-stored user emails, Google Inc. on Sept. 13 moved for an order of civil contempt related to its noncompliance, to establish appellate jurisdiction (In re:  Search of Content That is Stored at Premises Controlled by Google, No. 3:16-mc-80263, N.D. Calif.).

  • September 13, 2017

    Microsoft Opposes Certiorari In Suit Over Production Of Foreign-Stored Emails

    WASHINGTON, D.C. — An appeals court correctly found that the presumption against extraterritorial application of U.S. laws prevented Microsoft Corp. from being compelled under the Stored Communications Act (SCA) to produce foreign-stored emails in response to a U.S. Department of Justice (DOJ) warrant, Microsoft argues in an Aug. 28 brief asking the U.S. Supreme Court to deny the DOJ’s petition for certiorari (United States v. Microsoft Corp. [In re:  Warrant to Search a Certain E-Mail Account Controlled and Maintained by Microsoft Corp.], No. 17-2, U.S. Sup.).