WASHINGTON, D.C. — Citing concerns under the First and Fourth Amendments to the U.S. Constitution, a web-hosting firm on Aug. 11 told a District of Columbia court that a U.S. Department of Justice search warrant seeking identifying information for visitors to an anti-Donald Trump website is overbroad and in violation of federal privacy law (In re: the Search of www.disruptj20.org that Is Stored at Premises Owned, Maintained, Controlled,, or Operated by DreamHost, No. 17 CSW 3438, D.C. Super.).
SAN FRANCISCO — Considering remand instructions from the U.S. Supreme Court, a Ninth Circuit U.S. Court of Appeals panel on Aug. 15 again ruled in favor of a man that charged a data aggregator with Fair Credit Reporting Act (FCRA) violations for posting inaccurate information about him, deeming the alleged resulting harm to be sufficiently concrete to constitute an injury-in-fact to establish standing under Article III of the U.S. Constitution (Thomas Robins v. Spokeo Inc., No11-56843, 9th Cir., 2017 U.S. App. LEXIS 15211).
DALLAS — A lead plaintiff’s class suit under the Fair and Accurate Credit Transactions Act (FACTA) that accuses a supermarket of not properly truncating customers’ information on its receipts fails due to no showing of injury in fact, a Texas federal judge ruled Aug. 9 (Sumeet Batra, et al. v. RLS Supermarkets LLC, No. 16-2874, N.D. Texas, 2017 U.S. Dist. LEXIS 125877).
ERIE, Pa. — A Wyoming couple’s claims that computer seller and lessor and its franchisee violated the Electronic Communications Privacy Act (ECPA) by installing spyware on its computers are not suited for class certification because individualized issues pertaining to liability predominate, a Pennsylvania federal magistrate judge ruled Aug. 4 (Crystal Byrd, et al. v. Aaron’s, Inc., et al., No. 11-101, W.D. Pa., 2017 U.S. Dist. LEXIS 124291).
TRENTON, N.J. — A New Jersey federal judge on Aug. 8 granted a plaintiff’s motion to strike and bar Wal-Mart Stores East Inc.’s use of the deposition transcript and documents obtained as a result of a March 28 deposition of the plaintiff’s physician, but refused to disqualify Wal-Mart’s counsel for conducting the deposition (Patricia Hone v. Wal-Mart, Inc., No. 14-1006, D. N.J., 2017 U.S. Dist. LEXIS 124736).
SAN FRANCISCO — Several days after filing a complaint accusing The Walt Disney Co. and its partners of violating the Children’s Online Privacy Protection Act (COPPA), a California woman on Aug. 7 filed a second nearly identical class action lawsuit in the U.S. District Court for the Northern District of California accusing Viacom Inc. and its partners of capturing and selling children’s personally identifying information (Amanda Rushing, et al. v. Viacom Inc., et al., No. 17-4492, N.D. Calif.).
NEW YORK — The New York attorney general on Aug. 9 announced that Nationwide Mutual Insurance Co. and its subsidiary, Allied Property & Casualty Insurance Co., will pay $5.5 million to settle claims by attorneys general from 32 states and the District of Columbia over an October 2012 data breach.
PASADENA, Calif. — An employee who sued his employer following a data breach must arbitrate his claims but may proceed representing a class because the agreement he signed doesn’t bar class arbitration, a split Ninth Circuit U.S. Court of Appeals panel ruled Aug. 3 (Frank Varela, et al. v. Lamps Plus, Inc., et al., No. 16-56085, 9th Cir., 2017 U.S. App. LEXIS 14284).
SAN FRANCISCO — The Walt Disney Co. and its partners violate the Children’s Online Privacy Protection Act (COPPA) by capturing children’s personally identifying information while they are playing Disney’s online games via smart phone apps and then selling that information to third parties, a California woman and her minor child allege in an Aug. 3 class complaint filed in the U.S. District Court for the Northern District of California (Amanda Rushing, et al. v. The Walt Disney Company, et al., No. 17-4419, N.D. Calif.).
WASHINGTON, D.C. — The plaintiffs in a putative negligence class action against their insurer sufficiently alleged that the access of their personally identifiable information (PII) in a data breach created an increased risk of identity theft and, thus, an injury, a District of Columbia Circuit U.S. Court of Appeals ruled Aug. 1, reversing a trial court’s dismissal for lack of standing (Chantal Attias, et al. v. CareFirst Inc., et al., No. 16-7108, D.C. Cir., 2017 U.S. App. LEXIS 13913).
SEATTLE — The National Rifle Association of America (NRA) and a third-party company responsible for placing membership calls on the NRA’s behalf convinced a Washington federal judge on July 26 to dismiss a claim under the Washington Do Not Call Statute (WDNC) related to allegedly unwanted calls, but must face allegations that the calls violated other state laws (Katharyn Kalmbach, et al. v. National Rifle Association of America, et al., No. 17-399, W.D. Wash., 2017 U.S. Dist. LEXIS 117113).
WASHINGTON, D.C. — The day after the FBI and a privacy rights organization filed a stipulation of dismissal, a District of Columbia federal judge on Aug. 1 adopted the stipulation and dismissed the Freedom of Information Act (FOIA) lawsuit centering on a document request related to the FBI’s biometric identification program (Electronic Privacy Information Center v. Federal Bureau of Investigation, No. 1:16-cv-02237, D. D.C.).
SAN FRANCISCO — A group of Seagate Technology LLC employees on July 27 moved for preliminary approval of a putative class action over a 2016 phishing incident at the company that exposed their personally identifiable information (PII), asking a California federal court to greenlight relief in the form of restitution and identity theft protection, potentially valued at $42 million (Everett Castillo, et al. v. Seagate Technology LLC, No. 3:16-cv-01958, N.D. Calif.).
SAN FRANCISCO — The plaintiffs in a putative class action over the sharing of contact information on devices made by Apple Inc. saw their class certification motion denied July 25, with a California federal judge finding that the plaintiffs failed to establish the necessary predominance factors in their false advertising and unfair competition claims against Apple (Marc Opperman, et al. v. Kong Technologies Inc., et al., No. 3:13-CV-00453, N.D. Calif., 2017 U.S. Dist. LEXIS 116333).
SAN JOSE, Calif. — For the second time in two years, a California federal judge on June 30 dismissed putative privacy class clams against Facebook Inc. based on the social network’s purported use of tracking cookies, with the judge ruling that the claims all failed for lack of standing or failure to state a claim (In re: Facebook Internet Tracking Litigation, No. 5:12-md-02314, N.D. Calif., 2017 U.S. Dist. LEXIS 102464).
SANTA ANA, Calif. — A previously dismissed Wiretap Act putative class claim against Vizio Inc. survived a second dismissal motion July 25, with a California federal judge finding that the plaintiffs sufficiently alleged interception of communications via Vizio’s purported use of surreptitious software that tracked TV owners’ viewing habits (In Re: Vizio, Inc., Consumer Privacy Litigation, No. 8:16-ml-02693, C.D. Calif.).
WASHINGTON, D.C. — The Electronic Privacy Information Center (EPIC) lacks standing to pursue constitutional or statutory claims on behalf of its members in its quest to halt the collection of voter data information from states by the newly established Presidential Advisory Commission on Election Integrity (PACEI), a District of Columbia federal judge ruled July 24, denying the privacy rights organization’s motion for a temporary restraining order (TRO) (Electronic Privacy Information Center v. Presidential Advisory Commission on Election Integrity, et al., No. 1:17-cv-01320, D. D.C., 2017 U.S. Dist. LEXIS 114576).
SAN JOSE, Calif. — Four months after a prior proposed settlement with Google Inc. was rejected by a California federal judge, the lead plaintiffs in a putative class action alleging privacy violations in the scanning and processing of emails of non-Gmail users on July 21 submitted a revised proposed settlement that they say “requires Google to make significant business practice changes that will benefit” class members while retaining their ability to pursue monetary claims under the asserted statutes (Daniel Matera, et al. v. Google Inc., No. 5:15-cv-04062, N.D. Calif.).
CHICAGO — A group of plaintiffs alleging putative class claims against digital smart toy maker VTech Electronics North America LLC saw their complaint dismissed by an Illinois federal judge July 5, who found that they failed to properly state their contractual claims based on a 2015 breach of the company’s website that resulted in the theft of customers’ personally identifiable information (PII) (In re VTech Data Breach Litigation, No. 1:15-cv-10889, N.D. Ill.; 2017 U.S. Dist. LEXIS 103298).
SAN FRANCISCO — A John Doe customer of a virtual currency firm has established his interest in an Internal Revenue Service enforcement action seeking personal records of the firm’s customers, a California federal magistrate judge ruled July 18, granting the Doe’s motion to intervene and oppose the IRS’s summons (United States v. Coinbase Inc., No. 3:17-cv-01431, N.D. Calif., 2017 U.S. Dist. LEXIS 111756).