Mealey's Data Privacy

  • April 25, 2018

    SEC Levies $35 Million Fine For Failure To Disclose Yahoo Data Breach

    WASHINGTON, D.C. — In an April 24 order, the Securities and Exchange Commission announced a $35 million penalty agreement with the successor of Yahoo! Inc., by which it settled charges that the internet firm misled investors by failing to report a massive 2014 data breach for two years (In re Altaba Inc., No. N/A, SEC).

  • April 25, 2018

    Google Says Standing, Injury Lacking In Suits Over Illinois Biometric Law

    CHICAGO — The plaintiffs in two putative class actions alleging violation of Illinois’ Biometric Information Privacy Act (BIPA) lack standing under Article III of the U.S. Constitution, Google LLC says in an April 23 summary judgment motion in Illinois federal court, arguing that the plaintiffs have not established a concrete injury under the act (Lindabeth Rivera v. Google LLC, No. 1:16-cv-02714, and Joseph Weiss v. Google LLC, No. 1:16-cv-02870, N.D. Ill.).

  • April 24, 2018

    Fraud, Contract Class Claims Over VTech Data Breach Again Dismissed

    CHICAGO — The plaintiffs in a putative class action against VTech Electronics North America LLC saw their claims related to a 2015 data breach get dismissed a second time April 18, when an Illinois federal judge held that they failed to establish any implied contractual breaches or unfair conduct by the digital toy maker (In re VTech Data Breach Litigation, No. 1:15-cv-10889, N.D. Ill., 2018 U.S. Dist. LEXIS 65060).

  • April 20, 2018

    9th Circuit Denies Zappos Rehearing Over Plaintiffs’ Standing In Data Breach Suit

    SAN FRANCISCO — The Ninth Circuit U.S. Court of Appeals on April 20 denied a motion by Zappos.com Inc. to reconsider a March panel ruling that found that a putative class of Zappos customers had standing under Article III of the U.S. Constitution to sue the online retailer over a 2012 data breach that exposed their personally identifiable information (PII) (In re Zappos.com Inc. Customer Data Security Breach Litigation, No. 16-16860, 9th Cir.).

  • April 18, 2018

    Disability Claimant’s Interest In Privacy Supports Sealing Entire Administrative Record

    PORTLAND, Ore. — An Oregon federal judge on April 17 granted a disability claimant’s motion to file the entire administrative record under seal after determining that the claimant’s interest in keeping her personal and medical information private outweighs the right of public access to the information (Alison Gary v. Unum Life Insurance Company of America, No. 17-1414, D. Ore., 2018 U.S. Dist. LEXIS 64186).

  • April 18, 2018

    Judge Certifies Illinois Users Class In Facebook Facial Scan Privacy Suit

    SAN FRANCISCO — A group of Illinois Facebook Inc. users were handed another victory April 16, as a California judge certified one of the proposed classes in their lawsuit, in which they claim that the social network operator violated the Illinois Biometric Information Privacy Act (BIPA) by collecting users’ facial scans in connection with a photo-tagging feature (In re Facebook Biometric Information Privacy Litigation, No. 3:15-cv-03747, N.D. Calif., 2018 U.S. Dist. LEXIS 63930).

  • April 17, 2018

    Class Certification Denied In Suit Claiming Prison Calls Were Not Private

    SAN DIEGO — A California federal judge on April 12 declined to certify a class of inmates and attorneys whose phone calls were allegedly eavesdropped on and/or recorded by the company providing inmate communication services, Securus Technologies Inc., finding that the plaintiffs bringing the lawsuit failed to show that a class action is a superior method for proceeding with their claims (Juan Romero, et al. v. Securus Technologies, Inc., No. 16-1283, S.D. Calif., 2018 U.S. Dist. LEXIS 63084).

  • April 17, 2018

    Supreme Court Deems Foreign-Stored Email Suit Mooted By CLOUD Act

    WASHINGTON, D.C. — The U.S. Supreme Court on April 17 declared an already-argued case between the U.S. government and Microsoft Corp. over law enforcement’s ability to compel production of foreign-stored emails to be mooted by the newly passed Clarifying Lawful Overseas Use of Data Act (CLOUD Act), which amended the warrant provision of the Stored Communications Act (SCA) at issue in the suit, leaving no live dispute between the parties (United States v. Microsoft Corp., No. 17-2, U.S. Sup., 2018 U.S. LEXIS 2495).

  • April 16, 2018

    7th Circuit Reinstates Barnes & Noble Data Theft Class Suit, Finds Damages

    CHICAGO — A Seventh Circuit U.S. Court of Appeals panel on April 11 reinstated a proposed class complaint accusing a bookstore chain of failing to protect customers’ personal data when it fell victim to data theft, ruling that the trial court erred when it dismissed two customers’ allegations on the ground that they failed to adequately allege compensable damages (Heather Dieffenbach, et al. v. Barnes & Noble, Inc., No. 17-2408, 7th Cir., 2018 U.S. App. LEXIS 9051).

  • April 9, 2018

    Amended Complaints Ordered In Children’s Privacy Suits Against Disney, Viacom

    SAN FRANCISCO — In an April 6 minute order, a California federal judge ordered that amended complaints be filed in three related class actions brought against The Walt Disney Co., Viacom Inc. and others under the Children’s Online Privacy Protection Act (COPPA) related to game apps, voicing possible concerns about the claims’ viability (Amanda Rushing, et al. v. The Walt Disney Company, et al., No. 3:17-cv-04419, N.D. Calif.; Amanda Rushing, et al. v. Viacom Inc., et al., No. 3:17-cv-04492, N.D. Calif.; Michael McDonald, et al. v. Kiloo ApS, et al., No. 3:17-cv-04344, N.D. Calif.).

  • April 9, 2018

    Texas Man Opposes California Centralization Of Facebook Data-Sharing Suits

    WASHINGTON, D.C. — Opposing a motion seeking consolidation in California of the growing tally of class actions over the recently revealed incident in which millions of Facebook Inc.’s users’ profile information was shared with a third-party analytics firm, a Texas man on April 5 filed a brief in the Judicial Panel for Multidistrict Litigation (JPMDL) suggesting that his home state would make a better venue (In re Facebook User Profile Litigation, No. 2843, JPMDL).

  • April 4, 2018

    Microsoft Agrees CLOUD Act Moots High Court Foreign-Stored Email Access Case

    WASHINGTON, D.C. — Responding to the U.S. government’s motion to vacate an appeals court ruling over law enforcement’s ability to compel production of foreign-stored emails, Microsoft Corp. tells the U.S. Supreme Court in an April 3 brief that it doesn’t oppose the motion, agreeing that the newly passed Clarifying Lawful Overseas Use of Data Act (CLOUD Act) moots the already-argued case (United States v. Microsoft Corp., No. 17-2, U.S. Sup.).

  • April 4, 2018

    Class Complaint Over Facebook’s Tag Suggestions Feature Again Dismissed

    SAN FRANCISCO — An Illinois man who alleged biometric privacy violations in Facebook Inc.’s facial recognition technology saw his putative class claims disposed of for a second time April 3, as a California federal judge found that the plaintiff failed to show that a genuine dispute existed as to the technology that was used on the relevant social network page (Frederick William Gullen v. Facebook Inc., No. 3:16-cv-00937, N.D. Calif.).

  • April 3, 2018

    Government To High Court: CLOUD Act Moots Argued Microsoft Email Access Suit

    WASHINGTON, D.C. — The U.S. government on March 30 moved to vacate a case regarding extraterritorial application of a Stored Communications Act (SCA) warrant that it argued before the U.S. Supreme Court a month earlier, asserting that the recently passed Clarifying Lawful Overseas Use of Data Act (CLOUD Act) mooted Microsoft Corp.’s objections to producing foreign-stored emails (United States v. Microsoft Corp., No. 17-2, U.S. Sup.).

  • April 3, 2018

    D.C. Circuit Denies Vacatur, Rehearing Over Defunct Voter Data Commission

    WASHINGTON, D.C. — In a pair of per curiam rulings, the District of Columbia Circuit U.S. Court of Appeals on April 2 denied without comment motions for vacatur and rehearing en banc by the Electronic Privacy Information Center (EPIC) of the court’s December ruling that the organization lacked standing to sue a now-dissolved presidential commission that had been formed to collect certain voter data (Electronic Privacy Information Center v. Presidential Advisory Commission on Election Integrity, et al., No. 17-5171, D.C. Cir.).

  • March 30, 2018

    Under Armour Says 150 Million MyFitnessPal Users Affected By Data Breach

    BALTIMORE — In a March 29 press release, athletic apparel and accessory maker Under Armour Inc. announced that a recently discovered data security incident exposed the account information of 150 million users of its MyFitnessPal (MFP) website and app. 

  • March 27, 2018

    Zappos Seeks 9th Circuit Rehearing Over Plaintiffs’ Standing In Data Breach Suit

    SAN FRANCISCO — In a March 22 petition for rehearing, Zappos.com Inc. asked the Ninth Circuit U.S. Court of Appeals to reconsider a two-week old panel ruling that found a putative class of Zappos customers had standing to sue over a 2012 data breach, arguing that the panel relied on a standard based on noncontrolling case law (In re Zappos.com Inc. Customer Data Security Breach Litigation, No. 16-16860, 9th Cir.).

  • March 27, 2018

    Attorneys General Seek Answers From Facebook Over Data-Sharing Incident

    WASHINGTON, D.C. — In the wake of the recent revelation that 50  million Facebook users had their personal information shared with a politically tied analytics firm, a group of 37 state attorneys general (AGs) on March 26 submitted a letter to Facebook Inc. Chief Executive Officer Mark Zuckerberg, demanding answers and assurances regarding the social network’s privacy policies and protections. 

  • March 26, 2018

    Supreme Court Won’t Hear Case Over Privacy Of Decedent’s Email Account

    WASHINGTON, D.C. — With the U.S. Supreme Court’s March 26 denial of certiorari, a Massachusetts Supreme Judicial Court ruling that granted a deceased man’s siblings access to his Yahoo email account under the “lawful consent” exception to the Electronic Communications Privacy Act (ECPA) will stand, with the high court declining to consider arguments over user consent and privacy (Oath Holdings Inc. v. Marianne Ajemian, et al., No. 17-1005, U.S. Sup., 2018 U.S. LEXIS 1936).

  • March 23, 2018

    Objectors To High Court: $8.5 Million Google Privacy Cy Pres Pact Is Unfair

    WASHINGTON, D.C. — In a March 22 reply brief, two objectors to the settlement of privacy class claims against Google LLC ask the U.S. Supreme to grant their petition for certiorari to address the fairness of cy pres settlements that provide no relief or compensation to the class at large (Theodore H. Frank, et al. v. Paloma Gaos, et al., No. 17-961, U.S. Sup.).