SAN FRANCISCO — Noting the need for guidance to properly tailor ongoing discovery in a consolidated class action over Facebook Inc.’s sharing of users’ profile data with third-party app developers, a California federal magistrate judge on Dec. 11 directed the social network operator to provide deposition witnesses on the topics of the collection and monetization of user data (In re Facebook Inc., Consumer Privacy User Profile Litigation, No. 18-md-2843, N.D. Calif.).
CHICAGO — Opposing a motion to dismiss by Shutterfly Inc., one of two named plaintiffs in a putative class complaint against the company filed a brief in Illinois federal court on Dec. 7 asserting that Shutterfly’s facial scanning feature violates the Illinois Biometric Information Privacy Act (BIPA) because it obtains individuals’ biometric identifiers without their consent (Vernita Miracle-Pond, et al. v. Shutterfly Inc., No. 1:19-cv-04722, N.D. Ill.).
SAN FRANCISCO — The Ninth Circuit on Dec. 9 said that while the Patient Protection and Affordable Care Act (ACA) does not create a health care-specific discrimination standard, allegations that an insurer improperly limited HIV drug purchasers’ access to critical care by requiring mail order and pick up services meet the applicable standard and also keeps a California unfair competition law claim alive (John Doe One, et al. v. CVS Pharmacy Inc., et al., No. 19-15074, 9th Cir.).
CHICAGO — Genes alone cause up to 10 percent of all cancers, and a women’s medical history suggests an inherited cause of her mesothelioma, mandating full genetic testing, an asbestos defendant told an Illinois judge at the start of a Dec. 9 Frye hearing. But the plaintiff argued that the blood test is invasive and that testing the woman’s entire genetic line was a fishing expedition in light of the well-known role a single gene — BAP-1 — can play (Cynthia B. Cowger v. Qualitex Co., No. 2018-L-012099, Ill. Cir., Cook Co.).
NEW YORK — Citing information culled from “[m]ultiple news sources,” the American Civil Liberties Union (ACLU) filed a Freedom of Information Act (FOIA) complaint against three federal government agencies in New York federal court on Dec. 2 to obtain information about their “purchase of access to databases containing precise” cell phone location information (CPLI) “for millions of people” that the organization says are used “for immigration enforcement and other purposes” (American Civil Liberties Union v. U.S. Department of Homeland Security, et al., No. 1:20-cv-10083, S.D. N.Y.).
WASHINGTON, D.C. — In a Nov. 20 petition for certiorari, Facebook Inc. faults the Ninth Circuit U.S. Court of Appeals for reviving a class claim against it under the Wiretap Act, arguing that because it provided content to websites that feature its plug-ins, it was a party to related communications and, therefore, did not wrongly intercept any communications under the statute (Facebook Inc. v. Perrin Aikens Davis, et al., No. 20-727, U.S. Sup.).
LOS ANGELES — A restaurant and a private citizen who sued the health officer for Los Angeles County over a contact tracing order that was enacted for the purpose of combatting COVID-19 saw their complaint alleging constitutional violations dismissed on Nov. 16 by a California federal judge, who found that the plaintiffs did not establish standing to bring their claims (Miura Corp., et al. v. Muntu Davis, M.D., M.P.H., No. 20-5497, C.D. Calif.).
SAN DIEGO — Three consumers who claim that their protected health information (PHI) was compromised by a billing services provider’s lax data security sufficiently pleaded most of their putative class privacy claims, a California federal judge ruled Nov. 19, largely denying the company’s motion to dismiss (Vicki Stasi, et al. v. Inmediata Health Group Corp., No. 19-2353, S.D. Calif., 2020 U.S. Dist. LEXIS 217097).
CLEVELAND — A company that provided Cybersecurity services to Capital One Financial Corp. will not be required to conduct additional searches for responsive discovery materials in its electronically stored information (ESI) related to the credit card issuer’s 2019 data breach, an Ohio federal judge ruled Nov. 20, denying the putative class plaintiffs’ motion to compel (Brandon Hausauer, et al. v. TrustedSec LLC, No. 20-mc-101, N.D. Ohio, 2020 U.S. Dist. LEXIS 217812).
SAN FRANCISCO — The named plaintiffs in a consolidated class action over multiple data breaches experienced by Yahoo! Inc. failed in their bid to dispose of one man’s appeal of the approval of a $117.5 million settlement of the suit, when a Ninth Circuit U.S. Court of Appeals panel on Nov. 20 denied their motion for summary affirmance of the approval ruling (In re: Yahoo! Inc. Customer Data Security Breach Litigation, Nos. 20-16633 and 20-16779, 9th Cir.).
SAN FRANCISCO — A trial court wrongly declined to dismiss computer fraud claims against it, a spyware maker argues in its Nov. 16 appellant brief to the Ninth Circuit U.S. Court of Appeals, contending that it is entitled to sovereign immunity because its purported unauthorized access to WhatsApp Inc.’s communications platforms occurred as part of it service to various foreign sovereign governments (WhatsApp Inc., et al. v. NSO Group Technologies Limited, et al., No. 20-16408, 9th Cir.).
ATLANTA — A $5.5 million settlement of the negligence class claims of a group of financial institutions (FIs) over Equifax Inc.’s 2017 data breach is “an excellent result,” a Georgia federal judge declared Nov. 16, granting final approval to the agreement (In Re: Equifax Inc., Customer Data Security Breach Litigation, No. 17-md-2800, N.D. Ga.).
SAN FRANCISCO — Eight months after a California federal judge declined to grant preliminary approval to a settlement of a negligence class action over a 2018 data breach related to Facebook Inc.’s “View As” feature, that same judge on Nov. 15 preliminarily approved the agreement, under which Facebook pledged to make security improvements, finding that the parties sufficiently addressed prior concerns related to compliance assessment monitoring and certain procedures for class members to object to the settlement (Stephen Adkins v. Facebook, Inc., No. 18-5982, N.D. Calif., 2020 U.S. Dist. LEXIS 214006).
SAN FRANCISCO — Although a California federal judge found that an online advertising analytics firm “has shown a risk of irreparable harm” to its business after it was blocked from accessing Facebook Inc.’s platforms, he concluded, in a ruling that was unsealed Nov. 9, that the public interest was best served by denying the company’s motion for a temporary restraining order (TRO) to halt the social network operator’s blocking actions in light of privacy concerns from the harvesting of user information (Facebook Inc. v. BrandTotal Ltd., et al., No. 20-7182, N.D. Calif., 2020 U.S. Dist. LEXIS 210431).
SAN FRANCISCO — In a Nov. 4 unpublished ruling, the Ninth Circuit U.S. Court of Appeals affirmed summary judgment by an Oregon federal judge in favor of a defendant accused of conversion, on grounds that the claim is preempted by federal copyright law (Lori Bokenfohr v. Christine Guidera, No. 19-35992, 9th Cir., 2020 U.S. App. LEXIS 34914).
NEW YORK — A New York federal judge on Nov. 10 granted an unopposed motion to consolidate nine putative class actions against Warner Music Group over a recently announced data breach, finding that they involved “substantially related questions of law and fact” springing from the same hacking incident (In re Warner Music Group Data Breach, No. 20-7473, S.D. N.Y.).
RICHMOND, Va. — Affirming a trial court’s ruling, a Fourth Circuit U.S. Court of Appeals panel majority on Nov. 5 found that a Baltimore-based think tank did not demonstrate its likelihood to succeed on its claims that an aerial surveillance program enacted by the Baltimore Police Department (BPD) violates citizens’ rights under the First and Fourth amendments to the U.S. Constitution, making a requested preliminary injunction inappropriate (Leaders of a Beautiful Struggle, et al. v. Baltimore Police Department, et al., No. 20-1495, 4th Cir., 2020 U.S. App. LEXIS 35070).
SAN FRANCISCO — A federal judge in California on Nov. 4 appointed an individual shareholder as lead plaintiff in a securities class action lawsuit against video communications platform application provider Zoom Communications Inc. and two of its senior executives, ruling that the timing of a competing shareholder’s sale of its Zoom stock capped his potential damages recovery under the Private Securities Litigation Reform Act’s (PSLRA) statutory damages cap (In re Zoom Securities Litigation, No. 20-2353, N.D. Calif., 2020 U.S. Dist. LEXIS 207490).
CLEVELAND — An Ohio federal judge on Nov. 2 granted a motion to certify a class of financial institutions (FIs) in a consolidated lawsuit alleging negligence against Sonic Corp. for a 2017 data breach, with the judge altering the class definition proposed by the plaintiffs to specify that class member FIs need to have responded or taken action to alerts received over payment cards compromised in the breach (In re: Sonic Corp. Customer Data Security Breach, No. 17-md-2807, N.D. Ohio, 2020 U.S. Dist. LEXIS 204169).
COLUMBUS, Ohio — An Ohio federal magistrate judge on Nov. 2 determined that a disability insurer must produce unredacted copies of information related to disability claims because the information is relevant to a disability plan participant’s claim (Barbara Cluck v. Unum Life Insurance Company of America, No. 18-56, S.D. Ohio, 2020 U.S. Dist. LEXIS 204429).