WASHINGTON, D.C. —The U.S. Department of Health and Human Services on Sept. 25 announced that Premera Blue Cross (PBC) will pay $6.85 million to the agency's Office for Civil Rights (OCR) to settle allegations that it violated federal privacy and security rules.
SAN FRANCISCO — A law firm's ads targeted to potential settlement class members in a privacy lawsuit over Facebook Inc.'s "Tag Suggestions" feature were "deceptive and misleading," a California federal judge ruled in a Sept. 22 post-hearing minute entry, directing the firm and the plaintiffs to meet and confer about clarifying communications to be sent to people who responded to the ads (In re Facebook Biometric Information Privacy Litigation, No. 15-3747, N.D. Calif.).
EAST ST. LOUIS, Ill. — Finding no evidence that Amazon Web Services Inc. and its voiceprinting service provider purposefully directed any actions at residents of Illinois, an Illinois federal judge on Sept. 18 granted the defendants' motion to dismiss punitive class claims against them under Illinois' Biometric Information Privacy Act (BIPA) for lack of personal jurisdiction (Christine McGoveran, et al. v. Amazon Web Services Inc., et al., No. 20-31, S.D. Ill., 2020 U.S. Dist. LEXIS 170891).
CHICAGO — Affirming a trial court's decision, an Illinois appeals panel on Sept. 18 found that a woman's claim against her former employer under the Biometric Information Privacy Act (BIPA) is not precluded by the exclusivity provisions in a state workers' compensation law because the biometric privacy claim is not compensable under the latter law (Marquita McDonald v. Symphony Bronzeville Park LLC, et al., No. 2017 CH 11311, Ill. App. 1st Dist., 2020 Ill. App. LEXIS 627).
SEATTLE — A Twitter user filed a putative class complaint against the social network operator in Washington federal court on Sept. 21, alleging that Twitter Inc. violated state telecommunications law and the privacy rights of herself and other Washington residents by sharing account holders' phone numbers and other personal information with third-party advertisers (Darlin Gray v. Twitter Inc., No. 20-1389, W.D. Wash.).
ALEXANDRIA, Va. — In a detailed Sept. 18 ruling, a Virginia federal judge partly denied motions by Capital One Financial Corp. and Amazon.com Inc. over a 2019 data breach, allowing unjust enrichment, negligence and breach of contract claims to proceed in part or in full against the credit card issuer and its cloud services provider under the laws of the six states of the representative plaintiffs in the consolidated putative class action (In re Capital One Customer Data Security Breach Litigation, No. 1:19-md-02915, E.D. Va.).
CHICAGO — A businessowners liability insurer filed suit in a federal court in Illinois on Sept. 21, seeking a declaration that it owes no coverage for an underlying class action alleging that a McDonald's franchise owner violated the Illinois Biometric Information Privacy Act (BIPA) when it scanned an employee's fingerprints but did not disclose the specific purpose for collecting, storing and using her biometric data (American Family Mutual Insurance Company v. McEssy Investment Company, et al., No. 20-05591, N.D. Ill., Eastern Div.).
LOS ANGELES — A business and a private individual who allege constitutional privacy and freedom of association claims over a county health order's COVID-19 contact tracing guidelines lack standing to sue, a Los Angeles County health officer tells a California federal court in a Sept. 21 motion to dismiss, arguing that broad latitude should be afforded to health officials during a public health crisis (Miura Corp., et al. v. Muntu Davis, M.D., M.P.H., No. 20-5497, C.D. Calif.).
SAN FRANCISCO — On the same day that class notification was set to begin regarding the preliminary settlement of a biometric privacy class action against Facebook Inc., the lead plaintiffs on Sept. 18 filed an emergency motion for a temporary restraining order (TRO), asking a California federal court to order a law firm not associated with the case to cease posting online advertisements that they say are deceptively inducing Facebook users to opt out of the settlement (In re Facebook Biometric Information Privacy Litigation, No. 3:15-cv-03747, N.D. Calif.).
SAN JOSE, Calif. — Google LLC saw its motion to pursue an interlocutory appeal of a recent jurisdictional ruling in a privacy lawsuit remanded by the U.S. Supreme Court, with a California federal judge on Sept. 16 finding that the defendant did not establish that an order finding that the plaintiffs have standing to allege violation of the Store Communications Act (SCA) was exceptional or constituted "substantial ground for difference of opinion" to merit review prior to a decision on the merits (In re: Google Referrer Header Privacy Litigation, No. 5:10-cv-04809, N.D. Calif., 2020 U.S. Dist. LEXIS 169783).
PORTLAND, Ore. — The Portland City Council and the city's mayor, Ted Wheeler, on Sept. 9 voted unanimously to enact two ordinances that ban the use of facial recognition technology by, respectively, city bureaus and private entities in places of public accommodation in the city.
SAN FRANCISCO — In a Sept. 9 summary affirmance motion, the named plaintiffs in a consolidated class action over multiple data breaches experienced by Yahoo! Inc. ask the Ninth Circuit U.S. Court of Appeals to dispose of one man's appeal of the approval of a $117.5 million settlement of the suit, calling his appeal meritless and stating that "[o]ne serial objector should not be permitted to hold up the implementation" of the settlement for the other 194 million class members (In re: Yahoo! Inc. Customer Data Security Breach Litigation, No. 20-16633, 9th Cir.).
ATLANTA — Seven months after a Georgia federal court granted final approval to a settlement between Equifax Inc. and a class of consumer plaintiffs who sued the credit-reporting firm over a massive 2017 data breach, the defendant on Sept. 8 filed an emergency motion to enforce the settlement, claiming that 83 lawsuits against it in Mississippi state court were filed in violation of the settlement's release of breach-related claims and a corresponding injunction against such litigation by class members who did not opt out of the consumer settlement (In Re: Equifax Inc., Customer Data Security Breach Litigation, No. 1:17-md-2800, N.D. Ga.).
KANSAS CITY, Mo. — An ex-employee of a Kansas-based steel conglomerate alleges in an Aug. 26 complaint filed in the U.S. District Court for the Western District Of Missouri that management of the steel firms misappropriated sensitive medical information of hundreds of its employees in a scheme to mitigate liability from the novel coronavirus pandemic and then retaliated against and ultimately fired him for reporting the abuse of privacy (Micah Morrison v. SPS Companies Inc., et al., No. 5:20-cv-06129, W.D. Mo.).
SAN JOSE, Calif. — Eight months after Google LLC prevailed in a consolidated putative class action over its purported "surreptitious, non-consensual, tracking of millions of mobile device users' geolocation" data, the technology giant on Aug. 31 moved in California federal court to dismiss the plaintiffs' consolidated complaint, arguing that they have failed to plead any illegal or undisclosed tracking activities (In re Google Location History Litigation, No. 5:18-cv-05062, N.D. Calif.).
COLUMBUS, Ohio — Because a group of at-will employees did not object to being monitored while producing urine samples for mandatory workplace drug testing, a divided Ohio Supreme Court on Aug. 26 found that they could not bring invasion of privacy claims against their employer, overturning an appeals court's ruling and reinstating a dismissal by a trial court (Donna L. Lunsford, et al. v. Sterilite of Ohio LLC, et al., No. 2018-Ohio-1431, Ohio Sup., 2020-Ohio-4193).
RICHMOND, Va. — A trial court correctly found that the state secrets privilege prevented Wikimedia Foundation from pursuing a lawsuit over the purported interception of its electronic communications as part of the National Security Agency's upstream surveillance program, the NSA and other government parties argue in Aug. 7 appellee brief to the Fourth Circuit U.S. Court of Appeals, asserting that there is no evidence that any of the appellant's communications were surveilled (Wikimedia Foundation v. National Security Agency, et al., No. 20-1191, 4th Cir.).
LOS ANGELES — A California judge on Aug. 14 approved a settlement of a lawsuit brought by the state of California under the state's unfair competition law (UCL) against the operators of The Weather Channel app for sharing users' geolocation data with third-party advertisers (California v. TWC Product and Technology LLC, et al., No. 19STCV00605, Calif. Super. Los Angeles Co.).
OAKLAND, Calif. — In an Aug. 24 reply brief supporting its motion for a protective order, an Israeli spyware developer tells a California federal court that the protective order "is urgently needed" for the disclosure of "very important information . . . that bears directly on" a motion to compel filed by plaintiff WhatsApp Inc. in computer fraud lawsuit against the spyware firm (WhatsApp Inc., et al. v. NSO Group Technologies Limited, et al., No. 4:19-cv-07123, N.D. Calif.).
CHICAGO — A warrant application by the government for a "geofence" to identify devices in the proximity of crimes being investigated did not meet the probable cause and particularity requirements of the Fourth Amendment to the U.S. Constitution, an Illinois federal magistrate judge found in a ruling that was unsealed Aug. 24, finding that the proposed warrant would give the government too much discretion to obtain the device and personal information of passersby unrelated to the crimes (In re Search of Information Stored at Premises Controlled by Google, No. 20-mc-392, N.D. Ill., 2020 U.S. Dist. LEXIS 152712).