Mealey's Data Privacy

  • January 08, 2020

    Preliminary Approval Sought For $7.5 Million Google Plus Data Leak Class Action

    SAN JOSE, Calif. — Four former users of the now-defunct Google Plus social network filed a motion in California federal court on Jan. 6, seeking preliminary approval of a $7.5 million settlement with Google LLC of unfair competition, privacy and negligence class claims over two 2018 data leaks that exposed users’ personally identifiable information (PII) to third-party app developers (In re Google Plus Profile Litigation, No. 5:18-cv-06164, N.D. Calif.).

  • January 06, 2020

    Zappos Discount Coupon Data Breach Class Settlement Receives Final Approval

    RENO, Nev. — Noting that more than $5 million dollars’ worth of discount coupons that were emailed to class members affected by Inc.’s 2012 data breach have already been redeemed, a Nevada federal judge on Dec. 23 granted final approval to a settlement of a privacy class action against the online retailer (In Re Inc., Customer Data Security Breach Litigation, No. 3:12-cv-00325, D. Nev.).

  • January 06, 2020

    Alabama Hospital Sued By Patients After Ransomware Attack

    BIRMINGHAM, Ala. — An Alabama hospital has violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Federal Trade Commission Act and the Gramm-Leach-Bliley Act by failing to protect the medical records of approximately 32,000 from a recent ransomware attack, a class complaint filed Dec. 23 in a federal court in Alabama alleges (Geraldine Daniels, et al. v. DCH Healthcare Authority, No. 19-2086, N.D. Ala.).

  • January 03, 2020

    On Remand, Google Cookie Privacy Class Revises $5.5 Million Cy Pres Settlement

    WILMINGTON, Del. — In a Jan. 3 motion for preliminary approval of a revised $5.5 million class settlement with Google LLC over privacy concerns related to certain cookie deployment practices, the plaintiffs tell a Delaware federal court that although “[t]he structure, timing, and disposition of funds set out” in a previous settlement proposal, which was vacated by the Third Circuit U.S. Court of Appeals, “have not changed,” the parties have addressed the Third Circuit’s concerns over the cy pres-only nature of the settlement (In Re:  Google Inc. Cookie Placement Consumer Privacy Litigation, No. 1:12-md-02358, D. Del.).

  • January 03, 2020

    Convenience Store Chain Hit With Class Complaints After Data Breach Discovery

    PHILADELPHIA — With the filing of a putative class complaint by 12 of its customers on Dec. 31, at least 11 lawsuits have been filed in Pennsylvania federal court against a convenience store chain in the wake of its announcing that it had recently discovered a data breach that went unnoticed for nine months (Mark Schultz, et al. v. Wawa Inc., No. 2:19-cv-06190, E.D. Pa.).

  • January 02, 2020

    Ring, Amazon Hit With Class Complaint Alleging Cameras Have Been Hacked

    LOS ANGELES — The makers of Ring smart security systems have employed “[l]ax security standards and protocols” resulting in the hacking of camera systems by third parties, a man alleges in a class complaint filed Dec. 26 in a federal court in California (John Baker Orange, et al. v. Ring LLC, et al., No. 19-10899, C.D. Calif.).

  • December 20, 2019

    Location-Tracking Class Claims Against Google Dismissed By Judge

    SAN JOSE, Calif. — A California federal judge on Dec. 19 found that a putative class suing Google LLC for allegedly storing their location data failed to “plead sufficient facts to allege an invasion of privacy,” leading him to grant Google’s motion to dismiss statutory, constitutional and common-law privacy claims against the tech firm, with leave to amend (In re Google Location History Litigation, No. 5:18-cv-05062, N.D. Calif.).

  • December 19, 2019

    Insurer, Clients: D.C. Circuit Has Jurisdiction Over Dismissed Data Breach Claims

    WASHINGTON, D.C. — In supplemental briefs filed Dec. 16 at the direction of the District of Columbia Circuit U.S. Court of Appeals, a health insurance provider and a group of policyholders that sued it over a 2015 data breach both opine that a trial court properly certified a partial dismissal ruling for appeal under Federal Rule of Civil Procedure 54(b) (Chantal Attias, et al. v. CareFirst Inc., et al., No. 19-7020, D.C. Cir.).

  • December 18, 2019

    Judge Denies DOJ Review Of Biometric-Unlocking Warrant Denial As Moot

    OAKLAND, Calif. — Although a lawsuit in which the U.S. Department of Justice (DOJ) sought a warrant compelling suspects to unlock electronic devices via biometric means raised “highly engaging issues,” a California federal judge on Dec. 10 denied as moot the department’s motion to reconsider an order denying the warrant for constitutional reasons in light of the government’s abandonment of the original warrant, which deprived the court of jurisdiction over the matter (In re Search of a Residence in Oakland, Calif., No. 4:19-mj-70053, N.D. Calif.).

  • December 17, 2019

    Settlement Of Class Action Over Chipotle Data Breach Receives Final Approval

    DENVER — Six months after a group of Chipotle Mexican Grill Inc. customers announced a settlement of their class claims over a 2017 data breach experienced by the burrito chain, a Colorado federal judge on Dec. 16 granted their motion for final approval of the agreement, which provides for reimbursement of expenses customers incurred from the breach (Todd Gordon, et al. v. Chipotle Mexican Grill Inc., No. 1:17-cv-01415, D. Colo., 2019 U.S. Dist. LEXIS 215430).

  • December 17, 2019

    NSA Prevails In Wikimedia’s Constitutional Claims Over Upstream Surveillance

    BALTIMORE — Wikimedia Foundation failed to establish that the National Security Agency (NSA) copied or collected any of its international internet communications as part of its upstream surveillance program, a Maryland federal judge ruled Dec. 16, dismissing for a second time the internet firm’s constitutional claims against the government, also deeming the suit precluded by the state secrets privilege (Wikimedia Foundation v. National Security Agency, et al., No. 1:15-cv-00662, D. Md.).

  • December 17, 2019

    TikTok, Others Agree To Settle Minors’ Class Suit Over Data Collection For $1.1M

    CHICAGO — Two days after filing a class complaint in an Illinois federal court accusing TikTok Inc. and others of violating the Children’s Online Privacy Protection Act (COPPA) and other laws by profiting off the collection of data from users under age 13 without parental consent, two minors, through their mothers, on Dec. 5 moved for preliminary approval of a $1.1 million class settlement (T.K., et al. v. Bytedance Technology Co., Ltd., et al., No. 19-7915, N.D. Ill.).

  • December 17, 2019

    Massachusetts, Indiana Oppose ‘Historic’ Settlement Of Equifax Data Breach Suit

    ATLANTA — In a Dec. 12 amicus curiae brief, Massachusetts asks a Georgia federal court to deny final approval of a proposed multibillion dollar settlement between Equifax Inc. and the plaintiffs in a consolidated class lawsuit over the company’s massive 2017 data breach, which the plaintiffs describe as having “achieved historic results,” faulting the agreement for inappropriately containing release language that limits its ability to pursue its own state court claims against Equifax (In Re:  Equifax Inc., Customer Data Security Breach Litigation, No. 1:17-md-2800, N.D. Ga.).

  • December 17, 2019

    Certiorari Answer Waived, Amicus Brief Filed In Facebook Face-Tagging Privacy Row

    WASHINGTON, D.C. — On the heels of the respondents’ filing of a waiver of right to respond to Facebook Inc.’s petition for certiorari, the social network received support for its petition in the form of a Dec. 13 amicus curiae brief from Washington Legal Foundation (WLF), which argues that the Ninth Circuit U.S. Court of Appeals “mangled its historical analysis” of standing under Article III of the U.S. Constitution in affirming the certification of a class suing Facebook for violation of an Illinois biometrics privacy law via its social network face-tagging feature without requiring a concrete injury (Facebook Inc. v. Nimesh Patel, et al., No. 19-706, U.S. Sup.).

  • December 16, 2019

    Judge Declines To Dismiss Chicago’s Complaint In Marriott Data Breach MDL

    GREENBELT, Md. — A Maryland federal judge on Dec. 13 denied a motion by Marriott International Inc. to dismiss a complaint by Chicago, one of many cases consolidated in a multidistrict litigation in the wake of a data breach the hotel chain experienced, finding that the city sufficiently pleaded claims based on its own injuries under a municipal ordinance (In re:  Marriott International Inc. Customer Data Security Breach Litigation, No. 8:19-md-02879, D. Md., 2019 U.S. Dist. LEXIS 215154).

  • December 13, 2019

    Inmate’s Privacy, FCRA Claims Over Vendor’s Data Breach Survive Dismissal

    SCRANTON, Pa. — A Pennsylvania federal judge on Dec. 11 denied a motion by the Pennsylvania Department of Corrections (DOC) to dismiss an inmate’s allegations of violation of his privacy rights and the Fair Credit Reporting Act (FCRA), finding that the inmate has standing to sue over a DOC vendor’s data breach that exposed his personally identifiable information (PII) (Daryl Locke v. John Wetzel, et al., No. 3:19-cv-00499, M.D. Pa., 2019 U.S. Dist. LEXIS 213648).

  • December 12, 2019

    Glyphosate Plaintiffs Seek To File Medical Information Under Seal In Roundup MDL

    SAN FRANCISCO — Plaintiffs in the multidistrict litigation related to Roundup Products Liability on Dec. 11 moved in California federal court seeking to file under seal medical information related to their diagnoses of cancer, which they argue was caused by exposure to glyphosate, the active ingredient in the herbicide Roundup (In re: Roundup Products Liability Litigation [Hernandez v. Monsanto Co.], MDL No. 2741, No. 17-07364, N.D. Calif.).

  • December 12, 2019

    ACLU Files FOIA Suit Over Use Of Cell Site Simulators By ICE, CBP

    NEW YORK — In a Dec. 11 complaint, the American Civil Liberties Union asks a New York federal court to compel U.S. Customs and Border Protection (CBP) and U.S. Immigration and Customs Enforcement (ICE) to comply with its requests under the Freedom of Information Act (FOIA) seeking information about the agencies’ use of cell site simulators in immigration enforcement activities, citing “privacy concerns” (American Civil Liberties Union v. U.S. Customs and Border Protection, et al., No. 1:19-cv-11311, S.D. N.Y.).

  • December 12, 2019

    Former FBI Attorney Sues Bureau, DOJ For Leaking Text Messages To The Press

    WASHINGTON, D.C. — A former attorney with the Federal Bureau of Investigation filed a complaint against her former employer and the U.S. Department of Justice (DOJ) in District of Columbia federal court on Dec. 10, claiming that the agencies violated the Privacy Act by disclosing hundreds of her text messages to the press without her consent (Lisa Page v. U.S. Department of Justice, et al., No. 1:19-cv-03675, D. D.C.).

  • December 10, 2019

    Facebook Seeks Certiorari Over Class Certification In Face-Tagging Privacy Row

    WASHINGTON, D.C. — On Dec. 2, Facebook Inc. filed a petition for certiorari with the U.S. Supreme Court, arguing that the Ninth Circuit U.S. Court of Appeals erred in affirming certification of a class suing it for violation of an Illinois biometrics privacy law via its social network face-tagging feature, contending that proper consideration was not given to whether there are predominating issues or concrete, imminent injuries (Facebook Inc. v. Nimesh Patel, et al., No. 19-706, U.S. Sup.).

Can't find the article you're looking for? Click here to search the Mealey's Data Privacy archive.