Mealey's Data Privacy

  • May 29, 2020

    Arizona Sues Google Over ‘Widespread,’ ‘Systemic’ User Location Data Collection

    PHOENIX — Arizona filed a complaint against Google LLC in state court on May 27, accusing the technology giant of violating the Arizona Consumer Fraud Act (CFA) via its “widespread and systemic use of deceptive and unfair business practices to obtain information about the location of its users” to fuel its “lucrative advertising business” (Arizona v. Google LLC, No. CV 2020-006219, Ariz. Super. Maricopa Co.).

  • May 29, 2020

    Capital One Must Provide Consultant’s Report In Data Breach Lawsuit

    ALEXANDRIA, Va. — Capital One Financial Corp. failed to establish that a report prepared by its cybersecurity consultant over a 2019 data breach differed from tasks the consultant would have performed absent the breach, a Virginia federal magistrate judge ruled May 26, deeming the report not to be protected work product and granting motion by a group of the credit card issuer’s customers to compel its production in a multidistrict litigation over the incident (In re Capital One Customer Data Security Breach Litigation, No. 1:19-md-02915, E.D. Va., 2020 U.S. Dist. LEXIS 91736).

  • May 27, 2020

    Intervention, Dismissal, Injunction Debated In Facial Data Collection Lawsuits

    CHICAGO — An Illinois man who filed the first of several privacy lawsuits over the online facial data collection practices conducted by Clearview AI Inc. filed a supplemental brief in New York federal court on May 20, supporting his motion to intervene in five lawsuits in that venue, arguing that a recent development in his suit in Illinois federal court weights in favor of litigating claims against the tech firm in the Illinois court (David Mutnick v. Clearview AI Inc., et al., No. 1:20-cv-00512, N.D. Ill.).

  • May 26, 2020

    Poland Resident Cannot Avoid Discovery Under GDPR In RICO Suit, Judge Rules

    ALLENTOWN, Pa. — A food distributor’s ex-vice president who now resides in Poland cannot invoke the General Data Protection Regulation (GDPR) to escape his discovery duties in a Racketeer Influenced and Corrupt Organizations Act (RICO) suit brought by his former employer, a Pennsylvania federal judge ruled May 21, concluding that the defendant could not meet his burden to establish that the European law bars production from him as a U.S. citizen (Giorgi Global Holdings Inc., et al. v. Wieslaw Smulski, et al., No. 5:17-cv-04416, E.D. Pa., 2020 U.S. Dist. LEXIS 89369).

  • May 22, 2020

    Judge Sends User’s Biometric Collection Claims Against Shutterfly To Arbitration

    CHICAGO — An Illinois federal judge on May 5 found that one of two lead plaintiffs alleging biometric privacy violations in Shutterfly Inc.’s use of facial-recognition technology was bound by the company’s arbitration provision, staying the putative class action brought under the Illinois Biometric Information Privacy Act (BIPA) pending resolution of the arbitration (Vernita Miracle-Pond, et al. v. Shutterfly Inc., No. 1:19-cv-04722, N.D. Ill., 2020 U.S. Dist. LEXIS 86083).

  • May 22, 2020

    Standing, Injury Debated In Remanded Google Referrer Header Privacy Suit

    SAN JOSE, Calif. — Google LLC on May 15 filed a reply supporting its motion to dismiss a case remanded by the U.S. Supreme Court for jurisdictional findings, telling a California federal court that plaintiffs alleging privacy violations under the Stored Communications Act (SCA) for the purported sharing of their search query terms failed to allege the necessary harm to establish standing under Article III of the U.S. Constitution (In re:  Google Referrer Header Privacy Litigation, No. 5:10-cv-04809, N.D. Calif.).

  • May 22, 2020

    Computer Fraud, Negligence Claims In AT&T SIM Swapping Theft Suit May Proceed

    LOS ANGELES — Granting in part a motion to dismiss by AT&T Mobility LLC, a California federal judge on May 18 found that a former customer who was the victim of “SIM swapping” that led to a loss of $1.8 million did not sufficiently plead invasion of privacy and reliance factors to support two of his claims against the wireless carrier (Seth Shapiro v. AT&T Mobility LLC, No. 2:19-cv-08972, C.D. Calif.).

  • May 21, 2020

    Banks Seek Preliminary Approval Of $5.5 Million Equifax Data Breach Settlement

    ATLANTA — Four months after final approval was granted to the settlement of claims brought by consumer plaintiffs over Equifax Inc.’s 2017 data breach, the financial institution (FI) plaintiffs on May 15 asked a Georgia federal court to preliminarily approve the $5.5 million settlement of their claims in the consolidated class action against the credit-reporting company (In Re:  Equifax Inc., Customer Data Security Breach Litigation, No. 1:17-md-02800, N.D. Ga.).

  • May 21, 2020

    Judge: Southwest Employees’ Fingerprint Data Claims Don’t Belong In Federal Court

    CHICAGO — Putative class claims by four airline employees over the collection and use of their fingerprints don’t belong in federal court, a judge in the U.S. District Court for the Northern District of Illinois ruled May 12, holding that three of the employees must proceed before an adjustment board under the Railway Labor Act (RLA) and that the fourth agreed to arbitration (Darrell Crooms, et al. v. Southwest Airlines Co., No. 19-2149, N.D. Ill., 2020 U.S. Dist. LEXIS 84360).

  • May 18, 2020

    Class Claims Over Purported Eavesdropping By Google Assistant Mostly Dismissed

    SAN JOSE, Calif. — A California federal judge on May 6 mostly granted Google LLC’s motion to dismiss a putative class complaint alleging unauthorized interception and retention of users’ conversations via its Google Assistant (GA) app, largely disposing of privacy, contractual and unfair competition claims for failure to sufficiently allege specifics about the purportedly collected communications (In re Google Assistant Privacy Litigation, No. 5:19-cv-04286, N.D. Calif.; 2020 U.S. Dist. LEXIS 80971).

  • May 15, 2020

    Church Sues Zoom After Pornographic Hacking Incident

    SAN JOSE, Calif. — A San Francisco church, which was the victim of a pornographic hacking incident, known as “Zoombombing,” during a videoconference, filed a putative class complaint in California federal court against platform provider Zoom Video Communications Inc. on May 13, alleging false “promises of data privacy and security,” as well as claims for privacy violations, unfair competition and negligence (Saint Paulus Lutheran Church, et al. v. Zoom Video Communications Inc., No. 5:20-cv-03252, N.D. Calif.).

  • May 11, 2020

    TikTok Hit With Class Complaints Over Collection Of Minors' Biometrics

    SAN FRANCISCO — With the May 8 filing of a putative class complaint in California federal court by a group of minors, social network app company TikTok Inc. has been sued in three lawsuits for violating the Illinois Biometric Information Privacy Act (BIPA) for the surreptitious collection and retention of users’ biometric identifiers without consent or notice (P.S., et al. v. TikTok Inc., et al., No. 3:20-cv-02992, N.D. Calif., E.R., et al. v. TikTok Inc., et al., No. 1:20-cv-02810, N.D. Ill.; D.M., et al. v. TikTok Inc., et al., No. 3:20-cv-03185, N.D. Calif.).

  • May 08, 2020

    Capital One Opposes Production Of Consultant Report In Data Breach Lawsuit

    ALEXANDRIA, Va. — On May 6, Capital One Financial Corp. filed its opposition to a motion to compel production of a report by a cybersecurity firm after the credit card company’s 2019 data breach, telling a Virginia federal court that the report constitutes protected work product because it was prepared to assist Capital One’s counsel in defending against the present litigation brought by consumers over the exposure of their data in the breach (In re Capital One Customer Data Security Breach Litigation, No. 1:19-md-02915, E.D. Va.).

  • May 08, 2020

    Illinois Sheriff Sues For Release Of COVID-19 Infectees’ Names, Addresses

    WAUKEGAN, Ill. — The sheriff of Lake County, Ill., filed a declaratory complaint against the county’s health department on April 28, asking an Illinois state court to find that law enforcement and emergency response personnel are entitled to the names and addresses of residents that have tested positive for COVID-19, arguing that state and federal law support the release of such private personal data during a public health emergency (John Idleburg v. Mark Pfister, et al., No. 20MR0000269, Ill. Cir., Lake Co.).

  • May 08, 2020

    Wyoming Couple Settles Computer Spyware Suit With Rent-To-Own Franchisee

    ERIE, Pa. — A nine-year old privacy lawsuit over a rent-to-own (RTO) dealer’s surreptitious installation of spyware on customers’ computers came to an end May 5, when a Pennsylvania federal judge approved and signed a stipulation of dismissal the same day it was filed by the plaintiffs (Crystal Byrd, et al. v. Aaron’s Inc., et al., No. 1:11-cv-00101, W.D. Pa.).

  • May 06, 2020

    7th Circuit:  Vending Machine Fingerprint Collection Row Belongs In Federal Court

    CHICAGO — Putative class claims for violations of the Illinois Biometric Information Privacy Act (BIPA) via vending machines’ collection of users’ fingerprints sufficiently allege concrete and particularized invasions of personal rights to establish federal jurisdiction under Article III of the U.S. Constitution, a Seventh Circuit U.S. Court of Appeals panel ruled May 5, reversing a trial court’s grant of the plaintiff’s motion to remand to state court (Christine Bryant v. Compass Group USA Inc., No. 20-1443, 7th Cir., 2020 U.S. App. LEXIS 14256).

  • May 06, 2020

    Judge Won’t Compel Release Of COVID-19 Information To First Responders

    CHICAGO — An Illinois judge on May 1 declined to require a state health department to provide a list of residents infected with COVID-19 to an emergency dispatch company, denying the plaintiff’s motion for a temporary restraining order (TRO) or preliminary injunction compelling disclosure due to a failure to establish a right to the information sought and out of a concern for citizens’ privacy rights (Northwest Central Dispatch System v. Cook County Department of Public Health, et al., No. 2020 CH 03914, Ill. Cir., Chanc. Div., Cook Co.).

  • May 05, 2020

    Final Approval Sought For $1.6M Settlement Of Neiman Marcus Data Breach Suit

    CHICAGO — The lead plaintiffs in a class action over a 2013 cybersecurity incident experienced by The Neiman Marcus Group LLC moved for final approval of a $1.6 million settlement with the retailer on May 2, asking an Illinois federal judge to deem the agreement “fair, reasonable, and adequate” as she did six months earlier in a preliminary approval ruling (Hilary Remijas, et al. v. The Neiman Marcus Group, LLC, No. 1:14-cv-01735, N.D. Ill.).

  • April 29, 2020

    Home Depot Again Appeals Fees Award In Data Breach Suit Settlement With Banks

    ATLANTA — Nine months after the 11th Circuit U.S. Court of Appeals reversed and remanded a previous attorney fees award connected with Home Depot Inc.’s settlement with a group of financial institutions (FIs) of a class action over a 2014 data breach, the retailer filed an appellant brief on April 27, telling the appeals court that the trial court inappropriately used the percentage methodology in calculating the revised fees award (Northeastern Engineers Federal Credit Union, et al. v. The Home Depot Inc., et al., No. 20-10667, 11th Cir.).

  • April 28, 2020

    8 Privacy Class Complaints Against Zoom Related In California Federal Court

    SAN JOSE, Calif. — One day after the plaintiffs in eight putative class actions against Zoom Video Communications Inc. stipulated that their complaints should be related, a California federal judge on April 24 granted their administrative motion, relating the suits, which all similarly allege that the maker of the popular teleconferencing platform violated privacy and consumer laws by sharing users’ personal details with third parties (Robert Cullen v. Zoom Video Communications Inc., 5:20-cv-02155, N.D. Calif.).

Can't find the article you're looking for? Click here to search the Mealey's Data Privacy archive.