PHOENIX — Arizona filed a complaint against Google LLC in state court on May 27, accusing the technology giant of violating the Arizona Consumer Fraud Act (CFA) via its “widespread and systemic use of deceptive and unfair business practices to obtain information about the location of its users” to fuel its “lucrative advertising business” (Arizona v. Google LLC, No. CV 2020-006219, Ariz. Super. Maricopa Co.).
ALEXANDRIA, Va. — Capital One Financial Corp. failed to establish that a report prepared by its cybersecurity consultant over a 2019 data breach differed from tasks the consultant would have performed absent the breach, a Virginia federal magistrate judge ruled May 26, deeming the report not to be protected work product and granting motion by a group of the credit card issuer’s customers to compel its production in a multidistrict litigation over the incident (In re Capital One Customer Data Security Breach Litigation, No. 1:19-md-02915, E.D. Va., 2020 U.S. Dist. LEXIS 91736).
CHICAGO — An Illinois man who filed the first of several privacy lawsuits over the online facial data collection practices conducted by Clearview AI Inc. filed a supplemental brief in New York federal court on May 20, supporting his motion to intervene in five lawsuits in that venue, arguing that a recent development in his suit in Illinois federal court weights in favor of litigating claims against the tech firm in the Illinois court (David Mutnick v. Clearview AI Inc., et al., No. 1:20-cv-00512, N.D. Ill.).
ALLENTOWN, Pa. — A food distributor’s ex-vice president who now resides in Poland cannot invoke the General Data Protection Regulation (GDPR) to escape his discovery duties in a Racketeer Influenced and Corrupt Organizations Act (RICO) suit brought by his former employer, a Pennsylvania federal judge ruled May 21, concluding that the defendant could not meet his burden to establish that the European law bars production from him as a U.S. citizen (Giorgi Global Holdings Inc., et al. v. Wieslaw Smulski, et al., No. 5:17-cv-04416, E.D. Pa., 2020 U.S. Dist. LEXIS 89369).
CHICAGO — An Illinois federal judge on May 5 found that one of two lead plaintiffs alleging biometric privacy violations in Shutterfly Inc.’s use of facial-recognition technology was bound by the company’s arbitration provision, staying the putative class action brought under the Illinois Biometric Information Privacy Act (BIPA) pending resolution of the arbitration (Vernita Miracle-Pond, et al. v. Shutterfly Inc., No. 1:19-cv-04722, N.D. Ill., 2020 U.S. Dist. LEXIS 86083).
SAN JOSE, Calif. — Google LLC on May 15 filed a reply supporting its motion to dismiss a case remanded by the U.S. Supreme Court for jurisdictional findings, telling a California federal court that plaintiffs alleging privacy violations under the Stored Communications Act (SCA) for the purported sharing of their search query terms failed to allege the necessary harm to establish standing under Article III of the U.S. Constitution (In re: Google Referrer Header Privacy Litigation, No. 5:10-cv-04809, N.D. Calif.).
LOS ANGELES — Granting in part a motion to dismiss by AT&T Mobility LLC, a California federal judge on May 18 found that a former customer who was the victim of “SIM swapping” that led to a loss of $1.8 million did not sufficiently plead invasion of privacy and reliance factors to support two of his claims against the wireless carrier (Seth Shapiro v. AT&T Mobility LLC, No. 2:19-cv-08972, C.D. Calif.).
ATLANTA — Four months after final approval was granted to the settlement of claims brought by consumer plaintiffs over Equifax Inc.’s 2017 data breach, the financial institution (FI) plaintiffs on May 15 asked a Georgia federal court to preliminarily approve the $5.5 million settlement of their claims in the consolidated class action against the credit-reporting company (In Re: Equifax Inc., Customer Data Security Breach Litigation, No. 1:17-md-02800, N.D. Ga.).
CHICAGO — Putative class claims by four airline employees over the collection and use of their fingerprints don’t belong in federal court, a judge in the U.S. District Court for the Northern District of Illinois ruled May 12, holding that three of the employees must proceed before an adjustment board under the Railway Labor Act (RLA) and that the fourth agreed to arbitration (Darrell Crooms, et al. v. Southwest Airlines Co., No. 19-2149, N.D. Ill., 2020 U.S. Dist. LEXIS 84360).
SAN JOSE, Calif. — A California federal judge on May 6 mostly granted Google LLC’s motion to dismiss a putative class complaint alleging unauthorized interception and retention of users’ conversations via its Google Assistant (GA) app, largely disposing of privacy, contractual and unfair competition claims for failure to sufficiently allege specifics about the purportedly collected communications (In re Google Assistant Privacy Litigation, No. 5:19-cv-04286, N.D. Calif.; 2020 U.S. Dist. LEXIS 80971).
SAN JOSE, Calif. — A San Francisco church, which was the victim of a pornographic hacking incident, known as “Zoombombing,” during a videoconference, filed a putative class complaint in California federal court against platform provider Zoom Video Communications Inc. on May 13, alleging false “promises of data privacy and security,” as well as claims for privacy violations, unfair competition and negligence (Saint Paulus Lutheran Church, et al. v. Zoom Video Communications Inc., No. 5:20-cv-03252, N.D. Calif.).
SAN FRANCISCO — With the May 8 filing of a putative class complaint in California federal court by a group of minors, social network app company TikTok Inc. has been sued in three lawsuits for violating the Illinois Biometric Information Privacy Act (BIPA) for the surreptitious collection and retention of users’ biometric identifiers without consent or notice (P.S., et al. v. TikTok Inc., et al., No. 3:20-cv-02992, N.D. Calif., E.R., et al. v. TikTok Inc., et al., No. 1:20-cv-02810, N.D. Ill.; D.M., et al. v. TikTok Inc., et al., No. 3:20-cv-03185, N.D. Calif.).
ALEXANDRIA, Va. — On May 6, Capital One Financial Corp. filed its opposition to a motion to compel production of a report by a cybersecurity firm after the credit card company’s 2019 data breach, telling a Virginia federal court that the report constitutes protected work product because it was prepared to assist Capital One’s counsel in defending against the present litigation brought by consumers over the exposure of their data in the breach (In re Capital One Customer Data Security Breach Litigation, No. 1:19-md-02915, E.D. Va.).
WAUKEGAN, Ill. — The sheriff of Lake County, Ill., filed a declaratory complaint against the county’s health department on April 28, asking an Illinois state court to find that law enforcement and emergency response personnel are entitled to the names and addresses of residents that have tested positive for COVID-19, arguing that state and federal law support the release of such private personal data during a public health emergency (John Idleburg v. Mark Pfister, et al., No. 20MR0000269, Ill. Cir., Lake Co.).
ERIE, Pa. — A nine-year old privacy lawsuit over a rent-to-own (RTO) dealer’s surreptitious installation of spyware on customers’ computers came to an end May 5, when a Pennsylvania federal judge approved and signed a stipulation of dismissal the same day it was filed by the plaintiffs (Crystal Byrd, et al. v. Aaron’s Inc., et al., No. 1:11-cv-00101, W.D. Pa.).
CHICAGO — Putative class claims for violations of the Illinois Biometric Information Privacy Act (BIPA) via vending machines’ collection of users’ fingerprints sufficiently allege concrete and particularized invasions of personal rights to establish federal jurisdiction under Article III of the U.S. Constitution, a Seventh Circuit U.S. Court of Appeals panel ruled May 5, reversing a trial court’s grant of the plaintiff’s motion to remand to state court (Christine Bryant v. Compass Group USA Inc., No. 20-1443, 7th Cir., 2020 U.S. App. LEXIS 14256).
CHICAGO — An Illinois judge on May 1 declined to require a state health department to provide a list of residents infected with COVID-19 to an emergency dispatch company, denying the plaintiff’s motion for a temporary restraining order (TRO) or preliminary injunction compelling disclosure due to a failure to establish a right to the information sought and out of a concern for citizens’ privacy rights (Northwest Central Dispatch System v. Cook County Department of Public Health, et al., No. 2020 CH 03914, Ill. Cir., Chanc. Div., Cook Co.).
CHICAGO — The lead plaintiffs in a class action over a 2013 cybersecurity incident experienced by The Neiman Marcus Group LLC moved for final approval of a $1.6 million settlement with the retailer on May 2, asking an Illinois federal judge to deem the agreement “fair, reasonable, and adequate” as she did six months earlier in a preliminary approval ruling (Hilary Remijas, et al. v. The Neiman Marcus Group, LLC, No. 1:14-cv-01735, N.D. Ill.).
ATLANTA — Nine months after the 11th Circuit U.S. Court of Appeals reversed and remanded a previous attorney fees award connected with Home Depot Inc.’s settlement with a group of financial institutions (FIs) of a class action over a 2014 data breach, the retailer filed an appellant brief on April 27, telling the appeals court that the trial court inappropriately used the percentage methodology in calculating the revised fees award (Northeastern Engineers Federal Credit Union, et al. v. The Home Depot Inc., et al., No. 20-10667, 11th Cir.).
SAN JOSE, Calif. — One day after the plaintiffs in eight putative class actions against Zoom Video Communications Inc. stipulated that their complaints should be related, a California federal judge on April 24 granted their administrative motion, relating the suits, which all similarly allege that the maker of the popular teleconferencing platform violated privacy and consumer laws by sharing users’ personal details with third parties (Robert Cullen v. Zoom Video Communications Inc., 5:20-cv-02155, N.D. Calif.).