DENVER — Finding that the Drug Enforcement Administration sufficiently established that several years’ worth of patient prescription data it seeks via subpoenas has a reasonable relevance to an investigation over the distribution of controlled substances, a Colorado federal judge on April 21 granted the agency’s request to enforce compliance with the subpoenas by the Colorado Board of Pharmacy, which raised privacy concerns (U.S. Department of Justice, Drug Enforcement Administration v. Colorado Board of Pharmacy, et al., No. 1:19-cv-00105, D. Colo., 2020 U.S. Dist. LEXIS 69726).
CHICAGO — A Florida woman who says that she was one of the pharmacy customers whose data was exposed by a breach of Walgreen Co.’s website filed a putative class complaint against the drugstore chain on April 21 in Illinois federal court, alleging negligence and invasion of privacy (Laura Hernandez v. Walgreen Co., No. 1:20-cv-02434, N.D. Ill.).
SAN DIEGO — Epic Games Inc. was hit with a class complaint in California federal court on April 17 by a user of its Houseparty app who claims negligence and privacy violations related to the purported sharing of her personally identifiable information (PII) with third parties, notably Facebook Inc., without her consent (Heather Sweeney v. Life On Air Inc., et al., No. 3:20-cv-00742, S.D. Calif.).
SAN FRANCISCO — On the date that a preliminary settlement approval motion was due in a class action alleging biometric collection violations by Facebook Inc., the plaintiffs instead on April 17, filed a status report in California federal court reporting that the parties had experienced delays due, in part, to the novel coronavirus pandemic (In re Facebook Biometric Information Privacy Litigation, No. 3:15-cv-03747, N.D. Calif.).
PEORIA, Ill. — In an April 20 ruling, an Illinois federal judge partly granted Hy-Vee Inc.’s motion to dismiss a putative class action over a data breach it experienced, dismissing breach of contract and unjust enrichment claims as inadequately pleaded and some negligence claims as barred by state law (Noreen Perdue, et al. v. Hy-Vee Inc., No. 1:19-cv-01330, C.D. Ill., 2020 U.S. Dist. LEXIS 68607).
OAKLAND, Calif. — In a case that she said “underscores the tension between the First Amendment and national security,” a California federal judge on April 17 reversed a three-year old ruling in favor of Twitter Inc., holding that subsequent declarations from Federal Bureau of Investigation personnel demonstrated that information the social network sought to publicly disclose about its mandated compliance with government surveillance requests was classified (Twitter Inc. v. William P. Barr, et al., No. 4:14-cv-04480, N.D. Calif.).
WASHINGTON, D.C. — The U.S. Supreme Court on April 20 declined review of a Ninth Circuit U.S. Court of Appeals panel’s ruling upholding the dismissal of claims brought by two business owners and several businesses they owned stemming from the Financial Industry Regulatory Authority’s (FINRA) seizure of materials and information during a raid of one of the businesses (John Hurry, et al. v. Financial Industry Regulatory Authority Inc., et al., No. 19-643, U.S. Sup.).
PHILADELPHIA — In a “narrow” precedential opinion, a Third Circuit U.S. Court of Appeals panel on April 16 affirmed the dismissal of a Pennsylvania State University employee’s Stored Communications Act (SCA) lawsuit over the production of her emails to law enforcement without a valid subpoena, clarifying that if the university’s production had been induced, rather than voluntary, there may have been liability under the statute (Carol Lee Walker v. Senior Deputy Brian T. Coffey, et al., No. 19-1067, 3rd Cir., 2020 U.S. App. LEXIS 12063).
SAN JOSE, Calif. — The plaintiffs suing Google LLC for privacy violations related to the purported tracking of their devices without consent were denied a bid for interlocutory appeal of a December dismissal order on April 15, with a California federal judge finding that they presented no controlling questions of law that would merit the rarely granted form of relief (In re Google Location History Litigation, No. 5:18-cv-05062, N.D. Calif.).
LOS ANGELES — With at least eight federal privacy class complaints filed against Zoom Video Communications Inc. over its reported data-sharing practices since March 30, a complaint filed April 13 in California federal court also brought invasion of privacy and trespass claims against Facebook Inc. and LinkedIn Corp. (Todd Hurvitz v. Zoom Video Communications Inc., et al., No. 2:20-cv-03400, C. D. Calif.).
ERIE, Pa. — More than six months after the plaintiffs in a computer spyware lawsuit stipulated to dismiss their claims against a rent-to-own (RTO) franchisor, a Pennsylvania federal judge on March 27 granted dismissal of Aaron’s Inc., specifying that this did not affect the plaintiffs’ privacy claims against the franchisee from which they obtained their computer (Crystal Byrd, et al. v. Aaron’s Inc., et al., No. 1:11-cv-00101, W.D. Pa.).
WASHINGTON, D.C. — A data analytics firm that successfully enjoined LinkedIn Corp. from preventing it from scraping publicly viewable user data from its website filed a notice of waiver with the U.S. Supreme Court on April 13, declining to respond to LinkedIn’s petition for certiorari, which raises a question over whether the Computer Fraud and Abuse Act (CFAA) provides protection for public-facing websites (LinkedIn Corp. v. hiQ Labs Inc., No. 19-1116, U.S. Sup.).
SAN JOSE, Calif. — Finding that the named plaintiffs in a punitive class action against Apple Inc. over its two-factor authentication (2FA) login process failed to cure pleading deficiencies identified in a previous dismissal ruling, a California federal judge on April 7 again granted dismissal for failure to state a claim, this time denying the plaintiffs leave to amend their trespass and privacy claims (Jay Brodsky, et al. v. Apple Inc., No. 5:19-cv-00712, N.D. Calif., 2020 U.S. Dist. LEXIS 61137).
SEATTLE — A group of minor plaintiffs may proceed with their wiretap claims against Amazon.com Inc., a Washington federal judge ruled April 9, finding that the online retailer’s arbitration provision was not binding on the nonsignatory children, who claim that Amazon’s “Alexa” digital assistant recorded their voices without consent (B.F., et al. v. Amazon.com Inc., et al., No. 2:19-cv-00910, W.D. Wash.).
CHICAGO — The lead plaintiff in the first of six federal complaints filed against Clearview AI Inc. for its collection and sale of the biometric identifiers of millions of people filed a motion in Illinois federal court on April 8, seeking a preliminary injunction to prevent any further use of the identifiers pending the resolution of his claims under the Illinois Biometric Information Privacy Act (BIPA) (David Mutnick v. Clearview AI Inc., et al., No. 1:20-cv-00512, N.D. Ill.).
SAN FRANCISCO — Partly reversing the dismissal of a class complaint over Facebook Inc.’s tracking of the internet histories of users who were logged out of its social network, a Ninth Circuit U.S. Court of Appeals panel on April 9 ruled that the plaintiffs sufficiently alleged privacy and intrusion claims, while affirming dismissal of electronic interception and contractual claims (In re: Facebook Inc. Internet Tracking Litigation, No. 17-17486, 9th Cir., 2020 U.S. App. LEXIS 11102).
SAN FRANCISCO — Zoom Video Communications Inc. and two of its senior executives violated federal securities laws by concealing from investors that the cloud-based communications platform developer had implemented inadequate data privacy and security measures that were later disclosed in light of the spread of the novel coronavirus pandemic, an investor argues in a Feb. 8 securities class complaint filed in California federal court (Kim Brams v. Zoom Video Communications Inc., et al., No. 20-2396, N.D. Calif.).
BALTIMORE — Five months after putative class complaints against the four major U.S. cellular service providers were ordered to arbitration, the lead plaintiff in the suit accusing Verizon Communications Inc. of selling customers’ geolocation data to third parties on April 3 filed a notice of voluntary dismissal in Maryland federal court (Michelle Morrison v. Verizon Communications Inc., et al., No. 1:19-cv-01298, D. Md.).
SAN FRANCISCO — Partly resolving a dispute over the production of electronically stored information (ESI) in the consolidated lawsuit over Facebook Inc.’s sharing of user data with third parties, a California federal magistrate judge on April 2 directed the social network to provide some of the information requested by the plaintiffs, while setting in place processes for addressing production of the remaining requested data (In re Facebook Inc., Consumer Privacy User Profile Litigation, No. 3:18-md-02843, N.D. Calif.).
BOSTON — In a March 30 docket entry, a Massachusetts Appeals Court justice denied Facebook Inc.’s motion to stay an order compelling it to produce disputed documents requested by the Massachusetts attorney general (AG) in an investigation of privacy violations, with the justice finding that the social network did not establish that the items were privileged (Attorney General v. Facebook Inc., No. 2020-J-0148, Mass. App.).