GREENBELT, Md. — Marriott International Inc. on July 15 moved in Maryland federal court to dismiss a complaint by the city of Chicago, one of dozens of cases consolidated in a multidistrict litigation in the wake of a data breach it experienced, arguing that the city lacks authority to sue under the Illinois Constitution and lacks standing under Article III of the U.S. Constitution (In re: Marriott International Inc. Customer Data Security Breach Litigation, No. 8:19-md-02879, D. Md.).
SAN FRANCISCO — Three AT&T Wireless customers filed a class complaint in a federal court in California on July 16 against AT&T Inc. and others over the alleged sale of their real-time locations to parties willing to pay $300 without their knowledge or consent (Katherine Scott, et al. v. AT&T Inc., et al., No. 19-4063, N.D. Calif.).
BALTIMORE — In a July 15 paperless order, a Maryland federal judge granted AT&T Mobility LLC’s motion to compel arbitration in a putative class action over the wireless provider’s alleged sharing of customers’ geolocation data in light of an arbitration provision within the defendant’s customer agreement (Tyler Morrison v. AT&T Mobility LLC, No. 1:19-cv-01257, D. Md.).
SAN FRANCISCO — Seven months after preliminarily approving a settlement of class claims over a hotel chain’s 2016 data breach, a California federal judge on July 11 granted final approval to the agreement that provides for up to $600,000 in relief for the class and $800,000 in attorney fees (Andrew Parsons v. Kimpton Hotel & Restaurant Group LLC, No. 3:16-cv-05387, N.D. Calif.).
SAN JOSE, Calif. — A group of plaintiffs who accuse Google LLC of surreptitiously tracking them via certain smart phones settings without their knowledge filed a brief in California federal court on July 2 opposing the company’s motion to dismiss their putative class privacy claims, asserting that they never consented to having their location tracked (In re Google Location History Litigation, No. 5:18-cv-05062, N.D. Calif.).
WASHINGTON, D.C. — A week and a half after a District of Columbia Superior Court judge denied its motion to appeal a jurisdictional ruling in a consumer protection lawsuit brought by the district, Facebook Inc. filed its answer to the complaint July 8, denying any failures to protect the data of its social network’s users and asserting that the court lacks jurisdiction over it (District of Columbia v. Facebook Inc., No. 2018 CA 8715 B, D.C. Super.).
GREENBELT, Md. — Questioning the standing of a bank that is one of the many plaintiffs in the multidistrict litigation over a data breach that it experienced, Marriott International Inc. on July 9 filed a letter in Maryland federal court requesting leave to conduct limited discovery regarding the bank’s claimed damages from the breach to determine whether it suffered a necessary injury-in-fact (In re: Marriott International Inc. Customer Data Security Breach Litigation, No. 8:19-md-02879, D. Md.).
FORT SMITH, Ark. — Two employees fired for data security flaws failed to establish that their terminations were due to age discrimination, an Arkansas federal judge ruled July 3, granting summary judgment to their former employer after also finding that the ex-employees intentionally spoliated evidence by encrypting and deleting text messages (Brian Herzig, et al. v. Arkansas Foundation for Medical Care Inc., No. 2:18-cv-02101, W.D. Ark., 2019 U.S. Dist. LEXIS 111296).
DENVER — A man convicted of federal robbery and firearms offenses did not have an expectation of privacy in GPS data collected in connection with a parole program, a 10th Circuit U.S. Court of Appeals panel ruled July 1, upholding a trial court’s denial of the man’s motion to suppress the data as wrongly searched without a warrant under the Fourth Amendment to the U.S. constitution (United States v. Vincent Scott Mathews, No. 18-1215, 10th Cir., 2019 U.S. App. LEXIS 19611).
PHOENIX — The parties in an Arizona class lawsuit over guest lists being voluntarily turned over to U.S. Immigration and Customs Enforcement (ICE) agents by Motel 6 Operating L.P. and G6 Hospitality LLC, doing business as Motel 6, on June 28 filed a joint motion for preliminary approval of a class settlement amended to include payments of up to $10 million in damages and expanded classes (Jane V., et al. v. Motel 6 Operating L.P., et al., No. 18-242, D. Ariz.).
WASHINGTON, D.C. — A District of Columbia Superior Court judge on June 28 denied a motion by Facebook Inc. to appeal a jurisdictional ruling in a consumer protection lawsuit brought by the district over the social network’s privacy violations, with the judge deeming the case not exceptional enough to merit an interlocutory appeal that would unnecessarily delay litigation (District of Columbia v. Facebook Inc., No. 2018 CA 8715 B, D.C. Super.).
ERIE, Pa. — A rent-to-own (RTO) retailer and one of its franchisees on June 28 moved for summary judgment related to a couple’s claims under the Electronic Communications Privacy Act (ECPA), telling a Pennsylvania federal court that the plaintiffs did not plead sufficient facts or damages to support their privacy assertions (Crystal Byrd, et al. v. Aaron’s Inc., et al., No. 1:11-cv-00101, W.D. Pa.).
ALBANY, N.Y. — New York Attorney General (AG) Letitia James issued a press release on June 28 announcing that her office had settled an investigation over privacy violations by the operator of a gay and bisexual dating app, with the company agreeing to pay $240,000 and to make substantial changes to its online security.
SAN FRANCISCO — In briefs filed June 12, the American Civil Liberties Union and the owner of the Washington Post ask the Ninth Circuit U.S. Court of Appeals to reverse a trial court’s decision to seal court records and documents related to efforts by the U.S. Department of Justice (DOJ) to get Facebook Inc. to assist it with surveillance in a criminal investigation, arguing that the sealed documents are matters of public record and potentially shed light on important matters surrounding the government’s ability to compel compliance with electronic surveillance programs (American Civil Liberties Union Foundation, et al. v. U.S. Department of Justice, et al., Nos. 19-15472 and 19-15473, 9th Cir.).
LOS ANGELES — One week after a California federal judge dismissed her punitive class complaint against Delta Air Lines Inc. and a customer service business partner over a 2017 data breach, a Florida woman on June 25 filed a notice of her intent to not further amend her breach of contract and computer fraud claims, instead requesting entry of final judgment (Teresa J. McGarry v. Delta Air Lines Inc., et al., No. 2:18-cv-09827, C.D. Calif.).
WASHINGTON, D.C. — On their second appeal of a ruling dismissing a putative class action over their health insurance provider’s 2014 data breach, a group of policyholders tell the District of Columbia Circuit U.S. Court of Appeals in a June 24 appellant brief that they adequately pleaded damages from the breach to allow their negligence and contract claims to proceed (Chantal Attias, et al. v. CareFirst Inc., et al., No. 19-7020, D.C. Cir.).
SAN FRANCISCO — A California federal judge on June 21 mostly granted a motion by Facebook Inc. to dismiss a putative class action over a 2018 data theft via the social network’s “view as” feature, finding that only one of the remaining plaintiffs established standing and that most of his claims were not sufficiently pleaded or were precluded under California law (William Bass Jr., et al. v. Facebook Inc., No. 3:18-cv-05982, N.D. Calif., 2019 U.S. Dist. LEXIS 104488).
OAKLAND, Calif. — In a June 21 order to show cause (OSC), a California federal judge reports that newly submitted evidence from the federal government has likely convinced her to reverse a two-year old ruling in which she declined to dismiss constitutional challenges to the Foreign Intelligence Surveillance Act (FISA) and the Espionage Act by Twitter Inc. in connection with a gag order forbidding the social network from reporting on its mandated participation in government surveillance activities (Twitter Inc. v. William P. Barr, et al., No. 4:14-cv-04480, N.D. Calif.).
WASHINGTON, D.C. — In a June 21 per curiam majority opinion, the District of Columbia Circuit U.S. Court of Appeals found that a labor union sufficiently alleged class claims against The U.S. Office of Personnel Management (OPM) and a contractor under the Privacy Act of 1974 related to a 2015 data breach, partly reversing a trial court’s dismissal of the consolidated lawsuit (In Re: U.S. Office of Personnel Management Data Security Breach Litigation, No. 17-5217 & 17-5232, D.C. Cir., 2019 U.S. App. LEXIS 18609).
ATLANTA — The state of Georgia, the American Civil Liberties Union and a man convicted of vehicular homicide presented arguments to the Georgia Supreme Court on June 19 as to whether data related to a car’s air bag deployment, and related information, was properly downloaded by law enforcement investigating a deadly car crash prior to obtaining a warrant, or whether these actions violated the Fourth Amendment to the U.S. Constitution (Victor Mobley v. The State, No. S18G1546, Ga. Sup.).