SAN FRANCISCO — The Ninth Circuit U.S. Court of Appeals on Oct. 18 denied a motion by Facebook Inc. for rehearing en banc of a panel ruling that affirmed a trial court’s decision to certify a class that is suing the social network under the Illinois Biometric Information Privacy Act (BIPA) for its facial recognition technology that identifies people in posted photographs (Nimesh Patel, et al. v. Facebook Inc., No. 18-15982, 9th Cir.).
SAN FRANCISCO — A panel’s ruling that allowed an analytics firm to collect and use publicly available user data “pose[s] a grave threat to user privacy and the openness of the Internet” and runs counter to the intent of the Computer Fraud and Abuse Act (CFAA), LinkedIn Corp. tells the Ninth Circuit U.S. Court of Appeals in an Oct. 11 petition in which it seeks en banc rehearing of the panel’s decision that upheld an injunction permitting the data collection (hiQ Labs Inc. v. LinkedIn Corp., No. 17-16783, 9th Cir.).
CHICAGO — A $3 million settlement agreement between a compliance services firm and a class of its clients’ employees whose personally identifiable information (PII) was exposed in a 2018 data breach received final approval from an Illinois federal judge on Oct. 7, the same day a fairness hearing on the agreement was held (Marshall Smith, et al. v. ComplyRight Inc., No. 1:18-cv-04990, N.D. Ill., 2019 U.S. Dist. LEXIS 174217).
SAN FRANCISCO — One month after a California federal judge mostly denied its motion to dismiss class claims against Facebook Inc. over its sharing of users’ personally identifiable information (PII) with an analytics firm, the social network on Oct. 8 moved to certify the ruling for interlocutory appeal, seeking the Ninth Circuit U.S. Court of Appeals’ opinion on whether the plaintiffs’ claimed privacy injury is sufficient to establish standing under Article III of the U.S. Constitution (In re Facebook Inc., Consumer Privacy User Profile Litigation, No. 3:18-md-02843, N.D. Calif.).
SAN FRANCISCO — The settlement of a nine-year-old privacy lawsuit over Google LLC’s Street View feature received preliminary approval on Oct. 9 from a California federal judge, who found that the proposed class established standing under Article III of the U.S. Constitution and deemed the proposed $13 million settlement agreement to be “likely fair, reasonable, and adequate” (In re Google LLC Street View Electronic Communications Litigation, No. 3:10-md-02184, N.D. Calif.).
ATLANTA — An en banc 11th Circuit U.S. Court of Appeals will rehear the appeal of a $6.3 million settlement by Godiva Chocolatier Inc. to end class claims that it violated the Fair Credit Reporting Act (FCRA) by printing more than five digits of credit card numbers on receipts, a majority of the 11th Circuit ruled Oct. 4 (James H. Price, et al. v. Godiva Chocolatier, Inc., No. 16-16486, 11th Cir., 2019 U.S. App. LEXIS 30027).
ERIE, Pa. — On Oct. 4, a Wyoming couple who sued a rent-to-own (RTO) franchisor and franchisee over the installation of spyware on their laptop jointly filed a brief with the franchisor, with whom they recently settled their claims, opposing the franchisee’s motion to compel production of the confidential settlement agreement, asserting that a settlement is irrelevant to any remaining claims and defenses in the case (Crystal Byrd, et al. v. Aaron’s Inc., et al., No. 1:11-cv-00101, W.D. Pa.).
SAN FRANCISCO — A class suing Facebook Inc. for violating an Illinois privacy law with its “tag suggestions” photo-tagging feature filed a brief on Oct. 1 asking the Ninth Circuit U.S. Court of Appeals to deny the social network’s petition to rehear en banc a panel’s affirming a trial court’s certification of the class, arguing that the ruling did not create any splits and did not invoke any questions of exceptional importance (In re Facebook Biometric Information Privacy Litigation, No. 18-15982, 9th Cir.).
WASHINGTON, D.C. — A District of Columbia Circuit U.S. Court of Appeals panel correctly reversed the dismissal of its privacy and negligence claims against the U.S. Office of Personnel Management (OPM) and one of its contractors related to a 2015 data breach, a plaintiff labor union and a group of government employees assert in a Sept. 30 brief opposing the agency’s motion for rehearing, arguing that the appeals court correctly found that the plaintiffs have standing to sue based on identity theft and fraud that they have already experienced as a result of their personally identifiable information (PII) being stolen in the breach (In Re: U.S. Office of Personnel Management Data Security Breach Litigation, Nos. 17-5217 & 17-5232, D.C. Cir.).
ANCHORAGE, Alaska — An Alaska federal judge on Oct. 1 denied a petition for a writ of habeas corpus filed by a man convicted of murdering his ex-girlfriend, finding that he is not entitled to relief on the ground that the state trial court erred by not holding a hearing under Daubert v. Merrell Dow Pharmaceuticals Inc., 509 U.S. 579 (1993), to review an expert’s cell phone tower testimony (Bukurim Miftari v. Earl Houser, No. 3:19-cv-00091, D. Alaska, 2019 U.S. Dist. LEXIS 170018).
WASHINGTON, D.C. — The U.S. Judicial Panel on Multidistrict Litigation (JPMDL) issued a transfer order on Oct. 2, centralizing 21 class actions over the recently announced data breach experienced by Capital One Financial Corp. in Virginia federal court (In re Capital One Customer Data Security Breach Litigation, No. 2915, JPMDL).
GREENBELT, Md. — Marriott International Inc. filed a reply brief Sept. 27 supporting its motion to dismiss a Louisiana bank’s complaint, which is part of a multidistrict litigation over a data breach the hotel chain announced a year ago, telling a Maryland federal court that the bank’s negligence claims are precluded under the economic loss doctrine and arguing that recently submitted documents cast doubt upon the bank’s standing, thus necessitating discovery on the matter (In re: Marriott International Inc. Customer Data Security Breach Litigation, No. 8:19-md-02879, D. Md.).
PHILADELPHIA — A federal judge in Pennsylvania on Sept. 24 granted final approval to a data theft class settlement between an employer and its employees that will provide identity theft protection and monetary payments of up to $1,500 if the class members show their stolen data was used following the release of their W-2s by another employee (Tashica Fulton-Green, et al. v. Accolade, Inc., No. 18-274, E.D. Pa., 2019 U.S. Dist. LEXIS 164375).
SAN JOSE, Calif. — A federal judge in California on Sept. 25 ruled that lead plaintiffs in a consolidated securities class action against social media networking website Facebook Inc. and several of its senior executives failed to sufficiently plead an actionable misrepresentation or omission concerning 35 of 36 alleged misstatements in violation of federal securities laws made concerning the company’s privacy and data protection practices (In re Facebook Inc. Securities Litigation, No. 18-1725, N.D. Calif., 2019 U.S. Dist. LEXIS 166027).
MISSOULA, Mont. — A federal judge in Montana on Sept. 27 denied a man’s motion to suppress evidence taken from a compensation and pension (C&P) exam he underwent in order to determine the amount of disability benefits he could obtain from the Veteran Benefits Administration (VBA), finding that the admission of the information would not violate his right to due process under the Fourth Amendment to the U.S. Constitution (United States v. John Cicero Hughes, No. 18-38, 2019 U.S. Dist. LEXIS 167127).
KANSAS CITY, Kan. — Two weeks after a Kansas federal judge denied their motions to amend and reconsider a ruling allowing state residents’ privacy claims related to a voter data-sharing program to proceed, the Kansas secretary of State (KSOS) and his predecessor teamed up to file an answer to their complaint on Sept. 19, denying the constitutional and state law claims against them (Scott Moore, et al. v. Kris Kobach, et al., No. 2:18-cv-02329, D. Kan.).
RENO, Nev. — A Nevada federal judge on Sept. 19 preliminarily approved the settlement of a seven-year-old class action against online retailer Zappos.com Inc. over a 2012 data breach, under which the settlement class members will each receive a one-time discount code that they can use to make online purchases from Zappos (In Re Zappos.com Inc., Customer Data Security Breach Litigation, No. 3:12-cv-00325, D. Nev.).
ATLANTA — Two years after Home Depot Inc. and a class of financial institution (FI) plaintiffs reached a $25 million settlement over the home supply company’s 2014 data breach, the parties submitted filings in Georgia federal court on Sept. 23, disputing how the court’s previous attorney fees award is affected by an 11th Circuit U.S. Court of Appeals ruling that partly reversed it (In Re: The Home Depot Inc., Customer Data Security Breach Litigation, No. 1:14-md-02583, D. Ga.).
WASHINGTON, D.C. — With at least 61 lawsuits filed in the wake of the data breach announced by Capital One Financial Corp. in July, a health services company on Sept. 16 became the latest plaintiff to argue in favor of consolidation, telling the U.S. Judicial Panel on Multidistrict Litigation (JPMDL) that a Virginia federal court is the most appropriate venue (In re: Capital One Consumer Data Security Breach Litigation, No. 2915, JPMDL).
PHILADELPHIA — A Pennsylvania county and its correctional facility, in two separate reply briefs filed Sept. 20, asked a federal judge in Pennsylvania to issue judgment as a matter of law, order a new trial or grant a motion for remittitur, following a May 28 jury verdict awarding what is estimated to equal $68 million to a class of inmates who sued over an online search tool that provided the public with their mugshots and arrest information (Daryoush Taha v. Bucks County, et al., No. 12-6867, E.D. Pa.).