CLEVELAND — Although an Ohio federal judge deemed a $4.32 million settlement between Sonic Corp. and a class of customers affected by a 2017 data breach to be “fair, reasonable, and adequate,” in granting a motion for final approval on Aug. 12, the judge reduced certain proposed amounts for attorney fees, costs and service awards to named plaintiffs (In re: Sonic Corp. Customer Data Security Breach, No. 1:17-md-02807, N.D. Ohio, 2019 U.S. Dist. LEXIS 135573).
BALTIMORE — A federal judge in Maryland on July 15 granted final approval of a $3.25 million class settlement by the National Board of Examiners in Optometry Inc. (NBEO) to end three lawsuits alleging theft of personal information (Rhonda L. Hutton, O.D., et al. v. Nat’l Bd. of Exam’rs in Optometry, Inc., No. 16-3025, Nicole Mizrahi v. Nat’l Bd. of Exam’rs in Optometry, Inc., No. 16-3146, Brenda Liang, O.D., et al. v. Nat’l Bd. of Exam’rs in Optometry, Inc., No. 17-1964, D. Md., 2019 U.S. Dist. LEXIS 120558).
SAN FRANCISCO — A federal judge in California on Aug. 9 granted in part and denied in part the only remaining plaintiff’s motion to amend a consolidated complaint against Facebook Inc. arising from a 2018 data theft via the social network's "view as" feature, finding that he still has not alleged standing under California Business and Professions Code Section 17200, et seq., because the value of his personal information has not diminished since the data breach (Stephen Adkins v. Facebook, Inc., No. 18-05982 consolidated with No. 19-00117, N.D. Calif., 2019 U.S. Dist. LEXIS 134781).
SAN FRANCISCO — In a brief filed Aug. 12, the U.S. Department of Justice asks the Ninth Circuit U.S. Court of Appeals to uphold a lower court’s decision to maintain the sealed status of court records related to the DOJ’s purported request to compel Facebook Inc. to provide it with access to certain encrypted communications on the social network, invoking the protections of the Wiretap Act (American Civil Liberties Union Foundation, et al. v. U.S. Department of Justice, et al., Nos. 19-15472 and 19-15473, 9th Cir.).
SAN FRANCISCO — In a wide-ranging, 18-count complaint filed Aug. 7 in California federal court, an author and political activist says that Facebook Inc. violated his constitutional rights by blocking his account and sharing his private information with third parties, also alleging claims including conspiracy, computer fraud and breach of contract (Robert Zimmerman, et al. v. Facebook Inc., et al., No. 3:19-cv-04591, N.D. Calif.).
PASADENA, Calif. — A car buyer failed to show that a satellite radio provider’s access to his contact information from the dealership where he purchased the car via his driver’s license and a form he filled out that resulted in letters and calls about continuing the service beyond a free trial period fell within the scope of the Driver’s Privacy Protection Act (DPPA) or constituted a violation of the Computer Fraud and Abuse Act (CFAA), a Ninth Circuit U.S. Court of Appeals panel ruled Aug. 8 (James E. Andrews, et al. v. Sirius XM Radio Inc., et al., No. 18-55169, 9th Cir., 2019 U.S. App. LEXIS 23670).
ATLANTA — In a pair of orders issued Aug. 6, a Georgia federal judge overseeing the multidistrict litigation over the 2017 data breach experienced by Equifax Inc. denied motions by the city of Chicago and three Native American tribes to establish separate tracks, respectively, for governmental enforcement actions and Indian tribal governments, finding that the existing consumer track would adequately address the claims by the moving parties (In Re: Equifax Inc., Customer Data Security Breach Litigation, No. 1:17-md-2800, N.D. Ga.).
SAN FRANCISCO — A group of plaintiffs alleging violation of the Illinois Biometric Information Privacy Act (BIPA) via Facebook Inc.’s photo-tagging feature may proceed with their lawsuit, a Ninth Circuit U.S. Court of Appeals panel ruled Aug. 8, affirming a class certification ruling and finding that the plaintiffs alleged a concrete privacy injury-in-fact, establishing their standing under Article III of the U.S. Constitution (Nimesh Patel, et al. v. Facebook Inc., No. 18-15982, 9th Cir.; 2019 U.S. App. LEXIS 23673).
SAN FRANCISCO — A California federal judge on Aug. 6 approved an agreement between the Federal Trade Commission and a manufacturer of internet-connected video cameras, settling the commission’s misrepresentation claims related to the company’s security representations for its products, with the defendant agreeing to establish and maintain a 20-year comprehensive security program to address and correct its products’ security flaws (Federal Trade Commission v. D-Link Systems Inc., No. 3:17-cv-00039, N.D. Calif.).
SAN JOSE, Calif. — An iPhone owner filed a potential class action against Apple Inc. in California federal court on Aug. 7, alleging invasion of privacy and unfair competition for the technology company’s purported unauthorized recording and retaining of users’ communications through its digital assistant, Siri (Fumiko Lopez, et al. v. Apple Inc., No. 5:19-cv-04577, N.D. Calif.).
PHILADELPHIA — Finding a trial court’s approval of a $5.5 million cy pres-only settlement of a privacy class action against Google LLC to be “cursory” and “insufficient,” a Third Circuit U.S. Court of Appeals panel on Aug. 6 vacated the approval order and remanded for further fact-finding and legal analysis as to the fairness of the settlement pertaining to the internet giant’s surreptitious collection of user data via cookies (In Re: Google Inc. Cookie Placement Consumer Privacy Litigation, No. 17-1480, 3rd Cir., 2019 U.S. App. LEXIS 23467).
WASHINGTON, D.C. — The Electronic Privacy Information Center (EPIC) lacks standing to intervene in a recently announced $5 billion settlement between the Federal Trade Commission (FTC) and Facebook Inc. over certain data-sharing practices engaged in by the social network, the U.S. Department of Justice (DOJ) argues in an Aug. 5 brief opposing the privacy group’s motion to intervene, which it calls “legally and procedurally infirm” (United States v. Facebook Inc., No. 1:19-cv-02184, D. D.C.).
SIOUX FALLS, S.D. — A plaintiff suing her former school district for constitutional violations and discrimination related to a school newspaper comment must provide discovery related to her electronic communications and cell phone, a South Dakota federal magistrate judge ruled Aug. 1, granting the school district’s motion to compel but limiting the timeframe and establishing guidelines to protect private and privileged information (Addison Ludwig v. Elk Point-Jefferson School District 61-7, et al., No. 4:18-cv-04091, D. S.D., 2019 U.S. Dist. LEXIS 128630).
PHOENIX — An amended settlement agreement and proposed order were filed July 31 in an Arizona class lawsuit over guest lists being voluntarily turned over to U.S. Immigration and Customs Enforcement (ICE) agents by Motel 6 Operating L.P. and G6 Hospitality LLC, doing business as Motel 6, adding an injunctive relief class to the settlement that totals up to $10 million (Jane V., et al. v. Motel 6 Operating L.P., et al., No. 18-242, D. Ariz.).
NEW YORK — A federal judge in New York on July 30 ruled that the First Amendment to the U.S. Constitution prohibits the Democratic National Committee (DNC) from holding members of President Donald Trump’s family, his presidential campaign and certain of its members, Wikileaks and others liable as second-level participants in the dissemination of confidential and trade secret materials stolen by the Russian Federation in a massive hacking campaign leading up to the 2016 presidential election (Democratic National Committee v. The Russian Federation, et al., No. 18-3501, S.D. N.Y., 2019 U.S. Dist. LEXIS 126888).
SEATTLE — With a California man’s filing of a lawsuit against Capital One Financial Corp. in Washington federal court on July 30, four putative federal class complaints were filed against the credit card issuer the day after it announced a data breach that compromised the personally identifiable information (PII) of up to 100 million customers (Michael Fadullon v. Capital One Financial Corp., et al., No. 2:19-cv-01189, W.D. Wash.).
HOUSTON — On remand from the Fifth Circuit U.S. Court of Appeals, a senior federal judge in Texas on July 23 granted a specialty retail chain insured’s motion for partial summary judgment as to its request for a declaration that its insurer owes coverage for demand letter claims and an underlying litigation arising from the hacking of its credit card network but denied the motion as to the insured’s TexasInsurance Code claim and claims for attorney fees and prejudgment interest (Spec's Family Partners, Ltd. v. The Hanover Insurance Company, No. 16-438, S.D. Texas, 2019 U.S. Dist. LEXIS 122310).
ATLANTA — Three days after a settlement was announced between Equifax Inc. and the consumer plaintiffs suing it over the 2017 data breach, a Georgia federal judge on July 25 signed an order approving a final judgment and a permanent injunction that settles claims brought against Equifax by Puerto Rico (Puerto Rico v. Equifax Inc., No. 1:18-cv-5611, N.D. Ga.).
WASHINGTON, D.C. — A health insurance provider tells the District of Columbia Circuit U.S. Court of Appeals in a July 24 appellee brief that a trial court correctly found that a group of policyholders did not sufficiently plead their breach of contract and consumer protection claims related to a 2014 data breach (Chantal Attias, et al. v. CareFirst Inc., et al., No. 19-7020, D.C. Cir.).
SAN FRANCISCO — After “nearly a decade of litigation,” a group of plaintiffs who sued Google LLC for privacy violations related to its Street View feature announced the settlement of their class claims against the internet giant on July 19, when they asked a California federal court to preliminarily approve a proposed $13 million settlement agreement (In re Google LLC Street View Electronic Communications Litigation, No. 3:10-md-02184, N.D. Calif.).