SAN FRANCISCO — Zendesk Inc. and several of its senior executive officers concealed the company’s exposure to a massive data breach that affected more than 10,000 customers in addition to failing to disclose its poor financial condition in several international markets in violation of federal securities laws, a shareholder argues in an Oct. 24 complaint filed in California federal court (Charles Reidinger v. Zendesk Inc., et al., No. 19-6968, N.D. Calif.).
SAN FRANCISCO — Three iTunes users who claimed privacy violations by Apple Inc.’s purported sharing of their “personal listing information” (PLI) with third parties saw their putative class complaint dismissed on Oct. 25 by a California federal judge who deemed their evidence and exhibits insufficient to establish their claims (Leigh Wheaton, et al. v. Apple Inc., No. 3:19-cv-02883, N.D. Calif.).
SAN FRANCISCO — Less than a week after the Ninth Circuit U.S. Court of Appeals denied Facebook Inc.’s motion to rehear a dispute over class certification in a lawsuit accusing it of violating an Illinois biometric privacy law, the social network on Oct. 24 asked the appeals court to stay its mandate pending Facebook’s stated intention to seek certiorari from the U.S. Supreme Court (Nimesh Patel, et al. v. Facebook Inc., No. 18-15982, 9th Cir.).
SAN FRANCISCO — A customer of New Moosejaw LLC sufficiently alleged most of his privacy claims against the sportswear seller over its alleged scanning of computers of visitors to its website, a California federal judge ruled Oct. 23, mostly denying motions to dismiss the putative class complaint by Moosejaw and its marketing partner (Jeremiah Revitch v. New Moosejaw LLC, et al., No. 3:18-cv-06827, N.D. Calif.).
WASHINGTON, D.C. — On Oct. 22, the Federal Trade Commission announced charges against, and a proposed settlement with, a company that makes and distributes “stalker” apps, which allow a user to surreptitiously track another individual’s whereabouts and online activities after being installed on their mobile devices (In re Retina-X Studios LLC, et al., No. 1723118, FTC).
WASHINGTON, D.C. — A panel ruling that reversed the dismissal of a labor union’s negligence and privacy claims against the U.S. Office of Personnel Management (OPM) and one of its contractors related to a 2015 data breach will stand, the District of Columbia Circuit U.S. Court of Appeals ruled Oct. 21 as it denied petitions for rehearing en banc by the agency and contractor (In Re: U.S. Office of Personnel Management Data Security Breach Litigation, Nos. 17-5217 & 17-5232, D.C. Cir.).
ATLANTA — Reversing an appeals court ruling, a Georgia Supreme Court majority on Oct. 21 found that a police officer’s downloading of data, without a warrant, from a vehicle involved in an accident violated the Fourth Amendment to the U.S. Constitution and should have resulted in suppression of the obtained data, also holding that the inevitable discovery exception did not apply (Victor Mobley v. Georgia, No. S18G1546, Ga. Sup., 2019 Ga. LEXIS 694).
SEATTLE — A Washington federal magistrate judge concluded that Amazon.com Inc. is not entitled to compel arbitration from a putative class of minors suing it for unauthorized voice recording, issuing a report and recommendation to that effect on Oct. 21, simultaneously issuing an order granting the plaintiffs’ motion to compel discovery responses and chiding the online retailer for not complying with previous discovery rulings (B.F. v. Amazon.com Inc., et al., No. 2:19-cv-00910, W.D. Wash.).
SAN FRANCISCO — Three customers of AT&T Inc. on Oct. 18 filed a stipulation of voluntary dismissal of their three-month-old lawsuit against the communications giant for allegedly selling their location data to third parties without their consent (Katherine Scott, et al. v. AT&T Inc., et al., No. 3:19-cv-04063, N.D. Calif.).
WASHINGTON, D.C. — Even though the Electronic Privacy Information Center (EPIC) has a still-pending motion to intervene in the $5 billion settlement between the Federal Trade Commission and Facebook Inc. over certain data-sharing practices engaged in by the social network, the privacy group on Oct. 16 filed a new motion in District of Columbia federal court seeking to file an amicus curiae brief opposing the court’s approval of the settlement (United States v. Facebook Inc., No. 1:19-cv-02184, D. D.C.).
NEW ORLEANS — An insured argues in an Oct. 1 appellant brief that an underlying lawsuit seeking to recover damages purportedly caused by a data breach of its credit card processing system triggered “personal and advertising injury” coverage under its commercial general liability insurance policy, asking the Fifth Circuit U.S. Court of Appeals to reverse a lower federal court’s finding that the insurer has no duty to defend (Landry's Inc. v. The Insurance Company of the State of Pennsylvania, No. 19-20430, 5th Cir.).
SAN FRANCISCO — The Ninth Circuit U.S. Court of Appeals on Oct. 18 denied a motion by Facebook Inc. for rehearing en banc of a panel ruling that affirmed a trial court’s decision to certify a class that is suing the social network under the Illinois Biometric Information Privacy Act (BIPA) for its facial recognition technology that identifies people in posted photographs (Nimesh Patel, et al. v. Facebook Inc., No. 18-15982, 9th Cir.).
SAN FRANCISCO — A panel’s ruling that allowed an analytics firm to collect and use publicly available user data “pose[s] a grave threat to user privacy and the openness of the Internet” and runs counter to the intent of the Computer Fraud and Abuse Act (CFAA), LinkedIn Corp. tells the Ninth Circuit U.S. Court of Appeals in an Oct. 11 petition in which it seeks en banc rehearing of the panel’s decision that upheld an injunction permitting the data collection (hiQ Labs Inc. v. LinkedIn Corp., No. 17-16783, 9th Cir.).
CHICAGO — A $3 million settlement agreement between a compliance services firm and a class of its clients’ employees whose personally identifiable information (PII) was exposed in a 2018 data breach received final approval from an Illinois federal judge on Oct. 7, the same day a fairness hearing on the agreement was held (Marshall Smith, et al. v. ComplyRight Inc., No. 1:18-cv-04990, N.D. Ill., 2019 U.S. Dist. LEXIS 174217).
SAN FRANCISCO — One month after a California federal judge mostly denied its motion to dismiss class claims against Facebook Inc. over its sharing of users’ personally identifiable information (PII) with an analytics firm, the social network on Oct. 8 moved to certify the ruling for interlocutory appeal, seeking the Ninth Circuit U.S. Court of Appeals’ opinion on whether the plaintiffs’ claimed privacy injury is sufficient to establish standing under Article III of the U.S. Constitution (In re Facebook Inc., Consumer Privacy User Profile Litigation, No. 3:18-md-02843, N.D. Calif.).
SAN FRANCISCO — The settlement of a nine-year-old privacy lawsuit over Google LLC’s Street View feature received preliminary approval on Oct. 9 from a California federal judge, who found that the proposed class established standing under Article III of the U.S. Constitution and deemed the proposed $13 million settlement agreement to be “likely fair, reasonable, and adequate” (In re Google LLC Street View Electronic Communications Litigation, No. 3:10-md-02184, N.D. Calif.).
ATLANTA — An en banc 11th Circuit U.S. Court of Appeals will rehear the appeal of a $6.3 million settlement by Godiva Chocolatier Inc. to end class claims that it violated the Fair Credit Reporting Act (FCRA) by printing more than five digits of credit card numbers on receipts, a majority of the 11th Circuit ruled Oct. 4 (James H. Price, et al. v. Godiva Chocolatier, Inc., No. 16-16486, 11th Cir., 2019 U.S. App. LEXIS 30027).
ERIE, Pa. — On Oct. 4, a Wyoming couple who sued a rent-to-own (RTO) franchisor and franchisee over the installation of spyware on their laptop jointly filed a brief with the franchisor, with whom they recently settled their claims, opposing the franchisee’s motion to compel production of the confidential settlement agreement, asserting that a settlement is irrelevant to any remaining claims and defenses in the case (Crystal Byrd, et al. v. Aaron’s Inc., et al., No. 1:11-cv-00101, W.D. Pa.).
SAN FRANCISCO — A class suing Facebook Inc. for violating an Illinois privacy law with its “tag suggestions” photo-tagging feature filed a brief on Oct. 1 asking the Ninth Circuit U.S. Court of Appeals to deny the social network’s petition to rehear en banc a panel’s affirming a trial court’s certification of the class, arguing that the ruling did not create any splits and did not invoke any questions of exceptional importance (In re Facebook Biometric Information Privacy Litigation, No. 18-15982, 9th Cir.).
WASHINGTON, D.C. — A District of Columbia Circuit U.S. Court of Appeals panel correctly reversed the dismissal of its privacy and negligence claims against the U.S. Office of Personnel Management (OPM) and one of its contractors related to a 2015 data breach, a plaintiff labor union and a group of government employees assert in a Sept. 30 brief opposing the agency’s motion for rehearing, arguing that the appeals court correctly found that the plaintiffs have standing to sue based on identity theft and fraud that they have already experienced as a result of their personally identifiable information (PII) being stolen in the breach (In Re: U.S. Office of Personnel Management Data Security Breach Litigation, Nos. 17-5217 & 17-5232, D.C. Cir.).