BOSTON— Affirming a trial court’s ruling that reversed the quashing of a subpoena for recordings of an employee’s phone calls, a First Circuit U.S. Court of Appeals panel on June 5 found that the calls were recorded unintentionally and thus did not run afoul of the prohibitions of the Federal Wiretap Act (In re HIPAA Subpoena, No. 19-1424, 1st Cir.).
ATLANTA — An insured’s assignee recently asked the 11th Circuit U.S. Court of Appeals to reverse a federal district court’s finding that coverage for an underlying $60,413,112 consent judgment entered against the insured in a Telephone Consumer Protection Act (TCPA) violation dispute is barred by the insurance policy's “invasion of privacy” exclusion (Jacob Horn, et al. v. Liberty Insurance Underwriters, Inc., No. 19-12525, 11th Cir.).
SAN JOSE, Calif. — One day after a hearing in a remanded privacy suit against Google LLC, a California federal judge on June 5 determined that the plaintiffs sufficiently established their standing under Article III of the U.S. Constitution to allege violations of the Stored Communications Act (SCA) by Google’s purported sharing of their search query terms with third-party website operators (In re: Google Referrer Header Privacy Litigation, No. 5:10-cv-04809, N.D. Calif., 2020 U.S. Dist. LEXIS 99291).
LOS ANGELES — A former user of the Wishbone app filed a putative class action against the app’s maker in California federal court on June 1, alleging negligence and unfair competition over Mammoth Media Inc.’s purported inadequate security practices, which, he claims, led to a recently announced data breach that resulted in the theft of nearly 40 million users’ personally identifiable information (PII) (Connor Burns v. Mammoth Media Inc., No. 2:20-cv-04855, C.D. Calif.).
SAN JOSE, Calif. — In a putative class complaint filed June 2 in California federal court, three Google LLC subscribers assert that the technology firm continuously tracks and collects users’ web-browsing information despite their use of “private browsing mode” (Charles Brown, et al. v. Google LLC, et al., No. 5:20-cv-03664, N.D. Calif.).
NEW YORK — An Illinois resident who filed the first of several biometric privacy suits over Clearview AI Inc.’s creation of a facial scan database failed in his bid to intervene in six putative class actions against the tech firm in New York federal court on May 29, as a New York federal judge deemed intervention in the noncertified putative class actions “not justified on either mandatory or permissive grounds” due to the movant’s lack of cognizable interest (Mario Calderon, et al. v. Clearview AI Inc., No. 1:20-cv-01296, S.D. N.Y., 2020 U.S. Dist. LEXIS 94926).
CHICAGO — A proposed class settlement worth more than $3.2 million between a restaurant and its workers over claims concerning the employer’s collection of workers’ fingerprints contains several “minor problems” when it comes to class members’ rights to object, a federal judge in Illinois ruled May 28, denying preliminary approval (Ebony Jones v. CBC Restaurant Corp., No. 19-6736, N.D. Ill.).
CHICAGO — Finding that Bose Corp. is a party to the Bluetooth communications between its wireless products and an app that controls their settings, an Illinois federal judge on May 27 granted the audio company’s motion to dismiss wiretap and eavesdropping class claims against it for the same reasons she had done so more than a year earlier (Kyle Zak v. Bose Corp., No. 1:17-cv-02928, N.D. Ill.).
PHOENIX — Arizona filed a complaint against Google LLC in state court on May 27, accusing the technology giant of violating the Arizona Consumer Fraud Act (CFA) via its “widespread and systemic use of deceptive and unfair business practices to obtain information about the location of its users” to fuel its “lucrative advertising business” (Arizona v. Google LLC, No. CV 2020-006219, Ariz. Super. Maricopa Co.).
ALEXANDRIA, Va. — Capital One Financial Corp. failed to establish that a report prepared by its cybersecurity consultant over a 2019 data breach differed from tasks the consultant would have performed absent the breach, a Virginia federal magistrate judge ruled May 26, deeming the report not to be protected work product and granting motion by a group of the credit card issuer’s customers to compel its production in a multidistrict litigation over the incident (In re Capital One Customer Data Security Breach Litigation, No. 1:19-md-02915, E.D. Va., 2020 U.S. Dist. LEXIS 91736).
CHICAGO — An Illinois man who filed the first of several privacy lawsuits over the online facial data collection practices conducted by Clearview AI Inc. filed a supplemental brief in New York federal court on May 20, supporting his motion to intervene in five lawsuits in that venue, arguing that a recent development in his suit in Illinois federal court weights in favor of litigating claims against the tech firm in the Illinois court (David Mutnick v. Clearview AI Inc., et al., No. 1:20-cv-00512, N.D. Ill.).
ALLENTOWN, Pa. — A food distributor’s ex-vice president who now resides in Poland cannot invoke the General Data Protection Regulation (GDPR) to escape his discovery duties in a Racketeer Influenced and Corrupt Organizations Act (RICO) suit brought by his former employer, a Pennsylvania federal judge ruled May 21, concluding that the defendant could not meet his burden to establish that the European law bars production from him as a U.S. citizen (Giorgi Global Holdings Inc., et al. v. Wieslaw Smulski, et al., No. 5:17-cv-04416, E.D. Pa., 2020 U.S. Dist. LEXIS 89369).
CHICAGO — An Illinois federal judge on May 5 found that one of two lead plaintiffs alleging biometric privacy violations in Shutterfly Inc.’s use of facial-recognition technology was bound by the company’s arbitration provision, staying the putative class action brought under the Illinois Biometric Information Privacy Act (BIPA) pending resolution of the arbitration (Vernita Miracle-Pond, et al. v. Shutterfly Inc., No. 1:19-cv-04722, N.D. Ill., 2020 U.S. Dist. LEXIS 86083).
SAN JOSE, Calif. — Google LLC on May 15 filed a reply supporting its motion to dismiss a case remanded by the U.S. Supreme Court for jurisdictional findings, telling a California federal court that plaintiffs alleging privacy violations under the Stored Communications Act (SCA) for the purported sharing of their search query terms failed to allege the necessary harm to establish standing under Article III of the U.S. Constitution (In re: Google Referrer Header Privacy Litigation, No. 5:10-cv-04809, N.D. Calif.).
LOS ANGELES — Granting in part a motion to dismiss by AT&T Mobility LLC, a California federal judge on May 18 found that a former customer who was the victim of “SIM swapping” that led to a loss of $1.8 million did not sufficiently plead invasion of privacy and reliance factors to support two of his claims against the wireless carrier (Seth Shapiro v. AT&T Mobility LLC, No. 2:19-cv-08972, C.D. Calif.).
ATLANTA — Four months after final approval was granted to the settlement of claims brought by consumer plaintiffs over Equifax Inc.’s 2017 data breach, the financial institution (FI) plaintiffs on May 15 asked a Georgia federal court to preliminarily approve the $5.5 million settlement of their claims in the consolidated class action against the credit-reporting company (In Re: Equifax Inc., Customer Data Security Breach Litigation, No. 1:17-md-02800, N.D. Ga.).
CHICAGO — Putative class claims by four airline employees over the collection and use of their fingerprints don’t belong in federal court, a judge in the U.S. District Court for the Northern District of Illinois ruled May 12, holding that three of the employees must proceed before an adjustment board under the Railway Labor Act (RLA) and that the fourth agreed to arbitration (Darrell Crooms, et al. v. Southwest Airlines Co., No. 19-2149, N.D. Ill., 2020 U.S. Dist. LEXIS 84360).
SAN JOSE, Calif. — A California federal judge on May 6 mostly granted Google LLC’s motion to dismiss a putative class complaint alleging unauthorized interception and retention of users’ conversations via its Google Assistant (GA) app, largely disposing of privacy, contractual and unfair competition claims for failure to sufficiently allege specifics about the purportedly collected communications (In re Google Assistant Privacy Litigation, No. 5:19-cv-04286, N.D. Calif.; 2020 U.S. Dist. LEXIS 80971).
SAN JOSE, Calif. — A San Francisco church, which was the victim of a pornographic hacking incident, known as “Zoombombing,” during a videoconference, filed a putative class complaint in California federal court against platform provider Zoom Video Communications Inc. on May 13, alleging false “promises of data privacy and security,” as well as claims for privacy violations, unfair competition and negligence (Saint Paulus Lutheran Church, et al. v. Zoom Video Communications Inc., No. 5:20-df-03252, N.D. Calif.).
SAN FRANCISCO — With the May 8 filing of a putative class complaint in California federal court by a group of minors, social network app company TikTok Inc. has been sued in three lawsuits for violating the Illinois Biometric Information Privacy Act (BIPA) for the surreptitious collection and retention of users’ biometric identifiers without consent or notice (P.S., et al. v. TikTok Inc., et al., No. 3:20-cv-02292, N.D. Calif., E.R., et al. v. TikTok Inc., et al., No. 1:20-cv-02810, N.D. Ill.; D.M., et al. v. TikTok Inc., et al., No. 3:20-cv-03185, N.D. Calif.).