SAN FRANCISCO — Because users of Facebook Inc. agreed to its privacy policies, a Ninth Circuit U.S. Court of Appeals panel on Dec. 6 found that three of the social network’s users who sued it for privacy violations for collecting their health-related information consented to Facebook’s data-collection practices, affirming dismissal of their claims (Winston Smith, et al. v. Facebook Inc., No. 17-16206, 9th Cir., 2018 U.S. App. LEXIS 34397).
ATLANTA — In a Nov. 23 reply brief supporting their motion for limited relief from existing discovery stay, the plaintiffs in a consolidated class action over the 2017 data breach experienced by Equifax Inc. tell a Georgia federal court that certain requested documents and employee depositions are necessary to preserve evidence and to facilitate upcoming full discovery (In Re: Equifax Inc., Customer Data Security Breach Litigation, No. 1:17-md-2800, N.D. Ga.).
ALBANY, N.Y. — In a Dec. 4 press release, New York Attorney General (AG) Barbara D. Underwood announced that her office had reached a $4.95 million settlement with Oath Inc., formerly known as AOL Inc., for violations of the Children’s Online Privacy Protection Act (COPPA).
SANTA ANA, Calif. — In a Dec. 3 in chambers order, a California federal judge granted preliminary approval to a proposed settlement, valued at approximately $47 million, to settle a consolidated class action over a 2015 data breach experienced by Experian Information Solutions Inc. (In Re Experian Data Breach Litigation, No. 8:15-cv-01592, C.D. Calif.).
SAN FRANCISCO — In letter briefs filed Nov. 6 at the direction of the Ninth Circuit U.S. Court of Appeals, Yahoo! Inc. and its commercial general liability (CGL) insurer debate the impact of an August 2017 Ninth Circuit ruling on the present appeal pertaining to insurance coverage for claims brought under the Telephone Consumer Protection Act (TCPA) (Yahoo! Inc. v. National Union Fire Insurance Company of Pittsburgh, PA, No. 17-16452, 9th Cir.).
PORTLAND, Ore. — Two Marriott International Inc. customers filed a class complaint on Nov. 30 in an Oregon state court, seeking up to $12.5 billion for a nationwide class allegedly affected by the hotel chain’s data breach that was announced that same day (David Johnson, et al. v. Marriott International, Inc., No. 18CV54883, Ore. Cir., Multnomah Co.).
WASHINGTON, D.C. — One month after oral arguments were held, Google LLC, a class of Google users and the federal government filed supplemental briefs in the U.S. Supreme Court on Nov. 30 addressing whether the class had established standing under Article III of the U.S. Constitution to bring its privacy claims against the internet giant (Theodore H. Frank, et al. v. Paloma Gaos, et al., No. 17-961, U.S. Sup.).
CHICAGO — In its Nov. 28 response to a plaintiff’s motion to compel production of identifying information for prospective class members in a data breach lawsuit, Barnes & Noble Inc. tells an Illinois federal court that it properly redacted private customer information that is irrelevant at the class definition stage of the litigation (In re Barnes & Noble Pin Pad Litigation, No. 1:12-cv-08617, N.D. Ill.).
FRESNO, Calif. — On Nov. 28, the American Civil Liberties Union and Electronic Frontier Foundation (EFF) filed a motion in California federal court to unseal the court filings in a case where the U.S. Department of Justice (DOJ) reportedly sought to compel Facebook Inc. to provide it with access to users’ private calls made via the social network (In re U.S. Department of Justice Motion to Compel Facebook to Provide Technical Assistance in Sealed Case, Opinion and Order Issued in or About September 2018, No. 1:18-mc-00057, E.D. Calif.).
PITTSBURGH — The Pennsylvania Supreme Court on Nov. 21 found that an employer has a duty to protect any personally identifiable information (PII) that it collects from its employees, reversing the dismissal of a putative class of hospital employees’ negligence claim over the theft of their information after a breach of their employer’s network (Barbara A. Dittman, et al. v. UPMC, et al., No. 43 WAP 2017, Pa. Sup., 2018 Pa. LEXIS 6051).
CHICAGO — In an Oct. 24 response brief, five members of the Chicago Police Department (CPD) tell the Seventh Circuit U.S. Court of Appeals that a newspaper’s appeal of a ruling that deemed it in violation of the Driver’s Privacy Protection Act (DPPA) is premature and merits dismissal because the trial court’s order was not final and did not award any relief (Scott Dahlstrom, et al. v. Sun-Times Media LLC, No. 18-3101, 7th Cir.).
WASHINGTON, D.C. — Appealing a ruling that pleading an increased risk of identity theft from a data breach is sufficient to establish an injury for purposes of standing under Article III of the U.S. Constitution, Zappos.com Inc., in a Nov. 19 reply brief supporting its petition for certiorari, asks the U.S. Supreme Court to decide the uniform standard to establish what constitutes a concrete injury in such cases (Zappos.com Inc. v. Theresa Stevens, et al., No. 18-225, U.S. Sup.).
WASHINGTON, D.C. — A man who has filed multiple lawsuits over the domestic surveillance activities of the National Security Agency (NSA) filed a reply brief in one of three dismissed cases Nov. 14, arguing to the District of Columbia U.S. Court of Appeals that he has standing and evidence to pursue his constitutional claims against the government (Larry Klayman v. National Security Agency, et al., No. 18-5097, D.C. Cir.; and Larry Klayman, et al. v. Barack Obama, et al., Nos. 17-5281 and 17-5282, D.C. Cir.).
BALTIMORE — In light of the presiding judge’s finding that the state secrets privilege precluded production of most of the evidence sought by Wikimedia Foundation to support its lawsuit over surveillance conducted by the National Security Agency (NSA), the government on Nov. 13 moved for summary judgment in Maryland federal court, asserting that the plaintiff was unable to establish standing to pursue its constitutional claims (Wikimedia Foundation v. National Security Agency, et al., No. 1:15-cv-00662, D. Md.).
NEWARK, N.J. — A New Jersey man failed to establish the necessary elements of unlawful interception of electronic communications by Quicken Loans Inc., a New Jersey federal judge ruled Nov. 9, dismissing his putative class claims under the Wiretap Act because the lender’s collection of data via its website was lawful (Michael Allen v. Quicken Loans Inc., et al., No. 2:17-cv-12352, D. N.J., 2018 U.S. Dist. LEXIS 192066).
PITTSBURGH — A Rite Aid customer sued the pharmacy company and a pharmacist at a Pittsburgh location on Oct. 23, alleging that an employee violated state and federal health laws and caused him mental anguish and humiliation by announcing his HIV status without permission within earshot of other customers (John Doe v. Rite Aid Pharmacy Corp., et al., No. 18-013826, Pa. Comm. Pls., Allegheny Co.).
NEW YORK — A federal judge in New York on Nov. 9 denied a motion to suppress filed by a man accused of participating in a health care fraud scheme, finding that search warrants executed for three email accounts were not overbroad and that the man had no reasonable expectation of privacy for the accounts (United States v. Paul J. Mathieu, et al., No. 16 cr 763, S.D. N.Y., 2018 U.S. Dist. LEXIS 192281).
OAKLAND, Calif. — Seeking to proceed with their statutory claims over the domestic surveillance activities of the National Security Agency (NSA), the plaintiffs in a 10-year old putative class action against the federal government on Nov. 2 filed a declaration by former NSA contractor Edward Snowden the same day they filed a reply brief in California federal court opposing the government’s summary judgment motion (Carolyn Jewel, et al. v. National Security Agency, et al., No. 4:08-cv-04373, N.D. Calif.).
WASHINGTON, D.C. — Asserting that they plausibly pleaded a substantial risk of future harm due to their personally identifiable information (PII) being stolen in a 2012 data breach experienced by Zappos.com Inc., a group of the online retailer’s customers in a Nov. 6 brief urge the U.S. Supreme Court to deny its petition for certiorari, arguing that the circuit courts are in agreement on the standard of determining whether future harm has been sufficiently alleged in data breach cases (Zappos.com Inc. v. Theresa Stevens, et al., No. 18-225, U.S. Sup.).
WASHINGTON, D.C. — Six days after hearing oral arguments in a dispute about the propriety of cy pres settlements in class actions, the U.S. Supreme Court on Nov. 6 directed the parties to file supplemental briefs addressing whether the named plaintiffs alleging privacy violations by Google LLC established standing in the case under Article III of the U.S. Constitution (Theodore H. Frank, et al. v. Paloma Gaos, et al., No. 17-961, U.S. Sup.).