SAN FRANCISCO — Finding that the record established that Facebook Inc. did not use its facial recognition technology in the photo-uploading incident at the heart of a putative class action, a Ninth Circuit U.S. Court of Appeals panel on June 14 affirmed judgment in the social network’s favor on a man’s claim that it violated an Illinois biometric privacy statute (Frederick William Gullen v. Facebook Inc., No. 18-15785, 9th Cir., 2019 U.S. App. LEXIS 17969).
CHICAGO — Nine months after a judge declined to approve a previously proposed settlement between the Neiman Marcus Group LLC and a group of customers over a 2013 data breach, the parties filed a status report on June 12, informing an Illinois federal court that they had reached a new settlement (Hilary Remijas, et al. v. The Neiman Marcus Group, LLC, No. 1:14-cv-01735, N.D. Ill.).
SEATTLE — In a putative class complaint filed June 11 in Washington federal court, Amazon.com Inc. was accused of violating eight states’ wiretap statutes by recording and storing the voices of minors without consent or notice via the “Alexa” digital assistant (C.O. v. Amazon.com Inc., et al., No. 2:19-cv-00910, W.D. Wash.).
NEW YORK — Several surveillance program documents withheld by government agencies in response to Freedom of Information Act (FOIA) requests by the American Civil Liberties Union were properly found to be classified or privileged, a Second Circuit U.S. Court of Appeals panel found May 30, affirming a trial court’s ruling and taking the opportunity to clarify some exemptions to the FOIA, 5 U.S.C. § 552 (American Civil Liberties Union, et al. v. National Security Agency, et al., No. 17-3399, 2nd Cir., 2019 U.S. App. LEXIS 16122).
NEWARK, N.J. — Three days after Quest Diagnostics Inc. announced that a breach of a billing vendor’s system had exposed patient information, a negligence class complaint was filed against the nationwide medical testing firm in New Jersey federal court on June 6, seeking monetary damages and security system improvements (Francis Carbonneau v. Quest Diagnostics Inc., et al., No. 2:19-cv-13472, D. N.J.).
WASHINGTON, D.C. — Overruling objections raised by a class of consumer plaintiffs, the U.S. Judicial Panel on Multidistrict Litigation (JPMDL) on June 5 consolidated two putative class actions filed by financial institutions (FIs) over a 2017 data breach experienced by Sonic Corp. with those previously filed by consumer plaintiffs against the fast food chain, transferring the FI’s suits to Ohio federal court (In re: Sonic Corp. Customer Data Security Breach, No. 2807, JPMDL).
WEST PALM BEACH, Fla. — A Florida federal judge on May 30 held that coverage for an underlying $60,413,112 consent judgment entered against an insured in a Telephone Consumer Protection Act (TCPA) violation dispute is barred by the insurance policy’s “invasion of privacy” exclusion, finding that the alleged TCPA violations arise ou tof an invasion of privacy (Jacob Horn, et al. v. Liberty Insurance Underwriters, Inc., No.18-80762, S.D. Fla., 2019 U.S. Dist. LEXIS 90194).
SANTA ANA, Calif. — With a California couple’s June 3 complaint against First American Title Co. in California federal court, six putative class actions have now been filed in the wake of the recent revelation of purported lapses in protecting customer data by the leading title insurance company (Antonio Barajas, et al. v. First American Financial Corp., et al., No. 8:19-cv-01078, C.D. Calif.).
SAN FRANCISCO — In supplemental briefs filed May 29 at the direction of the Ninth Circuit U.S. Court of Appeals, Facebook Inc. and an objector to the underlying settlement of a class action over the social network’s now-discontinued practice of scanning users’ private messages (PMs), argue that subsequent U.S. Supreme Court rulings make it clear that the plaintiffs never properly established standing to bring their privacy claims against Facebook under Article III of the U.S. Constitution (Matthew Campbell, et al. v. Facebook Inc., et al., No. 17-16873, 9th Cir.).
SANTA ANA, Calif. — A California appeals panel on May 31 affirmed a lower court's finding that coverage is owed for claims that an insured violated California Penal Code Section 632 by improperly recording a private interview without her knowledge and published it to third parties, rejecting an insurer’s argument that coverage is excluded under a commercial general liability insurance policy’s criminal acts exclusion (Nautilus Insurance Company v. Monique Mingione, No. G055914, Calif. App., 4th Dist., Div. 3, 2019 Cal. App. Unpub. LEXIS 3759).
BOSTON — A federal judge in Massachusetts on May 24 dismissed with prejudice putative class claims brought by former students of a Massachusetts college that abruptly closed its doors at the end of the 2018 academic year after a failed merger, finding that the students failed to sufficiently allege their privacy, breach of contract and other claims and that no opportunity to amend would be given (Tristan Squeri, et al. v. Mount Ida College, et al., No. 18-12438, D. Mass., 2019 U.S. Dist. LEXIS 88273).
SANTA ANA, Calif. — A week after a California federal judge granted final approval to the settlement of a class action over a 2015 data breach experienced by Experian Information Solutions Inc., the class on May 16 filed a proposed judgment releasing all claims against Experian and addressing the judge’s concerns that a previously submitted judgment was overly broad (In Re Experian Data Breach Litigation, No. 8:15-cv-01592, C.D. Calif.).
OAKLAND, Calif. — Finding that certain date and time data collected by a sex toy app constituted record information, rather than the contents of a communication, a California federal judge on May 15 dismissed in part claims against a “sextech” company under the Wiretap Act, while holding that “vibration intensity” data, which was allegedly collected without user consent, qualified as communications and could support a claim under the statute (S.D. v. Hytto Ltd., No. 4:18-cv-00688, N.D. Calif.).
KANSAS CITY, Mo. — A hospital’s motion to dismiss putative class claims over the unintentional disclosure of patients’ protected health information (PHI) was partly granted May 16, when a Missouri federal judge found that the lead plaintiff did not establish the existence of a contract that was breached by the data disclosure (K.A. v. Children’s Mercy Hospital, No. 4:18-cv-00514, W.D. Mo., 2019 U.S. Dist. LEXIS 82725).
SAN JOSE, Calif. — A California federal judge on May 17 denied a commercial general liability insurer’s motion for judgment as a matter of law on Yahoo! Inc.’s bad faith and bad faith damages claims, finding that there is a “legally sufficient evidentiary basis” for a jury to determine that the insurer acted in bad faith in its handling of underlying class actions filed against Yahoo over its practice of scanning the content of emails (Yahoo! Inc. v. National Union Fire Insurance Company of Pittsburgh, PA, No. 17-00489, N.D. Calif., 2019 U.S. Dist. LEXIS 83811).
OAKLAND, Calif. — In May 16 reply briefs supporting their respective motions to dismiss, Google LLC, Apple Inc. and Facebook Inc. tell a California federal court that two plaintiffs alleging the improper collection and use of their mobile devices’ location data have essentially admitted that any such data was obtained via their devices’ internet protocol (IP) addresses and not by any actions taken by the defendants (Brendan Lundy, et al. v. Facebook Inc., et al., No. 4:18-cv-06793, N.D. Calif.).
SAN JOSE, Calif. — Seven months after a California federal judge preliminarily approved settlement of a class action against Intuit Inc. over a 2014 data breach, the same judge granted final approval May 15 to the settlement, which provides more than $2.8 million in costs, attorney fees and service awards (In re Intuit Data Litigation, No. 5:15-cv-01778, N.D. Calif.).
SAN FRANCISCO — Two months after the U.S. Supreme Court remanded a privacy class action against Google LLC for lack of jurisdiction, a Ninth Circuit U.S. Court of Appeals panel on May 13 granted a motion by Google to further remand the case for a determination of whether the class ever established that it had standing under Article III of the U.S. Constitution (In re: Google Referrer Header Privacy Litigation, No. 15-15858, 9th Cir.).
TACOMA, Wash. — Plaintiffs, referred to only as John Does, who filed a class complaint against Washington officials seeking to stop the release of the names and addresses of individuals who participated in the state’s bump stock buy-back program, filed a notice of voluntary dismissal on May 2 (John Doe 1, et al. v. John R. Batiste, et al., No. 19-5334, W.D. Wash.).
NEWARK, N.J. — A month after a judge changed the dismissal of a Fair and Accurate Credit Transactions Act (FACTA) complaint against J. Crew Group Inc. to without prejudice, a New Jersey man filed a third amended complaint (TAC) May 14 over the retailer’s purported printing of too many credit card digits on receipts, telling a New Jersey federal court that he suffered damages from a heightened risk of identity theft and because he can “no longer merely throw out his credit card receipts” (Ahmed Kamal v. J. Crew Group Inc., et al., No. 2:15-cv-00190, D. N.J.).