SAN JOSE, Calif. — A California federal judge on Jan. 28 denied a motion to preliminarily approve a proposed $50 million settlement of a consolidated class action over multiple data breaches experienced by Yahoo! Inc., citing six bases for denial, including inadequate disclosure and a lack of transparency (In re: Yahoo! Inc. Customer Data Security Breach Litigation, No. 5:16-md-02752, N.D. Calif., 2019 U.S. Dist. LEXIS 13410).
NEW YORK — A New York federal judge on Jan. 28 granted final approval of a settlement reached between Pepsi Beverages Co. (PBC) and a class of individuals whose consumer reports were pulled for employment purposes in a lawsuit over failure to provide proper disclosures, but reduced the requested attorney fees, finding that the requested percentage and hourly rates were too high (Altareek Grice, et al. v. Pepsi Beverages Company, et al., No. 17-8853, S.D. N.Y., 2019 U.S. Dist. LEXIS 13298).
ATLANTA — In a trio of Jan. 28 rulings, a Georgia federal judge dismissed Fair Credit Reporting Act (FCRA) and other claims brought against Equifax Inc. by consumer and financial institution (FI) classes over its 2017 data breach, while allowing negligence and unjust enrichment claims to proceed (In Re: Equifax Inc., Customer Data Security Breach Litigation, No. 1:17-md-2800, N.D. Ga.).
PHILADELPHIA — The proposed settlement of a class action against a health care concierge by employees whose personally identifiable information (PII) was compromised in a 2017 phishing incident received preliminary approval Jan. 24 from Pennsylvania federal judge, who found “that an initial presumption of fairness” had been established in the defendant’s agreement to reimburse affected employees and to make certain technological and security improvements (Tashica Fulton-Green, et al. v. Accolade Inc., No. 2:18-cv-00274, E.D. Pa., 2019 U.S. Dist. LEXIS 11149).
OAKLAND, Calif. — Responding to an order to show cause, the U.S. Department of Justice (DOJ) in a Jan. 18 filing argues that Twitter Inc. should not be granted access to a Federal Bureau of Investigation representative’s declaration in a lawsuit over the social network’s government-ordered surveillance activities, telling a California federal judge that the declaration was submitted in camera due to its classified nature (Twitter Inc. v. Matthew G. Whitaker, et al., No. 4:14-cv-04480, N.D. Calif.).
OAKLAND, Calif. — One month after a California federal judge dismissed their privacy lawsuit against a marketing firm for purportedly deploying self-replicating cookies onto their smartphones, the lead plaintiffs in the putative class action decided not to submit an amended complaint and instead filed an unopposed notice of voluntary dismissal of their four-year old lawsuit on Jan. 23 (Anthony Henson, et al. v. Turn Inc., No. 4:15-cv-01497, N.D. Calif.).
SPRINGFIELD, Ill. — Plaintiffs bringing claims under Illinois’ Biometric Information Privacy Act (BIPA) do not need to allege an “actual injury or adverse effect” other than the violation of their protected biometric privacy rights to qualify as an “aggrieved” person under the act, the Illinois Supreme Court unanimously ruled Jan. 25, reversing a lower court’s dismissal of a lawsuit over an amusement park’s fingerprinting practice (Stacy Rosenbach v. Six Flags Entertainment Corp., No. 123186, Ill. Sup., 2019 Ill. LEXIS 7).
SAN FRANCISCO — One month after a California federal judge dismissed their privacy and related claims against Facebook Inc. over a now-discontinued practice of scraping users’ call and text information from Android smartphones, a group of Android users on Jan. 22 filed an amended complaint realleging some of the dismissed claims and adding a claim of fraud (Lawrence Olin, et al. v. Facebook Inc., No. 3:18-cv-01881, N.D. Calif.).
SAN FRANCISCO — Two former drivers for Uber Technologies Inc. argue in a Jan. 22 reply brief to the Ninth Circuit U.S. Court of Appeals that a trial court’s dismissal of their negligence claims over the ride-sharing company’s 2014 data breach “was based on a misapplication of federal pleading standards” and should be reversed (Sasha Antman, et al. v. Uber Technologies Inc. No. 18-16100, 9th Cir.).
BOSTON — The First Circuit U.S. Court of Appeals on Jan. 18 vacated an order by a judge in the U.S. District Court for the District of Massachusetts blocking the release of juror addresses in a New England Compounding Center (NECC) trial and said the judge may continue to block juror addresses only if he makes “particularized findings” to justify nonrelease (United States v. Glenn A. Chin, et al., No. 17-2048, 1st Cir., 2019 U.S. Dist. LEXIS 1721).
SAN FRANCISCO — The Ninth Circuit U.S. Court of Appeals on Jan. 16 certified a question to the California Supreme Court in a coverage dispute between Yahoo! Inc. and its commercial general liability insurer arising from claims brought under the Telephone Consumer Protection Act (TCPA) (Yahoo! Inc. v. National Union Fire Insurance Company of Pittsburgh, PA, No. 17-16452, 9th Cir., 2019 U.S. App. LEXIS 1409).
SAN FRANCISCO — Plaintiffs in a class complaint accusing Delta Air Lines Inc. of failing to provide proper disclosures when running pre-employment background checks moved for preliminary approval of a $2.3 million settlement on Jan. 3 (Joseph L. Schofield, et al. v. Delta Air Lines Inc., et al., No. 18-382, N.D. Calif.).
OAKLAND, Calif.— A California federal judge on Jan. 10 denied an application by the government for a warrant compelling individuals to unlock electronic devices secured by biometric means, such as thumbprint and facial scans, likening such items to self-incriminating testimony that is unlawful under the Fifth Amendment to the U.S. Constitution (In re Search of a Residence in Oakland, Calif., No. 4:19-mj-70053, N.D. Calif.).
SANTA ANA, Calif. — A California federal judge on Jan. 4 granted preliminary approval of a settlement that would resolve the putative class action over personal viewing data collected by smart TVs made by Vizio Inc., with the judge finding the proposed $17 million settlement to be fair, reasonable and adequate (In Re: Vizio Inc., Consumer Privacy Litigation, No. 8:16-ml-02693, C.D. Calif.).
SAN FRANCISCO — After twice declining to approve a proposed settlement of a putative class action over a hotel chain’s 2016 data breach, a California federal judge on Jan. 9 granted the lead plaintiff’s renewed motion for preliminary approval of a revised settlement providing for up to $600,000 in relief to affected class members (Andrew Parsons v. Kimpton Hotel & Restaurant Group LLC, No. 3:16-cv-05387, N.D. Calif.).
SAN FRANCISCO — In a Jan. 4 filing, two electronic communication service providers (ECSPs) cite recent rulings by the First and Fourth Circuit U.S. Courts of Appeals that they say illustrate that nondisclosure requirements of national security letters (NSLs) served on them by the Federal Bureau of Investigation constitute prior restraint in violation of the First Amendment to the U.S. Constitution, asking the Ninth Circuit U.S. Court of Appeals to grant their 15-month- old motion for rehearing (In re National Security Letter, No. 16-16067, -16081, -16082 and -16190, 9th Cir.).
ATLANTA — A Florida school board did not violate the constitutional mandate barring unreasonable searches and seizures when it collected and tested the urine of all prospective substitute teachers for drugs, an 11th Circuit U.S. Court of Appeals panel ruled Dec. 20, affirming the denial of a preliminary injunction in a class complaint filed by one of the potential substitutes (Joan E. Friedenberg, et al. v. School Board of Palm Beach County, No. 17-12935, 11th Cir., 2018 U.S. App. LEXIS 35905).
HARTFORD, Conn. — Connecticut Attorney General George Jepsen announced Jan. 8 that the attorneys general of 43 states and the District of Columbia had reached a $1.5 million settlement with retailer Neiman Marcus Group LLC over a 2013 data breach the retailer experienced.
WASHINGTON, D.C. — A privacy rights organization saw its bid to vacate the dismissal of its lawsuit over voter data collection by a now-dissolved government committee denied Jan. 7, as the U.S. Supreme Court denied the group’s petition for certiorari, declining to consider whether the case’s moot status merited vacatur of the dismissal ruling (Electronic Privacy Information Center v. Presidential Advisory Commission on Election Integrity, et al., No. 18-267, U.S. Sup., 2019 U.S. LEXIS 204).
NEW YORK — A New York City ordinance requiring online home-sharing platform providers to provide the city with certain customer records on a monthly basis was enjoined by a New York federal judge on Jan. 3, who found that Airbnb Inc. and HomeAway.com Inc. were likely to succeed on their claims that the ordinance violates the Fourth Amendment to the U.S. Constitution (Airbnb Inc. v. New York, No. 1:18-cv-07712; HomeAway.com Inc. v. New York, No. 1:18-cv-07742, S.D. N.Y., 2019 U.S. Dist. LEXIS 755).