SAN JOSE, Calif. — Calling Google LLC “a voyeur extraordinaire,” a putative class complaint filed July 14 in California federal court brings wiretapping and invasion of privacy claims against the tech giant for allegedly collecting the personal data of mobile device users via its Google Analytics feature and the Firebase software development kit (SDK), regardless of whether users have opted out of being tracked in their devices’ settings (Anibal Rodriguez, et al. v. Google LLC, et al., No. 5:20-cv-04688, N.D. Calif.).
BANGOR, Maine — Granting a motion for judgment on the pleadings by Maine’s attorney general (AG), a Maine federal judge on July 7 ruled that a group of trade associations opposing a newly enacted state privacy statute failed to establish that the law is preempted by recent rules and deregulatory activities of the Federal Communications Commission (FCC) (ACA Connects – America’s Communications Association, et al. v. Aaron Frey, No. 1:20-cv-00055, D. Maine, 2020 U.S. Dist. LEXIS 118293).
WAUKEGAN, Ill. — The use by the owner of several McDonald’s franchises in Lake County, Ill., of a fingerprint scan to monitor employees’ work time is violating Illinois law by collecting, using, storing and disclosing employees’ biometric data, and a showing of actual damages is not necessary for a successful claim, a former employee alleges in her July 6 class complaint filed in the Lake County Circuit Court (Joanna Currie, et al. v. McEssy Investment Company, No. 2020CH04825, Ill. Cir., Lake Co.).
LEXINGTON, Ky. — Although a Kentucky federal magistrate judge concluded that a search warrant compelling an individual to unlock an electronic device via a biometric input can comport with the protections of the Fourth Amendment to the U.S. Constitution, the magistrate in a July 2 ruling declined to compel such production in a warrant requested by the federal government because the application did not establish the necessary reasonable suspicion (In re Search Warrant No. 5165, No. 5:20-mj-05165, E.D. Ky., 2020 U.S. Dist. LEXIS 117049).
SAN FRANCISCO — A California federal judge erred in allowing a commercial general liability insurer to enforce its policy’s deductible coverage endorsement because enforcing the endorsement in the data privacy coverage dispute ignores the plan language of the policy, the insured contends in a May 18 brief to the Ninth Circuit U.S. Court of Appeals (Yahoo! Inc. v. National Union Fire Insurance Company of Pittsburgh, PA, No. 19-16475, 9th Cir.).
SAN FRANCISCO — In a July 1 joint discovery letter, three AT&T Services Inc. customers ask a California federal court to compel the wireless carrier to provide documents regarding details of its now-discontinued practice of sharing customers’ geolocation data with third parties, arguing that such information is necessary to establish the risk of future harm to respond to AT&T’s assertion that they lack jurisdiction to bring their putative privacy and consumer class claims (Katherine Scott, et al. v. AT&T Inc., et al., No. 3:19-cv-04063, N.D. Calif.).
SANTA ANA, Calif. — The operator of a chain of substance abuse rehabilitation facilities filed a motion in California federal court on June 30 to compel arbitration of privacy and negligence claims brought against it by a former patient over a 2019 data breach, arguing that a contractual provision mandated that his claims be resolved via arbitration rather than litigation (Hector Fuentes v. Sunshine Behavioral Health Group LLC, No. 8:20-cv-00487, C.D. Calif.).
CLEVELAND — Partly denying a motion to dismiss putative class claims brought by financial institutions (FIs) over a 2017 data breach experienced by Sonic Corp., an Ohio federal judge on July 1 found that the FIs sufficiently alleged that the fast food chain acted affirmatively in not updating the data security systems for the franchises that were affected by the breach (In re: Sonic Corp. Customer Data Security Breach, No. 1:17-md-02807, N.D. Ohio, 2020 U.S. Dist. LEXIS 114891).
COVINGTON, Ky. — A federal judge in Kentucky on June 26 dismissed two class claims under the Fair Credit Reporting Act (FCRA) brought against employers by employees after their personal information was stolen, finding that the employers are not consumer reporting agencies (CRAs), and declined to exercise supplemental jurisdiction over state law claims (Keram J. Christensen, et al. v. Saint Elizabeth Medical Center, Inc., et al., No. 19-43, E.D. Ky., 2020 U.S. Dist. LEXIS 112353).
LAWRENCEVILLE, Ga. — An Athens, Ga., hospital is manipulating COVID-19 tests to obtain “false negative” results to keep space for new admissions and avoid negative publicity and oversight, four current and former employees allege in an amended petition for an emergency temporary restraining order (TRO) and interlocutory injunction filed June 22 in a Georgia state court (Jane Doe 1, et al. v. Landmark Hospital of Athens, LLC, No. 20-A-04131-3, Ga. Super., Gwinnett Co.).
WASHINGTON, D.C. — The collection of publicly available data from a website does not violate the Computer Fraud and Abuse Act (CFAA), a data analytics firm tells the U.S. Supreme Court in a June 25 brief opposing LinkedIn Corp.’s petition for certiorari over an injunction preventing the professional network operator from blocking such data collection (LinkedIn Corp. v. hiQ Labs Inc., No. 19-1116, U.S. Sup.).
WINSTON-SALEM, N.C. — A federal judge in California on June 24 issued two separate rulings granting business liability insurers’ motions for judgment on the pleadings in their lawsuits disputing coverage for underlying claims that their insureds violated the Driver's Privacy Protection Act (DPPA), finding that two policy exclusions “unambiguously bar coverage” (Sentinel Insurance Company Ltd., et al. v. James S. Farrin P.C., et al., No. 17-211, 2020 U.S. Dist. LEXIS 111919; Sentinel Insurance Company Ltd.. v. George Salama D.C., et al., No. 17-328, M.D. N.C., 2020 U.S. Dist. LEXIS 111918).
TRENTON, N.J. — Although the New Jersey Supreme Court found that women suing over a janitor’s use of hidden cameras were not required to provide proof that they were actually filmed to support a claim for intrusion on seclusion, the state high court on June 16 ruled that they failed to provide sufficient evidence to establish a reasonable inference that they used the particular bathrooms where the filming occurred (Jaime Friedman, et al. v. Teodoro Martinez, et al., No. A-37/81, N.J. Sup., 2020 N.J. LEXIS 678).
ROCHESTER, N.Y. — A health insurance provider that has been sued by a group of its policyholders over a 2013 data breach moved for a protective order in New York federal court on June 16, seeking to prevent the plaintiffs from deposing its chief information officer (CIO) for a third time (Matthew Fero, et al. v. Excellus Health Plan Inc., et al., No. 6:15-cv-06569, W.D. N.Y.).
SAN FRANCISCO — A Ninth Circuit U.S. Court of Appeals panel’s reversal of the dismissal of some privacy and intrusion class claims against Facebook Inc. will stand, the panel decided June 23 as it denied the social network’s petition for rehearing in a lawsuit over Facebook’s tracking of users’ internet activity after they have logged out of their account (In re: Facebook Inc. Internet Tracking Litigation, No. 17-17486, 9th Cir.).
GALVESTON, Texas — In a June 15 motion to exit a dispute over the management of an ERISA-governed plan for Shell Oil Co. employees, a group of Fidelity-related companies argue that claims that it violated fiduciary duties and committed prohibited transactions as the plan’s record-keeper by marketing product to participants rest on the “faulty premise” that participants’ personal data is a plan asset (Charles Harmon v. Shell Oil Co., No. 3:20cv21, S.D. Texas).
PORTLAND, Ore. — In a June 18 brief responding to citation of additional authority by a subscriber who alleges privacy violations against it, Comcast Cable Communications LLC tells the Ninth Circuit U.S. Court of Appeals that a recent ruling regarding the so-called McGill rule related to contractual arbitration provisions does not support a trial court’s finding that the company’s arbitration requirement for customer disputes was invalid (Brandon Hodges v. Comcast Cable Communications LLC, No. 19-16483, 9th Cir.).
ALEXANDRIA, Va. — The Federal Deposit Insurance Corp. on June 16 asked a Virginia federal court to reconsider a ruling in which it denied the agency’s motion to intervene in a discovery matter in a multidistrict litigation over a 2019 data breach experienced by Capital One Financial Corp., contending that it is entitled to defend as privileged certain documents requested by the plaintiffs (In re Capital One Customer Data Security Breach Litigation, No. 1:19-md-02915, E.D. Va.).
WASHINGTON, D.C. — A civil liberties organization that sued the Federal Trade Commission under the Freedom of Information Act (FOIA) regarding documents filed with the commission by Facebook Inc. over its data privacy practices received an unfavorable ruling in its quest for attorney fees on June 16 by a District of Columbia federal magistrate judge, who opined in a report and recommendation that the plaintiff did not establish entitlement to fees under the catalyst theory of causation (Electronic Privacy Information Center v. Federal Trade Commission, No. 1:18-cv-00942, D. D.C.).
NEW YORK — An enjoined New York City ordinance that required online home-sharing platform operators to submit certain homeowner data to the city will be revised in accordance with the city’s settlement of a lawsuit filed by Airbnb Inc. under the Fourth Amendment to the U.S. Constitution, the parties reported in a June 12 letter motion seeking a stay of proceedings in New York federal court (Airbnb Inc. v. New York, No. 1:18-cv-07712; HomeAway.com Inc. v. New York, No. 1:18-cv-07742, S.D. N.Y.).