SAN FRANCISCO — Partly reversing the dismissal of a class complaint over Facebook Inc.’s tracking of the internet histories of users who were logged out of its social network, a Ninth Circuit U.S. Court of Appeals panel on April 9 ruled that the plaintiffs sufficiently alleged privacy and intrusion claims, while affirming dismissal of electronic interception and contractual claims (In re: Facebook Inc. Internet Tracking Litigation, No. 17-17486, 9th Cir., 2020 U.S. App. LEXIS 11102).
SAN FRANCISCO — Zoom Video Communications Inc. and two of its senior executives violated federal securities laws by concealing from investors that the cloud-based communications platform developer had implemented inadequate data privacy and security measures that were later disclosed in light of the spread of the novel coronavirus pandemic, an investor argues in a Feb. 8 securities class complaint filed in California federal court (Kim Brams v. Zoom Video Communications Inc., et al., No. 20-2396, N.D. Calif.).
BALTIMORE — Five months after putative class complaints against the four major U.S. cellular service providers were ordered to arbitration, the lead plaintiff in the suit accusing Verizon Communications Inc. of selling customers’ geolocation data to third parties on April 3 filed a notice of voluntary dismissal in Maryland federal court (Michelle Morrison v. Verizon Communications Inc., et al., No. 1:19-cv-01298, D. Md.).
SAN FRANCISCO — Partly resolving a dispute over the production of electronically stored information (ESI) in the consolidated lawsuit over Facebook Inc.’s sharing of user data with third parties, a California federal magistrate judge on April 2 directed the social network to provide some of the information requested by the plaintiffs, while setting in place processes for addressing production of the remaining requested data (In re Facebook Inc., Consumer Privacy User Profile Litigation, No. 3:18-md-02843, N.D. Calif.).
BOSTON — In a March 30 docket entry, a Massachusetts Appeals Court justice denied Facebook Inc.’s motion to stay an order compelling it to produce disputed documents requested by the Massachusetts attorney general (AG) in an investigation of privacy violations, with the justice finding that the social network did not establish that the items were privileged (Attorney General v. Facebook Inc., No. 2020-J-0148, Mass. App.).
SAN FRANCISCO — On March 31 and April 2, notices of settlement were filed in California federal court regarding privacy claims against the Walt Disney Co. and Twitter Inc., in one of three related lawsuits over the alleged sharing of minor users’ data in certain gaming apps (Amanda Rushing, et al. v. The Walt Disney Company, et al., No. 3:17-cv-04419, N.D. Calif.; Amanda Rushing, et al. v. ViacomCBS Inc., et al., No. 3:17-cv-04492, N.D. Calif.; Michael McDonald, et al. v. Kiloo ApS, et al., No. 3:17-cv-04344, N.D. Calif.).
SAN FRANCISCO — On March 31, Zoom Video Communications Inc. was named in its second putative class complaint in California federal court in as many days, with two users of its videoconferencing platform alleging negligence, unfair competition and privacy violations for Zoom’s admitted sharing of certain personally identifiable information (PII) of users operating its app on Apple Inc.’s operating system (iOS) (Samuel Taylor v. Zoom Video Communications Inc., No. 3:20-cv-02170, Robert Cullen v. Zoom Video Communications Inc., 5:20-cv-02155, N.D. Calif.).
RIVERSIDE, Calif. — An insurer on March 14 filed suit in a federal court in California seeking a declaration that its policy’s “invasion of privacy” exclusion bars directors, officers and organization liability insurance coverage for an underlying putative class action alleging that the insured violated the Telephone Consumer Protection Act (TCPA) and state law (Atlantic Specialty Insurance Company v. HOSOPO Corporation, No. 20-00545, C.D. Calif.).
SAN FRANCISCO — Maintaining that Facebook Inc. has engaged in “an egregious breach of their privacy” via “persistent, duplicitous, profit-driven collection and use” of their location data even when they opt out of such collection, four of the social network’s users filed a brief in California federal court on March 27, opposing Facebook’s motion to dismiss their putative privacy class claims (Brett Heeger, et al. v. Facebook Inc., No. 3:18-cv-06399, N.D. Calif.).
PORTLAND, Ore. — An Oregon federal magistrate judge on March 23 granted a motion by a group of former Nike Inc. employees to compel the sporting goods giant to produce employee names and identifying information associated with certain documents that it has already provided in discovery in a sex bias suit against it, with the magistrate finding that a prior ruling and a protective order will guard the employees’ privacy interests (Kelly Cahill, et al. v. Nike, Inc., No. 3:18-cv-01477, D. Ore., 2020 U.S. Dist. LEXIS 49838).
TALLAHASSEE, Fla. — Granting in part a nursing home’s petition for certiorari of two discovery orders in a wrongful death lawsuit, a Florida appeals panel on March 24 found that an order requiring the production of certain patient records violated privacy protections of Florida laws and the state’s constitution, also holding that the requested information was not likely to lead to admissible evidence (Saints 120 LLC v. Michaele M. Moore, No. 1D19-973, Fla. App. 1st Dist., 2020 Fla. App. LEXIS 3811).
SAN FRANCISCO — A Virginia couple filed a putative class complaint in California federal court on March 3 against Hanna Andersson LLC, alleging negligence related to a data breach the children’s clothing retailer experienced in 2019 (Krista Gill, et al. v. Hanna Andersson LLC, et al., No. 8:20-cv-01572, N.D. Calif.).
HOUSTON — A Texas federal judge on March 24 dismissed for a second time an iPhone user’s negligence and breach of warranty claims against Apple Inc., finding that the plaintiff failed to offer anything more than conclusory allegations in his claims that he was injured by a glitch in Apple’s FaceTime feature that allowed users to eavesdrop on one another (Larry D. Williams II v. Apple Inc., et al., No. 4:19-cv-00782, S.D. Texas).
SAN JOSE, Calif. — In a long-running privacy lawsuit over internet referrer headers that was previously settled, approved, appealed and remanded for a determination of standing under Article III of the U.S. Constitution, Google LLC filed a dismissal motion on remand on March 20, telling a California federal court that the plaintiffs lack standing for failure to allege any concrete harm (In re: Google Referrer Header Privacy Litigation, No. 5:10-cv-04809, N.D. Calif.).
CHICAGO — An Illinois appeals panel on March 20 affirmed a lower court’s ruling that an insurer has a duty to defend its insured against claims that it violated the Biometric Information Privacy Act, further affirming the lower court’s finding that the insured is not entitled to bad faith damages (West Bend Mutual Insurance Company v. Krishna Schaumburg Tan, Inc., et al., No. 19-1834, Ill. App., 1st Dist., 6th Div., 2020 Ill. App. LEXIS 179).
PHILADELPHIA — In a March 18 appellee brief, J. Crew Group Inc. tells the Third Circuit U.S. Court of Appeals that most of the arguments raised by a customer claiming violations of the Fair and Accurate Credit Transactions Act (FACTA) by the printing of too many digits on his credit card receipts were already rejected by the court in a previous appeal six months earlier, urging the court to uphold a third dismissal ruling against the customer (Ahmed Kamal v. J. Crew Group Inc., et al., No. 19-3590, 3rd Cir.).
SAN FRANCISCO — Finding that a New York-based investor communications solutions provider did not avail itself of jurisdiction in California and did not purposefully direct any actions toward the state, a California federal judge on March 18 dismissed a putative class action against the company over a 2019 data breach for lack of personal jurisdiction (Phillip Toretto, et al. v. Mediant Communications Inc., No. 3:19-cv-05208, N.D. Calif., 2020 U.S. Dist. LEXIS 47123).
CLEVELAND — One day after Sonic Corp. filed a brief in Ohio federal court opposing certification for a class of financial institutions (FIs) in a lawsuit over its 2017 data breach, the fast food chain on March 18 filed three motions to exclude the plaintiffs’ class certification experts, citing issues of qualification, relevance and reliability (In re: Sonic Corp. Customer Data Security Breach, No. 1:17-md-02807, N.D. Ohio).
SAN FRANCISCO — Four months after a California federal judge granted initial approval of a $13 million settlement between Google LLC and a putative class suing for privacy violations related to data collection connected to the Google Street View feature, he granted the plaintiffs’ motion for final approval on March 18, overruling objections to the cy pres-only nature of the settlement (In re Google LLC Street View Electronic Communications Litigation, No. 3:10-md-02184, N.D. Calif.).
WASHINGTON, D.C. — A former Department of Homeland Security (DHS) acting inspector general has been charged with stealing proprietary software, source code and other information from the DHS containing, among other things, the personally identifiable information (PII) of employees of the DHS and U.S. Postal Service to create software to be sold to the Department of Agriculture, according to an indictment unsealed March 6 in District of Columbia federal court (United States v. Charles Kumar Edwards, et al., No. 20-cr-66, D. D.C.).