SAN FRANCISCO — More than a month after announcing their settlement with Uber Technologies Inc. of claims arising from a 2014 database hacking incident, two of the ride share company’s former drivers on March 18 filed a motion in the Ninth Circuit U.S. Court of Appeals, seeking to voluntarily dismiss their appeal of a trial court’s third dismissal of their putative class action (Sasha Antman, et al. v. Uber Technologies Inc. No. 18-16100, 9th Cir.).
PASADENA, Calif. — The Ninth Circuit U.S. Court of Appeals on March 16 held that an underlying lawsuit asserting that an insured violated California’s Credit Card Act alleged an invasion of privacy that is sufficient to trigger the insurer’s duty to defend, reversing a lower court’s no coverage ruling (Brighton Collectibles, LLC v. Certain Underwriters At Lloyd's London, No. 18-56403, 9th Cir., 2020 U.S. App. LEXIS 8245).
NEW YORK — In a complaint filed March 12 in New York federal court, the American Civil Liberties Union seeks to compel the U.S. Department of Homeland Security (DHS) and other government agencies to respond to its Freedom of Information Act (FOIA) request for information about the government’s use of facial recognition technology at airports and borders (American Civil Liberties Union, et al. v. U.S. Department of Homeland Security, et al., No. 1:20-cv-02213, S.D. N.Y.).
RICHMOND, Va. — The Fourth Circuit U.S. Court of Appeals on March 10 affirmed a lower federal court’s finding that a business liability insurer has no duty to defend against an underlying lawsuit alleging that a personal injury law firm and its attorney violated the Driver’s Privacy Protection Act (DPPA), rejecting the appellants’ contention that construing the policy exclusions against the insurer and in favor of coverage is required under North Carolina law (Hartford Casualty Insurance Company v. Davis & Gelshenen, et al., No. 19-1578, 4th Cir., 2019 U.S. Dist. LEXIS 75985).
SAN FRANCISCO — After a hearing on a proposed settlement of class claims over a security breach of Facebook Inc.’s social network via the “view as” feature, a California federal judge on March 5 sent the agreement back to the parties to clarify several items, including confidentiality and court notification procedures for post-settlement compliance assessments (Stephen Adkins v. Facebook, Inc., No. 3:18-cv-05982, N.D. Calif.).
SAN FRANCISCO — A Kansas minor and a Michigan resident filed a class complaint on March 3 in a federal court in California accusing the company that operates online games, including Words With Friends, of failing to safeguard more than 218 million users’ personal information from being hacked in September 2019 (I.C., et al. v. Zynga, Inc., No. 20-1539, N.D. Calif.).
SAN FRANCISCO — Two and a half years after a trial court granted final approval of a settlement of a class action over Facebook Inc.’s now-discontinued practice of scanning its users’ private messages (PMs) for certain information, a Ninth Circuit U.S. Court of Appeals panel on March 3 affirmed the approval over one class member’s objections, finding that the injunctive relief attorney fees established by the settlement were proportionate to the claimed privacy injuries (Matthew Campbell, et al. v. Facebook Inc., et al., No. 17-16873, 9th Cir., 2020 U.S. App. LEXIS 6643).
ATLANTA — A federal judge in Georgia on Feb. 24 granted preliminary approval of a $32.5 million settlement in a shareholder derivative lawsuit against several current and former officers and directors of Equifax Inc. over their handling of the credit-reporting agency’s massive 2017 data breach (In re Equifax Inc. Derivative Litigation, No. 18-317, N.D. Ga.).
PORTLAND, Ore. — Seven months after an Oregon federal judge preliminarily approved a $42 million settlement between Premera Blue Cross and a class of its insureds over a 2014 data breach, the judge on March 2 granted final approval, the same day that a fairness hearing was held (In Re: Premera Blue Cross Customer Data Security Breach Litigation, No. 3:15-md-02633, D. Ore.).
SAN FRANCISCO — In respective case management statements filed in California federal court on Feb. 27, Facebook Inc. and a putative class suing it over the Cambridge Analytica data-sharing incident blame each other for delays in the discovery process, arguing about such matters as search terms, depositions and the appropriate number of custodians (In re Facebook Inc., Consumer Privacy User Profile Litigation, No. 3:18-md-02843, N.D. Calif.).
SAN FRANCISCO — In a pair of notices filed in California federal court on Feb. 27, the plaintiffs in three consolidated suits brought under the Children’s Online Privacy Protection Act (COPPA) related to children’s game apps, announced that settlements had been reached between the plaintiffs, ViacomCBS Inc. and two companies involved in the games’ development (Amanda Rushing, et al. v. The Walt Disney Company, et al., No. 3:17-cv-04419, N.D. Calif.; Amanda Rushing, et al. v. ViacomCBS Inc., et al., No. 3:17-cv-04492, N.D. Calif.; Michael McDonald, et al. v. Kiloo ApS, et al., No. 3:17-cv-04344, N.D. Calif.).
LAS VEGAS — Days after MGM Resorts International confirmed that it had experienced a data breach months earlier, a California man filed a putative class action against the resort in Nevada federal court on Feb. 21, alleging negligence and unjust enrichment for MGM’s “failure to implement adequate and reasonable cyber-security procedures and protocols necessary to protect” customers’ personally identifiable information (PII) (John Smallman v. MGM Resorts International, No. 2:20-cv-00376, D. Nev.).
CHICAGO — A hospital worker failed to plead that the manufacturer of a medication-dispensing system that utilizes employees’ fingerprints for identification purposes collected or disclosed biometric data in violation of the Illinois Biometric Information Protection Act (BIPA), a Chicago federal judge ruled Feb. 24, granting the firm’s motion to dismiss the worker’s putative class claims (Corey Heard v. Becton, Dickinson & Co., No. 1:19-cv-04158, N.D. Ill., 2020 U.S. Dist. LEXIS 31249).
LOS ANGELES — Seven months after a California federal judge partly dismissed a well-known cryptocurrency investor’s negligence suit against AT&T Mobility LLC over phone hacking incidents that he says led to the theft of $24 million in digital currency, the same judge on Feb. 24 partly granted the cellular carrier’s renewed dismissal motion, while finding that some of the earlier pleading deficiencies had been cured (Michael Terpin v. AT&T Mobility LLC, et al., No. 2:18-cv-06975, C.D. Calif., 2020 U.S. Dist. LEXIS 31742).
ALBUQUERQUE, N.M. — A suite of educational services offered free-of-charge by Google LLC to schools comes with “a very real cost,” New Mexico alleges in a complaint filed Feb. 20 in New Mexico federal court, claiming that the tech giant has been collecting children’s personally identifiable information (PII) in violation of the Children’s Online Privacy Protection Act (COPPA), as well as state and common law (New Mexico, et al. v. Google LLC, No. 1:20-cv-00143, D. N.M.).
GREENBELT, Md. — A motion by Marriott International Inc. to dismiss 10 bellwether class claims in a multidistrict litigation against it over a massive data breach it experienced was largely unsuccessful, with a Maryland federal judge denying dismissal of nine of those claims on Feb. 21, finding that the plaintiffs adequately established jurisdiction and alleged their claims and injuries from the incident (In re: Marriott International Inc. Customer Data Security Breach Litigation, No. 8:19-md-02879, D. Md., 2020 U.S. Dist. LEXIS 30435).
PHILADELPHIA — A federal judge in Pennsylvania on Feb. 21 transferred a lawsuit accusing Equifax Inc. and its affiliates of violating the Fair Credit Reporting Act (FCRA) of illegally selling information to mortgage brokers who made phone calls to plaintiffs’ Florida home after they began refinancing the loan on a home they own in Delaware, finding that litigating the suit in the U.S. District Court for the Northern District of Georgia would enhance judicial efficiency (Harold Berk v. Equifax Inc., et al., No. 19-4629, E.D. Pa., 2020 U.S. Dist. LEXIS 29714).
ATLANTA — Reversing and remanding the denial of DIRECTV LLC’s motion to compel arbitration of a putative privacy class claim against it, an 11th Circuit U.S. Court of Appeals panel on Feb. 19 found that the scope of an arbitration provision within a plaintiff’s customer agreement covered a claim that the satellite television carrier violated federal law by sharing customer data with an expert witness in the course of litigating a Telephone Consumer Protection Act (TCPA) lawsuit (Sebastian Cordoba, et al. v. DIRECTV LLC, No. 18-14832, 11th Cir., 2020 U.S. App. LEXIS 5024).
SAN FRANCISCO — A Tesla Inc. customer did not sufficiently establish that a report about him that Experian Information Systems Inc. provided to the automaker was a “consumer report” that was used for an impermissible purpose under the Fair Credit Reporting Act (FCRA), a California federal judge ruled Feb. 19, granting the defendants’ motions to dismiss (Wayne Skiles v. Tesla Inc., et al., No. 3:17-cv-05435, N.D. Calif.).
PHOENIX — A settlement agreement in an Arizona federal class lawsuit over motel guest lists being voluntarily turned over to U.S. Immigration and Customs Enforcement (ICE) agents by Motel 6 Operating L.P. and G6 Hospitality LLC, doing business as Motel 6, that provides up to $10 million was granted final approval on Feb. 18 over protests by the Arizona attorney general who argued in a Feb. 6 amicus brief that the settlement provided the majority of the settlement funds to cy pres recipients (Jane V., et al. v. Motel 6 Operating L.P., et al., No. 18-242, D. Ariz.).