HARTFORD, Conn. — Connecticut Attorney General George Jepsen announced Jan. 8 that the attorneys general of 43 states and the District of Columbia had reached a $1.5 million settlement with retailer Neiman Marcus Group LLC over a 2013 data breach the retailer experienced.
WASHINGTON, D.C. — A privacy rights organization saw its bid to vacate the dismissal of its lawsuit over voter data collection by a now-dissolved government committee denied Jan. 7, as the U.S. Supreme Court denied the group’s petition for certiorari, declining to consider whether the case’s moot status merited vacatur of the dismissal ruling (Electronic Privacy Information Center v. Presidential Advisory Commission on Election Integrity, et al., No. 18-267, U.S. Sup., 2019 U.S. LEXIS 204).
NEW YORK — A New York City ordinance requiring online home-sharing platform providers to provide the city with certain customer records on a monthly basis was enjoined by a New York federal judge on Jan. 3, who found that Airbnb Inc. and HomeAway.com Inc. were likely to succeed on their claims that the ordinance violates the Fourth Amendment to the U.S. Constitution (Airbnb Inc. v. New York, No. 1:18-cv-07712; HomeAway.com Inc. v. New York, No. 1:18-cv-07742, S.D. N.Y., 2019 U.S. Dist. LEXIS 755).
WASHINGTON, D.C. — All of the parties that participated in October oral arguments in a class action over alleged privacy violations by Google LLC’s sharing of users’ search query terms submitted supplemental reply briefs to the U.S. Supreme Court Dec. 21, arguing over whether the named plaintiffs sufficiently established standing under Article III of the U.S. Constitution (Theodore H. Frank, et al. v. Paloma Gaos, et al., No. 17-961, U.S. Sup.).
SPOKANE, Wash. — A Washington police chief is entitled to immunity in a privacy-related class lawsuit over the release of accident reports, and the claims against unnamed defendants must also be dismissed due to the plaintiff’s failure to identify the parties in the 20 months since the lawsuit was filed, a Washington federal judge ruled Dec. 21 in granting a motion for summary judgment (Jade Wilcox v. John Batiste, et al., No. 17-122, E.D. Wash., 2018 U.S. Dist. LEXIS 215833).
CHICAGO — An Illinois federal judge on Dec. 29 granted judgment in favor of Google LLC in a putative class action alleging violation of an Illinois biometrics law, finding that the plaintiffs failed to show any concrete injury in the collection of their facial biometric information via a cloud-based photo-sharing application (Lindabeth Rivera v. Google LLC, No. 1:16-cv-02714, and Joseph Weiss v. Google LLC, No. 1:16-cv-02870, N.D. Ill., 2018 U.S. Dist. LEXIS 217710).
ORLANDO, Fla. — An individual’s claims against Aetna Life Insurance Co. (ALIC) for breach of contract, negligence and negligent infliction of emotional distress based on the disclosure of the plaintiff’s HIV status that was viewable through an envelope window are preempted by Employee Retirement Income Security Act Section 502, a federal judge in Florida ruled Dec. 27 in granting in part the insurer’s motion to dismiss, explaining that the allegations rest on the terms of the plaintiff’s plan with the insurer (John Doe v. Aetna Life Insurance Co., No. 18-cv-979-Orl-37GJK, M.D. Fla., 2018 U.S. Dist. LEXIS 216447).
SAN FRANCISCO — In a Dec. 18 order, a California federal judge dismissed privacy and related class claims against Facebook Inc. related to a now-discontinued practice of scraping users’ call and text information from Android smartphones, finding that the plaintiffs did not properly plead necessary elements of fraud or concrete harm (Anthony Williams, et al. v. Facebook Inc., No. 3:18-cv-01881, N.D. Calif.).
NEW ORLEANS — Nine days after directing a small tug boat company to produce certain cell phone data in a lawsuit over an employee’s death, a Louisiana federal magistrate judge on Dec. 19 clarified that the parties will share the costs associated with this discovery and extended the deadline for compliance with the previous order (Anne Dufrene v. American Tugs Inc., et al., No. 2:18-cv-00554, E.D. La., 2018 U.S. Dist. LEXIS 207803).
KANSAS CITY, Mo. — A Missouri federal judge on Dec. 10 sent a class complaint over the alleged theft of patient records from a hospital employee’s vehicle back to state court, finding that the hospital failed to show that the amount in controversy exceeded $5 million (K.A., et al. v. Children’s Mercy Hospital, No. 18-516, W.D. Mo., 2018 U.S. Dist. LEXIS 207733).
SAN FRANCISCO— Uber Technologies Inc. in a Dec. 17 appellee brief asks the Ninth Circuit U.S. Court of Appeals to find that a class complaint brought by two former drivers after a 2014 data breach was properly dismissed three times by a trial court for lack of standing (Sasha Antman, et al. v. Uber Technologies Inc. No. 18-16100, 9th Cir.).
SAN FRANCISCO— The Electronic Privacy Information Center (EPIC) on Dec. 17 filed an amicus curiae brief in the Ninth Circuit U.S. Court of Appeals supporting a trial court’s certification of a class of Facebook Inc. users who claim that the social network’s use of a photo-tagging feature violates the Illinois Biometric Information Privacy Act (BIPA), with the organization arguing that the plaintiffs sufficiently established injury via Facebook’s violation of the statute (In re Facebook Biometric Information Privacy Litigation, No. 18-15982, 9th Cir.).
OAKLAND, Calif. — A marketing firm that was accused of privacy violations for its use of so-called zombie cookies on mobile devices saw its motion to dismiss a class complaint against it granted Dec. 17, with a California federal judge finding that the plaintiffs failed to establish any injury from the cookie deployment (Anthony Henson, et al. v. Turn Inc., No. 4:15-cv-01497, N.D. Calif., 2018 U.S. Dist. LEXIS 212249).
LOS ANGELES — Uber Technologies Inc. on Dec. 7 informed a California federal court of motions to compel arbitration it filed in five individual cases brought by Uber drivers and riders that comprised a multidistrict litigation over a data breach announced by the company in 2017 (In re Uber Technologies Inc. Data Security Breach Litigation, No. 2:18-ml-02826, C.D. Calif.).
SAN FRANCISCO — In response to a stipulation by Google LLC and the plaintiffs in six class actions against the tech giant, a California federal judge on Dec. 11 consolidated the lawsuits over Google’s a purported tracking of smart phone users’ locations despite their opting out of such tracking (In re Google Location History Litigation, No. 5:18-cv-05062, N.D. Calif.).
LOS ANGELES — With the Dec. 13 filing of class complaints in California and Connecticut federal courts, more than 30 lawsuits have been lodged against Marriott International Inc. in the wake of a massive data breach that the hotel chain recently announced (Janel Sempre v. Marriott International Inc., et al., No. 2:18-cv-10324, C.D. Calif.; Stacey K. Allen, et al. v. Marriott International Inc., et al., No. 3:18-cv-02050, D. Conn.).
SAN FRANCISCO — Because users of Facebook Inc. agreed to its privacy policies, a Ninth Circuit U.S. Court of Appeals panel on Dec. 6 found that three of the social network’s users who sued it for privacy violations for collecting their health-related information consented to Facebook’s data-collection practices, affirming dismissal of their claims (Winston Smith, et al. v. Facebook Inc., No. 17-16206, 9th Cir., 2018 U.S. App. LEXIS 34397).
ATLANTA — In a Nov. 23 reply brief supporting their motion for limited relief from existing discovery stay, the plaintiffs in a consolidated class action over the 2017 data breach experienced by Equifax Inc. tell a Georgia federal court that certain requested documents and employee depositions are necessary to preserve evidence and to facilitate upcoming full discovery (In Re: Equifax Inc., Customer Data Security Breach Litigation, No. 1:17-md-2800, N.D. Ga.).
ALBANY, N.Y. — In a Dec. 4 press release, New York Attorney General (AG) Barbara D. Underwood announced that her office had reached a $4.95 million settlement with Oath Inc., formerly known as AOL Inc., for violations of the Children’s Online Privacy Protection Act (COPPA).
SANTA ANA, Calif. — In a Dec. 3 in chambers order, a California federal judge granted preliminary approval to a proposed settlement, valued at approximately $47 million, to settle a consolidated class action over a 2015 data breach experienced by Experian Information Solutions Inc. (In Re Experian Data Breach Litigation, No. 8:15-cv-01592, C.D. Calif.).