ATLANTA — Reversing and remanding the denial of DIRECTV LLC’s motion to compel arbitration of a putative privacy class claim against it, an 11th Circuit U.S. Court of Appeals panel on Feb. 19 found that the scope of an arbitration provision within a plaintiff’s customer agreement covered a claim that the satellite television carrier violated federal law by sharing customer data with an expert witness in the course of litigating a Telephone Consumer Protection Act (TCPA) lawsuit (Sebastian Cordoba, et al. v. DIRECTV LLC, No. 18-14832, 11th Cir., 2020 U.S. App. LEXIS 5024).
SAN FRANCISCO — A Tesla Inc. customer did not sufficiently establish that a report about him that Experian Information Systems Inc. provided to the automaker was a “consumer report” that was used for an impermissible purpose under the Fair Credit Reporting Act (FCRA), a California federal judge ruled Feb. 19, granting the defendants’ motions to dismiss (Wayne Skiles v. Tesla Inc., et al., No. 3:17-cv-05435, N.D. Calif.).
PHOENIX — A settlement agreement in an Arizona federal class lawsuit over motel guest lists being voluntarily turned over to U.S. Immigration and Customs Enforcement (ICE) agents by Motel 6 Operating L.P. and G6 Hospitality LLC, doing business as Motel 6, that provides up to $10 million was granted final approval on Feb. 18 over protests by the Arizona attorney general who argued in a Feb. 6 amicus brief that the settlement provided the majority of the settlement funds to cy pres recipients (Jane V., et al. v. Motel 6 Operating L.P., et al., No. 18-242, D. Ariz.).
SAN FRANCISCO — Less than a week before a scheduled hearing in the Ninth Circuit U.S. Court of Appeals, two former drivers with Uber Technologies Inc. on Feb. 7 filed a notice of settlement, informing the appeals court that they had reached a confidential settlement with the ride share company over a 2014 database hacking incident (Sasha Antman, et al. v. Uber Technologies Inc. No. 18-16100, 9th Cir.).
GREENBELT, Md. — A Louisiana-based bank sufficiently alleged, under that state’s law, that Marriott International Inc.’s negligence in not adequately protecting its customers’ payment card data led to its being compromised, a Maryland judge overseeing the multidistrict litigation over Marriott’s data breach concluded Feb. 7, partly denying the hotel chain’s motion to dismiss (In re: Marriott International Inc. Customer Data Security Breach Litigation, No. 8:19-md-02879, D. Md., 2020 U.S. Dist. LEXIS 21502).
SAN JOSE, Calif. — Google LLC was hit with another class complaint alleging violation of the Illinois Biometric Information Privacy Act (BIPA) in California federal court on Feb. 6, with an Illinois man claiming that the tech giant has been using its “Google Photos” app to upload and store “millions of ‘face templates’” without users’ knowledge or consent (Brandon Molander v. Google LLC, No. 5:20-cv-00918, N.D. Calif.).
CHICAGO — Clearview AI Inc. was hit with a putative class complaint in Illinois federal court on Feb. 5, marking the third federal suit filed against the tech firm in two weeks over its creation of “a dystopian surveillance database” with the biometric identifiers of millions of people (Anthony Hall v. Clearview AI Inc., et al., No. 1:20-cv-00846, N.D. Ill.).
RALEIGH, N.C. — A Fortnite player who claims that his Epic Games Inc. account was breached and his data was stolen must submit his claims to individual arbitration, a federal judge in North Carolina ruled Feb. 3, staying the Missouri man’s putative class complaint (Michael Heidbreder v. Epic Games, Inc., No. 19-348, E.D. N.C., 2020 U.S. Dist. LEXIS 17878).
CINCINNATI — Six pharmacy chains on Jan. 22 filed a petition for a writ of mandamus in the Sixth Circuit U.S. Court of Appeals that seeks to block the opioid multidistrict litigation court from forcing them to disclose “transaction level” prescription order data (In Re: CVS Pharmacy, Inc., No. 20-3075, 6th Cir.).
PEORIA, Ill. — In a Jan. 31 dismissal motion, a supermarket chain tells an Illinois federal court that negligence, contractual and other class claims brought against it over a 2018-2019 data breach are inadequately pleaded and do not contain the necessary particularity per federal pleading guidelines (Noreen Perdue, et al. v. Hy-Vee Inc., No. 1:19-cv-01330, C.D. Ill.).
NEW YORK — A federal judge in New York on Jan. 31 granted a financial services company insured’s cross-motion for summary judgment as to its breach of contract claim in its lawsuit seeking indemnity for an underlying settlement arising from alleged “spoof emails” that resulted in a $5.9 million fraudulent wire transfer, but ruled in favor of the insurer as to a bad faith claim (SS&C Technology Holdings, Inc. v. AIG Specialty Insurance Company, No. 19-07859, S.D. N.Y., 2020 U.S. Dist. LEXIS 17201).
LOS ANGELES — On Jan. 31, a third putative class complaint was filed against Ring LLC in California federal court, with plaintiffs alleging negligence, privacy and consumer violation claims related to incidents in which the company’s smart security devices have been hacked by third parties (John Politi, et al. v. Ring LLC, No. 2:20-cv-01034, C.D. Calif.).
NEWARK, N.J. — The broad protection of European Union (EU) citizens’ data provided by the General Data Protection Regulation (GDPR) does not serve to prevent production of personal data deemed relevant to the claims in a lawsuit, a New Jersey federal magistrate judge ruled Jan. 30, affirming a special master’s order directing Mercedes-Benz USA LLC to submit certain employee data in a class action over alleged environmental impact misrepresentation (In Re Mercedes-Benz Emissions Litigation, No. 2-16-cv-00881, D. N.J., 2020 U.S. Dist. LEXIS 15967).
CHICAGO — A U.S. District Court for the Northern District of Illinois judge on Jan. 29 agreed to transfer a putative class complaint over a franchisee’s alleged use and retention of employees’ fingerprint scans, but transferred the case to the Central District of Illinois, not a federal court in Indiana as the franchisee had requested (Tiffanie Snider, et al. v. Heartland Beef, Inc., No. 19-7386, N.D. Ill., 2020 U.S. Dist. LEXIS 14502).
SAN FRANCISCO — Less than two weeks after the U.S. Supreme Court rebuffed its appeal of a class certification ruling in a privacy lawsuit over its social network’s face-tagging feature, Facebook Inc. announced on Jan. 29 that it had reached a $550 million settlement of class claims against it under the Illinois Biometric Information Privacy Act (BIPA) (In re Facebook Biometric Information Privacy Litigation, No. 3:15-cv-03747, N.D. Calif.).
MIAMI — Three days after a visually impaired man sued a retailer for allegedly operating an inaccessible website in violation of the Americans with Disabilities Act, a Florida federal judge on Jan. 27 sua sponte dismissed the plaintiff’s state law trespass claim, citing a lack of Florida case law on the matter to justify exercising supplemental jurisdiction over the claim (Victor Aziza v. Steve Madden Inc., No. 1:20-cv-20310, S.D. Fla., 2020 U.S. Dist. LEXIS 13557).
WASHINGTON, D.C. — In a pair of briefs filed Jan. 24 in District of Columbia federal court, Facebook Inc. and the U.S. Department of Justice (DOJ) argue that a recently announced consent order between the social network and the Federal Trade Commission that settles a host of consumer privacy claims should be approved, opposing objections to the settlement raised by amici curiae and citing its establishing of “an unsurpassed level of accountability” and “a new standard for [Facebook] and the industry more broadly” (United States v. Facebook Inc., No. 1:19-cv-02184, D. D.C.).
ST. PAUL, Minn. — A senior living community worker’s disparaging social media post about a resident did not constitute a “health record” because it contained no information about her medical condition, a Minnesota appeals panel ruled Jan. 27, affirming the dismissal of a lawsuit under a Minnesota health privacy statute (William Furlow v. Madonna Summit of Byron, et al., No. A19-0987, Minn. App., 2020 Minn. App. Unpub. LEXIS 75).
BOSTON — A Massachusetts judge on Jan. 16 concluded that most of the materials Facebook Inc. withheld from production to the state’s attorney general (AG) in an investigation into the 2015 Cambridge Analytica data-sharing incident were not protected by privilege, ordering the social network to produce the requested materials within 90 days (Attorney General v. Facebook Inc., No. 1984CV02597-BLS1, Mass. Super. Suffolk Co.).
CHICAGO — Clearview AI Inc. created and furnished to law enforcement a database of the facial scans of “millions of unsuspecting individuals,” contributing to the creation of a “massive surveillance state” a plaintiff claims in a putative class complaint filed Jan. 22 in Illinois federal court, alleging violations of the First, Fourth and 14th amendments to the U.S. Constitution and the Illinois Biometric Information Privacy Act (BIPA) (David Mutnick v. Clearview AI Inc., et al., No. 1:20-cv-00512, N.D. Ill.).