CHICAGO — One day after issuing a ruling rejecting a handful of objections to a proposed settlement of a multidistrict litigation leveling allegations of various privacy violations by TikTok Inc. through its social media app, an Illinois federal judge on Oct. 1 issued an order granting preliminary approval to the $92 million settlement, which he found “to be within the range of fairness, reasonableness, and adequacy.”
WASHINGTON, D.C. —The U.S. Judicial Panel on Multidistrict Litigation (JPMDL) on Oct. 4 denied GEICO’s motion to transfer and centralize five related putative class actions arising from a purported data security breach of its online sales system, finding that “informal coordination among the small number of parties and involved courts appears eminently feasible” as opposed to consolidated or coordinated pretrial proceedings as a multidistrict litigation.
DENVER — Google LLC did not properly obtain direct parental consent prior to collecting minors’ data via its education software, New Mexico argues in a Sept. 28 reply brief in the 10th Circuit U.S. Court of Appeals, contending that it properly alleged a claim under the Children’s Online Privacy Protection Act (COPPA).
LOS ANGELES — More than two months after the U.S. Supreme Court struck down as unconstitutional a California requirement that nonprofit organizations annually disclose who their donors are, the plaintiff nonprofit, which sued California’s attorney general (AG) over the requirement, moved for modified judgment on remand to California federal court on Sept. 23, seeking an injunction preventing future enforcement of the filing requirement.
ROCKFORD, Ill.— A federal judge in Illinois on Sept. 22 denied a college student’s request for a preliminary injunction against his college’s COVID-19 testing requirement for unvaccinated students, finding that the student failed to show a likelihood of success on the merits of his claim that the testing violates his Fourth Amendment right as the school does not deny access to those who refuse to submit to the testing and instead offers classes online.
WASHINGTON, D.C. — A petition for certiorari by an objector to the billion-dollar settlement of a privacy class action over the massive 2017 Equifax Inc. data breach will go unanswered, as Equifax filed a notice with the U.S. Supreme Court on Sept. 16 that it waives its right to respond to the petition.
SAN FRANCISCO — Two months after Zynga Inc. was granted dismissal of privacy and negligence claims against it related to a 2019 hacking incident, the online gaming firm on Sept. 20 moved to dismiss the plaintiffs’ amended class claims, telling a California federal court that the plaintiffs fail to allege a nonspeculative injury related to the theft of their personally identifiable information (PII).
CINCINNATI — A federal magistrate judge in Ohio on Sept. 16 signed a stipulated protective order placing limitations and restrictions on documents and information that will be produced for inspection and copied during Home Depot’s breach of contract and bad faith lawsuit seeking damages up to the full collective policy limits of $50 million for its losses stemming from a 2014 data breach.
CHICAGO — Answering a question certified to it by a trial court, an Illinois appeals panel on Sept. 17 concluded that a one-year or five-year limitations period applies to claims brought under different sections of Illinois’ Biometric Information Privacy Act (BIPA) because two of the statute’s claims pertain to the determinative element of publication while the others do not.
LOS ANGELES — While privacy class claims brought against Ring LLC by purchasers of its security devices are stayed pending arbitration, the defendant on Sept. 20 moved to dismiss claims against it by nonpurchaser plaintiffs, arguing that the Communications Decency Act (CDA) bars claims and injuries based on the activities of third-party hackers.
HARRISBURG, Pa. — A group of Democrat Pennsylvania state senators filed suit against three of their Republican colleagues in Pennsylvania state court on Sept. 17 to halt the enforcement of a subpoena that seeks “large swaths of voter records and election results” without “any legitimate legislative purpose” and would violate constitutional provisions and voters’ privacy.
JEFFERSON CITY, Mo. — Although a Missouri federal magistrate judge found a claim for emotional distress damages inadequately pleaded, he otherwise deemed claims over the theft of personally identifiable information (PII) in a data breach, including breach of contract and unfair competition, to be sufficiently pleaded by a policyholder and a former employee, largely denying an insurance company’s motion to dismiss in a Sept. 15 ruling.
RICHMOND, Va. — A challenge by the Wikimedia Foundation to the National Security Agency’s (NSA’s) upstream surveillance activities was properly dismissed under the state secrets privilege, a divided Fourth Circuit U.S. Court of Appeals panel held Sept. 15, finding that the Foreign Intelligence Surveillance Act (FISA) does not displace the privilege.
SAN JOSE, Calif. — Consumers accusing Apple Inc. in a putative class complaint of unlawfully obtaining unauthorized recordings of communications via its preinstalled digital assistant, Siri, have failed to allege economic injury, a federal judge in California ruled Sept. 2, partially granting Apple’s motion and dismissing a claim under California’s unfair competition law (UCL).
HARRISBURG, Pa. — An employment staffing company accused of failing to safeguard private health information (PHI) contained in Pennsylvania Department of Health (DOH) COVID-19 contract tracing lists and then timely notify those affected after a data breach moved Sept. 10 for dismissal of a putative class complaint by one of the woman allegedly on the lists for failure to allege an injury-in-fact and state a claim upon which relief may be granted.
CHICAGO — One day after a businessowners liability insurer filed a notice of voluntary dismissal, a federal court in Illinois on Sept. 10 dismissed the insurer’s lawsuit seeking a declaration that it does not owe coverage for an underlying lawsuit alleging that the owners and operators of Wing Stop violated the Biometric Information Privacy Act (BIPA) by capturing, collecting, storing and/or disseminating its employees’ biometric information without their valid consent.
SAN FRANCISCO — Materials related to an app developer investigation (ADI) conducted by Facebook Inc. after the Cambridge Analytica data-sharing incident are nonprivileged and discoverable, a California federal magistrate judge held Sept. 8, finding that the investigation was conducted by non-attorneys primarily for business, not legal, purposes.
SAN FRANCISCO — Two months after oral argument was heard in California federal court on documents withheld by the Department of Homeland Security (DHS) in response to Freedom of Information Act (FOIA) requests made by the American Civil Liberties Union Foundation (ACLUF) regarding the government’s social media surveillance program, the court, in a Sept. 8 clerk’s notice docket entry, asked DHS to clarify its position on one of the invoked FOIA exemptions.
CLEVELAND — An Ohio federal judge on Sept. 7 denied Sonic Corp.’s motion for summary judgment over a negligence claim brought against it by a class of financial institutions (FIs) related to the fast food chain’s 2017 data breach, with the judge finding that questions of material fact existed and holding that the key matter of proximate cause should be decided by a jury.
RICHMOND, Va. — Six months after the Fourth Circuit U.S. Court of Appeals heard oral arguments in a dispute over whether the state secrets privilege precludes in camera review of documents that purportedly establish Wikimedia Foundation’s constitutional claims over surveillance activities of the National Security Agency (NSA), Wikimedia on Sept. 2 filed a brief arguing that a recent Ninth Circuit U.S. Court of Appeals surveillance-related suit is very different from, and therefore inapplicable to, the present case.