BOSTON — Mostly granting summary judgment to a group of plaintiffs claiming violation of the Fourth Amendment to the U.S. Constitution from the warrantless searches of their electronic devices by border personnel, a Massachusetts federal judge on Nov. 12 ruled that such searches require reasonable suspicion rather than merely probable cause in light of the privacy implications from the breadth of personal information that can be stored on devices (Ghassan Alasaad, et al. v. Kirstjen Nielsen, et al., No. 1:17-cv-11730, D. Mass., 2019 U.S. Dist. LEXIS 195556).
SAN FRANCISCO — A California federal magistrate judge delivered a mixed ruling for Facebook Inc. in a Nov. 7 discovery order, sustaining the social network’s objection to disclosing its source code to one of the proposed expert witnesses for a putative class suing it over scraping certain data from Android mobile devices, while finding that there was no risk of harm in disclosure to a second witness (Lawrence Olin, et al. v. Facebook Inc., No. 3:18-cv-01881, N.D. Calif.).
WASHINGTON, D.C. — An employer violated the National Labor Relations Act (NLRA) when it had an employee report back on the membership and postings in a private Facebook group where other employees were discussing unionization and by firing two workers who supported the union, a three-member National Labor Relations Board panel ruled Oct. 29 (National Captioning Institute, Inc. and National Association of Broadcast Employees & Technicians—Communications Workers of America, AFL-CIO, Nos. 16-CA-182528, 16-CA-183953, 16-CA-187150, 16-CA-188322 and 16-CA-188346, NLRB).
ERIE, Pa. — A rent-to-own (RTO) franchisee being sued for privacy violations over the installation of spyware on customers’ computers was denied access to a confidential settlement between its franchisor and the plaintiffs on Oct. 22, with a Pennsylvania federal magistrate judge finding that the franchisee failed to establish relevance or a need for the requested information sufficient to support its motion to compel (Crystal Byrd, et al. v. Aaron’s Inc., et al., No. 1:11-cv-00101, W.D. Pa.).
SAN FRANCISCO — A California federal judge on Oct. 31 denied Facebook Inc.’s motion to certify for interlocutory appeal a September ruling that mostly denied dismissal of a putative class action over the 2015 incident that led to millions of the social network’s users’ personally identifiable information (PII) being shared with an analytics firm (In re Facebook Inc., Consumer Privacy User Profile Litigation, No. 3:18-md-02843, N.D. Calif.).
CHICAGO — More than a year after an Illinois federal judge declined to approve the settlement of a class action over a 2013 data breach experienced by The Neiman Marcus Group LLC, the plaintiffs on Oct. 28 moved for preliminary approval of a revised class action settlement that maintains the previously proposed $1.6 million settlement fund while redefining the proposed settlement class to account for the judge’s stated concerns over inadequate representation (Hilary Remijas, et al. v. The Neiman Marcus Group, LLC, No. 1:14-cv-01735, N.D. Ill.).
SAN FRANCISCO — Zendesk Inc. and several of its senior executive officers concealed the company’s exposure to a massive data breach that affected more than 10,000 customers in addition to failing to disclose its poor financial condition in several international markets in violation of federal securities laws, a shareholder argues in an Oct. 24 complaint filed in California federal court (Charles Reidinger v. Zendesk Inc., et al., No. 19-6968, N.D. Calif.).
SAN FRANCISCO — Three iTunes users who claimed privacy violations by Apple Inc.’s purported sharing of their “personal listing information” (PLI) with third parties saw their putative class complaint dismissed on Oct. 25 by a California federal judge who deemed their evidence and exhibits insufficient to establish their claims (Leigh Wheaton, et al. v. Apple Inc., No. 3:19-cv-02883, N.D. Calif.).
SAN FRANCISCO — Less than a week after the Ninth Circuit U.S. Court of Appeals denied Facebook Inc.’s motion to rehear a dispute over class certification in a lawsuit accusing it of violating an Illinois biometric privacy law, the social network on Oct. 24 asked the appeals court to stay its mandate pending Facebook’s stated intention to seek certiorari from the U.S. Supreme Court (Nimesh Patel, et al. v. Facebook Inc., No. 18-15982, 9th Cir.).
SAN FRANCISCO — A customer of New Moosejaw LLC sufficiently alleged most of his privacy claims against the sportswear seller over its alleged scanning of computers of visitors to its website, a California federal judge ruled Oct. 23, mostly denying motions to dismiss the putative class complaint by Moosejaw and its marketing partner (Jeremiah Revitch v. New Moosejaw LLC, et al., No. 3:18-cv-06827, N.D. Calif.).
WASHINGTON, D.C. — On Oct. 22, the Federal Trade Commission announced charges against, and a proposed settlement with, a company that makes and distributes “stalker” apps, which allow a user to surreptitiously track another individual’s whereabouts and online activities after being installed on their mobile devices (In re Retina-X Studios LLC, et al., No. 1723118, FTC).
WASHINGTON, D.C. — A panel ruling that reversed the dismissal of a labor union’s negligence and privacy claims against the U.S. Office of Personnel Management (OPM) and one of its contractors related to a 2015 data breach will stand, the District of Columbia Circuit U.S. Court of Appeals ruled Oct. 21 as it denied petitions for rehearing en banc by the agency and contractor (In Re: U.S. Office of Personnel Management Data Security Breach Litigation, Nos. 17-5217 & 17-5232, D.C. Cir.).
ATLANTA — Reversing an appeals court ruling, a Georgia Supreme Court majority on Oct. 21 found that a police officer’s downloading of data, without a warrant, from a vehicle involved in an accident violated the Fourth Amendment to the U.S. Constitution and should have resulted in suppression of the obtained data, also holding that the inevitable discovery exception did not apply (Victor Mobley v. Georgia, No. S18G1546, Ga. Sup., 2019 Ga. LEXIS 694).
SEATTLE — A Washington federal magistrate judge concluded that Amazon.com Inc. is not entitled to compel arbitration from a putative class of minors suing it for unauthorized voice recording, issuing a report and recommendation to that effect on Oct. 21, simultaneously issuing an order granting the plaintiffs’ motion to compel discovery responses and chiding the online retailer for not complying with previous discovery rulings (B.F. v. Amazon.com Inc., et al., No. 2:19-cv-00910, W.D. Wash.).
SAN FRANCISCO — Three customers of AT&T Inc. on Oct. 18 filed a stipulation of voluntary dismissal of their three-month-old lawsuit against the communications giant for allegedly selling their location data to third parties without their consent (Katherine Scott, et al. v. AT&T Inc., et al., No. 3:19-cv-04063, N.D. Calif.).
WASHINGTON, D.C. — Even though the Electronic Privacy Information Center (EPIC) has a still-pending motion to intervene in the $5 billion settlement between the Federal Trade Commission and Facebook Inc. over certain data-sharing practices engaged in by the social network, the privacy group on Oct. 16 filed a new motion in District of Columbia federal court seeking to file an amicus curiae brief opposing the court’s approval of the settlement (United States v. Facebook Inc., No. 1:19-cv-02184, D. D.C.).
NEW ORLEANS — An insured argues in an Oct. 1 appellant brief that an underlying lawsuit seeking to recover damages purportedly caused by a data breach of its credit card processing system triggered “personal and advertising injury” coverage under its commercial general liability insurance policy, asking the Fifth Circuit U.S. Court of Appeals to reverse a lower federal court’s finding that the insurer has no duty to defend (Landry's Inc. v. The Insurance Company of the State of Pennsylvania, No. 19-20430, 5th Cir.).
SAN FRANCISCO — The Ninth Circuit U.S. Court of Appeals on Oct. 18 denied a motion by Facebook Inc. for rehearing en banc of a panel ruling that affirmed a trial court’s decision to certify a class that is suing the social network under the Illinois Biometric Information Privacy Act (BIPA) for its facial recognition technology that identifies people in posted photographs (Nimesh Patel, et al. v. Facebook Inc., No. 18-15982, 9th Cir.).
SAN FRANCISCO — A panel’s ruling that allowed an analytics firm to collect and use publicly available user data “pose[s] a grave threat to user privacy and the openness of the Internet” and runs counter to the intent of the Computer Fraud and Abuse Act (CFAA), LinkedIn Corp. tells the Ninth Circuit U.S. Court of Appeals in an Oct. 11 petition in which it seeks en banc rehearing of the panel’s decision that upheld an injunction permitting the data collection (hiQ Labs Inc. v. LinkedIn Corp., No. 17-16783, 9th Cir.).
CHICAGO — A $3 million settlement agreement between a compliance services firm and a class of its clients’ employees whose personally identifiable information (PII) was exposed in a 2018 data breach received final approval from an Illinois federal judge on Oct. 7, the same day a fairness hearing on the agreement was held (Marshall Smith, et al. v. ComplyRight Inc., No. 1:18-cv-04990, N.D. Ill., 2019 U.S. Dist. LEXIS 174217).