SAN FRANCISCO — A spyware firm may proceed with its interlocutory appeal of a trial court judge’s ruling that it was not entitled to sovereign immunity in a computer fraud lawsuit a Ninth Circuit U.S. Court of Appeals panel ruled Oct. 16, denying a motion by WhatsApp Inc. to dismiss the appeal for lack of jurisdiction (WhatsApp Inc., et al. v. NSO Group Technologies Limited, et al., No. 20-16408, 9th Cir., 2020 U.S. App. LEXIS 32787).
SAN FRANCISCO — A trial court judge correctly found that the distribution of a $13 million settlement fund of a long-running privacy class action over Google LLC’s “Street View” feature would be infeasible, Google and the named plaintiffs argued in their respective appellee briefs on Oct. 13, asking to the Ninth Circuit U.S. Court of Appeals to find that the settlement’s cy pres-only nature was appropriate, despite the representations of an objecting class member (In re Google LLC Street View Electronic Communications Litigation [Benjamin Joffe, et al. v. Google Inc.], No. 20-15616, 9th Cir.).
GREENBELT, Md. — A Maryland federal judge on Oct. 14 recommended that Chicago be ordered to provide responses to interrogatories and requests for production (RFPs) served by Marriott International Inc. in a consolidated lawsuit brought by the city and other plaintiffs over a massive data breach experienced by the hotel chain (In re: Marriott International Inc. Customer Data Security Breach Litigation, No. 8:19-md-02879, D. Md.).
SAN FRANCISCO — Two newly added plaintiffs from the United Kingdom should be dismissed from the consolidated lawsuit over the sharing of social network users’ profile data with third parties, Facebook Inc. argues in an Oct. 13 reply brief, telling a California federal court that applicable forum selection clauses preclude inclusion of the foreign plaintiffs in the putative class action (In re Facebook Inc., Consumer Privacy User Profile Litigation, No. 18-md-2843, N.D. Calif.).
PEORIA, Ill. — A federal judge in Illinois on Oct. 8 partially granted a motion by a restaurant chain to dismiss or stay a class complaint over its collection of employees biometric data via its timekeeping system and staying proceedings pending arbitration, ruling that the agreement leaves to an arbitrator to decide the enforceability (Austin Kuznik, et al. v. Hooters of America, LLC, et al., No. 20-1255, C.D. Ill., 2020 U.S. Dist. LEXIS 186548).
SAN FRANCISCO — In a Sept. 16 cross-appeal filed in the Ninth Circuit U.S. Court of Appeals, a commercial general liability insurer argues that Yahoo forfeited its claim to $618,380 in attorney fees under Brandt v. Superior Court in their data privacy coverage dispute but defends the lower court’s ruling that the policy’s deductible coverage endorsement is enforceable and precludes coverage for additional damages (Yahoo! Inc. v. National Union Fire Insurance Company of Pittsburgh, PA, No. 19-16475, 9th Cir.).
MINNEAPOLIS — A magistrate judge in Minnesota on Oct. 5 said that a settlement conference will be held before him on Oct. 28 in Target’s breach of contract lawsuit seeking coverage for its settlement with a group of financial institutions (FIs) over a 2013 data breach (Target Corp. v. ACE American Insurance Co., et al., No. 0:19-cv-02916, D. Minn.).
PORTLAND, Maine— Concluding that state evidentiary law protecting the confidentiality of patient records applies equally to redacted and unredacted records, the Maine Supreme Judicial Court on Sept. 29 reversed a trial court’s order compelling the production of the redacted records of nonparty patients who underwent similar surgical procedures as one at issue in a malpractice suit against a hospital (Estate of Carol A. Kennelly v. Mid Coast Hospital, No. Cum-18-445, Maine Sup., 2020 Me. LEXIS 118).
LOS ANGELES — The health officer for Los Angeles County filed a reply brief in California federal court on Oct. 5 supporting his motion to dismiss a complaint alleging that his order directing county businesses to collect customer information for the purpose of contact tracing in the event of an outbreak of COVID-19 is unconstitutional, arguing that the order was properly issued under governmental emergency powers and that the plaintiffs failed to allege any concrete constitutional harms (Miura Corp., et al. v. Muntu Davis, M.D., M.P.H., No. 20-5497, C.D. Calif.).
SAN FRANCISCO — An insured on Sept. 8 asked the Ninth Circuit U.S. Court of Appeals to reverse a lower federal court's ruling in favor of its insurer in a lawsuit seeking coverage for its alleged "security failure" that was caused by a phishing attack by an unknown perpetrator, contending that a letter demanding monetary relief from one of its clients constituted a "claim" under its "security & privacy risk response" policy (Alorica Inc. v. Starr Surplus Lines Insurance Company, No. 20-55458, 9th Cir.).
SAN FRANCISCO — A California federal judge on Sept. 24 granted preliminary approval to 16 settlements that resolve three related class actions against the Walt Disney Co., ViacomCBS Inc. and other companies involved with the creation of video game apps targeted to kids, finding that the proposed privacy protections and business practices stipulated within the settlements will have a positive impact on the entire video game industry related to children's privacy (Michael McDonald, et al. v. Kiloo A/S, et al., No. 17-4344, N.D. Calif.; Amanda Rushing, et al. v. The Walt Disney Company, et al., No. 17-4419, N.D. Calif.; Amanda Rushing, et al. v. ViacomCBS Inc., et al., No. 17-4492, N.D. Calif., 2020 U.S. Dist. LEXIS 175865).
SAN FRANCISCO — The Federal Bureau of Investigation's refusal to let it publish a draft transparency report about its mandatory compliance with certain national security requests violated its rights under the First Amendment to the U.S. Constitution, Twitter Inc. tells the Ninth Circuit U.S. Court of Appeals in a Sept. 23 appellant brief, arguing that it is entitled to review FBI declarations that led a trial court to rule in the bureau's favor (Twitter Inc. v. William P. Barr, et al., No. 20-16174, 9th Cir.).
WASHINGTON, D.C. —The U.S. Department of Health and Human Services on Sept. 25 announced that Premera Blue Cross (PBC) will pay $6.85 million to the agency's Office for Civil Rights (OCR) to settle allegations that it violated federal privacy and security rules.
SAN FRANCISCO — A law firm's ads targeted to potential settlement class members in a privacy lawsuit over Facebook Inc.'s "Tag Suggestions" feature were "deceptive and misleading," a California federal judge ruled in a Sept. 22 post-hearing minute entry, directing the firm and the plaintiffs to meet and confer about clarifying communications to be sent to people who responded to the ads (In re Facebook Biometric Information Privacy Litigation, No. 15-3747, N.D. Calif.).
EAST ST. LOUIS, Ill. — Finding no evidence that Amazon Web Services Inc. and its voiceprinting service provider purposefully directed any actions at residents of Illinois, an Illinois federal judge on Sept. 18 granted the defendants' motion to dismiss punitive class claims against them under Illinois' Biometric Information Privacy Act (BIPA) for lack of personal jurisdiction (Christine McGoveran, et al. v. Amazon Web Services Inc., et al., No. 20-31, S.D. Ill., 2020 U.S. Dist. LEXIS 170891).
CHICAGO — Affirming a trial court's decision, an Illinois appeals panel on Sept. 18 found that a woman's claim against her former employer under the Biometric Information Privacy Act (BIPA) is not precluded by the exclusivity provisions in a state workers' compensation law because the biometric privacy claim is not compensable under the latter law (Marquita McDonald v. Symphony Bronzeville Park LLC, et al., No. 2017 CH 11311, Ill. App. 1st Dist., 2020 Ill. App. LEXIS 627).
SEATTLE — A Twitter user filed a putative class complaint against the social network operator in Washington federal court on Sept. 21, alleging that Twitter Inc. violated state telecommunications law and the privacy rights of herself and other Washington residents by sharing account holders' phone numbers and other personal information with third-party advertisers (Darlin Gray v. Twitter Inc., No. 20-1389, W.D. Wash.).
ALEXANDRIA, Va. — In a detailed Sept. 18 ruling, a Virginia federal judge partly denied motions by Capital One Financial Corp. and Amazon.com Inc. over a 2019 data breach, allowing unjust enrichment, negligence and breach of contract claims to proceed in part or in full against the credit card issuer and its cloud services provider under the laws of the six states of the representative plaintiffs in the consolidated putative class action (In re Capital One Customer Data Security Breach Litigation, No. 1:19-md-02915, E.D. Va.).
CHICAGO — A businessowners liability insurer filed suit in a federal court in Illinois on Sept. 21, seeking a declaration that it owes no coverage for an underlying class action alleging that a McDonald's franchise owner violated the Illinois Biometric Information Privacy Act (BIPA) when it scanned an employee's fingerprints but did not disclose the specific purpose for collecting, storing and using her biometric data (American Family Mutual Insurance Company v. McEssy Investment Company, et al., No. 20-05591, N.D. Ill., Eastern Div.).
LOS ANGELES — A business and a private individual who allege constitutional privacy and freedom of association claims over a county health order's COVID-19 contact tracing guidelines lack standing to sue, a Los Angeles County health officer tells a California federal court in a Sept. 21 motion to dismiss, arguing that broad latitude should be afforded to health officials during a public health crisis (Miura Corp., et al. v. Muntu Davis, M.D., M.P.H., No. 20-5497, C.D. Calif.).