Mealey's Data Privacy

  • November 15, 2019

    Judge:  Reasonable Suspicion Needed For Border Search Of Electronic Devices

    BOSTON — Mostly granting summary judgment to a group of plaintiffs claiming violation of the Fourth Amendment to the U.S. Constitution from the warrantless searches of their electronic devices by border personnel, a Massachusetts federal judge on Nov. 12 ruled that such searches require reasonable suspicion rather than merely probable cause in light of the privacy implications from the breadth of personal information that can be stored on devices (Ghassan Alasaad, et al. v. Kirstjen Nielsen, et al., No. 1:17-cv-11730, D. Mass., 2019 U.S. Dist. LEXIS 195556). 

  • November 11, 2019

    Disclosure Of Facebook Source Code To 1 Expert Witness Nixed In Data-Scraping Row

    SAN FRANCISCO — A California federal magistrate judge delivered a mixed ruling for Facebook Inc. in a Nov. 7 discovery order, sustaining the social network’s objection to disclosing its source code to one of the proposed expert witnesses for a putative class suing it over scraping certain data from Android mobile devices, while finding that there was no risk of harm in disclosure to a second witness (Lawrence Olin, et al. v. Facebook Inc., No. 3:18-cv-01881, N.D. Calif.).

  • November 07, 2019

    NLRB: Employer Unlawfully Surveilled Private Facebook Group And Fired 2 Workers

    WASHINGTON, D.C. — An employer violated the National Labor Relations Act (NLRA) when it had an employee report back on the membership and postings in a private Facebook group where other employees were discussing unionization and by firing two workers who supported the union, a three-member National Labor Relations Board panel ruled Oct. 29 (National Captioning Institute, Inc. and National Association of Broadcast Employees & Technicians—Communications Workers of America, AFL-CIO, Nos. 16-CA-182528, 16-CA-183953, 16-CA-187150, 16-CA-188322 and 16-CA-188346, NLRB).

  • November 06, 2019

    Rent-To-Own Franchisee Denied Discovery Of Private Settlement In Spyware Suit

    ERIE, Pa. — A rent-to-own (RTO) franchisee being sued for privacy violations over the installation of spyware on customers’ computers was denied access to a confidential settlement between its franchisor and the plaintiffs on Oct. 22, with a Pennsylvania federal magistrate judge finding that the franchisee failed to establish relevance or a need for the requested information sufficient to support its motion to compel (Crystal Byrd, et al. v. Aaron’s Inc., et al., No. 1:11-cv-00101, W.D. Pa.).

  • November 05, 2019

    Facebook Denied Interlocutory Appeal Motion In Cambridge Analytica Privacy Suit

    SAN FRANCISCO — A California federal judge on Oct. 31 denied Facebook Inc.’s motion to certify for interlocutory appeal a September ruling that mostly denied dismissal of a putative class action over the 2015 incident that led to millions of the social network’s users’ personally identifiable information (PII) being shared with an analytics firm (In re Facebook Inc., Consumer Privacy User Profile Litigation, No. 3:18-md-02843, N.D. Calif.).

  • October 30, 2019

    Nieman Marcus Customers Seek Approval Of Revised Data Breach Class Settlement

    CHICAGO — More than a year after an Illinois federal judge declined to approve the settlement of a class action over a 2013 data breach experienced by The Neiman Marcus Group LLC, the plaintiffs on Oct. 28 moved for preliminary approval of a revised class action settlement that maintains the previously proposed $1.6 million settlement fund while redefining the proposed settlement class to account for the judge’s stated concerns over inadequate representation (Hilary Remijas, et al. v. The Neiman Marcus Group, LLC, No. 1:14-cv-01735, N.D. Ill.).

  • October 29, 2019

    Investor Sues Software Provider, Others Over Data Breach Misrepresentations

    SAN FRANCISCO — Zendesk Inc. and several of its senior executive officers concealed the company’s exposure to a massive data breach that affected more than 10,000 customers in addition to failing to disclose its poor financial condition in several international markets in violation of federal securities laws, a shareholder argues in an Oct. 24 complaint filed in California federal court (Charles Reidinger v. Zendesk Inc., et al., No. 19-6968, N.D. Calif.).

  • October 28, 2019

    Suit Alleging Disclosure Of ITunes Listening Data Dismissed By Federal Judge

    SAN FRANCISCO — Three iTunes users who claimed privacy violations by Apple Inc.’s purported sharing of their “personal listing information” (PLI) with third parties saw their putative class complaint dismissed on Oct. 25 by a California federal judge who deemed their evidence and exhibits insufficient to establish their claims (Leigh Wheaton, et al. v. Apple Inc., No. 3:19-cv-02883, N.D. Calif.).

  • October 25, 2019

    Facebook To Pursue Certiorari Over Class Certification In Biometric Privacy Suit

    SAN FRANCISCO — Less than a week after the Ninth Circuit U.S. Court of Appeals denied Facebook Inc.’s motion to rehear a dispute over class certification in a lawsuit accusing it of violating an Illinois biometric privacy law, the social network on Oct. 24 asked the appeals court to stay its mandate pending Facebook’s stated intention to seek certiorari from the U.S. Supreme Court (Nimesh Patel, et al. v. Facebook Inc., No. 18-15982, 9th Cir.).

  • October 25, 2019

    Privacy Claims Over Sportswear Firm’s Computer Scanning Mostly Survive Dismissal

    SAN FRANCISCO — A customer of New Moosejaw LLC sufficiently alleged most of his privacy claims against the sportswear seller over its alleged scanning of computers of visitors to its website, a California federal judge ruled Oct. 23, mostly denying motions to dismiss the putative class complaint by Moosejaw and its marketing partner (Jeremiah Revitch v. New Moosejaw LLC, et al., No. 3:18-cv-06827, N.D. Calif.).

  • October 23, 2019

    FTC Announces Proposed Settlement With Maker Of ‘Stalker’ Apps

    WASHINGTON, D.C. — On Oct. 22, the Federal Trade Commission announced charges against, and a proposed settlement with, a company that makes and distributes “stalker” apps, which allow a user to surreptitiously track another individual’s whereabouts and online activities after being installed on their mobile devices (In re Retina-X Studios LLC, et al., No. 1723118, FTC).

  • October 23, 2019

    D.C. Circuit Won’t Reconsider Ruling Reviving Union’s Suit Over OPM Data Breach

    WASHINGTON, D.C. — A panel ruling that reversed the dismissal of a labor union’s negligence and privacy claims against the U.S. Office of Personnel Management (OPM) and one of its contractors related to a 2015 data breach will stand, the District of Columbia Circuit U.S. Court of Appeals ruled Oct. 21 as it denied petitions for rehearing en banc by the agency and contractor (In Re:  U.S. Office of Personnel Management Data Security Breach Litigation, Nos. 17-5217 & 17-5232, D.C. Cir.).

  • October 22, 2019

    Georgia Supreme Court: Warrantless Retrieval Of Car Data Violated 4th Amendment

    ATLANTA — Reversing an appeals court ruling, a Georgia Supreme Court majority on Oct. 21 found that a police officer’s downloading of data, without a warrant, from a vehicle involved in an accident violated the Fourth Amendment to the U.S. Constitution and should have resulted in suppression of the obtained data, also holding that the inevitable discovery exception did not apply (Victor Mobley v. Georgia, No. S18G1546, Ga. Sup., 2019 Ga. LEXIS 694).

  • October 22, 2019

    Arbitration Considered, Discovery Ordered In Minors’ Amazon Alexa Privacy Suit

    SEATTLE — A Washington federal magistrate judge concluded that Amazon.com Inc. is not entitled to compel arbitration from a putative class of minors suing it for unauthorized voice recording, issuing a report and recommendation to that effect on Oct. 21, simultaneously issuing an order granting the plaintiffs’ motion to compel discovery responses and chiding the online retailer for not complying with previous discovery rulings (B.F. v. Amazon.com Inc., et al., No. 2:19-cv-00910, W.D. Wash.).

  • October 21, 2019

    Class Claims Over AT&T’s Location Data Selling Voluntarily Dismissed

    SAN FRANCISCO — Three customers of AT&T Inc. on Oct. 18 filed a stipulation of voluntary dismissal of their three-month-old lawsuit against the communications giant for allegedly selling their location data to third parties without their consent (Katherine Scott, et al. v. AT&T Inc., et al., No. 3:19-cv-04063, N.D. Calif.).

  • October 21, 2019

    Privacy Groups Oppose Approval Of FTC’s $5 Billion Settlement With Facebook

    WASHINGTON, D.C. — Even though the Electronic Privacy Information Center (EPIC) has a still-pending motion to intervene in the $5 billion settlement between the Federal Trade Commission and Facebook Inc. over certain data-sharing practices engaged in by the social network, the privacy group on Oct. 16 filed a new motion in District of Columbia federal court seeking to file an amicus curiae brief opposing the court’s approval of the settlement (United States v. Facebook Inc., No. 1:19-cv-02184, D. D.C.).

  • October 18, 2019

    Insured: Court’s Misconception Of Law ‘Poisoned’ Opinion In Suit Over Data Breach

    NEW ORLEANS — An insured argues in an Oct. 1 appellant brief that an underlying lawsuit seeking to recover damages purportedly caused by a data breach of its credit card processing system triggered “personal and advertising injury” coverage under its commercial general liability insurance policy, asking the Fifth Circuit U.S. Court of Appeals to reverse a lower federal court’s finding that the insurer has no duty to defend (Landry's Inc. v. The Insurance Company of the State of Pennsylvania, No. 19-20430, 5th Cir.).

  • October 18, 2019

    9th Circuit Won’t Rehear Class Certification Ruling In Facebook Face-Tagging Suit

    SAN FRANCISCO — The Ninth Circuit U.S. Court of Appeals on Oct. 18 denied a motion by Facebook Inc. for rehearing en banc of a panel ruling that affirmed a trial court’s decision to certify a class that is suing the social network under the Illinois Biometric Information Privacy Act (BIPA) for its facial recognition technology that identifies people in posted photographs (Nimesh Patel, et al. v. Facebook Inc., No. 18-15982, 9th Cir.).

  • October 14, 2019

    LinkedIn Asks 9th Circuit To Reconsider Injunction In CFAA Data-Scraping Suit

    SAN FRANCISCO — A panel’s ruling that allowed an analytics firm to collect and use publicly available user data “pose[s] a grave threat to user privacy and the openness of the Internet” and runs counter to the intent of the Computer Fraud and Abuse Act (CFAA), LinkedIn Corp. tells the Ninth Circuit U.S. Court of Appeals in an Oct. 11 petition in which it seeks en banc rehearing of the panel’s decision that upheld an injunction permitting the data collection (hiQ Labs Inc. v. LinkedIn Corp., No. 17-16783, 9th Cir.).

  • October 14, 2019

    Data Breach Class Action Against Compliance Firm Settles For $3 Million

    CHICAGO — A $3 million settlement agreement between a compliance services firm and a class of its clients’ employees whose personally identifiable information (PII) was exposed in a 2018 data breach received final approval from an Illinois federal judge on Oct. 7, the same day a fairness hearing on the agreement was held (Marshall Smith, et al. v. ComplyRight Inc., No. 1:18-cv-04990, N.D. Ill., 2019 U.S. Dist. LEXIS 174217).