Mealey's Data Privacy

  • October 21, 2020

    Spyware Firm May Pursue Immunity Appeal In WhatsApp Computer Fraud Suit

    SAN FRANCISCO — A spyware firm may proceed with its interlocutory appeal of a trial court judge’s ruling that it was not entitled to sovereign immunity in a computer fraud lawsuit a Ninth Circuit U.S. Court of Appeals panel ruled Oct. 16, denying a motion by WhatsApp Inc. to dismiss the appeal for lack of jurisdiction (WhatsApp Inc., et al. v. NSO Group Technologies Limited, et al., No. 20-16408, 9th Cir., 2020 U.S. App. LEXIS 32787).

  • October 19, 2020

    Google, Plaintiffs Defend Street View Privacy Cy Pres Settlement In 9th Circuit

    SAN FRANCISCO — A trial court judge correctly found that the distribution of a $13 million settlement fund of a long-running privacy class action over Google LLC’s “Street View” feature would be infeasible, Google and the named plaintiffs argued in their respective appellee briefs on Oct. 13, asking to the Ninth Circuit U.S. Court of Appeals to find that the settlement’s cy pres-only nature was appropriate, despite the representations of an objecting class member (In re Google LLC Street View Electronic Communications Litigation [Benjamin Joffe, et al. v. Google Inc.], No. 20-15616, 9th Cir.).

  • October 19, 2020

    Chicago’s Discovery Responses Recommended In Marriott Data Breach Suit

    GREENBELT, Md. — A Maryland federal judge on Oct. 14 recommended that Chicago be ordered to provide responses to interrogatories and requests for production (RFPs) served by Marriott International Inc. in a consolidated lawsuit brought by the city and other plaintiffs over a massive data breach experienced by the hotel chain (In re:  Marriott International Inc. Customer Data Security Breach Litigation, No. 8:19-md-02879, D. Md.).

  • October 16, 2020

    Facebook Seeks Dismissal Of U.K. Plaintiffs, Discovery Limits In User Profile Suit

    SAN FRANCISCO — Two newly added plaintiffs from the United Kingdom should be dismissed from the consolidated lawsuit over the sharing of social network users’ profile data with third parties, Facebook Inc. argues in an Oct. 13 reply brief, telling a California federal court that applicable forum selection clauses preclude inclusion of the foreign plaintiffs in the putative class action (In re Facebook Inc., Consumer Privacy User Profile Litigation, No. 18-md-2843, N.D. Calif.).

  • October 14, 2020

    Biometric Data Class Suit Against Hooters Stayed Pending Arbitration

    PEORIA, Ill. — A federal judge in Illinois on Oct. 8 partially granted a motion by a restaurant chain to dismiss or stay a class complaint over its collection of employees biometric data via its timekeeping system and staying proceedings pending arbitration, ruling that the agreement leaves to an arbitrator to decide the enforceability (Austin Kuznik, et al. v. Hooters of America, LLC, et al., No. 20-1255, C.D. Ill., 2020 U.S. Dist. LEXIS 186548).

  • October 14, 2020

    Insurer Asks 9th Circuit To Reverse ‘Excessive’ Attorney Fee Award In Favor Of Yahoo

    SAN FRANCISCO — In a Sept. 16 cross-appeal filed in the Ninth Circuit U.S. Court of Appeals, a commercial general liability insurer argues that Yahoo forfeited its claim to $618,380 in attorney fees under Brandt v. Superior Court in their data privacy coverage dispute but defends the lower court’s ruling that the policy’s deductible coverage endorsement is enforceable and precludes coverage for additional damages (Yahoo! Inc. v. National Union Fire Insurance Company of Pittsburgh, PA, No. 19-16475, 9th Cir.).

  • October 13, 2020

    Settlement Conference Set For Target’s Coverage Suit Over Data Breach Settlement

    MINNEAPOLIS — A magistrate judge in Minnesota on Oct. 5 said that a settlement conference will be held before him on Oct. 28 in Target’s breach of contract lawsuit seeking coverage for its settlement with a group of financial institutions (FIs) over a 2013 data breach (Target Corp. v. ACE American Insurance Co., et al., No. 0:19-cv-02916, D. Minn.).

  • October 12, 2020

    Maine High Court Finds Nonparty, Redacted Patient Records Not Discoverable

    PORTLAND, Maine— Concluding that state evidentiary law protecting the confidentiality of patient records applies equally to redacted and unredacted records, the Maine Supreme Judicial Court on Sept. 29 reversed a trial court’s order compelling the production of the redacted records of nonparty patients who underwent similar surgical procedures as one at issue in a malpractice suit against a hospital (Estate of Carol A. Kennelly v.  Mid Coast Hospital, No. Cum-18-445, Maine Sup., 2020 Me. LEXIS 118).

  • October 08, 2020

    Health Officer, Restaurant Spar Over Constitutionality Of Contact Tracing Order

    LOS ANGELES — The health officer for Los Angeles County filed a reply brief in California federal court on Oct. 5 supporting his motion to dismiss a complaint alleging that his order directing county businesses to collect customer information for the purpose of contact tracing in the event of an outbreak of COVID-19 is unconstitutional, arguing that the order was properly issued under governmental emergency powers and that the plaintiffs failed to allege any concrete constitutional harms (Miura Corp., et al. v. Muntu Davis, M.D., M.P.H., No. 20-5497, C.D. Calif.).

  • October 07, 2020

    Insured Asks 9th Circuit To Reverse No Coverage Ruling For Alleged Phishing Attack

    SAN FRANCISCO — An insured on Sept. 8 asked the Ninth Circuit U.S. Court of Appeals to reverse a lower federal court's ruling in favor of its insurer in a lawsuit seeking coverage for its alleged "security failure" that was caused by a phishing attack by an unknown perpetrator, contending that a letter demanding monetary relief from one of its clients constituted a "claim" under its "security & privacy risk response" policy (Alorica Inc. v. Starr Surplus Lines Insurance Company, No. 20-55458, 9th Cir.).

  • September 30, 2020

    16 Settlements In Children's Gaming App Privacy Class Actions Preliminarily OK'd

    SAN FRANCISCO — A California federal judge on Sept. 24 granted preliminary approval to 16 settlements that resolve three related class actions against the Walt Disney Co., ViacomCBS Inc. and other companies involved with the creation of video game apps targeted to kids, finding that the proposed privacy protections and business practices stipulated within the settlements will have a positive impact on the entire video game industry related to children's privacy (Michael McDonald, et al. v. Kiloo A/S, et al., No. 17-4344, N.D. Calif.; Amanda Rushing, et al. v. The Walt Disney Company, et al., No. 17-4419, N.D. Calif.; Amanda Rushing, et al. v. ViacomCBS Inc., et al., No. 17-4492, N.D. Calif., 2020 U.S. Dist. LEXIS 175865).

  • September 28, 2020

    Twitter Tells 9th Circuit 1st Amendment Rights Were Violated In Dispute With FBI

    SAN FRANCISCO — The Federal Bureau of Investigation's refusal to let it publish a draft transparency report about its mandatory compliance with certain national security requests violated its rights under the First Amendment to the U.S. Constitution, Twitter Inc. tells the Ninth Circuit U.S. Court of Appeals in a Sept. 23 appellant brief, arguing that it is entitled to review FBI declarations that led a trial court to rule in the bureau's favor (Twitter Inc. v. William P. Barr, et al., No. 20-16174, 9th Cir.).

  • September 28, 2020

    Cyberattack On Blue Cross Licensee Yields $6.85M Settlement

    WASHINGTON, D.C. —The U.S. Department of Health and Human Services on Sept. 25 announced that Premera Blue Cross (PBC) will pay $6.85 million to the agency's Office for Civil Rights (OCR) to settle allegations that it violated federal privacy and security rules.

  • September 28, 2020

    Judge Deems Law Firm's Ads Over Facebook Biometric Suit Deceptive, Misleading

    SAN FRANCISCO — A law firm's ads targeted to potential settlement class members in a privacy lawsuit over Facebook Inc.'s "Tag Suggestions" feature were "deceptive and misleading," a California federal judge ruled in a Sept. 22 post-hearing minute entry, directing the firm and the plaintiffs to meet and confer about clarifying communications to be sent to people who responded to the ads (In re Facebook Biometric Information Privacy Litigation, No. 15-3747, N.D. Calif.).

  • September 24, 2020

    Voiceprint Biometric Suit Against Amazon Dismissed For Lack Of Jurisdiction

    EAST ST. LOUIS, Ill. — Finding no evidence that Amazon Web Services Inc. and its voiceprinting service provider purposefully directed any actions at residents of Illinois, an Illinois federal judge on Sept. 18 granted the defendants' motion to dismiss punitive class claims against them under Illinois' Biometric Information Privacy Act (BIPA) for lack of personal jurisdiction (Christine McGoveran, et al. v. Amazon Web Services Inc., et al., No. 20-31, S.D. Ill., 2020 U.S. Dist. LEXIS 170891).

  • September 23, 2020

    Employee's Biometric Privacy Claim Not Preempted By Workers' Comp Law, Panel Says

    CHICAGO — Affirming a trial court's decision, an Illinois appeals panel on Sept. 18 found that a woman's claim against her former employer under the Biometric Information Privacy Act (BIPA) is not precluded by the exclusivity provisions in a state workers' compensation law because the biometric privacy claim is not compensable under the latter law (Marquita McDonald v. Symphony Bronzeville Park LLC, et al., No. 2017 CH 11311, Ill. App. 1st Dist., 2020 Ill. App. LEXIS 627).

  • September 23, 2020

    Twitter Accused Of Telecommunications Crime For Sharing Users' Phone Numbers

    SEATTLE — A Twitter user filed a putative class complaint against the social network operator in Washington federal court on Sept. 21, alleging that Twitter Inc. violated state telecommunications law and the privacy rights of herself and other Washington residents by sharing account holders' phone numbers and other personal information with third-party advertisers (Darlin Gray v. Twitter Inc., No. 20-1389, W.D. Wash.).

  • September 22, 2020

    Most Class Claims Against Capital One, Amazon Over Data Breach Survive Dismissal

    ALEXANDRIA, Va. — In a detailed Sept. 18 ruling, a Virginia federal judge partly denied motions by Capital One Financial Corp. and Amazon.com Inc. over a 2019 data breach, allowing unjust enrichment, negligence and breach of contract claims to proceed in part or in full against the credit card issuer and its cloud services provider under the laws of the six states of the representative plaintiffs in the consolidated putative class action (In re Capital One Customer Data Security Breach Litigation, No. 1:19-md-02915, E.D. Va.).

  • September 22, 2020

    Insurer: No Coverage Due For Suit Disputing McDonald's Collection Of Biometric Data

    CHICAGO — A businessowners liability insurer filed suit in a federal court in Illinois on Sept. 21, seeking a declaration that it owes no coverage for an underlying class action alleging that a McDonald's franchise owner violated the Illinois Biometric Information Privacy Act (BIPA) when it scanned an employee's fingerprints but did not disclose the specific purpose for collecting, storing and using her biometric data (American Family Mutual Insurance Company v. McEssy Investment Company, et al., No. 20-05591, N.D. Ill., Eastern Div.).

  • September 22, 2020

    Health Officer Seeks Dismissal Of Suit Over COVID-19 Contact Tracing

    LOS ANGELES — A business and a private individual who allege constitutional privacy and freedom of association claims over a county health order's COVID-19 contact tracing guidelines lack standing to sue, a Los Angeles County health officer tells a California federal court in a Sept. 21 motion to dismiss, arguing that broad latitude should be afforded to health officials during a public health crisis (Miura Corp., et al. v. Muntu Davis, M.D., M.P.H., No. 20-5497, C.D. Calif.).