Mealey's Data Privacy

  • April 12, 2024

    On Remand, Judge Deems $3.2M Costs, Fees Award In Wawa Data Breach Suit Reasonable

    PHILADELPHIA — After scrutinizing the factors and negotiations that resulted in a $3.2 million award of attorney fees, costs and service awards that accompanied the $9 million settlement of a consumer class action over a 2019 data breach experienced by Wawa Inc., a Pennsylvania federal judge found the award to be reasonable in light of relevant case law and similar data breach suits and despite arguments against the award risk by an objector.

  • April 12, 2024

    23andMe Data Breach Suits Centralized In Northern California MDL

    SAN FRANCISCO — The Judicial Panel on Multidistrict Litigation (JPMDL) on April 11 granted a request by genetic testing company 23andMe to consolidate 39 pending lawsuits against it in the U.S. District Court for the Northern District of California, all of which relate to a data breach in which ancestral records for roughly 6.9 million customers were hacked and allegedly sold online.

  • April 10, 2024

    9th Circuit Denies Objectors Rehearing Over $90 Million Facebook Tracking MDL

    SAN FRANCISCO — In a pair of almost identical one-page orders, a Ninth Circuit U.S. Court of Appeals panel denied petitions for rehearing by objectors to the $90 million settlement of a 12-year-old privacy multidistrict litigation over internet tracking activities of social network users by Facebook Inc. (now known as Meta Platforms Inc.), which received final approval in November.

  • April 08, 2024

    Insurer Moves To Reargue Dismissal Of Breach Of Contract Claims In Subrogation Suit

    WILMINGTON, Del. — An insurer asked a Delaware court if it can reargue the court’s dismissal of its breach of contract claims for pleading deficiencies and file an amended complaint before dismissal with prejudice is entered on the breach of contract claims in its subrogation lawsuit seeking recovery from an application service provider for the amount paid to nonprofit insureds for investigative and remediation steps arising from a ransomware attack.

  • April 04, 2024

    D.C. Circuit Partly Vacates FCC Order Banning Chinese Firms’ Surveillance Products

    WASHINGTON, D.C. — Although a District of Columbia Circuit U.S. Court of Appeals panel found that the Federal Communications Commission was within its authority to ban the video surveillance equipment of two Chinese-owned companies for certain uses in the United States, the panel partly vacated the FCC order enforcing the ban, finding the commission’s definition of “critical infrastructure” in the order to be “overly broad.”

  • April 03, 2024

    Google, Privacy Plaintiffs Propose Injunctive Relief To Settle Data-Tracking Suit

    SAN JOSE, Calif. — Leapfrogging over the typical procedure of seeking preliminary approval of a proposed class action settlement over Google LLC’s purported tracking of users’ internet browsing activity and data, the named plaintiffs filed a motion in California federal court seeking final approval of a “groundbreaking” agreement under which the technology giant pledges to make changes to its data collection and retention practices, among other things.

  • April 03, 2024

    Judge Preliminarily Approves $350M Settlement In Securities Suit Against Google

    SAN FRANCISCO — A federal judge in California granted preliminary approval to a $350 million settlement of a putative class complaint filed by investors in Google LLC and its parent company Alphabet Inc. who claimed that the companies issued false statements about the safety of the now defunct Google+ social media platform.

  • April 03, 2024

    Class BIPA Case Over Truck Driver Monitoring Products Survives Dismissal Motion

    CHICAGO — A putative class complaint alleging that a technology company that supplies truck driver monitoring products, including a camera device that uses artificial intelligence to track driver behavior, violates the Illinois Biometric Information Privacy Act (BIPA) by collecting data may proceed as the company in its motion to dismiss failed to show a lack of personal jurisdiction or that the facial-geometry scans are not “biometric identifiers” under BIPA, a federal judge in Illinois ruled.

  • April 03, 2024

    Chili’s Customers: Class Damages Methodology Review Not Needed In Data Breach Case

    WASHINGTON, D.C. — The U.S. Supreme Court does not need to review a question presented by a restaurant chain owner in a data breach case concerning the damages methodology used by the certified classes’ expert as the underlying decision doesn’t present the question Brinker International Inc. seeks to resolve, restaurant customers argue in their respondent brief.

  • April 01, 2024

    Delaware Judge Tosses Insurers’ Subrogation Suits Arising From Ransomware Attack

    WILMINGTON, Del. — A Delaware judge dismissed insurers’ subrogation lawsuits seeking recovery from an application service provider for the amount they paid to their nonprofit insureds for investigative and remediation steps arising from a ransomware attack, finding that the fact that the data breach occurred and the nonprofits incurred expenses alone is not sufficient to state a claim under the policies.

  • March 21, 2024

    COMMENTARY: AI Raises Stakes Across Cybersecurity And Disputes Landscape

    By Lorenzo Grillo

  • March 27, 2024

    Spyware Suit Judge Partly Denies Issuing Letter Rogatory On Canadian Lab

    OAKLAND, Calif. — An Israeli spyware firm that is fending off computer fraud and trespass allegations by WhatsApp Inc. saw its motion to issue a letter rogatory on a third-party Canadian watchdog lab partly denied March 26 by a California federal judge who deemed some of the information sought to be duplicative of discovery already received from the plaintiff.

  • March 27, 2024

    Insurer Has No Duty To Defend DPPA Violation Suit, N.C. High Court Affirms

    RALEIGH, N.C. — The North Carolina Supreme Court affirmed an appeals court’s finding that an insurer has no duty to defend its law firm insured against an underlying lawsuit alleging that the firm violated the Driver's Privacy Protection Act of 1994 (DPPA) by using “protected personal information” without consent in connection with advertisements for legal services.

  • March 26, 2024

    Suit Accusing Ford Of Eavesdropping, Intercepting Text Messages Dismissed

    SAN DIEGO — A putative class action against Ford Motor Co. under the California Invasion of Privacy Act (CIPA) was dismissed, with a California federal judge finding that the plaintiff did not establish that the automaker engaged in aiding and abetting a spyware company in the collection and distribution of customers’ information from Ford’s online chat feature, with the judge also holding that some of the allegedly violated portions of the statute do not apply to the modern technology at issue.

  • March 22, 2024

    HHS Defends Rule Barring Health Providers’ Use Of Tracking Tech Under HIPAA

    FORT WORTH, Texas — Two U.S. Department of Health and Human Services officials on March 21 asked a Texas federal court to grant them summary judgment on four health care plaintiffs’ claims that a recently released bulletin violates the Health Insurance Portability and Accountability Act of 1996 (HIPAA) or the Administrative Procedure Act (APA), explaining that the bulletin properly served as a reminder to health care providers that the use of certain third-party website technologies violates HIPAA’s privacy protections by sharing users’ individually identifiable health information (IIHI).

  • March 20, 2024

    Meta Appeals Injunction Denial Over FTC Changes To $5 Billion Consent Order

    WASHINGTON, D.C. — One day after a federal judge denied Meta Platforms Inc. (formerly Facebook Inc.) injunctive relief in its quest to prevent the Federal Trade Commission from revising a 2020 $5 billion consent order that settled a privacy investigation by the commission, the social network operator filed a notice of appeal with the District of Columbia Circuit U.S. Court of Appeals, seeking relief from the injunction denial.

  • March 19, 2024

    Plaintiffs Fire Back In UCL, Copyright Case Involving Google AI Training Data

    SAN FRANCISCO — Individuals enjoy a property right in their personal information, and a complaint alleges unlawful and unfair conduct sufficiently enough for claims under all three prongs of the California unfair competition law (UCL), plaintiffs in a copyright and privacy class action accusing Google LLC of “wide-scale data theft” in the training of its artificial intelligence tell a federal court in opposing dismissal.

  • March 18, 2024

    California AirTag Stalking Victims’ Claims Against Apple May Proceed, Judge Says

    SAN FRANCISCO — A California federal judge on March 15 denied Apple Inc.’s motion to dismiss negligence and strict product liability claims brought against it by three plaintiffs who claim that they were stalked in California through the use of Apple’s AirTag devices but dismissed claims brought by 35 other plaintiffs, writing in a second order that the claims brought by out-of-state plaintiffs were insufficiently pleaded.

  • March 18, 2024

    GM, OnStar, Lexis Sued For Collecting, Sharing Drivers’ Data

    WEST PALM BEACH, Fla. — A Florida man, who claims that his driving data was collected and shared without his knowledge or consent brings putative class claims under the Fair Credit Reporting Act (FCRA), as well as Florida consumer and privacy law, asserting that the inaccurate information negatively impacted his ability to obtain car insurance.

  • March 18, 2024

    Patients Seek To Centralize Data Breach Suits Against Health Care Firm In Tennessee

    WASHINGTON, D.C. — Four plaintiffs who separately filed putative negligence class actions against a health care provider that recently experienced a data breach filed a motion to transfer and consolidate their suits along with others filed against the same defendant in Tennessee federal court.

  • March 12, 2024

    After A Few Tries, $37.5M Settlement Of Meta Tracking Class Action Gets Final OK

    SAN FRANCISCO — After receiving assurances that the plaintiffs in a Facebook location-tracking class action had taken care of his latest concern over a $37.5 million settlement of privacy claims against the social network’s owner Meta Platforms Inc., a California federal judge on March 11 finally granted final approval of the settlement after a year and a half of tweaks and revisions to it.

  • March 11, 2024

    Covington Client Dismisses D.C. Circuit Appeal Of SEC Disclosure Order

    WASHINGTON, D.C. — More than eight months after a judge ordered Covington & Burling LLP to identify for the Securities and Exchange Commission seven of its clients whose information had been compromised in a cybersecurity attack, one of those clients, proceeding pseudonymously, on March 11 filed a stipulation voluntarily dismissing his appeal to the District of Columbia Circuit U.S. Court of Appeals of that ruling.

  • March 08, 2024

    DOJ, ACLUF Settle Social Media Monitoring FOIA Row For $240,000 In Fees, Costs

    OAKLAND, Calif. — After almost two years of conferring, filing status reports and submitting documents, the American Civil Liberties Union Foundation (ACLUF) and several government agencies jointly filed a stipulation and proposed order of dismissal in California federal court, under which they agree to end a five-year-old Freedom of Information Act (FOIA) dispute with the payment of $240,000 in attorney fees and costs by the U.S. Department of Justice (DOJ) and other agencies.

  • March 07, 2024

    MyPillow CEO Tells High Court Phone, Data Seizure Warrant Violated 4th Amendment

    WASHINGTON, D.C. — MyPillow Inc. Chief Executive Officer Michael J. Lindell has filed a petition for certiorari, asking the U.S. Supreme Court to find that a warrant used by the Federal Bureau of Investigation to seize his iPhone and all the data on it violated the Fourth Amendment to the U.S. Constitution because it did not state with particularity that data to be seized.

  • March 06, 2024

    9th Circuit: Google Didn’t Deceive Android Users By Gathering App, OS Data

    SAN FRANCISCO — A Ninth Circuit U.S. Court of Appeals panel on March 5 affirmed the dismissal of two smartphone users’ fraud, unfair competition and breach of contract claims against Google LLC for collecting data on third-party app usage via its Android operating system (OS), finding that Google adequately disclosed its collection of consumer data across both Google apps and third-party apps using its OS.