Mealey's Data Privacy
-
October 10, 2024
Marriott To Pay $52M, Improve Security In Data Breach Disputes With FTC, States
WASHINGTON, D.C. — Documents filed Oct. 9 by the Federal Trade Commission and in Massachusetts court announced the settlement of allegations of inadequate cybersecurity by the commission and a group of U.S. states, respectively, against Marriott International Inc. related to a series of data breaches that resulted in hackers obtaining the personally identifiable information (PII) of millions of customers.
-
October 10, 2024
Wiretap, Privacy Claims Over TikTok’s In-App Browser Largely Survive Dismissal
CHICAGO — Mostly denying a motion to dismiss by TikTok Inc., an Illinois federal judge found that most of the claims over the purported collection of personally identifiable information (PII) by the company’s in-app browser (IAB) were sufficiently pleaded by the named plaintiffs at this stage of a multidistrict litigation against the social media firm.
-
October 09, 2024
$6 Million Settlement Of MDL Over Health Care Firms’ Data Breach Gets Final OK
FORT LAUDERDALE, Fla. — Six months after he preliminarily approved a $6 million settlement of a multidistrict litigation over a 2020 data breach experienced by a pediatric medical services provider, a Florida federal judge granted a motion by the plaintiffs for final approval of that settlement, as well as an accompanying motion for attorney fees and costs.
-
October 09, 2024
California Brings Consumer Protection Suit Against TikTok For Harming Youth
SAN JOSE, Calif. — The California Attorney General’s Office on Oct. 8 filed a lawsuit in state court accusing the owners and operators of the TikTok social media app of violating California’s unfair competition law (UCL) and false advertising law (FAL) by intentionally targeting children, including those younger than 13, with addictive features and illegally collecting their data. Similar consumer protection suits were recently filed in more than a dozen other states.
-
October 09, 2024
Case Alleging Company Used Meta Tools To Collect Patient Data Moves Forward
PHILADELPHIA — A Pennsylvania federal judge allowed a proposed class action against a health care system to proceed after finding that the patients sufficiently asserted claims that the company used Meta Platform Inc.’s collection tools to share their health care data.
-
October 09, 2024
Customer Data Law Deemed Unconstitutional In Ruling For DoorDash, Grubhub
NEW YORK — A New York City law that would require food delivery services to provide customer data to restaurants violates the First Amendment to the U.S. Constitution, a New York federal judge ruled, granting summary judgment to three major delivery service providers in their quest to halt enforcement of the statute.
-
October 09, 2024
Labor Union Denied Early Appeal Of Partial Dismissal In Data Breach Suit
NEW YORK — Deeming a labor union’s reading of controlling case law to be “plainly wrong,” a New York federal judge declined to certify for interlocutory appeal his previous ruling that permitted most of the plaintiff union members’ claims related to a 2023 data breach to proceed.
-
October 07, 2024
U.S. Supreme Court Denies Debtor’s Petition On Intangible Harm, Standing
WASHINGTON, D.C. — The U.S. Supreme Court on Oct. 7 denied a debtor’s petition for a writ of certiorari concerning standing in a lawsuit over the transmission of debtors’ personal data to a third party.
-
October 07, 2024
Petition Challenging Constitutionality Of Texas Drone Law Denied By High Court
WASHINGTON, D.C. — The U.S. Supreme Court on Oct. 7 denied a petition for writ of certiorari of a journalist and a photographer association claiming that a Texas law that curbs the use of drones for aerial photography violates the First Amendment to the U.S. Constitution.
-
October 07, 2024
Negligence Claims Against Indiana University To Proceed In Data Breach Incident
FORT WAYNE, Ind. — A federal judge in Indiana determined that claims of negligence and breach of contract alleged against a private university in a data breach suit can proceed because the plaintiffs seek damages for more than just economic losses and because dismissal of the breach of contract claim would be premature.
-
October 03, 2024
Vermont Health Provider Pays $540,000 To Settle Data Breach Class Claims
BURLINGTON, Vt. — A federal judge in Vermont granted final approval of a $540,000 settlement to be paid by an integrated health provider in that state, ending a class suit by a patient over a 2022 data breach that allegedly exposed the personal information of more than 60,000 people.
-
October 02, 2024
Judge Partly Dismisses Hunter Biden’s Suit Against IRS, Won’t Let Agents Intervene
WASHINGTON, D.C. — A District of Columbia federal judge partly granted the United States and U.S. Internal Revenue Service’s motion to dismiss claims brought against them by Hunter Biden for failure to protect the privacy of his tax returns, but declined to dismiss Biden’s claim for damages and denied a motion to intervene filed by two IRS agents who were involved in the disclosure of Biden’s tax information.
-
October 01, 2024
Judge Dismisses Suit Disputing Coverage For BIPA Claims Over AI Food Phone Orders
CHICAGO — Following receipt of a businessowners insurer’s notice of voluntary dismissal, a federal judge in Illinois dismissed the insurer’s lawsuit seeking a declaratory judgment that it owes no coverage for two underlying putative class action lawsuits alleging that its insured and two franchise restaurants violated the Illinois Biometric Information Privacy Act (BIPA) when they used the insured’s voice artificial intelligence technology to handle phone orders from customers.
-
September 27, 2024
Plaintiff Consents To Hacked Facebook Accounts Suit Being Heard By Magistrate
SAN FRANCISCO — A plaintiff bringing a putative class action against Meta Platforms Inc. in California federal court for breach of contract and violation of California’s unfair competition law (UCL) due to it allegedly allowing “hackers to abscond with hundreds of thousands of Facebook accounts” while barring hacked users from regaining access to their accounts consented to magistrate jurisdiction over the suit on Sept. 26.
-
September 26, 2024
In Camera Review Showed Amazon Used Privilege Designation Too Broadly
SEATTLE — Saying that almost 80% of the documents produced for in camera review “were improperly designated or over-designated as” subject to attorney-client privilege, a Washington federal judge ordered Amazon.com Inc. to make a variety of productions to plaintiffs who sued it over the unauthorized recording and retention of private conversations.
-
September 25, 2024
Plaintiffs, Google Update Status Of Suit Over $5.5M Cookie Privacy Suit Settlement
WILMINGTON, Del. — Following the lifting of a stay in a lawsuit where the plaintiffs sued Google LLC for purported privacy violations, the parties filed a joint status report in a Delaware federal court saying the 12-year-old case is “essentially at the same procedural posture as in 2015” after the court denied final approval of a $5.5 million settlement. The plaintiffs noted that they have prepared discovery to address class issues and proceed to class certification, asserting that if they are able to demonstrate that the putative class is ascertainable, then the settlement should be granted final approval.
-
September 25, 2024
Investors, Facebook Agree On Risk Question, Disagree On What High Court Should Do
WASHINGTON, D.C. — Meta Platforms Inc., formerly Facebook Inc., investors tell the U.S. Supreme Court in a Sept. 24 respondent brief that they agree with Facebook as to the answer to the limited question before the justices regarding disclosure of immaterial past risks but argue that the Ninth Circuit U.S. Court of Appeals’ ruling should be upheld as it was correct when it opined that Facebook issued misleading statements about the risk of potential misuse of user data because the company was aware that it had already occurred.
-
September 25, 2024
Most Claims Survive Dismissal In Forta Data Breach MDL Case
MIAMI — Ruling that the plaintiffs in a consolidated putative class action arising from a 2023 data security breach adequately allege standing, a Florida federal judge granted dismissal for failure to state a claim only as to all or part of 11 of the 27 claims; he said he would allow repleading on four of the claims, but the plaintiffs opted to forgo repleading.
-
September 25, 2024
Judge Dismisses ‘Magic Avatars’ AI Biometric Data Case After Period To Amend Ends
CHICAGO — A federal judge in Illinois dismissed an action in which a man claimed that his photographs and other biometric information are included in datasets used to train a third-party artificial intelligence that powers an image rendering application after the man failed to file an amended complaint in the wake of dismissal of his action.
-
September 24, 2024
Google Partially Granted Summary Judgment In Ovulation Tracking App Suit
SAN FRANCISCO — Female consumers who used the Flo Period & Ovulation Tracker app and are now suing the app creator and third parties for privacy and contract violations as well as unfair competition law (UCL) claims under California law abandoned their defense of their UCL claims against Google LLC and failed to show that Google has actual knowledge of the alleged practices, a federal judge in California ruled Sept. 23, partially granting Google’s motion for summary judgment.
-
September 24, 2024
Data Breach Class Suit Against Casino Operator May Proceed, Judge Rules
LAS VEGAS — A Nevada federal judge granted in part and denied in part a casino operator’s motion to dismiss putative class action claims against it for negligence, violation of California’s unfair competition law (UCL) and other statutes on behalf of a nationwide class and a California subclass in relation to a 2022 breach of its servers that led to the leak of more than 200,000 people’s personal identifying information (PII).
-
September 19, 2024
5th Circuit Dismisses Government’s Appeal In Health Information Privacy Row
NEW ORLEANS — The Fifth Circuit U.S. Court of Appeals dismissed the government’s appeal of a Texas federal judge’s ruling that two hospitals and two hospital associations were correct that a standard established in two recent U.S. Department of Health and Human Services (HHS) subagency bulletins for determining when online tracking technology has unlawfully gathered internet users’ individually identifiable health information (IIHI) exceeded HHS’s authority, after the government moved to voluntarily dismiss its appeal.
-
September 19, 2024
Judge Approves $6.5M Settlement For Breach Of Prisoners’ Health Data
LEXINGTON, Ky. — A Kentucky federal judge on Sept. 17 granted final approval of a nearly $6.5 million class action settlement including $2.1 million in attorney fees against a claims administrator for correctional facilities for a 2022 data breach that led to the personal health data of nearly 600,000 people being posted online.
-
September 19, 2024
Preliminary Approval Of Settlement Granted In Payroll Processor Data Breach Suit
LOS ANGELES — A California state court judge granted preliminary approval of a settlement in a putative class action suit against an entertainment industry payroll processor whose alleged failure to implement cybersecurity measures to protect the plaintiffs’ personally identifiable information (PII) resulted in a data breach impacting more than 450,000 individuals, staying litigation in the case pending final approval of the settlement.
-
September 19, 2024
Sending Google Settlement Funds To Only Cy Pres Groups ‘Legal Error,’ Objectors Say
SAN FRANCISCO — Approval of a plan to distribute most of a $62 million settlement in a consolidated class action over Google Inc.’s collection of users’ location data to cy pres organizations while class members receive nothing runs afoul of a revised rule of federal procedure, warranting reversal and remand, three settlement objectors tell the Ninth Circuit U.S. Court of Appeals in their opening brief.