Newsletter RSS

Mealey's Data Privacy

  • March 07, 2025

    Privacy, Biometric Claims Over CapCot Video-Editing App Survive Dismissal

    CHICAGO — An Illinois federal judge largely granted a motion by ByteDance Inc. to dismiss putative class claims over the purported collection of personal data from users of its CapCot video-editing app, finding that a group of the app’s users did not establish claims for unfair competition, unjust enrichment and violation of several federal and California state privacy laws.

  • March 07, 2025

    Final Judgment Entered For $27.5 Million Thomson Reuters Data-Selling Settlement

    SAN FRANCISCO — One week after a California federal judge granted final approval to a $27.5 million settlement of a class action over Thomson Reuters Corp.’s online gathering and sale of personally identifying information (PII) of Californians, he issued final judgment in the four-year-old suit, dismissing unjust enrichment and unfair competition claims against the company.

  • March 07, 2025

    Judge Extends TRO Preventing DOGE Access Of OPM, DOE Data

    GREENBELT, Md. — A temporary restraining order (TRO) preventing the U.S. Office of Personnel Management (OPM) and the U.S. Department of Education (DOE) from permitting access to the personally identifiable information (PII) of a group of veterans and labor organizations by personnel from the U.S. Department of Government Efficiency (DOGE) was extended March 6, with a Maryland federal judge granting the plaintiffs’ motion and ruling that the TRO will now expire on March 17, which is when a hearing on the plaintiffs’ pending preliminary injunction motion is scheduled.

  • March 05, 2025

    $9.5 Million Settlement Of Payroll Firm Data Breach Suit Gets Final Approval

    LOS ANGELES — Six months after a $9.5 million settlement of privacy and unfair competition claims over a payroll services provider’s 2023 data breach was preliminarily approved, a California judge gave the final stamp of approval to the agreement, also granting the plaintiffs’ motion for attorney fees, costs and class representative service awards.

  • March 05, 2025

    Biometric Privacy Suit Against Adult Dating Website Stayed For Arbitration

    SACRAMENTO, Calif. — A California federal judge granted a motion by a processing affiliate for the website Adult Friend Finder (AFF) to enforce a provision in the site’s terms of use (TOU) requiring a site user to arbitrate his putative claim against the affiliate under the Illinois Biometric Information Privacy Act (BIPA) for the purported collection of site users’ facial scans.

  • March 04, 2025

    Parties Seek Dismissal Of Data Breach Coverage Suit Following Settlement

    SEATTLE — A media tech insurer and its financial services firm insured filed a joint stipulation asking a Washington federal court to dismiss with prejudice the insurer’s lawsuit seeking a declaration that it has no duty to defend or indemnify the insured for a bank’s indemnification demand for a data breach incident and a related subrogation lawsuit brought by the bank’s insurer.

  • March 04, 2025

    High Court Won’t Decide If Federal Funds Immunize Health Center From Privacy Suit

    WASHINGTON, D.C. — In its March 3 order list, the U.S. Supreme Court denied certiorari to a community health center (CHC) that is the defendant in an underlying data breach lawsuit, declining to take up the center’s question over whether its status as a federally funded entity entitles it to immunity from a patient’s invasion of privacy and negligence claims.

  • March 04, 2025

    Union, Groups Sue To Stop DOGE, Others From Accessing Social Security Systems

    BALTIMORE — The Social Security Administration (SSA) “has access to some of the nation’s most sensitive data” of Americans, and U.S. DOGE Service and Elon Musk should not have unfettered access, a union, an advocacy group and a labor organization allege in a complaint filed in federal court in Maryland.

  • March 03, 2025

    Insurers Settle Coverage Dispute With Taco Bell Owners Over BIPA Violation Claims

    SPRINGFIELD, Ill. — The same day commercial general liability and umbrella insurers and the owners and operators of Taco Bell restaurants in Illinois indicated that they have agreed in principle to settle the insurers’ lawsuit seeking a declaratory judgment that they have no duty to defend and indemnify in an underlying class action alleging that the insureds violated the state’s Biometric Information Privacy Act (BIPA), a federal magistrate judge in Illinois issued an order on Feb. 28 noting that all scheduled hearings are vacated and any pending motions are rendered moot.

  • March 03, 2025

    $21 Million Settlement Of Suit Over Brokerage Firm’s Data Breach Gets Final OK

    CHICAGO — The same day that she presided over a fairness hearing for a proposed $21 million settlement of negligence, contractual and statutory claims over a 2020 data breach experienced by Arthur J. Gallagher Co. (AJG), an Illinois federal judge granted final approval to it, dismissing the case with prejudice.

  • February 28, 2025

    9th Circuit Reverses, Remands $800,000 Fee Award For $950,000 Class Settlement

    SAN FRANCISCO —  A panel of the Ninth Circuit U.S. Court of Appeals has reversed a trial court’s approval of $800,000 in attorney fees and costs for a claims-made data breach class settlement that had a redemption value of “at most” about $950,000, but a panel majority approved the underlying settlement with a dissenting judge calling the trial court’s approval “perfunctory.”

  • February 26, 2025

    Data Location Privacy Class Alleges Violations Of Washington My Health My Data Act

    SEATTLE — Mobile applications using the software development kit (SDK) from Amazon.com Inc. and Amazon Advertising LLC (together, Amazon) allow for Amazon to harvest location data directly from consumers’ devices without prior notice in violation of consumers’ privacy rights, a Washington woman alleges in a class complaint filed in a federal court in that state and purported to be the first complaint filed under Washington’s My Health My Data Act (MYMD), which was signed into law in 2023.

  • February 25, 2025

    Maryland Judge Enjoins OPM, DOE From Providing DOGE With Access To Records

    GREENBELT, Md. — Granting a temporary restraining order (TRO) motion filed by a group of veterans and labor organizations, a Maryland federal judge on Feb. 24 found that the “continuing, unauthorized discloser” of plaintiffs’ personally identifiable information (PII) to affiliates of the U.S. Department of Government Efficiency (DOGE) by the U.S. Office of Personnel Management (OPM) and the U.S. Department of Education (DOE) constituted “irreparable harm” that can only be adequately addressed via injunctive relief.

  • February 25, 2025

    2 Members Of Federal Oversight Board Allege Removals Were Unlawful

    WASHINGTON, D.C. — Two members of the U.S. Privacy and Civil Liberties Oversight Board (PCLOB) filed a complaint on Feb. 24 in District of Columbia federal court accusing President Donald J. Trump of removing them without cause, which threatens to silence the “independent advice” members of the board provide to Congress and the reporting members provide to Congress and the public “on how the government balances national security activities with privacy and civil liberties protections.”

  • February 25, 2025

    DOGE Dodges Injunction In Suit Brought By Privacy Group, Doe Plaintiff

    ALEXANDRIA, Va. — The Electronic Privacy Information Center (EPIC) and a Jane Doe federal government employee were denied a preliminary injunction to stop the U.S. Department of Government Efficiency (DOGE) from “running roughshod over core data protections and endangering the security of vital government systems,” with a Virginia federal judge finding that the plaintiffs did not establish irreparable harm to merit such an “extraordinary remedy.”

  • February 24, 2025

    7 Suits Over Insurer’s Data Breach Remanded To Wisconsin State Court

    MADISON, Wis. — A health insurance company did not establish that federal jurisdiction existed over seven putative class actions that it removed to Wisconsin federal court, a judge held, granting a motion to remand the suits over a 2024 data breach to state court, finding that exceptions to the Class Action Fairness Act (CAFA) defeated federal jurisdiction.

  • February 24, 2025

    DOGE Temporarily Enjoined From Accessing BFS Data, Payment Systems

    NEW YORK — Staff members of the U.S. Department of Government Efficiency (DOGE) were temporarily halted from accessing data and payment systems within the Bureau of Fiscal Services (BFS) on Feb. 21, when a New York federal judge granted a preliminary injunction motion filed by a group of 19 states that objected to access to files containing highly personal information of millions of Americans by DOGE.

  • February 21, 2025

    Groups Sue To Stop DOGE Access Of Internal Revenue Service Records, Systems

    WASHINGTON, D.C. — A taxpayer rights nonprofit, a small business network and two labor unions teamed up to file a complaint in District of Columbia federal court against the Internal Revenue Service, the U.S. Department of the Treasury and the U.S. Department of Government Efficiency (DOGE) to prevent the access of the private information of millions of taxpayers and small business owners by DOGE from the IRS data systems.

  • February 21, 2025

    No Temporary Restraining Order For States In Suit Against Musk, Trump, DOGE

    WASHINGTON, D.C. — A group of states seeking to halt purportedly unconstitutional actions being taken by the U.S. Department of Government Efficiency (DOGE) and Elon Musk related to government agencies’ data systems and personnel were denied their request for a temporary restraining order (TRO) by a District of Columbia federal judge, who found that the states did “not carr[y] their burden of showing that they will suffer imminent, irreparable harm absent a” TRO.

  • February 20, 2025

    Judge Permits ‘Mass Opt-Out’ From Eavesdropping Class Action Against Google

    SAN JOSE, Calif. — A California federal judge stated that she had “little hesitation” denying Google LLC’s motion to reject a “mass exclusion request” by nearly 70,000 Google Assistant (GA) users who seek to opt out of an unfair competition class action over Google’s purported eavesdropping via the digital assistant app and pursue arbitration of their privacy claims against the company instead.

  • February 20, 2025

    5 Federal Workers’ Class Suit Alleges Info Access Is Largest Breach Since Watergate

    WASHINGTON, D.C. — Federal officials’ decision to allow individuals from outside the U.S. government to access the “personal sensitive information” (PSI) of millions of federal workers “is the biggest breach of American trust by political actors since Watergate,” five federal employees allege in a class complaint filed in a federal court in the District of Columbia.

  • February 19, 2025

    Media Tech Insurer, Financial Services Firm Settle Data Breach Coverage Dispute

    SEATTLE — A media tech insurer that filed suit and its financial services firm insured filed a notice in a Washington federal court indicating they have settled the insurer’s lawsuit seeking a declaration that it has no duty to defend or indemnify the insured for a bank’s indemnification demand for a data breach incident and a related subrogation lawsuit brought by the bank’s insurer.

  • February 18, 2025

    Excess Insurer Appeals Ruling In BIPA Violation Coverage Dispute

    CHICAGO — An excess insurer filed a notice indicating that it is appealing an Illinois federal court’s ruling granting in part and denying in part cross-motions for summary judgment in a franchisee of the Burger King chain’s breach of contract lawsuit seeking a declaration that the insurer has a duty to defend against an underlying putative class lawsuit alleging that the insured violated the Illinois Biometric Information Protection Act (BIPA).

  • February 18, 2025

    TRO Denied In Federal Workers’ Privacy Suit Over OPM ‘Test’ Emails

    WASHINGTON, D.C. — Federal workers suing under pseudonyms who accuse the Office of Personnel Management (OPM) of failing to conduct and publish a privacy impact assessment (PIA) before allegedly sending out “test” emails the workers claim are being used to collect information on them failed to show “that they are likely to incur some irreparable injury” without a temporary restraining order (TRO), a federal judge in the District of Columbia ruled Feb. 17, denying a renewed TRO motion in the putative class case.

  • February 18, 2025

    Class Action Alleges Allstate Collected, Sold Data Without Plaintiffs’ Consent

    CHICAGO — A class action complaint filed in Illinois federal court alleges that The Allstate Corp. and its subsidiaries collected and sold the plaintiffs’ personal data and “‘trillions of miles’ worth of ‘driving behavior’” data without their consent.