Newsletter RSS

Mealey's Data Privacy

  • July 01, 2025

    Basketball Fan Asks Supreme Court To Reject NBA’s VPPA Certiorari Petition

    WASHINGTON, D.C. — Maintaining that the Second Circuit U.S. Court of Appeals correctly found that he had standing to sue the National Basketball Association (NBA) for sharing his online viewing habits under the Video Privacy Protection Act (VPPA), a California man filed a brief opposing the NBA’s petition for certiorari on June 30, telling the U.S. Supreme Court that there is no circuit split on standing.

  • June 30, 2025

    Supreme Court Won’t Hear Dispute Over 4th Amendment Search Of Financial Records

    WASHINGTON, D.C. — In its June 30 order list, the U.S. Supreme Court denied certiorari to a bitcoin user on his question over whether the Internal Revenue Service violated the Fourth Amendment to the U.S. Constitution with the warrantless seizure of users’ financial records from a digital currency exchange.

  • June 30, 2025

    Preliminary Injunction Denied In DOL Records DOGE Access Suit

    WASHINGTON, D.C. — Labor unions and nonprofits challenging U.S. Digital Service and U.S. DOGE Service Temporary Organization (together, DOGE) personnel’s right to access U.S. Department of Labor (DOL) records failed to show imminent misuse or public disclosure, a federal judge in the District of Columbia ruled June 27, denying the unions and nonprofits’ request for a preliminary injunction.

  • June 26, 2025

    $45 Million Settlement Of Suits Over MGM Data Breaches Gets Final Approval

    LAS VEGAS — A $45 million settlement of a consolidated class action against MGM Resorts International over two data breach incidents that provides for payments of up to $15,000 in documented losses for class members was declared “fundamentally fair, reasonable, adequate, and in the best interests of the Settlement Class” by a Nevada federal judge, as she granted final approval to the agreement.

  • June 25, 2025

    2nd Circuit Affirms Dismissal Of NFL Videos VPPA Class Lawsuit

    NEW YORK — The Second Circuit U.S. Court of Appeals affirmed a trial court’s dismissal of a putative class complaint accusing the National Football League (NFL) of violating the Video Privacy Protection Act (VPPA) by sharing personal data about users of the NFL’s website, mobile application and video service with a third party, citing Solomon v. Flipps Media, Inc. as “‘binding and dispositive.’”

  • June 24, 2025

    Oregon Suggests Supreme Court Pass On Petition About Secret Recordings Ban

    WASHINGTON, D.C. — Opposing a petition for certiorari filed by a pair of media organizations in the U.S. Supreme Court, Oregon officials on June 23 filed a brief in opposition defending a state statutory ban on most covert recordings as merely requiring modest notifications to recording subjects and not being a content-based regulation of speech under the First Amendment to the U.S. Constitution.

  • June 24, 2025

    2 AT&T Data Breach MDLs Preliminarily Settle For Total Of $177 Million

    DALLAS — A Texas federal judge granted preliminary approval to two settlement funds, totaling $177 million, to resolve multidistrict litigations in Texas and Montana related to two data security incidents experienced by AT&T Inc.

  • June 23, 2025

    VPPA, UCL Claims Against Online Video Retailers Must Be Arbitrated, Judge Rules

    SAN FRANCISCO — Determining that attempts to settle and dismiss putative class claims against online retailers under the Video Privacy Protection Act (VPPA) and California’s unfair competition law (UCL) did not contradict an intent to arbitrate under a totality of the circumstances, a California federal judge granted the defendants’ motion to stay and to compel arbitration.

  • June 23, 2025

    Initial Approval Given To Settlement Of Data Breach Suit Against Health Care Firm

    BALTIMORE — Extending an existing stay on discovery and other proceedings in a consolidated lawsuit over a health care provider’s 2023 data breach, a Maryland federal judge granted the plaintiffs’ motion for preliminary approval of a $1.35 million settlement of negligence, contractual and other claims against the firm.

  • June 20, 2025

    Judge Says HHS Lacked Authority To Enact New HIPAA Privacy Rule

    AMARILLO, Texas — Granting a doctor’s summary judgment motion, a Texas federal judge concluded that the U.S. Department of Health and Human Services violated the Administrative Procedure Act (APA) in enacting a new privacy rule, supplementing the Health Insurance Portability and Accountability Act of 1996 (HIPAA), that prohibits medical providers from disclosing information related to reproductive health care (RHC) in particular circumstances, leading the judge to vacate the new rule.

  • June 19, 2025

    Data Interception Claims Over Hard Rock Café’s Website Are Dismissed

    SACRAMENTO, Calif. — A California federal judge found that a user of Hard Rock Café International (USA) Inc.’s website did not sufficiently allege that the contents of her communications from her website visits were intercepted by the company or shared with Meta Platforms Inc., leading her to grant Hard Rock’s motion to dismiss a complaint against it for violation of the California Invasion of Privacy Act (CIPA).

  • June 19, 2025

    $7.5 Million Settlement Of Digital Pharmacy Data Breach Class Action Approved

    OAKLAND, Calif. — Almost seven months after preliminarily approving a $7.5 million settlement of a class action over a 2023 data breach experienced by PostMeds Inc., a California federal judge made his approval final, granting a motion by the plaintiffs in the consolidated lawsuit, while also giving his thumbs up to requests for attorney fees, costs and service awards.

  • June 18, 2025

    Meta Must Provide Privacy Plaintiffs With Analyses Of Users’ Time On Facebook

    SAN FRANCISCO — A putative class of Facebook users who sued Meta Platforms Inc. over the purported sharing of their protected health information (PHI) via its pixel tool are entitled to certain analyses and reports correlating users’ time spent on the social network with Meta’s revenue, a California federal magistrate judge ruled, finding the requested info relevant to the plaintiffs’ proposed damages theory.

  • June 18, 2025

    Chrome Users Again Denied Class Certification In Google Data Collection Suit

    OAKLAND, Calif. — Two and a half years after a California federal judge declined to certify a class of Chrome browser users in their privacy suit against Google LLC, the judge handed another defeat to the plaintiffs as she found that individualized issues regarding each class member’s knowledge of, and consent to, Google’s data collection practices would predominate over common questions.

  • June 18, 2025

    N.M. Panel: Policy Term ‘For A Security Breach’ Is Ambiguous; Coverage Triggered

    ALBUQUERQUE, N.M. — A New Mexico appeals court affirmed a lower court’s summary judgment ruling that a cyber insurance policy covered an underlying third-party claim seeking payment for invoices that a now insolvent health insurer mistakenly wired to a fraudulent bank account, finding that the policy term “for a security breach” is ambiguous and must be construed in favor of the insured and the “loss of money” policy exclusions do not apply.

  • June 18, 2025

    HHS Federal Workers File Class Suit Over Erroneous Record Sharing, Firings

    WASHINGTON, D.C. — Seven employees of the U.S. Department of Health and Human Services (HHS) and its subcomponents filed a class complaint in a federal court in the District of Columbia alleging that “hopelessly error-ridden” personnel records were wrongly turned over to U.S. DOGE Service, the U.S. Office of Personnel Management (OPM) and the Office of Management and Budget (OMB) without being verified and were incorrectly used to fire 10,000 workers in violation of the Privacy Act.

  • June 17, 2025

    States Ask Bankruptcy Court To Find 23andMe Can’t Sell Users’ Genetic Data

    ST. LOUIS — Missouri federal bankruptcy court issued a summons to 23andMe Holding Co. in a declaratory judgment adversary proceeding brought by a group of U.S. states and the National Association of Attorneys General (NAAG) to prevent the financially troubled DNA-testing company from selling the genetic data of millions of its users as part of its bankruptcy process without their consent.

  • June 16, 2025

    RNC May Intervene In Suits Over ‘Integrity Of Elections’ Executive Order

    WASHINGTON, D.C. — A District of Columbia federal judge partly granted a motion by the Republican National Committee to intervene in three consolidated suits in which the Democratic National Committee (DNC) and others challenge several provisions of President Donald J. Trump’s recent executive order (EO) on “Preserving and Protecting the Integrity of American Elections.”

  • June 16, 2025

    Supreme Court Will Consider Pregnancy Center’s Jurisdictional Question

    WASHINGTON, D.C. — The U.S. Supreme Court on June 16 granted certiorari to an anti-abortion pregnancy center on its question of whether constitutional challenges to an investigative subpoena demanding the names of donors must first be adjudicated by a state court before they are ripe for federal court review.

  • June 13, 2025

    Initial OK Given To $6.3M Settlement Of Apnea Supply Firm Data Breach Suit

    INDIANAPOLIS — Preliminarily approving an agreement providing more than $6.3 million to settle a class action over data breaches experienced by a sleep apnea supply firm, an Indiana federal judge held that the parties “will likely be able to certify and approve a settlement class under Federal Rule of Civil Procedure 23.”

  • June 12, 2025

    DOGE Enjoined From Further Access To OPM Records By Federal Judge

    NEW YORK — In a 99-page ruling, a New York federal judge granted a preliminary injunction motion filed by two labor unions and a group of federal employees to halt any further access of U.S. Office of Personnel Management (OPM) computer systems and records by U.S. Department of Government Efficiency (DOGE) agents, who have not been sufficiently vetted, credentialed or trained per the Privacy Act.

  • June 12, 2025

    Data Breach Class Action Against Biotech Firm Settles For $7.5 Million

    CENTRAL ISLIP, N.Y. — Four months after preliminarily approving a $7.5 million settlement of a consolidated class action over a 2023 data breach experienced by a biotech firm, a New York federal magistrate judge granted final approval to the settlement, which provides for up to $10,000 in out-of-pocket reimbursements for class members.

  • June 12, 2025

    Class Action Alleges Insurer Intentionally Disclosed Driver’s License Numbers

    NEW YORK — A class action complaint for violation of the Driver’s Privacy Protection Act (DPPA) was brought against Lemonade Inc. in a New York federal court on June 9, alleging that the insurer knowingly and intentionally obtained, used and disclosed class members’ driver’s license numbers and other personal information on its online quoting platform that was ultimately accessed by cybercriminals.

  • June 11, 2025

    Revised, Reduced Attorney Fees Award In CPK Data Breach Suit Approved

    SANTA ANA, Calif. — After an initial attorney fees award of $800,000 was rejected and remanded by the Ninth Circuit U.S. Court of Appeals in a consolidated class action over a data breach experienced by California Pizza Kitchen Inc. (CPK), a California federal judge on June 10 approved a revised fees and costs request, which reduces the original award by more than $500,000.

  • June 11, 2025

    Some Privacy Claims Over Google’s Collection Of Health Data May Proceed

    SAN FRANCISCO — A group of anonymous plaintiffs suing Google LLC over the alleged collection and sharing of users’ health-related data saw most of their privacy and related claims survive the tech company’s second dismissal motion, with a California federal judge finding that in the second amended consolidated complaint (SAC) the plaintiffs corrected defects that led to their previous complaint being completely dismissed.