Newsletter RSS

Mealey's Data Privacy

  • April 03, 2026

    Government, Amici File Merits Briefs In High Court’s Geofence Warrant Case

    WASHINGTON, D.C. — As oral argument approaches in a U.S. Supreme Court case where the petitioner was convicted of armed robbery through cell phone location evidence obtained through a geofence warrant that he argues was unconstitutional, the U.S. government filed a merits brief contending in part that the petitioner’s “dramatic expansion of the Fourth Amendment would stifle developments in . . . evolving areas of law and handicap the investigation of major crimes,” and amici curiae including local government organizations made similar arguments.

  • April 03, 2026

    Web Tracking Wiretap Case Remanded To State Court For Lack Of Standing

    PITTSBURGH — Relying on the August opinion in Cook v. Gamestop, a Third Circuit U.S. Court of Appeals panel determined that a website user failed to allege a concrete injury to establish Article III standing, vacated a Pennsylvania federal court’s judgment and ordered the website user’s state wiretapping claim against Harriet Carter Gifts Inc. remanded to state court, holding that her alleged online browsing activity did not involve the transmission of sensitive or personal information required to establish a cognizable injury and “involved only routine conduct.”

  • April 02, 2026

    Data Breach Suit Dismissed, But Some Claims Ordered For Arbitration Resolution

    ST. LOUIS — A Missouri federal judge ruled that customers whose personally identifiable information (PII) was compromised in a 2024 data breach sufficiently alleged Article III standing in a consolidated amended class action complaint, but dismissed their claims without prejudice for failure to state a claim, compelled arbitration for two named individuals based on loan-related agreements and denied without prejudice arbitration as to two others due to a factual dispute.

  • April 02, 2026

    Protective Order Sought In Epstein Privacy Violation Suit Against Google, DOJ

    SAN JOSE, Calif. — An alleged victim of convicted sex offender Jeffrey Epstein filed a motion in California federal court seeking a protective order to proceed under a pseudonym in her putative class suit alleging that U.S. Department of Justice violated the Privacy Act by wrongfully disclosing her personally identifiable information and that of other victims of Epstein when releasing files pursuant to the Epstein Files Transparency Act and that Google LLC continues to republish that information.

  • April 02, 2026

    Judge Reduces Attorney Fee Award, Approves Settlement In Google Data Sharing Row

    OAKLAND, Calif. — Deeming the proposed settlement “fair, adequate, and reasonable,” a California federal judge approved a settlement in a consolidated class action lawsuit over Google LLC’s purported data sharing via its real-time bidding (RTB) and granted in part the plaintiffs’ motion for attorney fees, costs and service awards, applying the lodestar method to assess attorney fees due to the “speculative” nature of the plaintiffs’ evidence regarding the success of the injunctive relief sought.

  • April 01, 2026

    Summary Judgment Denied For Unions, Government On APA Claims In DOGE Access Suit

    WASHINGTON, D.C. — A federal judge in the District of Columbia on March 31 denied summary judgment to both sides — unions and nonprofits and federal government agencies — as to Administrative Procedure Act (APA) claims in a case over U.S. Digital Service and U.S. DOGE Service Temporary Organization (together, DOGE) personnel’s right to access U.S. Department of Labor (DOL) records, finding that “real disputes over facts foundational to plaintiffs’ APA claims . . . persist.”

  • April 01, 2026

    Claim Preclusion Inapplicable In Indemnification Suit Over $20M BIPA Settlement

    CHICAGO — A federal judge in Illinois held that claim preclusion does not apply to a lawsuit seeking indemnification from an insurer for an underlying $20 million settlement arising from a class action lawsuit alleging the insured violated the Illinois Biometric Information Privacy Act (BIPA), further finding that although the policy’s access or disclosure exclusion applies to the underlying class action, there are genuine disputes of material facts as to the plaintiffs’ mend-the-hold and waiver arguments that may prevent the insurer from raising the exclusion.

  • April 01, 2026

    9th Circuit Denies Rehearing In Challenge Over $115M Data Collection Settlement

    SAN FRANCISCO — A Ninth Circuit U.S. Court of Appeals panel unanimously denied an objector’s petition for rehearing en banc of its decision affirming a district court order granting final approval of a $115 million class action settlement resolving claims that Oracle America Inc. unlawfully tracked and monetized users’ online activity, noting that no judge requested a vote after the full court was advised of the petition.

  • March 26, 2026

    Judge Amends Protective Order On Use Of AI Tools In Chemical Injury Suits

    KANSAS CITY, Kan. — A U.S. magistrate judge in Kansas on March 25 amended a protective order governing the use of AI tools in chemical injury litigation, stating that any party that wishes to use an AI tool in connection with discovery materials must, prior to using the tool, provide written notice of its intent to use the tool because submission of discovery materials to an open AI tool may violate U.S. data privacy laws as well as strict disclosure rules under the European General Data Protection Regulation (GDPR).

  • March 26, 2026

    $2.9M Data Breach Class Action Settlement Receives Final Approval

    WARWICK, R.I. — A Rhode Island state judge granted final approval of a $2.9 million class action settlement that resolves claims alleging that a health care provider failed to protect patient data from a 2024 ransomware attack; the class action settlement also provides service awards of $4,000 for each class representative and attorney fees of nearly $1 million.

  • March 26, 2026

    Summary Judgment Affirmed In Favor Of Health Provider In Data-Sharing Dispute

    BALTIMORE — A Maryland appellate panel affirmed summary judgment in favor of a health care provider in a suit alleging that its website’s embedded tracking code unlawfully disclosed patient data, holding that the Maryland Electronic Surveillance Act’s definition of communication does not include the transmission of metadata such as IP addresses, cookie values and URL information.

  • March 25, 2026

    Insurer Urges High Court To Resolve Circuit Split Over Data Breach Standing

    WASHINGTON, D.C. — Writing that the lower courts “have yet to settle on a consistent standard” for Article III standing in data breach cases, an insurance group and its subsidiaries petitioned the U.S. Supreme Court for a writ of certiorari, arguing that the Fourth Circuit U.S. Court of Appeals improperly expanded standing in a data breach class action by allowing a pair of plaintiffs to proceed based on the alleged disclosure of nonsensitive personal information by a third-party hacker, creating circuit splits and warranting review.

  • March 24, 2026

    TRO Denied In Putative Class Suit Over Government’s Biometric Data Collection

    PORTLAND, Maine — A federal judge in Maine on March 23 opined that a putative class complaint that accuses the U.S. Department of Homeland Security and its various agencies of violating the constitutional rights of Maine residents by collecting their biometric and personal data while they are observing and recording public immigrant enforcement operations “raises serious constitutional issues” but declined to issue a temporary restraining order (TRO) as the plaintiffs failed to sufficiently show a likelihood that they will succeed on the merits of their claims.

  • March 24, 2026

    $68M Settlement For Google Assistant Eavesdropping Claims Gets Preliminary OK

    SAN JOSE, Calif. — A California federal judge granted a motion for preliminary approval of a $68 million settlement of a group of plaintiffs’ putative class claims against Google LLC and Alphabet Inc. (collectively Google) for allegedly eavesdropping on Google Assistant (GA) users in violation of California’s unfair competition law (UCL) and privacy laws.

  • March 23, 2026

    FCC: Constitution Allows Forfeiture Orders In Verizon, AT&T High Court Challenge

    WASHINGTON, D.C. — The Federal Communications Commission and the U.S. government on March 20 filed their response in the U.S. Supreme Court in consolidated cases where Verizon Communications Inc. and AT&T Inc. assert constitutional challenges to the FCC’s enforcement of monetary forfeitures under the Communications Act.

  • March 20, 2026

    $7.75 Million Class Action Settlement Approved In Data Breach Dispute

    GREENVILLE, S.C. — A South Carolina federal judge granted final approval to a $7.75 million class action settlement resolving claims that a financial services company and its affiliated lending subsidiaries failed to safeguard consumers’ names and Social Security numbers in a February 2023 data breach.

  • March 19, 2026

    $5M Class Deal In Geisinger Data Breach Case Wins Final Approval

    WILLIAMSPORT, Pa. — A Pennsylvania federal judge granted final approval of a $5 million settlement agreement between a Pennsylvania health care provider and its tech services vendor who were sued over a 2023 data breach, while separately approving $2,000 service awards for each of the named plaintiffs.

  • March 19, 2026

    Judge Denies Dismissal For Lack Of Standing In Stolen PII Data Breach Class Suit

    HOUSTON — A Texas federal judge adopted a magistrate judge’s memorandum and recommendation advising denying dismissal for lack of standing of a motion filed by a utility company and third-party benefits administrator in a putative class action against them and an employee benefit plan services company for failure to secure personally identifiable information (PII) in a data breach, finding that some of the plaintiffs sufficiently alleged injury from identity thefts to establish standing.

  • March 19, 2026

    Tenn. Federal Judge OKs Final Approval Of Settlement In Data Breach Class Action

    KNOXVILLE, Tenn. — A Tennessee federal judge granted final approval of an $807,500 class action settlement resolving consolidated claims that a restaurant franchisee failed to safeguard employees’ personally identifiable information (PII), resulting in a January 2023 data breach that exposed the data of more than 100,000 current and former workers.

  • March 17, 2026

    122K Cy Pres Award Approved In $27.5M Thomson Reuters Data-Selling Settlement

    SAN FRANCISCO — A California federal judge approved the cy pres distribution of $122,101.51 in remaining funds to a nonprofit consumer advocacy organization from a $27.5 million settlement of a class action over Thomson Reuters Corp.’s online gathering and sale of personally identifiable information (PII) of Californians, holding that the nonprofit has the requisite nexus to the privacy claims asserted on behalf of the class.

  • March 17, 2026

    Amici Supporting Neither Party Weigh In On High Court’s Geofence Warrant Case

    WASHINGTON, D.C. — As merits briefing continues in a case where the petitioner was convicted of armed robbery through cell phone location evidence obtained through a geofence warrant that he argues was an unconstitutional violation of the Fourth Amendment to the U.S. Constitution, the latest batch of amicus curiae briefs comes from entities that say they support neither party, including Microsoft Corp. and software and computer industry associations.

  • March 16, 2026

    Video Game Distributor To Pay $2.7M In Class Settlement For Privacy Violations

    NEW YORK — A video game distributor will pay $2.72 million to settle a class action complaint alleging that it sent personally identifiable information to Facebook and other third parties without its users’ knowledge or consent in violation of the Video Privacy Protection Act (VPPA) after a New York federal magistrate judge gave final approval to the settlement agreement.

  • March 13, 2026

    Final Approval Granted For Injunctive Settlement In PII Free Trial Case

    LOS ANGELES — A California federal judge granted final approval of a class action settlement resolving allegations that a corporation violated the Illinois Right of Publicity Act (IRPA) by displaying individuals’ personally identifiable information (PII) in seven-day free trials of its data aggregation products, which the plaintiffs contended were used to market paid subscriptions; the settlement provides injunctive relief barring the use of Illinois class members’ PII in free trials, includes $2,500 service awards for two class representatives and $492,500 in attorney fees and costs.

  • March 13, 2026

    Summary Judgment For Miami Hospital, EMT Affirmed In Patient Privacy Dispute

    MIAMI — A Florida appellate panel affirmed summary judgment for a Miami hospital and an emergency medical technician, holding that the father of a deceased hospital patient could not pursue claims for intentional infliction of emotional distress, invasion of privacy or vicarious liability arising from the unauthorized social media posting of his son’s leg injury because the conduct was not legally outrageous, the father was neither present nor the direct target of the photo and the image did not identify the patient or invade a privacy interest.

  • March 13, 2026

    Parties File Briefs In High Court Supporting Verizon Challenge To FCC Forfeitures

    WASHINGTON, D.C. — More than a dozen parties filed amicus curiae briefs in the U.S. Supreme Court supporting Verizon Communications Inc. and AT&T Inc. in consolidated cases where Verizon and AT&T asserted constitutional challenges to the Federal Communications Commission’s enforcement of monetary forfeitures under the Communications Act.