Newsletter RSS

Mealey's Data Privacy

  • March 13, 2026

    Final Approval Granted For Injunctive Settlement In PII Free Trial Case

    LOS ANGELES — A California federal judge granted final approval of a class action settlement resolving allegations that a corporation violated the Illinois Right of Publicity Act (IRPA) by displaying individuals’ personally identifiable information (PII) in seven-day free trials of its data aggregation products, which the plaintiffs contended were used to market paid subscriptions; the settlement provides injunctive relief barring the use of Illinois class members’ PII in free trials, includes $2,500 service awards for two class representatives and $492,500 in attorney fees and costs.

  • March 13, 2026

    Summary Judgment For Miami Hospital, EMT Affirmed In Patient Privacy Dispute

    MIAMI — A Florida appellate panel affirmed summary judgment for a Miami hospital and an emergency medical technician, holding that the father of a deceased hospital patient could not pursue claims for intentional infliction of emotional distress, invasion of privacy or vicarious liability arising from the unauthorized social media posting of his son’s leg injury because the conduct was not legally outrageous, the father was neither present nor the direct target of the photo and the image did not identify the patient or invade a privacy interest.

  • March 13, 2026

    Parties File Briefs In High Court Supporting Verizon Challenge To FCC Forfeitures

    WASHINGTON, D.C. — More than a dozen parties filed amicus curiae briefs in the U.S. Supreme Court supporting Verizon Communications Inc. and AT&T Inc. in consolidated cases where Verizon and AT&T asserted constitutional challenges to the Federal Communications Commission’s enforcement of monetary forfeitures under the Communications Act.

  • March 13, 2026

    Amazon Pledges To Seek High Court Review Of Class Certification In BIPA Suit

    CHICAGO — Amazon on March 12 told the Seventh Circuit U.S. Court of Appeals that it plans to file a petition for a writ of certiorari with the U.S. Supreme Court following the circuit court’s refusal to reconsider its ruling that a lower court did not err in certifying a class of users of its “virtual try-on” (VTO) feature and asked the Seventh Circuit to hold off on issuing its mandate.

  • March 11, 2026

    Judge Grants Final Approval Of Hospital Data Breach Class Action Settlement

    NEW HAVEN, Conn. — A Connecticut federal judge issued an order granting final approval of a class action settlement comprising an $18 million cash settlement fund from which awards will be paid to settlement class counsel for $6 million in attorney fees and $40,223.84 for litigation costs in a suit over a cyberattack and data breach at a Connecticut health system, finding the settlement “reasonable” and the relief “adequate.”

  • March 11, 2026

    Judge Declines To Certify Class Of AirTag ‘Stalking’ Victims Suing Apple

    SAN FRANCISCO — A California federal judge denied a motion that was filed by plaintiffs who claim that Apple Inc.’s “AirTag” tracking devices were used to stalk them in violation of California’s unfair competition law (UCL) and other laws, in which they sought to certify three nationwide classes of people allegedly “tracked without consent by Apple’s AirTag,” and directed the parties to prepare to discuss whether the cases should be severed.

  • March 11, 2026

    En Banc Rehearing Bid Rejected In Dispute Over Medical Data Given To Facebook

    PHILADELPHIA — A Third Circuit U.S. Court of Appeals panel denied the motion of two plaintiff-appellants to file a rehearing en banc petition out of time, leaving intact a panel decision that held that Meta Inc.’s receipt of users’ website communications through Quest Diagnostics Inc.’s Facebook tracking pixel did not constitute third-party eavesdropping under California’s Invasion of Privacy Act (CIPA).

  • March 10, 2026

    Missouri Panel: Sovereign Immunity Inapplicable In Hospital Tracking Device Suit

    KANSAS CITY, Mo.  — A Missouri appellate court reversed and remanded a lower court’s dismissal of claims against a hospital board of trustees in a putative class action alleging that the board and the hospital installed tracking devices on the hospital website and patient portal and violated patients’ privacy, finding that the lower court erred in determining that the claims against the board were barred by sovereign immunity.

  • March 09, 2026

    Ill. Federal Judge Certifies Question On ECPA’s Crime-Tort Exception To 7th Circuit

    CHICAGO — An Illinois federal judge refused to reconsider his ruling that denied a health care provider’s motion to dismiss a putative class action complaint alleging that it improperly shared confidential medical information with Facebook but allowed “an early trip to the Seventh Circuit” U.S. Court of Appeals by certifying a question for an interlocutory appeal.

  • March 09, 2026

    Dismissal Reversed, Remanded On Jurisdiction Grounds In Crypto Data Breach Case

    SAN FRANCISCO — A Ninth Circuit U.S. Court of Appeals panel reversed and remanded the dismissal of a putative data breach class action against an overseas cryptocurrency trading platform, holding that specific personal jurisdiction in California was proper because the company purposefully directed its commercial and data collection activities at the state and the class action claims arose from those contacts; one judge dissented in the dispute, which centers on alleged security failures that exposed the application programming interface (API) credentials of the trading platform’s users and resulted in millions of dollars in losses.

  • March 06, 2026

    Class Action DOGE Data Privacy Suit Survives Dismissal Motion

    WASHINGTON, D.C. — A District of Columbia federal judge denied a motion filed by a federal agency and the U.S. Department of Treasury to dismiss an amended putative class complaint alleging unlawful disclosure of federal employees’ personal data to the Department of Governmental Efficiency (DOGE), holding that the employees sufficiently alleged damages under the U.S. Privacy Act of 1974 by asserting that they purchased identity theft protection services following public concerns about DOGE’s access to government records.

  • March 06, 2026

    Judge Approves $2.2M Settlement In Data Breach Suit Against Radiology Practice

    MINNEAPOLIS — Finding it “reasonable,” a Minnesota judge approved a settlement with a cap of $2.2 million in a data breach class action suit against a radiology practice involving more than 580,000 class members related to a February 2024 data breach where plaintiffs’ private information “had been potentially accessed by computer hackers.”

  • March 06, 2026

    Judge Appoints Referee To Review Attorney Fees In $3.2M Data Breach Settlement

    GREENVILLE, N.C. — A North Carolina judge deferred ruling on a motion by plaintiffs in a data breach class action for $1.5 million in attorney fees, comprising approximately 47% of a $3.2 million settlement fund for patients affected by a medical company data breach, and appointed a referee to review the fees sought by plaintiffs after their attorneys provided “inadequate” billing records.

  • March 04, 2026

    USDA SNAP Data Request Blocked In Part Over Statutory Limitations

    SAN FRANCISCO — A California federal judge partially granted a coalition of states’ motion to enforce or expand a previously issued preliminary injunction in their challenge to the U.S. Department of Agriculture’s demand for the personal data of their residents who receive Supplemental Nutrition Assistance Program (SNAP) benefits, ruling that although the agency’s renewed data request was not covered by the earlier order, the states are likely to succeed on their claim that the request violates disclosure safeguards and preliminarily barring the agency from withholding funding based on noncompliance.

  • March 03, 2026

    Amici To High Court In Merits Briefs: Rule Geofence Warrant Unconstitutional

    WASHINGTON, D.C. — In 17 amicus curiae merits briefs filed in the U.S. Supreme Court on March 2, amici including X Corp., NetChoice, the Cato Institute and the American Civil Liberties Union support the petitioner, who was convicted of armed robbery through cell phone location evidence obtained through a geofence warrant that he argues was an unconstitutional violation of the Fourth Amendment to the U.S. Constitution; additionally, amicus Google LLC supports neither side but opines that “law enforcement was required to obtain a warrant to access that data.”

  • March 03, 2026

    Judge Dismisses Complaint Alleging Abbott Shared Medical Data With Google, Meta

    CHICAGO — An Illinois federal judge on March 2 dismissed with prejudice a complaint filed by three individuals who alleged that the manufacturer of continuous glucose monitoring devices for diabetes management shared sensitive information about them to third parties through tracking tools on its website.

  • March 03, 2026

    Judge: Ransomware Sublimit Does Not Limit Insurer’s Liability For Malware Attack

    DALLAS — Noting that the court has not located any case law interpreting a ransomware sublimit endorsement or any similar policy provision, a federal judge in Texas held that a cyber liability insurance policy’s $250,000 Ransomware Sub-Limit Endorsement is not applicable on its face to the policy’s cyber extortion insurance and, as a result, the insurer’s liability is not limited as to the insured’s claim for $1.2 million in losses arising from a malware attack.

  • March 02, 2026

    Class Complaint: Insurer Sold Out Customer And Website Users’ Trust For Money

    CHICAGO — A class complaint was filed in an Illinois federal court alleging that an insurer committed an egregious privacy violation and breach of consumer trust in violation of Illinois, California and federal laws by knowingly deploying tracking technologies without the consent of its insurance customers and other website visitors and in violation of its own express assurances that the customers’ private information would remain confidential, asserting that the insurer sold out its customers and website users’ trust for money.

  • February 27, 2026

    DOJ Sues 5 More States Over Denied Access To Voter Registration Data

    The Department of Justice (DOJ) sued five more states — Kentucky, New Jersey, Oklahoma, Utah and West Virginia — on Feb. 26, seeking to compel state election officials to produce statewide voter registration lists under Title III of the Civil Rights Act of 1960 (CRA), alleging that the states refused demands issued to assess compliance with federal voter-registration maintenance requirements; two days earlier, the government appealed a trio of dismissed voter-roll cases in California, Oregon and Michigan.

  • February 26, 2026

    California Judge Requests More Evidence Before Final Approval Of $3.5M Settlement

    LOS ANGELES — A California judge issued a final ruling continuing a proposed $3.5 million class settlement resolving claims arising from a 2022 data breach that affected nearly 200,000 mental health patients, finding that supplemental evidence was required regarding notice results, claims auditing, administration costs and supporting documentation for requested attorney fees and expenses.

  • February 26, 2026

    Plaintiffs’ Motion To File For Reconsideration Granted In Dropbox Data Breach Row

    OAKLAND, Calif. — A California federal judge granted plaintiffs’ motion for leave to file a motion for reconsideration of an order compelling arbitration in a putative class action suit alleging that Dropbox Inc. failed to protect plaintiffs’ personally identifiable information (PII) that was allegedly compromised in a cyberattack, finding that “there has been an intervening change in controlling law that may alter the legal analysis of whether Dropbox users manifested unambiguous assent to its Terms of Service.”

  • February 25, 2026

    Judge Grants Meta’s Bid To File Amended Answer In Facial Recognition Software Suit

    EAST ST. LOUIS, Ill. — An Illinois federal judge granted a motion by Meta Platforms Inc. seeking leave to file a second amended answer and defenses in a putative class action suit alleging violations of a state privacy law regarding Meta’s collecting biometric information using facial recognition software through its Facebook messenger and messenger kids applications, finding in part that Meta used due diligence in researching its defenses.

  • February 25, 2026

    DOJ Voter Data Suit Seeking Michigan Information Dismissed

    GRAND RAPIDS, Mich. — Not one of the three federal acts cited by the federal government in its attempt to demand that Michigan turn over its voter registration list requires such a disclosure, a federal judge in that state ruled, granting two motions to dismiss the complaint, one filed by the state and one filed by intervenors.

  • February 25, 2026

    Injunction Request Partially Granted In FOIA Row Over DOJ Bid For Voting Records

    WASHINGTON, D.C. — A District of Columbia federal judge granted in part a nonprofit voting rights organization’s motion for a preliminary injunction to expedite its Freedom of Information Act (FOIA) requests for information about the U.S. Department of Justice’s (DOJ’s) efforts to obtain “sensitive” voter information, finding “that the FOIA requests at issue in this case are of such importance and urgency that a preliminary injunction requiring expedited processing is warranted.”

  • February 25, 2026

    Oregon Appeals Panel Affirms Trial Court’s Dismissal Of Health Data Breach Case

    PORTLAND, Ore. — The Oregon Court of Appeals affirmed a trial court’s dismissal of negligence claims arising from a health care data breach, holding that the plaintiff representing a putative class alleged only economic losses from stolen personal information and failed to establish a special relationship or independent statutory duty sufficient to overcome the economic loss doctrine.