Mealey's Data Privacy
-
October 06, 2025
U.S. Supreme Court Won’t Decide Conflict On FERPA Interpretations
WASHINGTON, D.C. — A school district’s petition for a writ of certiorari that asking U.S. Supreme Court justices to clear up conflicting court interpretations regarding enforcement of the Family Education Rights and Privacy Act of 1974 (FERPA) alongside state public records acts (PRAs) was denied by the high court on Oct. 6.
-
October 06, 2025
Covert Records State Ban Won’t Be Considered By U.S. High Court
WASHINGTON, D.C. — A petition for a writ of certiorari filed by a pair of nonprofit media organizations that oppose an Oregon statutory ban on most covert recordings was denied Oct. 6 by the U.S. Supreme Court.
-
October 06, 2025
U.S. High Court Denies Debt Collection Firm’s Petition On Jurisdiction
WASHINGTON, D.C. — The U.S. Supreme Court on Oct. 6 denied a petition for a writ of certiorari filed by a debt collection firm seeking clarification on whether a single errantly sent letter is sufficiently comparable to the tort of intrusion upon seclusion to establish jurisdiction for a claim under the Fair Debt Collection Practices Act (FDCPA).
-
October 06, 2025
Partial Dismissal Granted To LinkedIn Over Claims Of Data Gathering, Sharing
SAN JOSE, Calif. — LinkedIn Corp. partially succeeded in its motion to dismiss claims that it used a tracking pixel to intercept and share users’ personal data with third-party advertisers, with a California federal judge disposing of one claim under the California Invasion of Privacy Act (CIPA) and dismissing one of four putative class complaints in its entirety.
-
October 03, 2025
Some Subclasses Certified In Accellion Privacy Suit; Some Expert Opinions Struck
SAN JOSE, Calif. — The plaintiffs in a consolidated class action over the hacking of software created by Accellion Inc. saw some of their expert’s testimony stricken for his lack of experience by a California federal judge who also partly granted the plaintiffs’ motion to certify several subclasses related to Accellion’s customers who were affected by the data breach incidents.
-
October 01, 2025
Class Suit Accuses Federal Government Of Unlawfully Pooling Citizens’ Data
WASHINGTON, D.C. — Federal government agencies and their heads are violating U.S. citizens’ privacy rights and opening millions to “massive cybersecurity risks” by creating centralized records systems at the U.S. Department of Homeland Security, a Sept. 30 putative class complaint filed by the League of Women Voters (LWV) and others alleges.
-
September 30, 2025
Sendit App Maker Sued By Government For Collecting Kids’ Data, Fake Messages
LOS ANGELES — California-based Iconic Hearts Holdings Inc. was sued by the U.S. government for violating children’s privacy and for engaging in deceptive practices related to the popular Sendit app, including gathering children’s data without parental consent, inadequate disclosure of automatic renewals for memberships and misrepresenting the identity of the senders of purported personal messages sent to app users.
-
September 30, 2025
Privacy Suit Over Zillow’s Watched Videos Disclosure Dismissed At Parties’ Request
SAN DIEGO — A federal judge in California dismissed without prejudice a putative privacy class action against Zillow Group Inc. for purportedly sharing the video-viewing history of users of its app and website after the plaintiffs and online real estate platform operator filed a joint motion and stipulation to dismiss.
-
September 30, 2025
Judge Partly Dismisses Illinois Woman’s Privacy Suit Over Hospital’s Website
ROCK ISLAND, Ill. — A putative class action over a hospital’s purported sharing of the private information of its website’s users was partially dismissed, with an Illinois federal judge disposing of breach of contract, bailment, eavesdropping and computer fraud claims, with leave to amend.
-
September 26, 2025
DOJ Sues 6 States For Not Providing Full Voter Registration Information
The U.S. Department of Justice (DOJ), on behalf of the United States, filed lawsuits against six states in corresponding federal district courts, seeking orders requiring each state to submit a computerized statewide voter registration list in compliance with the Help America Vote Act (HAVA) for the purpose of “safeguard[ing] American elections in compliance with Federal laws.”
-
September 25, 2025
Florida Health System Granted Sovereign Immunity In Class Suit Over Data Sharing
FORT MYERS, Fla. — A Florida health care provider that is a political subdivision of the state is entitled to sovereign immunity from putative class claims by a patient who alleged that patients’ privacy rights were violated when their medical information was transmitted to Facebook, a federal judge in Florida ruled Sept. 24.
-
September 24, 2025
Claims Over Website’s Sharing ED Data With Google, Meta Lack Support, Judge Finds
SAN FRANCISCO — Three men who claimed that an erectile dysfunction (ED) treatment website improperly shared their protected health information (PHI) with Google LLC and Meta Platforms Inc. failed to demonstrate that they did not consent to this sharing by agreeing to terms in the operative version of the website operator’s privacy policy, a California federal judge ruled Sept. 23.
-
September 23, 2025
USDA Temporarily Restrained From Demanding SNAP Users’ Data From States
SAN FRANCISCO — A group of states successfully stopped, at least for now, the U.S. Department of Agriculture from enforcing its demand that each state submit the personal data of its residents who receive benefits under the Supplemental Nutrition Assistance Program (SNAP), with a California federal judge issuing a temporary restraining order (TRO) and finding the states likely to succeed on their claim, under the Administrative Procedure Act (APA), that the data demand was contrary to law.
-
September 23, 2025
Negligence, Contract Claims Over Organ Donation Firm’s Data Exposure May Proceed
RICHMOND, Va. — An organ donor whose personally identifiable information (PII) was potentially exposed in an unencrypted state for 16 years adequately alleged negligence and breach of contract claims against the donor administration organization, a Virginia federal judge concluded, mostly denying the defendant’s motion to dismiss.
-
September 22, 2025
Minors Sue Disney Over Data Collection On Videos For Children
LOS ANGELES — Three minors filed a putative class action in California state court accusing two Disney companies of violating California’s unfair competition law (UCL) and other laws by failing to designate certain YouTube videos as “for kids” and collecting information about those viewers, which was also the subject of a recent $10 million settlement by Disney with the Federal Trade Commission.
-
September 19, 2025
Final Approval Given To $20 Million Global Settlement Of Fortra Data Breach MDL
MIAMI — Five months after a Florida federal judge preliminarily approved a $20 million global settlement of a multidistrict litigation over a 2023 data breach experienced by users of a file-transfer program, he granted final approval to the settlement, thus resolving all remaining claims against software firm Fortra LLC, its customers and their clients by class members who claim that their personally identifiable information (PII) was compromised in the cyberattack.
-
September 18, 2025
Meta Denied Posttrial JMOL, Decertification Motions In Period App Privacy Suit
SAN FRANCISCO — Rejecting an attempt by Meta Platforms Inc. “to overturn just about everything related to the verdict” in a trial over its purported eavesdropping and data collection from an ovulation-tracking app in violation of the California Invasion of Privacy Act (CIPA), a California federal judge denied the social media operator’s motions for judgment as a matter of law (JMOL) and to decertify the class of app users.
-
September 17, 2025
Data Breach Suit Against Casino Mostly Survives Dismissal
LAS VEGAS — The operator of a casino that was hit by a data breach in 2024 saw its motion to dismiss putative class privacy, negligence and unfair competition claims mostly denied by a Nevada federal judge, who found that a group of customers and former employees adequately alleged most of their claims and supported them with assertions of cognizable injuries.
-
September 16, 2025
Insurers Fail To Settle Equitable Contribution Suit Over Unlawful Recording Claims
SAN DIEGO — A federal court in California on Sept. 15 reported that following an early neutral evaluation conference, a cyber liability insurer and a defendant insurer did not reach a settlement of the cyber liability insurer’s lawsuit seeking equitable contribution and indemnification for an underlying lawsuit alleging that their mutual insured intentionally failed to disclose that hidden cameras were installed in operating rooms and recorded patient procedures in an effort to investigate drug theft.
-
September 16, 2025
Suit Against Relocation Firm Over Data Breach Mostly Survives Dismissal Motion
LOS ANGELES — Although a California federal judge dismissed as insufficiently pleaded a California woman’s bailment claim against a relocation service provider related to a 2024 data breach, the plaintiff’s contract, privacy and negligence putative class claims were deemed adequately alleged to withstand the defendant's dismissal motion.
-
September 16, 2025
$95 Million Settlement Of Siri Eavesdropping Class Action Gets Final Approval
OAKLAND, Calif. — A California federal judge gave a final OK to a $95 million settlement of a six-year-old class action accusing Apple Inc. of collecting unauthorized recordings of Apple device users via its Siri digital assistant, deeming the settlement “fair, adequate, and reasonable.”
-
September 15, 2025
Magistrate Approves $1.5 Million Settlement Of Garda Data Breach Suit
WEST PALM BEACH, Fla. — More than five months after he preliminarily approved a $1.5 million settlement between a security company and a group of employees that sued it over the theft of their personally identifiable information (PII) in a 2023 data breach, a Florida federal magistrate judge granted final approval, deeming the deal in compliance with federal rules and, as such, “fair, adequate and reasonable.”
-
September 12, 2025
Investors’ Fraud Suit Against Technology Company After Data Breach Dismissed
NEW YORK — A federal judge dismissed investors’ securities fraud class action against a global technology company, finding the investors failed to allege the company and its officers and directors made material misstatements about its internal securities controls before and after a data breach and failed to allege scienter with respect to their fraud claims.
-
September 12, 2025
Debt Collector: 8th Circuit Suit Boosts Intrusion Upon Seclusion Certiorari Bid
WASHINGTON, D.C. — A debt collection firm, which asked the U.S. Supreme Court to clarify whether a single errantly sent letter is sufficiently comparable to the tort of intrusion upon seclusion to establish jurisdiction for a claim under the Fair Debt Collection Practices Act (FDCPA), filed a supplemental brief telling the high court that a recent Eighth Circuit U.S. Court of Appeals ruling, which conflicted with the ruling it appeals, further supports the need for a grant of certiorari on the matter.
-
September 12, 2025
3rd Circuit Asks N.J. High Court Whether Data Shield Law Liability Needs Mens Rea
PHILADELPHIA — Two months after hearing oral arguments in a dispute over the constitutionality of a New Jersey law that provides for deletion of public officials’ private information from data brokers’ records, a Third Circuit U.S. Court of Appeals panel certified two questions to the New Jersey Supreme Court, asking it to clarify whether a finding of liability under the statute requires a determination of a defendant’s mental state.