Newsletter RSS

Mealey's Data Privacy

  • January 21, 2026

    SSA To Court: Former DOGE Team’s Data Use Possibly Noncompliant With TRO

    BALTIMORE — The Social Security Administration (SSA) filed a notice in a federal court in Maryland stating that in December 2025 it made two Hatch Act referrals to the U.S. Office of Special Counsel and notified the U.S. Department of Justice of instances of use of SSA data “by the then-SSA DOGE [Department of Government Efficiency] Team” that were “potentially outside of SSA policy and/or noncompliant” with a temporary restraining order (TRO) entered in March 2025.

  • January 20, 2026

    Radiology Provider Settles Data Breach Class Claims For $1.5M Plus Monitoring, Fees

    FORT LAUDERDALE, Fla. — A radiology service provider will pay $1.5 million to those patients whose data were accessed during a cyberattack who can demonstrate loss, will provide medical data monitoring valued at more than $186 million to all class members and will pay class counsel $2.85 million, according to a settlement agreement granted final approval by a Florida judge.

  • January 16, 2026

    Supreme Court To Tackle 4th Amendment Implications Of Geofence Warrants

    WASHINGTON, D.C. — The U.S. Supreme Court on Jan. 16 granted certiorari to a man who was convicted of armed robbery through evidence obtained via a geofence warrant, which culls location information from users’ mobile devices, agreeing to address whether such warrants violate the Fourth Amendment to the U.S. Constitution.

  • January 16, 2026

    $30 Million Settlement Of Kids’ Privacy Suit Against Google Gets Final OK

    SAN JOSE, Calif. — About four months after preliminarily approving a $30 million agreement that would settle invasion of privacy claims against YouTube LLC and Google LLC (Google, collectively) for the purported collection of minors’ personally identifiable information (PII) in violation of the Children’s Online Privacy Protection Act (COPPA), a California federal magistrate judge granted a final approval motion, ending the more than six-year-old class action.

  • January 16, 2026

    Pennsylvania To High Court: Group Didn’t Show Injury From Withheld Documents

    WASHINGTON, D.C. — A nonprofit election integrity organization failed to demonstrate that it experienced a concrete injury in the denial of its request for documents related to a voter registration error, Pennsylvania government parties argue in a brief urging the U.S. Supreme Court to deny the organization’s petition for certiorari and affirm that it lacked standing to bring suit under Article III of the U.S. Constitution.

  • January 14, 2026

    Judge Remands Suit Against Insurer For Data Sharing, Denies Attorney Fee Request

    SAN FRANCISCO — Writing that a dental insurer engaged in “dubious” tactics by “removing based on federal jurisdiction then turning around and challenging federal standing,” a California federal judge denied the insurer’s motion to dismiss and instead remanded a putative class action against it for allegedly sharing insureds’ online data without consent, but denied the plaintiff’s request to consider attorney fees.

  • January 13, 2026

    Disability Bias Dismissal Upheld, Disclosure Claim Revived In 11th Circuit

    ATLANTA — The 11th Circuit U.S. Court of Appeals affirmed a summary judgment order dismissing disability discrimination, retaliation and hostile work environment claims brought against the Department of Veterans Affairs by an employee after she allegedly experienced respiratory issues while working in a regional Florida office but reversed and remanded a claim that her manager unlawfully disclosed medical information pursuant to the Rehabilitation Act of 1973.

  • January 12, 2026

    Certiorari Granted In 2 Suits Over Constitutionality Of FCC Forfeitures

    WASHINGTON, D.C. — On Jan. 9, the U.S. Supreme Court agreed to consider whether provisions of the Communications Act, by which the Federal Communications Commission assesses and enforces the payment of monetary forfeitures, violate the Seventh Amendment or Article III of the U.S. Constitution, granting certiorari in cases involving former practices of AT&T Inc. and Verizon Communications Inc. under which they sold customers’ location data to third parties.

  • January 12, 2026

    HHS May Not Share Some Medicaid Data With DHS For Immigration Enforcement

    SAN FRANCISCO — For the second time in five months, a California federal judge partly granted a group of states’ motion to preliminarily enjoin the U.S. Department of Health and Human Services from sharing certain information about Medicaid beneficiaries with the U.S. Department of Homeland Security for the purpose of immigration enforcement.

  • January 08, 2026

    Following Mediation, Parties Reach Impasse In Data Breach Coverage Dispute

    ORLANDO, Fla. — A Florida federal court reported in a Jan. 7 docket note that an insured and its cyber and data risk insurer reached an impasse following mediation of the insured’s breach of contract and declaratory judgment lawsuit arising from a 2024 data breach that caused interruption to its financial technology business.

  • January 08, 2026

    Judge OK’s $10 Million Settlement Of Child Privacy Claims Against Disney

    LOS ANGELES — A proposed stipulation between the United States and Disney Worldwide Services Inc. to settle claims that the entertainment company enabled the collection of children’s personally identifiable information (PII) was approved by a California federal judge, who greenlighted a $10 million civil penalty against Disney and a permanent injunction requiring the company to make procedural changes regarding its posting and designation of videos directed toward children on YouTube.

  • January 07, 2026

    Judge Denies Insured’s Motion To Stay Coverage Suit Pending Ruling On MDL Claims

    JOHNSTOWN, Pa. — A federal judge in Pennsylvania on Jan. 6 denied an insured’s motion to temporarily stay its breach of contract and declaratory judgment lawsuit seeking coverage for an underlying multidistrict litigation over allegations that it violated the Computer Fraud and Abuse Act, the Stored Communications Act, the Michigan Identity Theft Protection Act and Ohio data security laws, holding that the issues of coverage are not relevant to and will not be resolved by the MDL.

  • January 06, 2026

    Trump, RNC Appeals Of Voter Info Mandate Injunction Consolidated In D.C. Circuit

    WASHINGTON, D.C. — Appeals by President Donald J. Trump and other federal government defendants and by the Republican National Committee (RNC) of a federal judge’s ruling permanently enjoining the implementation of an executive order (EO) provision that would have required voter registrants to provide documents containing personal citizenship information to the Election Assistance Commission (EAC) were consolidated by the District of Columbia Circuit U.S. Court of Appeals.

  • January 05, 2026

    Federal Workers’ Privacy Suit Over OPM ‘Test’ Emails Dismissed For No Jurisdiction

    WASHINGTON, D.C. — A federal judge in the District of Columbia dismissed for lack of jurisdiction a putative class complaint by federal workers suing under pseudonyms who alleged that the Office of Personnel Management (OPM) failed to conduct and publish a privacy impact assessment (PIA) before allegedly sending out “test” emails the workers claimed were being used to collect information on them.

  • December 26, 2025

    Class Certification Affirmed In BIPA Suit Over Amazon’s Virtual Try-On Feature

    CHICAGO — A trial court judge did not abuse his discretion in certifying a class of users of Amazon’s virtual try-on (VTO) feature, a Seventh Circuit U.S. Court of Appeals panel ruled, noting that class certification is not permanent and “[t]he district court should remain vigilant in monitoring the propriety of certification as the case develops.”

  • December 23, 2025

    Stay Of Injunction Pending Appeal Denied In Meta Fraud Suit Against Spyware Firm

    OAKLAND, Calif. — A California federal judge denied a motion to stay a permanent injunction pending appeal of the injunction and final judgment of $4,447,190 in favor of WhatsApp Inc. (now known as WhatsApp LLC) and its parent company Facebook Inc. (now known as Meta Platforms Inc.) and against NSO Group Technologies Ltd. and its parent company, finding in part that NSO failed to show that it is likely to succeed on appeal.

  • December 23, 2025

    Judge Finds Privacy Act, APA Claims Against DOGE, OPM Not Mooted

    NEW YORK — A New York federal judge found that the U.S. Office of Personnel Management (OPM) and the Department of Government Efficiency (DOGE) did not establish that claims against them under the Privacy Act and the Administrative Procedure Act (APA) were mooted by the establishment of new compliance procedures, leading her to deny a motion to dismiss.

  • December 22, 2025

    Fan: Dismissal Of NBA VPPA Claims Wrongly Based On ‘Ordinary Person’ Test

    NEW YORK — Less than two weeks after the U.S. Supreme Court denied certiorari to the National Basketball Association in a suit alleging that it violated the Video Privacy Protection Act (VPPA) by sharing consumers’ online viewing habits, the plaintiff in the suit told the Second Circuit U.S. Court of Appeals in a Dec. 19 appellant brief appealing the subsequent dismissal of his VPPA claims that the trial court wrongly used an “ordinary person” test that should be rejected as atextual, per recent Supreme Court case law.

  • December 22, 2025

    18 Class Complaints Over University Of Pennsylvania Data Breach Consolidated

    PHILADELPHIA — A federal judge in Pennsylvania consolidated 18 putative class complaints alleging that an October 2025 breach of the University of Pennsylvania’s (UPenn) computer system resulted in unauthorized access to the sensitive personal data of more than one million people.

  • December 19, 2025

    Muslims Oppose FBI’s Certiorari Petition Over State Secrets Privilege

    WASHINGTON, D.C. — A question presented by the FBI in its bid for certiorari in a case about governmental surveillance and religious discrimination “breaks no new ground” and “involves a narrow issue from a rarely litigated aspect of the state secrets doctrine,” three Muslim Americans tell the U.S. Supreme Court in their opposition brief as they urge the high court to not grant certiorari in the nearly 16-year-old case, which is still at the motion-to-dismiss stage in a trial court.

  • December 19, 2025

    7th Circuit Upholds Dismissal Of Workers’ Case Over Vaccination Data Collection

    CHICAGO — Current and former Chicago police officers who challenged their employer’s collection of their COVID-19 testing results and vaccination status failed to bring a claim with legal merit, the Seventh Circuit U.S. Court of Appeals ruled, affirming a trial court’s dismissal of the case.

  • December 19, 2025

    United States Sues 4 More States, 1 County For Not Supplying Voter Information

    WASHINGTON, D.C. — For the fourth time since September, the U.S. Department of Justice, on behalf of the United States, filed complaints in federal courts against states that had not complied with requests for certain voter records that originated from the office of U.S. Attorney General Pam Bondi, with the DOJ alleging violation of the Civil Rights Act of 1960 (CRA) by four more states and one county, bringing the total number of states charged for such violations to 18, with one municipality.

  • December 17, 2025

    Website Operator Opposes Certiorari Bid To Define ‘Consumer’ Under The VPPA

    WASHINGTON, D.C. — Opposing a website user’s certiorari petition over whether someone can qualify as a consumer under the Video Protection Privacy Act (VPPA) if he or she does not buy, rent or subscribe to the delivery of “video tapes or similar audiovisual materials” from a video tape service provider (VTSP), the website operator in a Dec. 16 opposition brief asked the U.S. Supreme Court to reject the petitioner’s attempt “to resurrect his effort to dramatically expand the VPPA” to apply to disclosure of information about any product or service offered by a VTSP even if it is not audio-visual in nature.

  • December 12, 2025

    VPPA Pixel Suit Settles For $900K With Reduced Attorney Fees, Service Award

    NEW YORK — A $900,000 settlement agreement that disposes of all claims under the Video Protection Privacy Act (VPPA) against the publisher of Scientific American (SA) received final approval from a New York federal judge, who found the agreement to be “fair, reasonable, and adequate” but reduced the requested attorney fees and service awards as based on inflated figures and disproportionate claims of involvement in the litigation.

  • December 10, 2025

    Judge Won’t Compel Mortgage Firm’s Discovery Responses In Data Breach Suit

    DALLAS — A Texas federal judge concluded that most of the discovery sought by a putative class in a consolidated lawsuit over a mortgage servicer’s 2023 data breach did not pertain to the topic of class certification, to which discovery was presently limited, leading him to deny the plaintiffs’ motion to compel production of requested documents or to provide a corporate designee to answer questions on topics the judge deemed irrelevant.