The Ninth Circuit recently held that the Children’s Online Privacy Protection Act, which gives the Federal Trade Commission authority to regulate the online collection of personal information from children under the age of 13, does not preempt consistent state law, potentially increasing the risk of class action litigation based on alleged COPPA violations. See Jones
Data Breach and the Dark Web: Third Circuit Allows Class Action Standing With Sufficient Risk of Harm
In a new post on the Inside Class Actions blog, our colleagues discuss a recent Third Circuit decision reinstating the putative class action Clemens v. ExecuPharm Inc., concluding there was sufficient risk of imminent harm after a data breach to confer standing on the named plaintiff when the information had been posted on
Federal Court Stays Suit Implicating Accrual of Claims Under the Illinois Biometric Information Privacy Act
Last week, an Illinois federal district court granted the defendant’s motion to stay in Stegmann v. PetSmart, No. 1:22-cv-01179 (N.D. Ill.). The case implicates the evolving law surrounding the scope of the Illinois Biometric Information Privacy Act (“BIPA”) and a pending Illinois Supreme Court case that could provide an important defense to certain BIPA suits.
Emerging Trends: Renewed Wave of Video Privacy Class Actions
Recent months have seen a growing trend of data privacy class actions asserting claims for alleged violations of federal and state video privacy laws. In this year alone, plaintiffs have filed dozens of new class actions in courts across the country asserting claims under the federal Video Privacy Protection Act (“VPPA”), Michigan’s Preservation of Personal Privacy Act (“MPPPA”), and New York’s Video Consumer Privacy Act (“NYVCPA”).
Continue Reading Emerging Trends: Renewed Wave of Video Privacy Class Actions
Court Rejects Dismissal of Illinois Biometric Information Privacy Act Against Clearview AI in Pending Multidistrict Litigation
An Illinois federal district court recently rejected dismissal of Illinois Biometric Information Privacy Act (“BIPA”) claims in In re Clearview AI, Inc., Consumer Privacy Litigation, No. 21-cv-135 (N.D. Ill.). The Clearview plaintiffs alleged that Clearview violated their privacy rights without their knowledge and consent by scraping more than three billion photographs of facial images from the internet and using artificial intelligence algorithms on the images to harvest individuals’ unique facial biometric identifiers and corresponding biometric information. Clearview sought dismissal of the BIPA claims under the First Amendment, extraterritoriality doctrine, dormant commerce clause, and BIPA’s express exemption for photographs. The court rejected these grounds, and declined to dismiss the BIPA claims.
Continue Reading Court Rejects Dismissal of Illinois Biometric Information Privacy Act Against Clearview AI in Pending Multidistrict Litigation
Court Grants Dismissal of Wiretapping and Contract Claims in Putative Privacy Class Action Involving Google Privacy Settings
A California federal district court recently granted partial dismissal of privacy claims brought by several Google users in Rodriguez v. Google, LLC, No. 20-cv-5688 (N.D. Cal.). The Rodriguez plaintiffs claimed that Google engaged in unlawful wiretapping under section 631 of the California Invasion of Privacy Act (“CIPA”) by collecting data from third-party apps after users turned off certain data tracking in their Google privacy settings; they also claimed that Google breached a unilateral contract they had formed by selecting those privacy settings. The court disagreed, and dismissed these two claims without leave to amend.
Continue Reading Court Grants Dismissal of Wiretapping and Contract Claims in Putative Privacy Class Action Involving Google Privacy Settings
No Harm, No Foul: New York Federal Court Recommends Dismissing Sensitive Data Breach Class Action for Lack of Standing
In a new post on the Inside Class Actions blog, our colleagues discuss a recent Western District of New York report and recommendation concluding that any risk of identity theft or other injury was too “speculative” to show standing in the putative data breach class action Tassmer et al v. Professional Business Systems.
Ninth Circuit Affirms Approval of Injunctive Relief and Cy Pres Settlement of Google Street View Privacy Claims
Last week, in a decision that confirms the viability of cy pres settlements in privacy class action cases, the Ninth Circuit affirmed approval of a class action injunctive relief and cy pres-only settlement in In re Google Inc. Street View Electronic Communications Litigation, No. 20-15616, 2021 WL 6111383. The case featured Wiretap Act claims based on Google Street View vehicles’ collection of “payload data,” including emails, passwords, and documents that Internet users transmitted over unencrypted Wi-Fi networks.
Continue Reading Ninth Circuit Affirms Approval of Injunctive Relief and Cy Pres Settlement of Google Street View Privacy Claims
Ninth Circuit Narrowly Defines “Public Injunctive Relief” in Privacy Case, Limiting Plaintiffs’ Ability to Circumvent Arbitration Agreements.
In putative privacy class action Hodges v. Comcast Cable Communications, LLC, involving Comcast’s privacy and data-collection practices, Comcast moved to compel arbitration based on its subscriber agreement. The district court denied the motion based on California’s McGill rule, which may invalidate arbitration agreements that purport to waive the right to seek public injunctive relief in any forum.
Continue Reading Ninth Circuit Narrowly Defines “Public Injunctive Relief” in Privacy Case, Limiting Plaintiffs’ Ability to Circumvent Arbitration Agreements.
Illinois Court Splits Time on BIPA Statute of Limitations
An Illinois state appellate court recently issued a ruling that could reduce defendants’ litigation exposure on certain types of Biometric Information Privacy Act (“BIPA”) claims. On September 17, the panel clarified in Tims v. Black Horse Carriers, Inc., 2021 IL App (1st) 200563 (1st Dist. Sept. 17, 2021), that the statutes of limitation applicable to BIPA claims vary depending on the nature of the claim. Claims for failing to provide a written retention policy, give notice, or obtain consent prior to collecting an individual’s biometric information may be brought within five years. But claims for violating BIPA’s selling, disclosing, or disseminating information provisions must be brought within one year.
Continue Reading Illinois Court Splits Time on BIPA Statute of Limitations