After several twist and turns, on July 7th Intel Corp. succeeded in achieving final dismissal of class claims alleging that Intel knew about purported security vulnerabilities in its microprocessors and failed to disclose or mitigate those vulnerabilities. The case, In Re Intel Corp. CPU Marketing, Sales Practices and Products Liability Litigation, 3:18-md-02828, had
Last week, an Illinois federal district court granted the defendant’s motion to stay in Stegmann v. PetSmart, No. 1:22-cv-01179 (N.D. Ill.). The case implicates the evolving law surrounding the scope of the Illinois Biometric Information Privacy Act (“BIPA”) and a pending Illinois Supreme Court case that could provide an important defense to certain BIPA suits.…
Recent months have seen a growing trend of data privacy class actions asserting claims for alleged violations of federal and state video privacy laws. In this year alone, plaintiffs have filed dozens of new class actions in courts across the country asserting claims under the federal Video Privacy Protection Act (“VPPA”), Michigan’s Preservation of Personal Privacy Act (“MPPPA”), and New York’s Video Consumer Privacy Act (“NYVCPA”).…
In a new post on the Inside Class Actions blog, our colleagues discuss a recent Fourth Circuit opinion holding that statements about the importance a company places on data security are not actionable following a data breach. The case, In re Marriott International, Inc., — F.4th —-, No. 21-1802 (4th Cir. Apr. 21…
In March, the Supreme Court issued its decision in Federal Bureau of Investigation v. Fazaga, No. 20-828, holding that the state secrets privilege—and its dismissal remedy—applies to cases that may also be subject to the judicial review procedures set forth in the Foreign Intelligence Surveillance Act (“FISA”). In so holding, the Court reversed the Ninth Circuit’s 2020 ruling that FISA displaces the state secrets privilege in cases involving electronic surveillance.
Continue Reading Supreme Court Holds FISA Does Not Displace the State Secrets Privilege
Last Thursday, the Eastern District of Virginia in United States v. Chatrie, No. 19-cr-00130, 2022 WL 628905, denied a motion to suppress evidence obtained from Google pursuant to a geofence search warrant. Geofence warrants are a relatively new investigative tool that target private companies’ databases of location data, compelling these companies to produce the location data of every user that was in a particular area over a particular span of time. The court invalidated the warrant for lack of particularized probable cause, but declined to suppress the evidence obtained from Google—which linked the defendant to the scene of a 2019 bank robbery—because the officers sought the warrant in good faith.
Continue Reading Federal Court Expresses Skepticism About Validity of Geofence Warrants But Declines Suppression Remedy
An Illinois federal district court recently rejected dismissal of Illinois Biometric Information Privacy Act (“BIPA”) claims in In re Clearview AI, Inc., Consumer Privacy Litigation, No. 21-cv-135 (N.D. Ill.). The Clearview plaintiffs alleged that Clearview violated their privacy rights without their knowledge and consent by scraping more than three billion photographs of facial images from the internet and using artificial intelligence algorithms on the images to harvest individuals’ unique facial biometric identifiers and corresponding biometric information. Clearview sought dismissal of the BIPA claims under the First Amendment, extraterritoriality doctrine, dormant commerce clause, and BIPA’s express exemption for photographs. The court rejected these grounds, and declined to dismiss the BIPA claims.
Continue Reading Court Rejects Dismissal of Illinois Biometric Information Privacy Act Against Clearview AI in Pending Multidistrict Litigation
2021 was another busy year for data privacy regulatory enforcement and litigation. With some distance to reflect on last year, we have prepared this post identifying and describing important trends from 2021 that can help provide insight into what to expect in the data privacy landscape in 2022.
Data Privacy Regulatory Enforcement Trends
Federal Trade Commission (FTC) and state enforcement action in 2021 centered on several key areas, including protecting children.
An FTC enforcement action last year alleged that the maker of an online coloring book application violated the Children’s Online Privacy Protection Act (COPPA) by collecting personal information about children who used the app without notifying their parents and obtaining their consent. The allegations note that the app included a “Kids” category that was targeted to children. The FTC further claimed that the app’s social media features collected personal information from users and that some parents, lacking knowledge of these features, may have inadvertently permitted their young children to use the app.
Continue Reading 2021 Trends in Privacy Regulatory Enforcement and Litigation
On Thursday, the Illinois Supreme Court unanimously ruled in McDonald v. Symphony Bronzeville Park LLC that the exclusivity provisions of the state’s workers’ compensation statute do not preclude liquidated damages claims under the Biometric Information Privacy Act. The decision narrows the defenses available to employers facing employment-related BIPA claims.
Illinois’s Workers’ Compensation Act generally provides the exclusive means by which an employee can recover against an employer for a work-related injury and requires such claims to be adjudicated before the Illinois Workers’ Compensation Commission, subject to several exceptions. One of those exceptions is for injuries that are not compensable under the Workers’ Compensation Act. At issue in McDonald was whether an alleged employment-based BIPA violation—here, the alleged use of a fingerprint-based timekeeping system without the required disclosures or consent—was the type of injury covered by the Workers’ Compensation Act.
Continue Reading Illinois Supreme Court Rules Workers’ Compensation Act Does Not Bar BIPA Liquidated Damages Claims
Last week, in a decision that confirms the viability of cy pres settlements in privacy class action cases, the Ninth Circuit affirmed approval of a class action injunctive relief and cy pres-only settlement in In re Google Inc. Street View Electronic Communications Litigation, No. 20-15616, 2021 WL 6111383. The case featured Wiretap Act claims based on Google Street View vehicles’ collection of “payload data,” including emails, passwords, and documents that Internet users transmitted over unencrypted Wi-Fi networks.
Continue Reading Ninth Circuit Affirms Approval of Injunctive Relief and Cy Pres Settlement of Google Street View Privacy Claims