Tag Archives: Class Action

English High Court Finds Supermarket Liable for Data Breach by Employee in First Successful Privacy Class Action

By Joseph Jones and Ruth Scoles Mitchell On December 1, 2017, the High Court of England and Wales found the fourth-largest supermarket chain in the UK, Wm Morrisons (“Morrisons”), vicariously liable for a data breach caused by the intentional criminal actions of one of its employees, namely the leaking of payroll information online. The breach … Continue Reading

D.C. Circuit: Data Breach Plaintiffs Plausibly Allege ‘Substantial Risk’ of
ID Theft Sufficient to Support Standing

Customers’ allegations that they face a substantial risk of identity theft as a result of a 2014 data breach are sufficiently plausible to allow their suit against health insurer CareFirst to proceed, the U.S. Court of Appeals for the D.C. Circuit held in an August 1 decision. CareFirst discovered in April 2015 — and announced … Continue Reading

Data Breach Allegations Sufficient for Standing After Spokeo, Court Says

On Monday, the U.S. District Court for the District of Kansas ruled that the named plaintiff for a putative class of CareCentrix employees whose personal information was compromised had alleged enough harm for standing under Spokeo, Inc. v. Robins.  The case is Hapka v. CareCentrix, Inc. In early 2016, a phishing attack compromised defendant CareCentrix’s systems, … Continue Reading

Supreme Court Issues Highly Anticipated Spokeo Decision

The Supreme Court released its highly anticipated decision yesterday in Spokeo, Inc. v. Robins, which addresses whether plaintiffs have standing to pursue statutory damages even in the absence of actual harm under the Fair Credit Reporting Act (“FCRA”).  As we previously reported, the case was expected to have significant down-stream implications for standing in privacy … Continue Reading

Seventh Circuit, Relying on Defendant’s Post-Breach Statements, Allows Data Breach Class Action to Proceed

Last week, the Seventh Circuit handed down another friendly ruling for data breach class action plaintiffs, reversing a district court’s dismissal of a class action complaint over a 2014 data breach at P.F. Chang’s restaurants.  In reversing the district court’s holding that the plaintiffs had not demonstrated Article III standing, the Seventh Circuit ruled that … Continue Reading

Judge Denies Neiman’s Motion to Dismiss Data Breach Class Action

A federal judge in the Northern District of Illinois has denied Neiman Marcus Group LLC’s (“Neiman”) motion to dismiss a consumer class action lawsuit arising from a December 2013 data breach at the retailer that exposed about 350,000 credit cards.  As we previously reported, the plaintiffs sued Neiman alleging various claims arising from fraudulent charges … Continue Reading

Third Circuit Resurrects State Law Claims Against Google in Safari Cookie Tracking Lawsuit

Last week, the Third Circuit revived a multi-district privacy lawsuit against Google, finding that the trial court erred in dismissing the plaintiffs’ privacy claims under California state law.  The case centers around the plaintiffs’ allegations that Google violated state and federal law by circumventing the Safari browser’s default “cookie blocker” settings to track users’ online … Continue Reading

Following TCPA Omnibus Order, Court Reaffirms Prior Ruling in Dismissing TCPA Text Message Lawsuit Against AOL

In one of the first decisions evaluating Telephone Consumer Protection Act (TCPA) claims under the FCC’s recent omnibus TCPA order, the Northern District of California dismissed a putative class action lawsuit alleging that AOL violated the TCPA when users of its Instant Messenger service (AIM) sent text messages to incorrect recipients.  After the court dismissed … Continue Reading

Ten Key Takeaways From Last Week’s TCPA Order

Last week, the Federal Communications Commission (FCC) released the text of its long-awaited order addressing certain aspects of the Telephone Consumer Protection Act (TCPA) and related FCC rules.  The order addressed a total of 21 petitions seeking “clarification or other actions” regarding the TCPA, principally in connection with automated calls and text messages. Although the … Continue Reading

FCC Ruling Tightens TCPA Restrictions; Dissenters Warn of Increased Class-Action Abuse

In an order adopted at Thursday’s Open Meeting, the Federal Communications Commission acted on 23 petitions or other requests for clarification regarding the application of the Telephone Consumer Protection Act, a federal law that restricts telemarketing  and certain other types of calls.  The FCC has issued a news release describing yesterday’s order as an effort to … Continue Reading

Court Dismisses Text-Message TCPA Suit Against AOL, Finding Instant Messaging Service Does Not Constitute an ATDS

On June 1, the Northern District of California dismissed a putative TCPA class action against AOL, finding that the plaintiff had failed to allege that AOL utilized an automated telephone dialing system (ATDS), as required to state a cause of action under the TCPA.  In dismissing the plaintiff’s complaint in Derby v. AOL, the court … Continue Reading

Court Certifies Nationwide Class in Yahoo Email Scanning Litigation

Last Tuesday, District Judge Lucy Koh of the Northern District of California partially granted the plaintiffs’ motion for class certification in In re Yahoo Mail Litig., allowing the plaintiffs to pursue their claims for injunctive relief on behalf of class members under the Stored Communications Act (“SCA”) and California’s Invasion of Privacy Act (“CIPA”).  The plaintiffs, … Continue Reading

Ninth Circuit Asks California Supreme Court to Define the Scope of Song-Beverly Act

The U.S. Court of Appeals for the Ninth Circuit on Tuesday asked the California Supreme Court to resolve a longstanding dispute over the interpretation of a retail privacy statute.  If the state court rules on the issue, its decision could affect the ability of California retailers to collect information from consumers who make in-store payments using … Continue Reading

Court Grants Summary Judgment on VPPA Claims Against Hulu Based on Lack of ‘Knowing’ Disclosure

On Tuesday, March 31, the U.S. District Court for the Northern District of California granted Hulu’s motion for summary judgment in a complaint alleging that Hulu had violated the Video Privacy Protection Act (VPPA) by sharing user information with Facebook.  In granting summary judgment, the court found no genuine issue of material fact regarding whether … Continue Reading

European Consumer Legislation and Online Privacy Policies: Opening Pandora’s Box?

Regulators and courts in the EU are increasingly vigilant in relation to privacy practices and policies of large online companies.  In recent years and months, the pressure increases not only through privacy-specific regulations and enforcement, but also through the application of consumer legislation.  As the below examples from France and Germany show, some courts or … Continue Reading

Germany Wants to Introduce Class Actions for Privacy Violations

Pursuant to a press release of the German Federal Ministry for Justice and Consumer Protection, the German Government approved a draft law to strengthen the private enforcement of certain data protection law provisions that aim to protect consumers.  In particular, the draft law empowers consumers and other qualified associations to send cease-and-desist letters and to … Continue Reading

Another Court Finds That an Automated SMS Platform is Not an ATDS

By Ani Gevorkian Last week, the U.S. District Court for the Southern District of California issued an opinion regarding the definition of  an “Automatic Telephone Dialing System” (“ATDS”) under the Telephone Consumer Protection Act (“TCPA”).  The opinion follows a small but growing number of cases holding that courts have their own ability to interpret the … Continue Reading

Forever 21 Faces Point-of-Sale Data Collection Class Action Lawsuit

Fast fashion retailer Forever 21 Retail Inc. faces a putative class action lawsuit alleging that the retailer violated California law by requesting and recording shoppers’ credit card numbers and personal identification information at the point-of-sale. Forever 21 shopper Tamar Estanboulian filed the lawsuit on September 7 in U.S. District Court for the Central District of … Continue Reading

Court Dismisses CFAA, ECPA, and Other Claims in Privacy Class Action Opperman v. Path

On May 14, a judge in the Northern District of California granted in part and dismissed in part four motions to dismiss filed by defendants in the consolidated class action, Opperman v. Path (No. 3:13-CV-00453-JST). The plaintiffs alleged that apps offered by a number of developers (“App Defendants”) accessed and uploaded information from plaintiffs’ mobile … Continue Reading

Court Refuses to Certify Gmail Class Action

The Northern District of California yesterday denied class certification to a group of plaintiffs suing Google over the company’s practice of scanning emails for advertising purposes in its Gmail service. Judge Lucy H. Koh held that individualized issues of consent would predominate over any common issues of law in the litigation, and denied Plaintiffs’ request to … Continue Reading

Urban Outfitters Argues Zip Code Class Actions Are Insured

Urban Outfitters is calling for its insurers to cover any potential losses stemming from allegations the company improperly collected customer zip codes.  In a set of cross-motions for summary judgment filed last week, the retailer argued the zip code claims filed against it in three class-action lawsuits involve a customer’s right to privacy, bringing them … Continue Reading

Supreme Court Rules In Favor of Comcast; Class Improperly Certified

Last week, in Comcast Corp. et. al. v. Behrend et al., the United States Supreme Court reversed the Third Circuit’s decision to certify a class of Comcast subscribers allegedly harmed due to practices of Comcast in the Philadelphia “cluster” that supposedly lessened competition and resulted in supra-competitive prices.  A 5-4 majority of the Court held that … Continue Reading

Supreme Court Rejects Plaintiffs’ Efforts to Stipulate Out of Federal Court

The U.S. Supreme Court unanimously ruled on Tuesday that plaintiffs bringing class actions cannot escape federal jurisdiction by stipulating to seek less than $5 million in damages.  In a nine-page opinion, the Court held that plaintiff Greg Knowles had no power to speak for the proposed class when he stipulated in a lawsuit against Standard … Continue Reading

Ninth Circuit Revives Privacy Class Action Over ADT Call Recordings

The Ninth Circuit revived a putative class action alleging that ADT Security Services violated the California Invasion of Privacy Act (“CIPA”) by recording the plaintiff’s phone call to the company without consent, remanding the case to allow the plaintiff to file an amended complaint. In a published opinion, the panel wrote that while it agreed … Continue Reading
LexBlog