Class Action

Fast fashion retailer Forever 21 Retail Inc. faces a putative class action lawsuit alleging that the retailer violated California law by requesting and recording shoppers’ credit card numbers and personal identification information at the point-of-sale.

Forever 21 shopper Tamar Estanboulian filed the lawsuit on September 7 in U.S. District Court for the Central District of California.  Estanboulian alleges that Forever 21 has a policy requiring its cashiers to request and record credit card numbers and personal identification information from customers using credit cards at the point-of-sale in Forever 21’s retail stores in violation of the Song-Beverly Credit Card Act of 1971, California Civil Code § 1747.08.  The complaint further alleges that the retailer pairs the obtained personal identification information with the shopper’s name obtained from the credit card used to make the purchase to get additional personal information.

According to the complaint, Estanboulian purchased merchandise with a credit card at a Forever 21 store in Los Angeles, CA this summer.  The cashier asked Estanboulian for her email address without informing her of the consequences of not providing the information.  Estanboulian alleges that she provided her email address because she believed that it was required to complete the transaction and receive a receipt.  She also claims that she witnessed cashiers asking other shoppers for their email addresses.  Shortly after completing her purchase and leaving the store, Estanboulian received a promotional email from Forever 21.Continue Reading Forever 21 Faces Point-of-Sale Data Collection Class Action Lawsuit

On May 14, a judge in the Northern District of California granted in part and dismissed in part four motions to dismiss filed by defendants in the consolidated class action, Opperman v. Path (No. 3:13-CV-00453-JST). The plaintiffs alleged that apps offered by a number of developers (“App Defendants”) accessed and uploaded information from plaintiffs’ mobile devices—including contact information—without plaintiffs’ knowledge or consent. The plaintiffs further alleged that, among other things, Apple had control over these apps, failed to exclude the apps from its App Store, and misrepresented that private information could not be accessed by third-party apps without the user’s express consent. The FTC made similar allegations last year when it claiming that Path deceived customers by collecting contact information from users’ mobile address books without notice and consent. Path settled these charges by entering into a consent decree in February 2013. Continue Reading Court Dismisses CFAA, ECPA, and Other Claims in Privacy Class Action Opperman v. Path

Last week, in Comcast Corp. et. al. v. Behrend et al., the United States Supreme Court reversed the Third Circuit’s decision to certify a class of Comcast subscribers allegedly harmed due to practices of Comcast in the Philadelphia “cluster” that supposedly lessened competition and resulted in supra-competitive prices.  A 5-4

Continue Reading Supreme Court Rules In Favor of Comcast; Class Improperly Certified

The U.S. Supreme Court unanimously ruled on Tuesday that plaintiffs bringing class actions cannot escape federal jurisdiction by stipulating to seek less than $5 million in damages.  In a nine-page opinion, the Court held that plaintiff Greg Knowles had no power to speak for the proposed class when he

Continue Reading Supreme Court Rejects Plaintiffs’ Efforts to Stipulate Out of Federal Court

The Ninth Circuit revived a putative class action alleging that ADT Security Services violated the California Invasion of Privacy Act (“CIPA”) by recording the plaintiff’s phone call to the company without consent, remanding the case to allow the plaintiff to file an amended complaint. In a published opinion, the panel wrote that while it agreed with the district court that plaintiff’s complaint failed to state a plausible claim upon which relief could be granted, it would nevertheless remand the case in order to give the plaintiff an opportunity to allege that he reasonably expected that his call was confidential. “In an abundance — perhaps an overabundance — of caution, we remand this case to the district court for it to consider allowing the plaintiff to amend his complaint in a manner that would satisfy federal pleading standards,” the opinion said.

John Faulkner brought his putative class action in California state court in February 2011, alleging that ADT recorded his phone conversation with a company representative without his consent in violation of CIPA, Cal. Penal Code § 632. The plaintiff specifically alleges that he called ADT in March 2010 to dispute a charge the company assessed, and that, when he was transferred to the company’s technical line, he heard periodic beeping sounds during his conversation. When he inquired about the sounds, he was told that the conversation was being recorded, according to his complaint.

A judge in the Northern District of California dismissed the case in May 2011, holding that Faulkner’s conversation was not “confidential” because he had no objectively reasonable expectation that the call would not be overheard or recorded, and that he had failed to allege circumstances that would support an expectation of privacy in his call. Continue Reading Ninth Circuit Revives Privacy Class Action Over ADT Call Recordings

A court in Texas recently dismissed a lawsuit it described as “an aspiring class action against a veritable who’s-who of social media companies.”  The Plaintiffs in Opperman v. Path claimed that the Defendants improperly used their smartphone apps to copy, upload, and store Plaintiffs’ address book information without their consent.

Continue Reading Judge Dismisses Putative Class Action Against “Who’s-Who of Social Media Companies”

According to court documents filed last week, Netflix has agreed to change its data storage practices and pay about $9 million to settle allegations that it unlawfully retained and disclosed customers’ video-viewing histories.  Specifically, Netflix agreed to decouple viewing history from identification information once users have been inactive for a year; to pay $30,000 to the class representatives; to pay up to $2.25 million to class counsel; and to give the remaining funds to nonprofit organizations that provide privacy-related education.  The proposed settlement agreement has been submitted to the court for preliminary approval. 

The injunctive remedies, cy pres relief, and sizable award to class counsel in In re Netflix Privacy Litigation are consistent with settlements reached in earlier privacy-related lawsuits.  For example:Continue Reading Netflix to Settle Video Privacy Suit

Last week, the U.S. Supreme Court declined to hear an appeal of a Third Circuit Court of Appeals decision that put an end to a proposed class action lawsuit stemming from a data breach.  The suit, Reilly v. Ceridian Corp., was brought by two individuals who were among approximately 27,000 employees at

Continue Reading Supreme Court Refuses to Hear Class Action Suit Stemming From Data Breach

A putative class action was filed on Monday against Amazon.com following an online hacking attack that potentially compromised the personal information of up to 24 million customers of its online shoe retailer Zappos.com.  An email sent to customers from Zappos.com’s CEO on Sunday assured users that full credit card information

Continue Reading Class Action Filed Following Zappos Data Breach

Class action lawsuits are increasingly being brought against organizations that have suffered data breaches, as well as against companies that are alleged to have allowed third parties access to online or mobile users’ confidential information without authorization (for example the recent Del Vecchio v. Amazon and Low v. LinkedIn cases). 

Continue Reading Webinar on the Evolving Nature of Privacy “Harm” Friday, December 16 (1-2:30 pm EST)