An Illinois federal district court recently rejected dismissal of Illinois Biometric Information Privacy Act (“BIPA”) claims in In re Clearview AI, Inc., Consumer Privacy Litigation, No. 21-cv-135 (N.D. Ill.).  The Clearview plaintiffs alleged that Clearview violated their privacy rights without their knowledge and consent by scraping more than three billion photographs of facial images from the internet and using artificial intelligence algorithms on the images to harvest individuals’ unique facial biometric identifiers and corresponding biometric information.  Clearview sought dismissal of the BIPA claims under the First Amendment, extraterritoriality doctrine, dormant commerce clause, and BIPA’s express exemption for  photographs.  The court rejected these grounds, and declined to dismiss the BIPA claims.
Continue Reading Court Rejects Dismissal of Illinois Biometric Information Privacy Act Against Clearview AI in Pending Multidistrict Litigation

A California federal district court recently granted partial dismissal of privacy claims brought by several Google users in Rodriguez v. Google, LLC, No. 20-cv-5688 (N.D. Cal.).  The Rodriguez plaintiffs claimed that Google engaged in unlawful wiretapping under section 631 of the California Invasion of Privacy Act (“CIPA”) by collecting data from third-party apps after users turned off certain data tracking in their Google privacy settings; they also claimed that Google breached a unilateral contract they had formed by selecting those privacy settings.  The court disagreed, and dismissed these two claims without leave to amend.
Continue Reading Court Grants Dismissal of Wiretapping and Contract Claims in Putative Privacy Class Action Involving Google Privacy Settings

Last week, in a decision that confirms the viability of cy pres settlements in privacy class action cases, the Ninth Circuit affirmed approval of a class action injunctive relief and cy pres-only settlement in In re Google Inc. Street View Electronic Communications Litigation, No. 20-15616, 2021 WL 6111383.  The case featured Wiretap Act claims based on Google Street View vehicles’ collection of “payload data,” including emails, passwords, and documents that Internet users transmitted over unencrypted Wi-Fi networks.
Continue Reading Ninth Circuit Affirms Approval of Injunctive Relief and Cy Pres Settlement of Google Street View Privacy Claims

Courts continue to grapple with how to apply existing privacy laws to new (and even not-so-new) technology. The recent Ninth Circuit decision, affirming the Northern District of California’s decision to dismiss a proposed class action suit against Pandora for disclosure of listener music preferences in violation of Michigan’s Preservation of Personal Privacy Act (PPPA), resolved the narrow question before it while explicitly leaving others open. Although Pandora can continue to disclose listener preference data publicly, subject to its Terms of Use, the decision leaves unsettled how broadly this right could apply, and how current and future technologies could impact that right.

After certifying to the Michigan Supreme Court the questions of whether Pandora is in the business of “renting” or “lending” sound recordings, and if the plaintiff  (Peter Deacon) is a “customer” of Pandora under the PPPA, the Ninth Circuit adopted the Michigan court’s interpretation that Pandora, through its free, ad-supported service, is not in the business of renting or lending sound recordings and that Deacon is not a customer under the PPPA.
Continue Reading Users of Pandora’s Free Service Are Not Customers Under Michigan Privacy Statute, But Questions Remain

In the closely-watched case of Spokeo, Inc. v Robins, the Solicitor General recently filed an amicus brief urging the Court to deny certiorari and leave in place the 9th Circuit’s holding, which could encourage the rising tide of privacy class action litigation.  The Solicitor General’s brief—coauthored by the Consumer Financial Protection Bureau—argued that the

Last month a federal court found Dish Network liable for calls that were alleged by the Federal Trade Commission (“FTC”) to violate various provisions of the FTC’s Telemarketing Sales Rule (“TSR”).  Specifically, the FTC’s 2009 complaint asserted that Dish Network initiated, or caused a telemarketer to initiate, calls to numbers on the National Do Not Call (“DNC”) Registry and to consumers who previously declined to receive such calls whose numbers were on Dish Network’s entity-specific do-not-call list or were marked “DNC” by a telemarketing vendor.  The FTC also alleged that, in violation of the “abandoned-call” provision of the TSR, Dish Network abandoned or caused telemarketers to abandon phone calls.  In its complaint, the FTC seeks monetary civil penalties from Dish Network for every violation of the TSR, for which the court is entitled to award up to $16,000 for each violation.  At issue are tens of millions of calls, making the potential level of damages to be awarded at the trial stage staggering.
Continue Reading Court Finds FTC Entitled to Partial Summary Judgment Against Dish Network for Telemarketing Violations

By Brian Ryoo

The United States District Court for the Western District of Washington recently dismissed in part an online privacy lawsuit alleging that Amazon “circumvented” browser privacy controls in order to track users’ web browsing activities.  The plaintiffs in Del Vecchio v. Amazon had alleged that Amazon “exploit[ed]” browser controls in Internet Explorer by