On July 21, the federal district court denied remand of a proposed class action against Build-A-Bear Workshop, Inc., rejecting the plaintiff’s attempt to remand based merely on Build-A-Bear raising lack of standing as an affirmative defense in its answer.  See Order Denying Motion to Remand, Ruby v. Build-A-Bear Workshop, Inc., No. 4:21-cv-01152-JAR (E.D. Mo. July 21, 2022).

Continue Reading Court Denies Motion to Remand Build-A-Bear TCPA Suit When Standing Raised as an Affirmative Defense

Can plaintiffs spring a class action on defendants in the late stages of a case?  The Seventh Circuit recently answered no in Ali v. City of Chicago, 34 F.4th 594 (7th Cir. 2022), rejecting so-called stealth class actions and reaffirming a seemingly obvious rule: a class action “must be brought as a class action.”

Continue Reading Seventh Circuit Rejects “Stealth” Class Actions

Last week, the Northern District of California dismissed a putative class action lawsuit against Google, which alleged that the company used a secret program called “Android Lockbox” to spy on Android smartphone users.  See Order Granting Motion to Dismiss, Hammerling v. Google LLC, No. 21-cv-09004-CRB (N.D. Cal. July 18, 2022).  The complaint alleged ten different claims for relief under a variety of legal theories, including privacy, fraud, contract, and California’s Unfair Competition Law.  The Court granted Google’s motion to dismiss on all claims.  Although the Court gave plaintiffs leave to amend, it noted that the deficiencies in the complaint “will be difficult to cure,” signaling that plaintiffs face an uphill battle in keeping this lawsuit alive.

Continue Reading Court Tosses “Android Lockbox” Secret Spying Program Class Action

Late last week, the Seventh Circuit affirmed a trial court’s ruling granting dismissal at summary judgment of claims against FCA US LLC (“FCA,” formerly known as Chrysler) and Harman International Industries, Inc. (“Harman”) for lack of Article III standing.  See Flynn v. FCA US LLC, — F. 4th —-, 2022 WL 2751660 (7th Cir. July 14, 2022).  Plaintiffs’ class-action complaint claimed injuries arising out of an alleged cybersecurity vulnerability in an infotainment system designed by Harman for installation in FCA vehicles manufactured between 2013 and 2015.  See id. at *1.  However, after discovery, the Plaintiffs offered the trial court no evidence establishing that the vulnerability actually caused them any harm. 

Having failed to cite “any factual support for their claimed injury” in the trial court, id. at *3, the Plaintiffs shifted gears and sought to rely on appeal on portions of their expert reports regarding an “overpayment” theory that they had not relied on in the trial court, id. at *4.  Under that argument, Plaintiffs claimed that “they paid more for their vehicles than they would have if they had known about the cybersecurity vulnerability.”  Id. at *1.  The Seventh Circuit rejected Plaintiffs’ bid to rely on their expert reports as arising “far too late,” id. at *4, and affirmed the trial court’s ruling with a procedural modification to reflect a dismissal for lack of subject-matter jurisdiction without leave to amend, id. at *5.

Continue Reading Seventh Circuit Affirms Dismissal Of Class Claims Based Upon Speculative Hacking Risk

After several twist and turns, on July 7th Intel Corp. succeeded in achieving final dismissal of class claims alleging that Intel knew about purported security vulnerabilities in its microprocessors and failed to disclose or mitigate those vulnerabilities.  The case, In Re Intel Corp. CPU Marketing, Sales Practices and Products Liability Litigation, 3:18-md-02828, had a long history—a narrowed set of class claims had survived three prior rounds of motions to dismiss.  Had the claims been allowed to go forward a fourth time, businesses may have faced additional liability concerns for attempting to address cyber vulnerabilities in their products before those exploits became public and susceptible to exploitation by hackers.

Continue Reading Court dismisses class claims related to cyber vulnerability embargo

Last week, an Illinois federal district court granted the defendant’s motion to stay in Stegmann v. PetSmart, No. 1:22-cv-01179 (N.D. Ill.).  The case implicates the evolving law surrounding the scope of the Illinois Biometric Information Privacy Act (“BIPA”) and  a pending Illinois Supreme Court case that could provide an important defense to certain BIPA suits.

Continue Reading Federal Court Stays Suit Implicating Accrual of Claims Under the Illinois Biometric Information Privacy Act

A recent Ninth Circuit decision continues to emphasize how, post-Comcast, defendants should look for ways to characterize individualized issues as questions of liability, not questions of damages.

Continue Reading Ninth Circuit Gives Teeth To Predominance in Voiding a Misclassification Suit Win

Recent months have seen a growing trend of data privacy class actions asserting claims for alleged violations of federal and state video privacy laws.  In this year alone, plaintiffs have filed dozens of new class actions in courts across the country asserting claims under the federal Video Privacy Protection Act (“VPPA”), Michigan’s Preservation of Personal Privacy Act (“MPPPA”), and New York’s Video Consumer Privacy Act (“NYVCPA”).

Congress passed the VPPA in 1988 after a Supreme Court nominee’s video tape rental history was published during the nomination process.  The Michigan and New York legislatures followed suit, enacting the MPPPA in 1988 and the NYVCPA in 1993 to regulate the disclosure of information identifying which specific individuals obtained which specific written, audio, visual, or other materials, depending on the provision at issue.  Though originally drafted with older technology like books, films, and video cassette tapes in mind, these laws are now being used to challenge how companies conduct business online.

The companies targeted by these lawsuits span a wide array of industries, including technology, news and media, gaming, entertainment, publishing, law, and digital health.  Some have been accused of selling customers’ information to data aggregators and brokers, potentially exposing the affected customers to spam and fraud in addition to compromising their privacy.  Others face litigation over use of third-party technology for purposes of measurement, analytics, and marketing on their own websites, apps, and servers.

These lawsuits raise a host of complex legal and technical questions, which may include, for example:

  • The extent to which a specific statutory provision invoked by the plaintiff can be privately enforced through a civil right of action;
  • Whether the defendant is the type of service provider subject to the law;
  • Whether, within the technological context of the specific case, the data at issue contains personally identifying information within the meaning of the law;
  • The extent to which statutory exceptions or exemptions may apply;
  • Potential limitations on the types of remedies available; and
  • Whether the plaintiff consented to the challenged data practices.

And in the class action context, whether any of these issues are suitable for adjudication on a classwide basis presents a separate set of issues.  In addition, companies should be aware of risks posed by potential remedies like statutory damages, punitive damages, and attorneys’ fees, which can quickly add up to substantial exposure in a class action.

This area of the law is evolving, but as new lawsuits continue to be filed and earlier-filed ones proceed to rulings on the merits, we will see a growing body of case law that will shape how video privacy laws apply to online data practices in the digital age.

Manufacturers of over-the-counter (OTC) medications often move to dismiss consumer class actions based on federal preemption.  The Federal Food, Drug, and Cosmetic Act (FDCA) contains an express preemption clause that forbids states from enforcing laws relating to OTC drugs that are “different from or in addition to, or that [are] otherwise not identical with, a requirement under” the FDCA.  21 U.S.C. § 379r(a).  (Section 379r also contains a savings clause that exempts product liability actions from its preemptive scope.  See id. § 379r(e).)  Similar preemption provisions exist for food and cosmetics.  Id. §§ 343-1(a), 379s(a).  Although most courts have interpreted the FDCA’s express preemption provisions broadly, a minority have limited their application.  As discussed below, the minority view involves distinguishable circumstances and is inconsistent with the FDCA’s statutory text.

Continue Reading A Closer Look: Express Federal Preemption for OTC Medications Subject to Monographs

The Third Circuit’s recent decision in Allen v. Ollie’s Bargain Outlet, Inc., — F.4th —-, 2022 WL 2284654 (3d Cir. 2022), gave close scrutiny to two elements of the class certification inquiry – numerosity and commonality – that are often deemed satisfied with little analysis, and rejected the district court’s reliance on inferences drawn from limited evidence. 

Continue Reading Third Circuit Refuses to Accept Inferences to Support Findings of Numerosity and Commonality