Photo of Eric Bosset

Eric Bosset

Eric Bosset is a senior counsel whose practice encompasses a broad range of complex litigation matters, with an emphasis on (1) privacy, data security and consumer protection, (2) employment and ERISA, and (3) financial products and services. Eric has extensive experience in class actions, MDL proceedings, and other multi-party lawsuits. His trial victories include a jury verdict in an employment class action lawsuit that The National Law Journal ranked among the 25 most notable defense verdicts of the year.

Privacy and Consumer Protection

Eric was named "Most Valuable Player" in Privacy & Consumer Protection by Law360. He has an extensive practice representing Internet service providers, publishers and advertisers in class action litigation involving claims of unauthorized collection and disclosure of personally identifiable information ("PII"). He has successfully represented Microsoft, AOL, CBS, McDonald’s, Mazda, the Indianapolis Colts, and other companies in obtaining the dismissals of putative class action lawsuits that asserted federal law claims under the Electronic Communications Privacy Act ("ECPA"), Computer Fraud and Abuse Act ("CFAA"), and Video Privacy Protection Act ("VPPA"), as well as state law claims under the Illinois Biometric Information Privacy Act ("BIPA") and for unfair practices, trespass, and invasion of privacy.

Eric also represents companies in connection with matters arising under the Fair Credit Reporting Act ("FCRA"), Fair and Accurate Credit Transaction Act ("FACTA"), Telephone Consumer Protection Act ("TCPA"), and other consumer protection statutes.

Employment and ERISA

Eric has extensive experience defending companies in individual and class action litigation brought under federal and state laws concerning discrimination, retaliation, whistleblowing, wage and hour disputes, and wrongful termination, as well as in class action litigation involving the Employee Retirement Income Security Act ("ERISA"). Eric has the rare distinction of having tried and won a jury verdict in a class action lawsuit alleging "pattern or practice" discrimination on the basis of age in connection with a corporate reduction in force. Bush, et al. v. Deere & Company (C.D. Ill.). He also secured the reversal on appeal of a class certification order in a "stock drop" lawsuit that claimed breaches of fiduciary duty in the administration of a company retirement savings plan. In re Schering Plough Corporation ERISA Litig., 589 F.3d 585 (3d Cir. 2009). Eric also represents clients in EEOC investigations.

Financial and Fintech

Eric's practice includes the representation of financial and fintech companies on a broad array of civil litigation, arbitration, and regulatory enforcement matters relating to financial products and services, including matters for Wells Fargo Bank, JPMorgan Chase, Synchrony Bank, Envestnet, Yodlee, and MidFirst Bank.

A California federal judge has denied class certification in a data privacy lawsuit against Yodlee, Inc., finding that the proposed class representatives lacked Article III standing and failed to satisfy Rule 23’s typicality and adequacy requirements.  Covington represents Yodlee in this action.  Clark v. Yodlee, No. 20-cv-05991-SK (N.D. Cal.)

Continue Reading California Federal Court Denies Class Certification in Data Privacy Case

A federal judge in the Western District of Texas recently sided with a growing trend of rulings adopting a narrow reading of the Video Privacy Protection Act (VPPA) in dismissing a putative class action against the operators of a Texas Longhorns email newsletter.  The case involved tracking pixels embedded in videos that were linked in the newsletter but posted to public websites.  The court held that because the plaintiffs had not made a durable commitment through signing up for the newsletter, and because videos were not embedded in the newsletter, plaintiffs failed to meet the definition of “consumer” as defined in the VPPA.Continue Reading Judge Highlights Trend of Narrow Reading of VPPA In Class Action Dismissal

At the end of last month, courts handed down two decisions in favor of website operators and their service providers in session replay litigation, granting motions to dismiss on personal jurisdiction grounds.Continue Reading Website Operator and Session Replay Provider Succeed on Personal Jurisdiction Arguments

Last month, a defendant won dismissal of a putative VPPA class action when the court concluded that the defendant’s use of online videos was not central to the defendant’s business, and the VPPA therefore did not apply.  Another court has now reached the same result.  See Cantu v. Tapestry, Inc., 3:22-cv-01974 (S.D. Cal. July 10, 2023).  This trend highlights the limits of the VPPA’s reach and provides forceful grounds for future motions to dismiss and demand letter responses.Continue Reading Another Court Dismisses VPPA Class Action Because Defendant’s Online Videos Were Only a Peripheral Part of Its Business

In the past year, plaintiffs have filed a wave of lawsuits asserting claims under the Video Privacy Protection Act (“VPPA”) in connection with the alleged use of third-party pixels on websites that offer video content.  A recent decision establishes the limits of the VPPA’s reach and provides a well-reasoned ground for future motions to dismiss.Continue Reading Recent Decision Dismissing VPPA Class Action Claim Shows Limits of VPPA’s Reach

The Illinois Supreme Court recently held that all claims brought under the Biometric Information Privacy Act (“BIPA”) are subject to a five-year statute of limitations, partly overturning a lower court decision that had applied a one-year limitations period to some claims brought under the law.  See Tims v. Black Horse Carriers, Inc., 2023 IL 127801 (Feb. 2, 2023).

The plaintiff, Jorome Tims, filed a putative class action against his former employer, alleging that the trucking and logistics company violated BIPA by requiring its employees to use a time clock with a fingerprint scanner without (i) implementing a publicly available data retention and destruction policy; (ii) notifying employees and obtaining their consent when collecting their biometrics; and (iii) obtaining employee consent before disclosing their biometric information to third parties.  The defendant moved to dismiss the complaint, arguing that the plaintiff’s claims were barred by the one-year statute of limitations under the Illinois Code of Civil Procedure that governs actions for the “publication of matter[s] violating the right of privacy.”Continue Reading Illinois Supreme Court Holds Five-Year Statute of Limitations Applies to All Claims under BIPA

Following a week-long trial, a jury in Illinois awarded a plaintiff class of truck drivers a $228 million verdict against BNSF Railways for violations of the Illinois Biometric Information Privacy Act (“BIPA”).  The large verdict, arising from the first case to go to trial under the 2008 law, highlights the potential impact of class actions brought under this statute.Continue Reading Illinois BIPA jury verdict highlights rising prominence of class actions based on state privacy statutes

Recent months have seen a growing trend of data privacy class actions asserting claims for alleged violations of federal and state video privacy laws.  In this year alone, plaintiffs have filed dozens of new class actions in courts across the country asserting claims under the federal Video Privacy Protection Act

Continue Reading Emerging Trends: Renewed Wave of Video Privacy Class Actions

The Fourth Circuit’s opinion last week in In re Marriott International, Inc., — F.4th —-, No. 21-1802 (4th Cir. Apr. 21, 2022), could prove useful to companies facing data breach class actions.  Following a data breach of the Starwood guest reservation system, Marriott investors brought securities claims alleging that the purported failure to disclose vulnerabilities in Starwood’s IT systems rendered certain public statements false or misleading.Continue Reading Fourth Circuit Holds Statements About Importance of Data Security Not Actionable

An Illinois federal district court recently rejected dismissal of Illinois Biometric Information Privacy Act (“BIPA”) claims in In re Clearview AI, Inc., Consumer Privacy Litigation, No. 21-cv-135 (N.D. Ill.).  The Clearview plaintiffs alleged that Clearview violated their privacy rights without their knowledge and consent by scraping more than three billion photographs of facial images from the internet and using artificial intelligence algorithms on the images to harvest individuals’ unique facial biometric identifiers and corresponding biometric information.  Clearview sought dismissal of the BIPA claims under the First Amendment, extraterritoriality doctrine, dormant commerce clause, and BIPA’s express exemption for  photographs.  The court rejected these grounds, and declined to dismiss the BIPA claims.Continue Reading Court Rejects Dismissal of Illinois Biometric Information Privacy Act Against Clearview in Pending Multidistrict Litigation