Dior recently defeated an Illinois Biometric Information Privacy Act (“BIPA”) putative class action on the pleadings by arguing that BIPA’s exemption for patient data captured in a health care setting covered the plaintiff’s use of Dior’s virtual try-on tool while shopping for non-prescription sunglasses. See Warmack-Stillwell v. Christian Dior, Inc., No. 1:22-CV-04633 (N.D. Ill. Feb. 10, 2023).
Continue Reading Dior’s Virtual Try-On Tool Fits in BIPA Healthcare Exemption, Illinois Court Says
The Illinois Supreme Court recently held that all claims brought under the Biometric Information Privacy Act (“BIPA”) are subject to a five-year statute of limitations, partly overturning a lower court decision that had applied a one-year limitations period to some claims brought under the law. See Tims v. Black Horse Carriers, Inc., 2023 IL 127801 (Feb. 2, 2023).
The plaintiff, Jorome Tims, filed a putative class action against his former employer, alleging that the trucking and logistics company violated BIPA by requiring its employees to use a time clock with a fingerprint scanner without (i) implementing a publicly available data retention and destruction policy; (ii) notifying employees and obtaining their consent when collecting their biometrics; and (iii) obtaining employee consent before disclosing their biometric information to third parties. The defendant moved to dismiss the complaint, arguing that the plaintiff’s claims were barred by the one-year statute of limitations under the Illinois Code of Civil Procedure that governs actions for the “publication of matter[s] violating the right of privacy.”
A group of musicians has lost its bid in Waite v. UMG Recordings, No. 1:19-cv-01091-LAK (S.D.N.Y. 2019), to assert copyright infringement claims on a classwide basis against the record labels holding copyrights in the musicians’ sound recordings.
Seeking to reclaim the copyrights, the plaintiffs had issued notices of termination pursuant to Section 203 of
A U.S. District Court Judge in California dismissed a putative class action asserting claims under section 637.7 of the California Invasion of Privacy Act (CIPA) in a case that could have useful implications for automotive and other device manufacturers whose products have the ability to track location. Plaintiff claimed that a third-party company, Otonomo Inc., partnered with automobile manufacturers to use the telematics control units (TCUs) installed in their vehicles to track a driver’s location via GPS without the driver’s knowledge. The Court rejected the claim, holding that because the TCU devices were built-in, rather than devices added to a vehicle, they were not “attached” to the car and thus did not fall within the statute’s definition of “electronic tracking device.”
The Ninth Circuit recently held that the Children’s Online Privacy Protection Act, which gives the Federal Trade Commission authority to regulate the online collection of personal information from children under the age of 13, does not preempt consistent state law, potentially increasing the risk of class action litigation based on alleged COPPA violations. See Jones
An Alabama district court recently granted dismissal of a class action asserting Illinois Biometric Information Privacy Act (“BIPA”) claims brought by Illinois residents against ProctorU, Inc. in Thakkar v. ProctorU Inc., No. 2:21-cv-01565 (N.D. Ala.). The district court concluded that a choice-of-law provision contained in the terms of service and which required the application of Alabama law precluded the application of BIPA to the conduct alleged.
A court in the District of Kansas recently remanded a data breach class action against a hospital to state court for lack of standing, holding that the named plaintiffs had failed to demonstrate any injury in fact that was fairly traceable to the exposure of their personal and health information. See Memorandum and Order, Blood v. Labette County Medical Center, No. 5:22-cv-04036-HLT-KGG (D. Kansas Oct. 20, 2022), ECF 27.
Continue Reading Hospital Data Breach Class Action Fails Due to “Speculative” Injury
The Third Circuit recently reinstated the putative class action Clemens v. ExecuPharm Inc., concluding there was sufficient risk of imminent harm after a data breach to confer standing on the named plaintiff when the information had been posted on the Dark Web.
The Northern District of California denied class certification in a data breach suit against Zoosk, an online dating service, concluding that the lead plaintiff had waived any right to represent a class by agreeing to a class-action waiver. See Order Denying Class Certification, Flores-Mendez v. Zoosk, Inc., No. 3:20-04929-WHA (N.D. Cal. July 27, 2022).
On July 21, the federal district court denied remand of a proposed class action against Build-A-Bear Workshop, Inc., rejecting the plaintiff’s attempt to remand based merely on Build-A-Bear raising lack of standing as an affirmative defense in its answer. See Order Denying Motion to Remand, Ruby v. Build-A-Bear Workshop, Inc., No. 4:21-cv-01152-JAR (E.D. Mo. July 21, 2022).