Data Privacy and Cybersecurity

On August 6, 2024, Judge Jorge L. Alonso of the Northern District of Illinois issued an order dismissing Brantley v. Prisma Labs, Inc., a proposed class action suit against the creator of the “Magic Avatar” AI app for lack of standing and lack of personal jurisdiction over the representative plaintiff Tyrone Brantley.

Continue Reading Judge Makes Class Action Claims Against “Magic Avatar” AI App Disappear

Delivering a significant win for businesses hit with website wiretapping lawsuits, a California federal judge granted a defendant’s motion for summary judgment under the California Invasion of Privacy Act (“CIPA”) in Gutierrez v. Converse Inc., 2024 WL 3511648 (C.D. Cal. Jul. 12, 2024). 

The website tool at issue in this case, like hundreds of other cases, was a third-party-enabled chat feature that businesses install on their websites to connect customers with live customer service agents.  Plaintiff Nora Gutierrez alleged that she visited Defendant Converse’s website with this chat feature installed, and that the chat provider stored her chat communications with Converse’s customer service agents on its servers.  Gutierrez characterized this practice as “wiretapping” and she asserted a claim against Converse for aiding and abetting the alleged wiretapping in violation of the first and second clause of CIPA section 631(a).

Continue Reading California Federal Court Grants Summary Judgment to Defendant in CIPA Website Wiretapping Case

Earlier this summer we reported that federal courts of appeals are more closely scrutinizing class action settlements that award class counsel outsized sums not reflecting counsels’ time spent on the litigation.  Last week, the Eighth Circuit joined the trend by reversing an attorneys’ fee award of almost $80 million in a “megafund” case that “had barely gotten off the ground before it settled.”  In re T-Mobile Customer Data Sec. Breach Litig., — F.4th —, 2024 WL 3561874, at *1 (8th Cir. July 29, 2024).

Continue Reading Eighth Circuit Reverses “Windfall” Fee Award to Class Counsel

On August 2, 2024, Illinois’ governor signed into law S.B. 2979, a significant amendment to the Illinois Biometric Information Privacy Act (BIPA). The bill states that an entity that, in more than one instance, obtains the same biometric identifier or biometric information from the same person using the same method of collection, in violation of BIPA’s notice and consent requirement has committed a single violation. As a result, each aggrieved person is entitled to, at most, one recovery for a single collective violation.

Continue Reading Illinois Enacts BIPA Amendment Limiting Violation Accrual

Hundreds of lawsuits have accused businesses of using website analytics tools to “wiretap” their customers’ interactions with their website, but these lawsuits often overlook a basic pleading requirement of any wiretapping claim: the collection of a “communication.”  A California federal judge last week added teeth to this requirement, dismissing a wiretapping lawsuit filed against Great Wolf Resorts, Inc. (“Great Wolf”) because the plaintiff failed to plead what “communication” she had with the Great Wolf website in the first place.  See Augustine v. Great Wolf Resorts, Inc., 2024 WL 3450967 (S.D. Cal. July 18, 2024).

Continue Reading California Federal Court Puts Teeth Behind “Communication” Element of Website Wiretapping Claims

A recent Seventh Circuit decision, Wallrich v. Samsung Elecs. Am., Inc., — F.4th —-, 2024 WL 3249646 (7th Cir. July 1, 2024), will be of interest to companies facing mass arbitration demands.

Continue Reading Seventh Circuit Reverses Order Compelling Payment of Mass Arbitration Fees

Earlier this year, we covered the dismissal of a putative class action asserting Video Privacy Protection Act (VPPA) claims against the operators of a Texas Longhorns email newsletter. A judge in the Western District of Texas has now dismissed those claims, along with a newly asserted Wiretap Act claim, with prejudice. See Brown v. Learfield Commc’ns, LLC, 2024 WL 1477636 (W.D. Tex. June 27, 2024).  

Continue Reading District Court Again Rejects VPPA, Wiretap Claims Against University Newsletter Service

A federal judge in the Northern District of California recently dismissed a class action complaint accusing Google of unlawfully wiretapping calls to Verizon’s customer service center through its customer service product, Cloud Contact Center AI.  See Ambriz v. Google, LLC, No. 3:23-cv-05437 (N.D. Cal. June 20, 2024).

Continue Reading California Federal Court Dismisses Complaint Accusing Google of Wiretapping Customer Service Calls

An Illinois federal court has dismissed a proposed class action alleging X Corp. violated the state’s Biometric Information Privacy Act (“BIPA”) through its use of PhotoDNA software to create “hashes” of images to scan for nudity and related content. The court held that Plaintiff failed to allege that the hashes identified photo subjects and therefore failed to allege that the hashes constituted biometric identifiers. Martell v. X Corp., 2024 WL 3011353, at *4 (N.D. Ill. June 13, 2024).

Continue Reading Illinois Federal Court Dismisses BIPA Suit Against X, Holding “Biometric Identifiers” Must Identify Individuals

A federal court in the Northern District of California recently dismissed the majority of claims from a putative class action against Western Digital, in which plaintiffs claim that alleged security flaws in the manufacturer’s data storage devices allowed cyber hackers to access and delete plaintiffs’ data.  See Riordan v. W. Digital Corp., No. 21-CV-06074-EJD, 2024 WL 2868152 (N.D. Cal. June 5, 2024).  The court previously granted in part Western Digital’s motion to dismiss with leave to amend.

Continue Reading Multiple Claims Dismissed from Putative Class Action Involving Cyber Attack on Data Storage Devices