Litigation

Dozens of lawsuits have started challenging businesses’ use of website tools to collect IP addresses under the “pen register” and “trap and trace device” provision of the California Invasion of Privacy Act (“CIPA”).  As we reported last month, a California court dismissed one of these lawsuits because of a

Continue Reading Another California Court Holds CIPA’s Pen Register Provision Does Not Prohibit the Collection of IP Addresses

A Colorado federal judge recently granted a motion to dismiss a putative class action against two healthcare software companies arising from a 2022 data breach in which a threat actor allegedly accessed personally identifiable information (“PII”) and protected health information (“PHI”) in “over 250,000 patient records.”  See Henderson v. Reventics, LLC, 2024 WL 5241386 (D. Colo. Sept. 30, 2024).Continue Reading Colorado Federal Court Dismisses Data Breach Class Action for Lack of Article III Standing

Websites cannot load without the transmission of an IP address, which tells websites where to deliver the webpages displayed on a user’s browser.  Yet a number of lawsuits have started challenging this routine transmission of IP addresses under a lesser-known provision of the California Invasion of Privacy Act (“CIPA”) that

Continue Reading Court Holds CIPA’s Pen Register Provision Does Not Impose Liability for “What Makes the Internet Possible.”

Despite a lead plaintiff with unique injuries, the Northern District of Indiana recently certified a class seeking economic damages under Indiana’s consumer protection statute in a case challenging contaminated hand sanitizer manufactured by 4e Brands North America, LLC.  Callantine v. 4e Brands North America, LLC, 2024 WL 4903361 (N.D. Ind. Nov. 27, 2024). 

In June 2020, Defendant 4e voluntarily recalled all of its hand sanitizer lots due to the presence of methanol.  The plaintiff filed a class action lawsuit two months later, alleging that she had suffered both economic and personal injuries, and that she was entitled to statutory damages.  The individual class members’ damages, however, would be “largely limited to statutory damages.” Continue Reading Unique Injuries No Bar to Class Certification Pursuing Economic Damages

In a putative consumer data breach class action, a court in the Northern District of California recently denied a cloud solution company’s motion to dismiss the plaintiffs’ negligence claim finding that the plaintiffs plausibly alleged that the company owed consumers a duty of care. See In re Accellion, Inc. Data Breach Litig., 2024 WL 4592367 (N.D. Cal. Oct. 28, 2024).Continue Reading California Federal Court Finds Plaintiffs Plausibly Alleged That Cloud Solution Company Owed Consumers Duty of Care

The Northern District of Ohio recently granted summary judgment to Ancestry.com in a putative class action asserting that Ancestry.com violated plaintiff’s rights to publicity and privacy by using his yearbook photos in marketing materials without consent.  See Wilson v. Ancestry.com, 2024 WL 3992356 (N.D. Ohio Aug. 27, 2024).Continue Reading Ohio Federal Court Grants Summary Judgment on Right of Publicity and Invasion of Privacy Claims Involving Yearbook Photos

Under Ninth Circuit precedent, when a defendant brings a factual challenge to jurisdiction, the district court may resolve factual disputes so long as the jurisdictional and merits inquiries are not intertwined.  But where the jurisdictional and merits inquiries are intertwined, the court must treat the motion like a motion for summary judgment and “leave the resolution of material factual disputes to the trier of fact.”  The Ninth Circuit recently confirmed that the same rules apply to a factual challenge to Article III standing.Continue Reading Ninth Circuit Holds Courts Cannot Decide Factual Disputes in Standing Challenges Where Standing and Merits Analyses Are Intertwined

The Seventh Circuit has added its voice to a growing circuit split on Rule 23(c)(4) issue classes.  In Jacks v. DirecSat USA, LLC—a long-running class action alleging wage and hour violations by DirectSat satellite service technicians—that court weighed in on the scope of Rule 23(c)(4) and its interplay with Rule 23(b).  Jacks v. DirectSat USA, LLC, __ F.4th __, 2024 WL 4380256 (7th Cir. Oct. 3, 2024).             

Jacks had a lengthy procedural history.  After initially certifying a Rule 23(b)(3) class, the District Court decertified it following a 2013 Seventh Circuit decision.  Id. at *2.  Thereafter, the District Court certified “fifteen liability-related issues to proceed on a classwide basis under Rule 23(c)(4).”  Id.  Nearly four years later, the case was assigned to a new judge.  Id. at *3.  Three years after that, defendants moved to decertify the issue classes.  Id.  The new judge agreed, decertifying the issue classes because “defendants’ liability [could not] be determined on a classwide basis” and so the classes did not satisfy Rule 23(b)(3).  Id. Continue Reading What’s the Issue? Seventh Circuit Clarifies Scope of Rule 23(c)(4) Issue Classes

On September 30, a New Jersey federal court dismissed with prejudice an antitrust class action complaint alleging that several Atlantic City hotel operators engaged in a per se illegal “hub-and-spoke” price-fixing conspiracy through their use of software algorithms to set room rental rates.  Cornish-Adebiyi v. Caesars Entertainment, No. 1:23-CV-02536 (D.N.J.).

According to the court, class plaintiffs’ allegations concerning Atlantic City hoteliers suffered from the “same factual deficiencies identified” by a Nevada federal court in Gibson v. Cendyn Group, No. 2:23-cv-00140 (D. Nev.), which rejected price-fixing allegations arising from Las Vegas hotels’ use of the same software.  The court concluded that, in both cases, plaintiffs failed to plausibly allege the existence of unlawful agreements between the hotels at the “rim” of the alleged “hub-and-spoke” price-fixing conspiracy for several reasons.Continue Reading New Jersey Court Dismisses Software Price-Fixing Claims Against Atlantic City Casinos

A California federal judge has denied class certification in a data privacy lawsuit against Yodlee, Inc., finding that the proposed class representatives lacked Article III standing and failed to satisfy Rule 23’s typicality and adequacy requirements.  Covington represents Yodlee in this action.  Clark v. Yodlee, No. 20-cv-05991-SK (N.D. Cal.)

Continue Reading California Federal Court Denies Class Certification in Data Privacy Case