Privacy

Recently, a court in the Northern District of California compelled arbitration in a putative privacy class action, concluding that the arbitration provision included in a photo-editing app’s terms of use was not unconscionable.  See Flora, et al., v. Prisma Labs, Inc., 2023 WL 5061955 (N.D. Cal. Aug. 8, 2023).

Continue Reading California Federal Court Finds That Plaintiffs Must Arbitrate Their BIPA Claims

Last week, the Ninth Circuit rejected an attempt to broaden the scope of the Telephone Consumer Protection Act (“TCPA”), 47 U.S.C. § 227, when it held that text messages not containing audio could not violate the TCPA’s prohibition against sending messages with “artificial or prerecorded voices.”  See Trim v. Reward Zone USA LLC, — F.4th –, 2023 WL 5025264, at *4 (9th Cir. Aug. 8, 2023). 

Continue Reading Ninth Circuit Holds Spam Text Messages Are Not Prerecorded Voices Under TCPA  

A court in the Southern District of California recently dismissed for failure to state a claim a case contending that a health care corporation violated users’ privacy under California law.  See Cousin v. Sharp Healthcare, No. 22-CV-2040-MMA (DDL), 2023 WL 4484441 (S.D. Cal. July 12, 2023).

In the proposed class action suit against Sharp Healthcare, a non-profit that operates multiple hospitals and medical groups, plaintiffs alleged violations of privacy under the California Constitution and common law, as well as violations of the California Confidentiality of Medical Information Act (“CMIA”) and California Invasion of Privacy Act (“CIPA”).  Plaintiffs claimed that Sharp collected and shared patients’ personal and sensitive health information by incorporating a third-party pixel on Sharp’s website.

Continue Reading Court finds Plaintiffs Fail to Plead CMIA, CIPA Claims against Health Care Corporation based on Conclusory, Hypothetical, and Vague Assertions

At the end of last month, courts handed down two decisions in favor of website operators and their service providers in session replay litigation, granting motions to dismiss on personal jurisdiction grounds.

Continue Reading Website Operator and Session Replay Provider Succeed on Personal Jurisdiction Arguments

Last week, the Eleventh Circuit reversed in part and remanded an order certifying a class in a case arising from a data breach of Chili’s restaurants, Green-Cooper v. Brinker International, Inc., No. 21-13146, 2023 WL 4446420 (11th Cir. July 11, 2023).  The opinion clarifies the Eleventh Circuit’s view of when data breaches give rise to Article III standing.

Continue Reading Eleventh Circuit Holds Having Payment Information Posted to Dark Web Establishes Standing in Data Breach Case, Remands Class Certification Order

Last month, a defendant won dismissal of a putative VPPA class action when the court concluded that the defendant’s use of online videos was not central to the defendant’s business, and the VPPA therefore did not apply.  Another court has now reached the same result.  See Cantu v. Tapestry, Inc., 3:22-cv-01974 (S.D. Cal. July 10, 2023).  This trend highlights the limits of the VPPA’s reach and provides forceful grounds for future motions to dismiss and demand letter responses.

Continue Reading Another Court Dismisses VPPA Class Action Because Defendant’s Online Videos Were Only a Peripheral Part of Its Business

In the past year, plaintiffs have filed a wave of lawsuits asserting claims under the Video Privacy Protection Act (“VPPA”) in connection with the alleged use of third-party pixels on websites that offer video content.  A recent decision establishes the limits of the VPPA’s reach and provides a well-reasoned ground for future motions to dismiss.

Continue Reading Recent Decision Dismissing VPPA Class Action Claim Shows Limits of VPPA’s Reach

A federal district court recently denied remand of a proposed class action against Twitter, Inc., rejecting plaintiff’s arguments, including that the removal was improper because his claim was limited to a “statutory damages remedy” that does not confer Article III standing under TransUnion LLC v. RamirezSee Order Denying Plaintiff’s Motion to Remand, Morgan v. Twitter, Inc., No. 2:22-cv-00122-MKD (E.D. Wash. May 5, 2023).

Continue Reading Court Denies Remand of Privacy Suit, Finding Article III Standing Under TransUnion

A court in the Northern District of California recently dismissed with prejudice a case that claimed a company violated the New York Video Consumer Privacy Act (“NYVCPA”) and the Minnesota Video Privacy Law (“MVPL”) by retaining consumers’ personally identifiable video rental history data.  The court found that neither the NYVCPA nor the MVPL contained private rights of action for retention of that data.

Continue Reading New York and Minnesota Video Privacy Statutes Do Not Include Private Rights of Action for Retention of Rental History Data, Federal Court Holds

Late last year, our colleagues highlighted a wave of class action litigation asserting novel claims under state wiretap laws against website operators that use session replay software and chatbots on consumer websites.  Federal district courts in California have now ruled on the first round of chatbot cases, most brought by a handful of “tester” plaintiffs under the California Invasion of Privacy Act (“CIPA”), Cal. Penal Code §§ 630 et seq., and have nearly uniformly rejected the claims.  These initial favorable rulings should be helpful for defendants facing similar claims.

Continue Reading A Closer Look: Courts Reject California Wiretap Claims Based on Website Chat Features