Privacy

The District Court for the Northern District of Illinois recently granted in part a motion to dismiss a putative class action complaint asserting wiretapping, Illinois Biometric Information Privacy Act (“BIPA”), and consumer protection claims relating to their eufy home security cameras and video doorbells (the “Eufy Products”).  See Sloan, et al. v. Anker Innovations Ltd., No. 22-CV-7174 (N.D. Ill. Jan. 9, 2024).  Plaintiffs contend in their complaint that the Eufy Products applied a facial recognition program to differentiate images of known and unknown individuals within home security services and purportedly misrepresented data storage and encryption practices for the Eufy Products.Continue Reading Illinois Federal Court Partially Dismisses Wiretapping, BIPA Claims Involving Home Security Products

A federal judge in the Western District of Texas recently sided with a growing trend of rulings adopting a narrow reading of the Video Privacy Protection Act (VPPA) in dismissing a putative class action against the operators of a Texas Longhorns email newsletter.  The case involved tracking pixels embedded in videos that were linked in the newsletter but posted to public websites.  The court held that because the plaintiffs had not made a durable commitment through signing up for the newsletter, and because videos were not embedded in the newsletter, plaintiffs failed to meet the definition of “consumer” as defined in the VPPA.Continue Reading Judge Highlights Trend of Narrow Reading of VPPA In Class Action Dismissal

The Ninth Circuit recently upheld a California district court’s dismissal of a proposed class action against Shopify for lack of personal jurisdiction, cautioning that subjecting web-based platforms to jurisdiction in every forum in which they are accessible would lead to the “eventual demise of all restrictions” on personal jurisdiction.

In Briskin v. Shopify, Inc., 2022 WL 1427324 (N.D. Cal. May 5, 2022), the plaintiff alleged that Shopify, a Canadian-based company that provides online merchants throughout the United States with an e-commerce payment platform, violated California privacy and consumer protection laws by allegedly collecting his sensitive personal information while using a California-based retailer’s website.  The district court in the Northern District of California dismissed the action, finding that it lacked both general and specific personal jurisdiction over Shopify. 

A panel of the Ninth Circuit affirmed the district court’s dismissal of the complaint for lack of personal jurisdiction, holding that Shopify could not be subjected to jurisdiction in California where it did not expressly aim the alleged conduct implicated by the lawsuit toward California.  Briskin v. Shopify, Inc., 2023 WL 8225346 (9th Cir. Nov. 28, 2023).  Briskin confirms the Ninth Circuit’s view that for interactive websites and other web-based services and platforms that operate nationwide, “something more” is needed to satisfy the express aiming requirement for personal jurisdiction.Continue Reading Ninth Circuit Finds No Personal Jurisdiction in California Over Website

The Ninth Circuit on Friday held that vehicle infotainment systems that illegally record private communications might generate an injury-in-fact sufficient to satisfy Article III standing—but (without more) such recordings fail to injure a plaintiff’s “person,” “business,” or “reputation” as is required to gain statutory standing under the Washington Privacy Act (“WPA”).Continue Reading Are You Not Infotained?  The Ninth Circuit Tightens Statutory Standing Rules for WPA Claims

A federal district court in the Northern District of California granted a motion to dismiss a putative class action where the plaintiff claimed that the defendant violated the California Invasion of Privacy Act (“CIPA”) § 631 for using a third-party chat feature on its website. The court dismissed the plaintiff’s claim for lack of Article III standing but granted leave to amend.Continue Reading Federal Court Dismisses Chatbot Claim for Lack of Article III Standing Where Plaintiff Could Not Show Concrete Injury

Only one claim survived dismissal in a recent putative class action lawsuit alleging that a pathology laboratory failed to safeguard patient data in a cyberattack.  See Order Granting Motion to Dismiss in Part, Thai v. Molecular Pathology Laboratory Network, Inc., No. 3:22-CV-315-KAC-DCP (E.D. Tenn. Sep. 29, 2023), ECF 38.Continue Reading All but One Claim in Pathology Lab Data Breach Class Action Tossed on Motion to Dismiss

Recently, a court in the Northern District of California compelled arbitration in a putative privacy class action, concluding that the arbitration provision included in a photo-editing app’s terms of use was not unconscionable.  See Flora, et al., v. Prisma Labs, Inc., 2023 WL 5061955 (N.D. Cal. Aug. 8, 2023).Continue Reading California Federal Court Finds That Plaintiffs Must Arbitrate Their BIPA Claims

Last week, the Ninth Circuit rejected an attempt to broaden the scope of the Telephone Consumer Protection Act (“TCPA”), 47 U.S.C. § 227, when it held that text messages not containing audio could not violate the TCPA’s prohibition against sending messages with “artificial or prerecorded voices.”  See Trim v. Reward Zone USA LLC, — F.4th –, 2023 WL 5025264, at *4 (9th Cir. Aug. 8, 2023). Continue Reading Ninth Circuit Holds Spam Text Messages Are Not Prerecorded Voices Under TCPA  

A court in the Southern District of California recently dismissed for failure to state a claim a case contending that a health care corporation violated users’ privacy under California law.  See Cousin v. Sharp Healthcare, No. 22-CV-2040-MMA (DDL), 2023 WL 4484441 (S.D. Cal. July 12, 2023).

In the proposed class action suit against Sharp Healthcare, a non-profit that operates multiple hospitals and medical groups, plaintiffs alleged violations of privacy under the California Constitution and common law, as well as violations of the California Confidentiality of Medical Information Act (“CMIA”) and California Invasion of Privacy Act (“CIPA”).  Plaintiffs claimed that Sharp collected and shared patients’ personal and sensitive health information by incorporating a third-party pixel on Sharp’s website.Continue Reading Court finds Plaintiffs Fail to Plead CMIA, CIPA Claims against Health Care Corporation based on Conclusory, Hypothetical, and Vague Assertions

At the end of last month, courts handed down two decisions in favor of website operators and their service providers in session replay litigation, granting motions to dismiss on personal jurisdiction grounds.Continue Reading Website Operator and Session Replay Provider Succeed on Personal Jurisdiction Arguments