Privacy

On April 24, 2023, a judge in the Southern District of New York dismissed a putative class action alleging that Scripps Network LLP (“HGTV”) disclosed plaintiffs’ identities and streaming activities on hgtv.com in violation of the Video Privacy Protection Act (“VPPA”).  See Carter v. Scripps Networks, LLC, No. 22-CV-2031 (PKC), 2023 WL 3061858, at *1 (S.D.N.Y. Apr. 24, 2023).

Continue Reading Federal Court Finds That Plaintiffs Aren’t “Subscribers” Under The Video Privacy Protection Act

A judge in the Northern District of California granted in part and denied in part Oracle America, Inc.’s motion to dismiss a putative class action alleging that the data broker collects and sells internet users’ personal information for targeting advertising and other purposes in violation of wiretapping acts and privacy-based laws.  See Order Granting in Part and Denying in Part Motion to Dismiss, Katz-Lacabe v. Oracle Am., No. 3:22-cv-04792-RS (N.D. Cal. Apr. 6, 2023).  In the suit against Oracle, the three named plaintiffs – residents of California, Florida, and Ireland – purported to represent five separate classes of individuals, including a California class, nationwide class, and global class.

Continue Reading Court finds Plaintiffs Pled “Just Barely Enough” to Withstand Dismissal of California Wiretapping Claim against Data Broker

Last week, the Western District of Washington granted in part and denied in part a motion to dismiss a TCPA putative class action lawsuit against Assurance IQ and Boomsourcing after finding that plaintiffs failed to allege facts to support the elements of a TCPA claim.  See Order Granting in Part and Denying in Part Motions to Dismiss, Rogers v. Assurance IQ, LLC, No. 2:21-cv-00823-TL (W.D. Wash. March 27, 2023).

Continue Reading Court Finds “Naked Assertions” Cannot Sustain TCPA Claim

The Illinois Supreme Court has ruled that separate claims under the state’s Biometric Information Privacy Act (BIPA) accrue “with every scan or transmission” of a person’s biometric information—rejecting the idea that only a single claim accrues at the start of a series of similar scans or disclosures.

The decision, Cothron v. White Castle, substantially increases potential damages exposure for BIPA defendants.  The potential for large monetary awards is likely to spur more BIPA lawsuits in Illinois—and potentially beyond, as several other States have similar privacy laws taking effect in 2023.  At the same time, however, Cothron establishes that trial courts have discretion to determine the appropriate amount of statutory damages (subject to a $5,000-per-violation cap), and suggests that it would be an abuse of discretion for a trial court to permit such a sizeable award that a company’s financial viability would be threatened. 

Continue Reading New BIPA Claims Accrue “With Every Scan or Transmission” of Biometric Information, Says the Illinois Supreme Court  

Dior recently defeated an Illinois Biometric Information Privacy Act (“BIPA”) putative class action on the pleadings by arguing that BIPA’s exemption for patient data captured in a health care setting covered the plaintiff’s use of Dior’s virtual try-on tool while shopping for non-prescription sunglasses.  See Warmack-Stillwell v. Christian Dior, Inc., No. 1:22-CV-04633 (N.D. Ill. Feb. 10, 2023). 

Continue Reading Dior’s Virtual Try-On Tool Fits in BIPA Healthcare Exemption, Illinois Court Says

The Illinois Supreme Court recently held that all claims brought under the Biometric Information Privacy Act (“BIPA”) are subject to a five-year statute of limitations, partly overturning a lower court decision that had applied a one-year limitations period to some claims brought under the law.  See Tims v. Black Horse Carriers, Inc., 2023 IL 127801 (Feb. 2, 2023).

The plaintiff, Jorome Tims, filed a putative class action against his former employer, alleging that the trucking and logistics company violated BIPA by requiring its employees to use a time clock with a fingerprint scanner without (i) implementing a publicly available data retention and destruction policy; (ii) notifying employees and obtaining their consent when collecting their biometrics; and (iii) obtaining employee consent before disclosing their biometric information to third parties.  The defendant moved to dismiss the complaint, arguing that the plaintiff’s claims were barred by the one-year statute of limitations under the Illinois Code of Civil Procedure that governs actions for the “publication of matter[s] violating the right of privacy.”

Continue Reading Illinois Supreme Court Holds Five-Year Statute of Limitations Applies to All Claims under BIPA

A U.S. District Court Judge in California dismissed a putative class action asserting claims under section 637.7 of the California Invasion of Privacy Act (CIPA) in a case that could have useful implications for automotive and other device manufacturers whose products have the ability to track location.  Plaintiff claimed that a third-party company, Otonomo Inc., partnered with automobile manufacturers to use the telematics control units (TCUs) installed in their vehicles to track a driver’s location via GPS without the driver’s knowledge.  The Court rejected the claim, holding that because the TCU devices were built-in, rather than devices added to a vehicle, they were not “attached” to the car and thus did not fall within the statute’s definition of “electronic tracking device.”

Continue Reading Class Action Suit Brought Under CIPA Section 637.7 for Alleged Location-Based Tracking of Vehicles Is Dismissed

The Ninth Circuit recently held that the Children’s Online Privacy Protection Act, which gives the Federal Trade Commission  authority to regulate the online collection of personal information from children under the age of 13, does not preempt consistent state law, potentially increasing the risk of class action litigation based on alleged COPPA violations.  See Jones

The Northern District of California recently dismissed with prejudice a putative class action lawsuit against Google, which alleged that the company used a secret program called “Android Lockbox” to spy on Android smartphone users.  See Order Granting Motion to Dismiss, Hammerling v. Google LLC, No. 21-cv-09004-CRB (N.D. Cal. December 1, 2022).  The Court previously dismissed the case in July and gave plaintiffs leave to amend, but signaled that the complaint’s deficiencies would be “difficult to cure.”  Finding that plaintiffs had failed to cure the previous deficiencies, the court dismissed with prejudice on all ten claims.

Continue Reading Google Wins Final Dismissal In “Android Lockbox” Putative Class Action

An Alabama district court recently granted dismissal of a class action asserting Illinois Biometric Information Privacy Act (“BIPA”) claims brought by Illinois residents against ProctorU, Inc. in Thakkar v. ProctorU Inc., No. 2:21-cv-01565 (N.D. Ala.).  The district court concluded that a choice-of-law provision contained in the terms of service and which required the application of Alabama law precluded the application of BIPA to the conduct alleged.

Continue Reading Alabama Federal Court Finds Choice-of-Law Provision Bars BIPA Privacy Lawsuit Against Online Examination Company