Technology

Courts continue to grapple with the type of “concrete harm” that is required to confer Article III standing under TransUnion LLC v. Ramirez, 594 U.S. 413 (2021), particularly in data breach and privacy class actions.  On October 14, the Fourth Circuit contributed to this debate, holding that allegations that plaintiffs’ driver’s license data had been leaked and appeared on the dark web were sufficient to establish standing.

Holmes v. Elephant Ins. Co., — F.4th —, 2025 WL 2907615 (4th Cir. 2025), started with a 2022 data breach of Elephant Insurance Company’s networks.  Id. at *1.  Plaintiffs were Elephant customers whose driver’s license numbers were compromised in the breach.  Id.  They sued Elephant for alleged harms stemming from the breach.  Id. at *3.  Two plaintiffs specifically alleged that they had found their driver’s license numbers on the dark web; the others did not.  Id. at *2.  The district court dismissed plaintiffs’ claims, holding that none of the alleged injuries were sufficient to confer standing.  Id.  But the Fourth Circuit disagreed in part, reversing the lower court’s dismissal of the two plaintiffs who alleged that their driver’s license information appeared on the dark web, but affirming dismissal of the other two. 

Continue Reading Standing in the Dark:  Fourth Circuit Finds Standing for Driver’s License Information on the Dark Web

On August 15, the Ninth Circuit Court of Appeals affirmed the dismissal of a class action complaint in Gibson v. Cendyn Group, No. 24-3576, rejecting plaintiffs’ arguments that Las Vegas hotels violated Section 1 of the Sherman Act through their common use of revenue management software.  The decision follows

Continue Reading Ninth Circuit Rejects Vegas Hotel Algorithmic Price Fixing Claims

In Nicole Pileggi v. Washington Newspaper Publishing Company LLC, the D.C. Circuit unanimously affirmed the district court’s dismissal of a complaint alleging that news magazine and website Washington Examiner disclosed consumers’ personal information through a third-party pixel in violation of the Video Privacy Protection Act (“VPPA”). 

In 2023, Pileggi alleged that the Examiner’s use of a third-party pixel on its site gave the third party the ability to collect website visitors’ personal information, including IP addresses and titles of videos they had watched.  The District Court for the District of Columbia granted the Examiner’s motion to dismiss early last year, holding that Pileggi was not a “consumer” under the VPPA and that she failed to establish the requisite connection between her subscription to the Examiner’s newsletter and the video information allegedly disclosed.

Continue Reading D.C. Circuit Deepens Circuit Split on Interpretation of “Consumer” Under VPPA

Last month, a California federal court in Dai v. SAS Institute, No. 4:24-cv-02537 (N.D. Cal. 2025), dismissed a proposed antitrust class action complaint against six nationwide hotel operators alleging that the hotels’ common use of revenue management software to set their room prices amounted to a per se illegal “hub-and-spoke” conspiracy to fix hotel prices in violation of Section 1 of the Sherman Act. 

Continue Reading California Court Dismisses Hotel Algorithmic Price Fixing Claims

Heath and health-adjacent websites, from home pregnancy test companies to eyewear companies, continue to be a target for wiretapping lawsuits if they use pixels or other common-place third-party technologies.  A Texas federal court recently dismissed one such suit challenging the use of website pixels by Eyemart Express, LLC, a company

Continue Reading Eyewear Company Wins Dismissal of Pixel Wiretapping Suit

Health-related websites are increasingly targeted with wiretapping suits if they use pixels or other third-party technologies to power their websites.  A few months ago, a California court dismissed on multiple grounds one such suit challenging the use of website pixels by Clearblue, a company that offers home pregnancy and fertility test kits.  Saedi v. SPD Swiss Precision Diagnostics d/b/a Clearblue, 2025 WL 1141168 (C.D. Cal. Feb. 27, 2025).

Continue Reading Home Pregnancy Test Company Wins Dismissal of Pixel Wiretapping Suit

“Session replay” software is one of many website analytics tools targeted in wiretapping suits under the California Invasion of Privacy Act (“CIPA”).  Last month, a California federal court confirmed one of the many reasons why the use of this software does not violate CIPA section 631: A defendant cannot “read” (or attempt to read) session replay data “in transit,” as CIPA requires, because “events recorded by” this software “do not become readable content until after they are stored and reassembled into a session replay.”  Torres v. Prudential Financial, Inc., 2025 WL 1135088 (N.D. Cal. Apr. 17, 2025). 

Continue Reading Court Grants Summary Judgment: Website Vendor Cannot Read “Session Replay” Data “In Transit” Under CIPA

Lawsuits targeting businesses’ use of website tools under the California Invasion of Privacy Act (“CIPA”) increasingly are filed by so-called “tester” plaintiffs.  These plaintiffs seek out websites to “test” for potential CIPA violations and then file lawsuits seeking damages for those alleged violations.  A California federal court recently confirmed that

Continue Reading “Tester” Plaintiff Who “Actively Seeks Out Privacy Violations” Lacks Standing to Pursue CIPA Claim

Plaintiffs’ lawyers have continued to bring privacy claims targeting businesses that use vendors to help provide beneficial chat features on their website, as we last reported here.  Late last year, a Southern District of California judge dismissed another set of privacy claims challenging the routine use of these vendor services by Tonal, a popular smart home gym company named as the sole defendant in the lawsuit.  Jones v. Tonal Systems, Inc., 751 F. Supp. 3d 1025 (S.D. Cal. 2024).

Plaintiff Julie Jones, a California resident, claimed that she had visited Tonal’s website and used its chat feature to communicate with a Tonal customer service representative.  This chat feature allegedly incorporated an API run by another company to create and store transcripts of website visitors’ chats with Tonal’s customer service representatives.  According to the complaint, this alleged conduct constituted wiretapping, which Tonal purportedly aided and abetted in violation of Sections 631 and 632.7 of the California Invasion of Privacy Act (“CIPA”).  Plaintiff also asserted other privacy claims based on the same alleged conduct, including the California Unfair Competition Law (“UCL”) and the California Constitution’s right to privacy provision.

The Court granted Tonal’s motion to dismiss each of plaintiff’s claims on multiple grounds.

Continue Reading Another California Court Rejects Privacy Claims Targeting Online Chat Feature

Early this month, a Northern District of California judge dismissed, with prejudice, a putative class action complaint asserting five privacy-related causes of action, concluding the “issue of consent defeat[ed] all of Plaintiffs’ claims.”  Lakes v. Ubisoft, Inc., –F. Supp. 3d–, 2025 WL 1036639 (N.D. Cal. Apr. 2, 2025).  Specifically, the Court dismissed plaintiffs’ claims under the (1) Video Privacy Protection Act (“VPPA”); (2) Federal Wiretap Act; (3) California Invasion of Privacy Act (“CIPA”) § 631; (4) common law invasion of privacy; and (5) Article I, Section 1 of the California Constitution. 

Continue Reading California Court Holds Plaintiffs’ Consent Defeats Claims Involving Use of Website Pixel