Data Privacy

The California Invasion of Privacy Act (CIPA) provides a private right of action only to those who have “been injured by a violation of” CIPA.  A California Superior Court decision, Rodriguez v. Fountain9, Inc., 2024 WL 3886811, at *4 (Cal. Super. July 9, 2024), confirmed that a plaintiff cannot satisfy this statutory standing requirement unless the plaintiff alleges “a concrete injury-in-fact.”Continue Reading California State Court Holds That A Concrete Injury-In-Fact Is Required To Bring Claims Under CIPA

A Central District of California court recently dismissed a putative privacy class action after determining that the movie theater defendants were not Video Tape Service Providers as defined by the Video Privacy Protection Act (“VPPA”).  See Walsh v. California Cinema Investments LLC, 2024 WL 3593569 (C.D. Cal. July 29, 2024).  Two other California federal courts recently have reached similar conclusions, and appeals of those rulings are currently pending before the Ninth Circuit.  See Garza v. Alamo Intermediate II Holdings, LLC, 2024 WL 1171737, at *1 (N.D. Cal. Mar. 19, 2024); Osheske v. Silver Cinemas Acquisition Co., 700 F. Supp. 3d 921 (C.D. Cal. 2023).Continue Reading Another California Federal Court Rules Movie Theater Is Not “Video Tape Service Provider” Under the VPPA.

On August 6, 2024, Judge Jorge L. Alonso of the Northern District of Illinois issued an order dismissing Brantley v. Prisma Labs, Inc., a proposed class action suit against the creator of the “Magic Avatar” AI app for lack of standing and lack of personal jurisdiction over the representative plaintiff Tyrone Brantley.Continue Reading Judge Makes Class Action Claims Against “Magic Avatar” AI App Disappear

Website analytics tools targeted in wiretapping lawsuits, such as pixels, often allow businesses to shield or mask collected data to avoid the transmission of sensitive data.  A California federal judge recently dismissed a wiretapping complaint filed against Google that glossed over this nuance “to the point of seeming intentionally slippery” in John Doe I, et al. v. Google LLC, 23-cv-02431, 2024 WL 3490744 (N.D. Cal. July 22, 2024).

The twelve plaintiffs in this case claimed that their healthcare providers installed Google technology on their websites, including Google Analytics, to track and collect data about their website activity for advertising purposes.  Among the data allegedly collected was the plaintiffs’ “personal health information.”  Plaintiffs filed a complaint against Google, asserting a mix of privacy claims, including under the California Invasion of Privacy Act (“CIPA”).  According to the plaintiffs, Google unlawfully wiretapped the plaintiffs’ communications with their healthcare providers’ websites, obtaining allegedly sensitive health data in the process.Continue Reading Court Tosses Google Pixel Wiretap Complaint: Plaintiffs Fail to Allege How Pixel Was Configured or Intent to Collect Health Data

On August 2, 2024, Illinois’ governor signed into law S.B. 2979, a significant amendment to the Illinois Biometric Information Privacy Act (BIPA). The bill states that an entity that, in more than one instance, obtains the same biometric identifier or biometric information from the same person using the same method of collection, in violation of BIPA’s notice and consent requirement has committed a single violation. As a result, each aggrieved person is entitled to, at most, one recovery for a single collective violation.Continue Reading Illinois Enacts BIPA Amendment Limiting Violation Accrual

Earlier this year, we covered the dismissal of a putative class action asserting Video Privacy Protection Act (VPPA) claims against the operators of a Texas Longhorns email newsletter. A judge in the Western District of Texas has now dismissed those claims, along with a newly asserted Wiretap Act claim, with prejudice. See Brown v. Learfield Commc’ns, LLC, 2024 WL 1477636 (W.D. Tex. June 27, 2024).  Continue Reading District Court Again Rejects VPPA, Wiretap Claims Against University Newsletter Service

An Illinois federal court has dismissed a proposed class action alleging X Corp. violated the state’s Biometric Information Privacy Act (“BIPA”) through its use of PhotoDNA software to create “hashes” of images to scan for nudity and related content. The court held that Plaintiff failed to allege that the hashes identified photo subjects and therefore failed to allege that the hashes constituted biometric identifiers. Martell v. X Corp., 2024 WL 3011353, at *4 (N.D. Ill. June 13, 2024).Continue Reading Illinois Federal Court Dismisses BIPA Suit Against X, Holding “Biometric Identifiers” Must Identify Individuals

We recently posted about a trend of plaintiffs trying to keep certain class actions, including wiretap cases, in California state court and highlighted potential avenues for removal to federal court. Another federal court has weighed in, declining to remand because the plaintiff did not establish that CAFA’s mandatory local controversy exception applied. Miramalek v. Los Angeles Times Communications LLC, 2024 WL 2479940 (N.D. Cal. May 23, 2024). This recent case offers another potential ground for opposing a motion to remand, though it also underscores the attendant risk of jurisdictional discovery.Continue Reading N.D. Cal. Court Declines Remand of California-Focused Wiretap Class Action

Likely spurred by plaintiffs’ recent successes in cases under Illinois’s Biometric Information Privacy Act (“BIPA”), a new wave of class actions is emerging under Illinois’s Genetic Information Privacy Act (“GIPA”). While BIPA regulates the collection, use, and disclosure of biometric data, GIPA regulates that of genetic testing information. Each has a private right of action and provides for significant statutory damages, even potentially where plaintiffs allege a violation of the rule without actual damages.[1] From its 1998 enactment until last year, there were few GIPA cases, and they were largely focused on claims related to genetic testing companies.[2] More recently, plaintiffs have brought dozens of cases against employers alleging GIPA violations based on allegations of employers requesting family medical history through pre-employment physical exams. This article explores GIPA’s background, the current landscape and key issues, and considerations for employers.Continue Reading Employers Beware: New Wave of Illinois Genetic Information Privacy Act Litigation

A district court judge in the Northern District of California recently denied class certification in a putative privacy class action against Google and its Real Time Bidding (“RTB”) advertising system. Plaintiffs moved to certify both damages and injunctive relief classes based on allegations that Google shared personal information through its RTB system. The court denied with prejudice certification under Rule 23(b)(3), finding that individual questions about class member’s past consent to—and subjective understanding of—Google’s disclosures would predominate. The district court also denied the proposed injunctive relief class on the grounds that the proposed class definition was “fail-safe” and that plaintiffs had not met their burden to prove that their data was representative of the proposed class, but the court did so with leave to amend and requested further briefing. Plaintiffs subsequently petitioned for leave to appeal the denial to the Ninth Circuit.Continue Reading Affirmative Defense of Consent Leads to 23(b)(3) Class Certification Denial in Google Ad Bidding Privacy Litigation