Dozens of lawsuits have started challenging businesses’ use of website tools to collect IP addresses under the “pen register” and “trap and trace device” provision of the California Invasion of Privacy Act (“CIPA”). As we reported last month, a California court dismissed one of these lawsuits because of a
Continue Reading Another California Court Holds CIPA’s Pen Register Provision Does Not Prohibit the Collection of IP AddressesData Privacy
Court Holds CIPA’s Pen Register Provision Does Not Impose Liability for “What Makes the Internet Possible.”
Websites cannot load without the transmission of an IP address, which tells websites where to deliver the webpages displayed on a user’s browser. Yet a number of lawsuits have started challenging this routine transmission of IP addresses under a lesser-known provision of the California Invasion of Privacy Act (“CIPA”) that…
Continue Reading Court Holds CIPA’s Pen Register Provision Does Not Impose Liability for “What Makes the Internet Possible.”California Federal Court Finds Plaintiffs Plausibly Alleged That Cloud Solution Company Owed Consumers Duty of Care
In a putative consumer data breach class action, a court in the Northern District of California recently denied a cloud solution company’s motion to dismiss the plaintiffs’ negligence claim finding that the plaintiffs plausibly alleged that the company owed consumers a duty of care. See In re Accellion, Inc. Data Breach Litig., 2024 WL 4592367 (N.D. Cal. Oct. 28, 2024).Continue Reading California Federal Court Finds Plaintiffs Plausibly Alleged That Cloud Solution Company Owed Consumers Duty of Care
Illinois Federal Court Rules BIPA Single-Violation Amendment Applies Retroactively
An Illinois federal court has held that the state’s recent amendment to its Biometric Information Privacy Act (“BIPA”) capping damages to one recovery for repeated identical violations applies to cases filed prior to its enactment. Gregg v. Cent. Transp. LLC, 2024 WL 4766297, at *3 (N.D. Ill. Nov. 13, 2024).Continue Reading Illinois Federal Court Rules BIPA Single-Violation Amendment Applies Retroactively
Massachusetts Supreme Judicial Court Holds That Third-Party Technologies Relating to Web Browsing Do Not Violate Massachusetts Wiretap Act
Massachusetts’s highest court has ruled that website operators’ use of third-party technology, including Google Analytics and Meta Pixel, to collect data on individuals’ browsing of and interactions with websites does not violate the state’s anti-wiretapping law. Vita v. New England Baptist Hospital, No. SJC-13542, 2024 WL 4558621, at *16 (Mass. Oct. 24, 2024). The court explained that those activities do not clearly amount to the person-to-person communications the 1960s-era statute is intended to cover.Continue Reading Massachusetts Supreme Judicial Court Holds That Third-Party Technologies Relating to Web Browsing Do Not Violate Massachusetts Wiretap Act
California State Court Holds That A Concrete Injury-In-Fact Is Required To Bring Claims Under CIPA
The California Invasion of Privacy Act (CIPA) provides a private right of action only to those who have “been injured by a violation of” CIPA. A California Superior Court decision, Rodriguez v. Fountain9, Inc., 2024 WL 3886811, at *4 (Cal. Super. July 9, 2024), confirmed that a plaintiff cannot satisfy this statutory standing requirement unless the plaintiff alleges “a concrete injury-in-fact.”Continue Reading California State Court Holds That A Concrete Injury-In-Fact Is Required To Bring Claims Under CIPA
Another California Federal Court Rules Movie Theater Is Not “Video Tape Service Provider” Under the VPPA.
A Central District of California court recently dismissed a putative privacy class action after determining that the movie theater defendants were not Video Tape Service Providers as defined by the Video Privacy Protection Act (“VPPA”). See Walsh v. California Cinema Investments LLC, 2024 WL 3593569 (C.D. Cal. July 29, 2024). Two other California federal courts recently have reached similar conclusions, and appeals of those rulings are currently pending before the Ninth Circuit. See Garza v. Alamo Intermediate II Holdings, LLC, 2024 WL 1171737, at *1 (N.D. Cal. Mar. 19, 2024); Osheske v. Silver Cinemas Acquisition Co., 700 F. Supp. 3d 921 (C.D. Cal. 2023).Continue Reading Another California Federal Court Rules Movie Theater Is Not “Video Tape Service Provider” Under the VPPA.
Judge Makes Class Action Claims Against “Magic Avatar” AI App Disappear
On August 6, 2024, Judge Jorge L. Alonso of the Northern District of Illinois issued an order dismissing Brantley v. Prisma Labs, Inc., a proposed class action suit against the creator of the “Magic Avatar” AI app for lack of standing and lack of personal jurisdiction over the representative plaintiff Tyrone Brantley.Continue Reading Judge Makes Class Action Claims Against “Magic Avatar” AI App Disappear
Court Tosses Google Pixel Wiretap Complaint: Plaintiffs Fail to Allege How Pixel Was Configured or Intent to Collect Health Data
Website analytics tools targeted in wiretapping lawsuits, such as pixels, often allow businesses to shield or mask collected data to avoid the transmission of sensitive data. A California federal judge recently dismissed a wiretapping complaint filed against Google that glossed over this nuance “to the point of seeming intentionally slippery” in John Doe I, et al. v. Google LLC, 23-cv-02431, 2024 WL 3490744 (N.D. Cal. July 22, 2024).
The twelve plaintiffs in this case claimed that their healthcare providers installed Google technology on their websites, including Google Analytics, to track and collect data about their website activity for advertising purposes. Among the data allegedly collected was the plaintiffs’ “personal health information.” Plaintiffs filed a complaint against Google, asserting a mix of privacy claims, including under the California Invasion of Privacy Act (“CIPA”). According to the plaintiffs, Google unlawfully wiretapped the plaintiffs’ communications with their healthcare providers’ websites, obtaining allegedly sensitive health data in the process.Continue Reading Court Tosses Google Pixel Wiretap Complaint: Plaintiffs Fail to Allege How Pixel Was Configured or Intent to Collect Health Data
Illinois Enacts BIPA Amendment Limiting Violation Accrual
On August 2, 2024, Illinois’ governor signed into law S.B. 2979, a significant amendment to the Illinois Biometric Information Privacy Act (BIPA). The bill states that an entity that, in more than one instance, obtains the same biometric identifier or biometric information from the same person using the same method of collection, in violation of BIPA’s notice and consent requirement has committed a single violation. As a result, each aggrieved person is entitled to, at most, one recovery for a single collective violation.Continue Reading Illinois Enacts BIPA Amendment Limiting Violation Accrual