Data Privacy

The Ninth Circuit recently reversed an $800,000 attorney fee award in a data breach class action because the award accounted for too large a portion of the total value of the settlement. In re California Pizza Kitchen Data Breach Litig., — F.4th —, 2025 WL 583419 (9th Cir. Feb. 24, 2025).Continue Reading Ninth Circuit Shoots Down Fee Award in Data Breach Class Action

The Illinois Supreme Court recently ruled that the named plaintiff in a putative data breach class action lacked standing to pursue her claims given that her private personal information had not actually been misused by a third party.Continue Reading Illinois Supreme Court Rules That Plaintiff Lacks Standing to Bring Putative Data Breach Class Action

After removing a lawsuit brought against it in Pennsylvania state court under the Wiretapping and Electronic Surveillance Control Act (“WESCA”) to the United States District Court for the Eastern District of Pennsylvania, Prime Hydration LLC argued in its motion to dismiss that the plaintiff lacked Article III standing.  Judge Nitza I. Quiñones Alejandro agreed and remanded the case to state court.  Heaven v. Prime Hydration LLC, 2025 WL 42964, at *7 (E.D. Pa. Jan. 7, 2025).

Plaintiff Shantay Heaven filed a putative class action in the Philadelphia Court of Common Pleas asserting that Prime Hydration allowed third parties to track the activity of visitors to Prime Hydration’s website.  Id. at *1.  Plaintiff asserted that Prime Hydration integrated the third-party pixels into its website.  Id. at *2.  Those two pieces of code, Plaintiff alleged, allowed Prime Hydration to capture “her searches for drink flavors, . . . and that this information was transmitted to” the third-party servers.  Id. at *6.Continue Reading Pennsylvania District Court Judge Remands Case After Finding No Article III Standing to Bring Wiretapping Claim

A Pennsylvania court recently dismissed a wiretapping complaint filed against a trio of defendants for lack of Article III standing, lack of personal jurisdiction, and failure to state a claim in Ingrao v. Addshoppers, Inc., 2024 WL 4892514 (E.D. Pa. Nov. 25, 2024).

The two plaintiffs in this case

Continue Reading Pennsylvania Court Dismisses A Trio of Defendants in Website Wiretapping Suit Challenging Email Marketing Program

Dozens of lawsuits have started challenging businesses’ use of website tools to collect IP addresses under the “pen register” and “trap and trace device” provision of the California Invasion of Privacy Act (“CIPA”).  As we reported last month, a California court dismissed one of these lawsuits because of a

Continue Reading Another California Court Holds CIPA’s Pen Register Provision Does Not Prohibit the Collection of IP Addresses

Websites cannot load without the transmission of an IP address, which tells websites where to deliver the webpages displayed on a user’s browser.  Yet a number of lawsuits have started challenging this routine transmission of IP addresses under a lesser-known provision of the California Invasion of Privacy Act (“CIPA”) that

Continue Reading Court Holds CIPA’s Pen Register Provision Does Not Impose Liability for “What Makes the Internet Possible.”

In a putative consumer data breach class action, a court in the Northern District of California recently denied a cloud solution company’s motion to dismiss the plaintiffs’ negligence claim finding that the plaintiffs plausibly alleged that the company owed consumers a duty of care. See In re Accellion, Inc. Data Breach Litig., 2024 WL 4592367 (N.D. Cal. Oct. 28, 2024).Continue Reading California Federal Court Finds Plaintiffs Plausibly Alleged That Cloud Solution Company Owed Consumers Duty of Care

An Illinois federal court has held that the state’s recent amendment to its Biometric Information Privacy Act (“BIPA”) capping damages to one recovery for repeated identical violations applies to cases filed prior to its enactment. Gregg v. Cent. Transp. LLC, 2024 WL 4766297, at *3 (N.D. Ill. Nov. 13, 2024).Continue Reading Illinois Federal Court Rules BIPA Single-Violation Amendment Applies Retroactively

Massachusetts’s highest court has ruled that website operators’ use of third-party technology, including Google Analytics and Meta Pixel, to collect data on individuals’ browsing of and interactions with websites does not violate the state’s anti-wiretapping law. Vita v. New England Baptist Hospital, No. SJC-13542, 2024 WL 4558621, at *16 (Mass. Oct. 24, 2024). The court explained that those activities do not clearly amount to the person-to-person communications the 1960s-era statute is intended to cover.Continue Reading Massachusetts Supreme Judicial Court Holds That Third-Party Technologies Relating to Web Browsing Do Not Violate Massachusetts Wiretap Act

The California Invasion of Privacy Act (CIPA) provides a private right of action only to those who have “been injured by a violation of” CIPA.  A California Superior Court decision, Rodriguez v. Fountain9, Inc., 2024 WL 3886811, at *4 (Cal. Super. July 9, 2024), confirmed that a plaintiff cannot satisfy this statutory standing requirement unless the plaintiff alleges “a concrete injury-in-fact.”Continue Reading California State Court Holds That A Concrete Injury-In-Fact Is Required To Bring Claims Under CIPA