technology

Another federal district court has dismissed a putative class action complaint asserting that an online retailer’s chat feature violated the users’ privacy under the California Invasion of Privacy Act (“CIPA”), Cal. Penal Code §§ 630 et seqSee Garcia v. Build.com, Inc., Case No. 22-cv-1985-DMS-KSC (S.D. Cal. Mar. 29, 2024), ECF 37. Continue Reading Federal Court Dismisses Class Action Asserting California Wiretapping Claim Based on Website Chat Feature

A federal judge in the Southern District of California recently granted Hwareh.com’s motion to dismiss a proposed class action claiming that third-party source code on its website unlawfully routed information about consumer information to that third party.  See Zarif v. Hwareh.com, Inc., No. 3:23-cv-00565-BAS-DEB (S.D. Cal.).  The court found that the plaintiff—whose claims included asserted violations of the Federal Wiretap Act, 18 U.S.C. § 2510 et seq., and the California Invasion of Privacy Act, Cal. Pen. Code § 631—failed to establish that the court had personal jurisdiction over Hwareh.com, an online pharmacy.  Hwareh.com is incorporated in Delaware and maintains its principal place of business in Missouri, but the plaintiff alleged that its website was available in California and that it maintained a non-resident pharmacy license in the state.  The court’s decision is the latest in a series of decisions clarifying personal jurisdiction in the context of privacy claims.Continue Reading Federal Court Dismisses Wiretapping Claims Against Pharmacy for Lack of Personal Jurisdiction

The United States District Court for the Southern District of Iowa has dismissed on sovereign immunity grounds a putative class action against the University of Iowa Hospitals and Clinics (“UIHC”) for unjust enrichment and violations of the Electronic Communications Privacy Act and Computer Fraud and Abuse Act.  See Yeisley v. Univ. of Iowa Hosps. & Clinics, No. 3:23-cv-00025 (S.D. Iowa Feb. 16, 2024) (unpublished). 

The plaintiff, a patient of UIHC, had alleged that UIHC used a pixel on its website to share her personally identifiable information with third parties for marketing purposes and without her consent.  The Court did not reach the merits of the case and instead granted UIHC’s motion to dismiss on the basis that sovereign immunity barred each of the plaintiff’s claims.Continue Reading Federal Court Dismisses Lawsuit Over Use of Pixel Technology on University Hospital Websites

In class actions challenging data collection, whether the defendant’s privacy policy disclosed the collection is almost always a key question at the dismissal stage.  In a memorandum decision likely to be useful to defendants, the Ninth Circuit recently affirmed dismissal of claims challenging Google’s collection of data from third-party apps on its Android mobile operating system, holding that Google’s Privacy Policy clearly disclosed the collection.  See Hammerling v. Google LLC, No. 22-17024 (9th Cir. Mar. 5, 2024) (unpublished).Continue Reading Ninth Circuit Affirms Dismissal of Data Privacy Claims Based on Disclosure of Collection in Privacy Policy

A federal judge in the Western District of Texas recently sided with a growing trend of rulings adopting a narrow reading of the Video Privacy Protection Act (VPPA) in dismissing a putative class action against the operators of a Texas Longhorns email newsletter.  The case involved tracking pixels embedded in videos that were linked in the newsletter but posted to public websites.  The court held that because the plaintiffs had not made a durable commitment through signing up for the newsletter, and because videos were not embedded in the newsletter, plaintiffs failed to meet the definition of “consumer” as defined in the VPPA.Continue Reading Judge Highlights Trend of Narrow Reading of VPPA In Class Action Dismissal

A Pennsylvania federal district court overseeing a multi-district litigation recently dismissed various privacy and wiretapping claims against two online retailers, finding that allegations of interception and disclosure of mere “browsing activity” on those retailers’ websites is not “sufficiently personal or private” to confer Article III standing. 

In In re: BPS Direct, LLC, and Cabela’s, LLC, Wiretapping Litigation, 2:23-cv-04008-MAK (E.D. Pa. Dec. 5, 2023), the district court consolidated six proposed class actions involving eight plaintiffs, with each alleging that BPS Direct, LLC and Cabela’s, LLC, who operate retail stores known as Bass Pro Shops and Cabela’s, unlawfully intercepted and disclosed their private information through the use of session replay software on their websites.  The district court dismissed most of the plaintiffs’ claims, holding that they failed to adequately allege a concrete harm sufficient to support Article III standing.Continue Reading Pennsylvania Multi-District Wiretapping Litigation Finds Website Users Lack Article III Standing

A California Superior Court recently certified a putative class action of California residents “who have used mobile devices running the Android operating system to access the internet through cellular data plans provided by mobile carriers.” See Order Concerning: (1) The Parties’ Expert Exclusion Motions; and (2) Plaintiffs’ Class Certification Motion, Csupo, et al. v. Alphabet

The Ninth Circuit on Friday held that vehicle infotainment systems that illegally record private communications might generate an injury-in-fact sufficient to satisfy Article III standing—but (without more) such recordings fail to injure a plaintiff’s “person,” “business,” or “reputation” as is required to gain statutory standing under the Washington Privacy Act (“WPA”).Continue Reading Are You Not Infotained?  The Ninth Circuit Tightens Statutory Standing Rules for WPA Claims

A federal district court in the Northern District of California granted a motion to dismiss a putative class action where the plaintiff claimed that the defendant violated the California Invasion of Privacy Act (“CIPA”) § 631 for using a third-party chat feature on its website. The court dismissed the plaintiff’s claim for lack of Article III standing but granted leave to amend.Continue Reading Federal Court Dismisses Chatbot Claim for Lack of Article III Standing Where Plaintiff Could Not Show Concrete Injury

Only one claim survived dismissal in a recent putative class action lawsuit alleging that a pathology laboratory failed to safeguard patient data in a cyberattack.  See Order Granting Motion to Dismiss in Part, Thai v. Molecular Pathology Laboratory Network, Inc., No. 3:22-CV-315-KAC-DCP (E.D. Tenn. Sep. 29, 2023), ECF 38.Continue Reading All but One Claim in Pathology Lab Data Breach Class Action Tossed on Motion to Dismiss