Verizon and its cloud storage vendor, Synchronoss Technologies, used AI to monitor and screen Verizon customer William Lawshe's data and incorrectly identified a file in his possession as containing child sexual abuse material (CSAM), alleged Lawshe’s Jan. 12 defamation complaint in St. Johns County, Florida, Circuit Court. Verizon on Tuesday removed the complaint (docket 3:24-cv-00137) to U.S. District Court for Middle Florida in Jacksonville. Verizon and Synchronoss knew or should have known that the use of their AI technology “carried the substantial risk of misidentification of content as CSAM,” said the complaint. The file didn’t contain CSAM, yet Verizon and Synchronoss reported it to Florida police as a felony, it said. Verizon and Synchronoss communicated to law enforcement that the St. Augustine, Florida, resident was in possession of an image that depicted the "lascivious exposition" of a "prepubescent minor," it said. The publication of the defamatory statement “was made with actual malice and/or a reckless indifference to the truth of the accusation and a wanton disregard” for Lawshe’s rights, said the complaint. In addition to defamation, Lawshe’s lawsuit alleges violations of the Stored Communications Act. He seeks damages and recovery of attorneys’ fees.

Apple and the 38 plaintiffs suing the company to halt the use of AirTags as a stalking device attended private mediation April 27, and a follow-up mediation session Aug. 31, “and have been in contact with the mediator in between and after those sessions,” said their joint case management statement Friday (docket 3:22-cv-07668) in U.S. District Court for Northern California in San Francisco. The parties haven’t reached a resolution, said the statement. The plaintiffs’ primary concern in the litigation “is to obtain injunctive relief that remedies the immediate and ongoing risks to safety caused by the AirTag as it currently operates,” it said. But finding solutions “involves working with complex technology not only of the AirTag product but also other Apple products and IP, and even with technology of non-parties,” it said. Because of those issues of scope, and in light of the “unique nature of the relief sought,” the plaintiffs sought to begin an early mediation process so that they may evaluate how the safety needs of the class “may best be protected in light of Apple’s existing technology,” said the statement. Another goal was to identify all stakeholders within Apple’s organization “who would need to participate in the development and implementation of changes, and accordingly identify areas of alignment and find achievable solutions in as expeditious a manner as possible,” it said. The next case management videoconference in the case is planned for Friday at 10 a.m. PST (see 2401100047).

The U.S. Judicial Panel on Multidistrict Litigation transferred State of Montana v. Meta Platforms, Inc. to In Re: Social Media Adolescent Addiction/Personal Injury Products Liability Litigation (docket 3047) under U.S. District Judge Yvonne Gonzalez Rogers for Northern California in Oakland, said conditional transfer order (CTO-27) Thursday. The Dec. 1 privacy action seeks to hold social media platforms Facebook, Instagram, Snapchat, TikTok and YouTube accountable for rising rates of mental illness among U.S. school kids and involves questions of fact common to actions previously transferred to the court, said CTO-27. Since Oct. 6, 2022, 152 actions have been transferred to the Oakland court, all under Rogers, it said.

Two more negligence class actions were filed against loanDepot Tuesday in U.S. District Court for Central California involving a data breach the mortgage lender announced Jan. 8 affecting 16.6 million individuals. Jesse Schmidt of Port Lucie, Florida, and Crowley, Texas, resident Steven Jantzen’s class action (docket 8:24-cv-00200) was filed in U.S. District Court for Western California in Santa Ana, where most of the other negligence actions have been filed, about 10 miles from loanDepot’s Irvine headquarters. Plaintiff and Illinois resident Terry Rogers’ class action (docket 2:24-cv-00766) was filed in the Central District Court in Los Angeles. The plaintiffs, in filings from different law firms, allege that as a result of the breach, they suffered “ascertainable losses in the form of the benefit of their bargain, out-of-pocket expenses, and the value of their time reasonably incurred to remedy or mitigate the effects of the attack, emotional distress, and the present risk of imminent harm caused by the compromise of their sensitive personal information.” Both actions assert claims of negligence, invasion of privacy, unjust enrichment and violation of California’s Unfair Competition Law. Schmidt and Jantzen’s action adds breach of implied contract and violation of the Florida Deceptive and Unfair Trade Practices Act.

Plaintiff Sylvia Ciapinska “tried to distract by splitting hairs” about terminology used to describe Match’s method of obtaining agreement to Tinder's terms of use, said Match Group’s Monday reply memorandum of law (docket 2:23-cv-23115) in U.S. District Court for New Jersey in Newark in support of its motion to compel arbitration or alternatively to transfer the case to the Northern District of Texas. Ciapinska sued Match in December (see 2312180037) alleging another Tinder user misappropriated her likeness on the dating site. Ciapinska alleges Match falsely advertised Tinder’s photo verification process, leading her and class members to believe that such misappropriation wouldn’t be possible. Whether Tinder’s terms are characterized as a “Clickwrap” or “Sign-In Wrap” agreement, “there is no question Plaintiff had reasonably conspicuous notice that she was agreeing to terms, including an arbitration provision,” it said. If the court agrees that Ciapinska agreed to the Tinder terms of use, the rest of her arguments against arbitration “easily fall away,” it said. Tinder’s terms, “clearly disclosed" and accepted under New Jersey law, state that its users "are giving up the right to sue in court,” it said. The terms “explicitly delegate questions of arbitrability to the arbitrator, and the Supreme Court has made clear that courts must honor such clear and unambiguous delegations,” it said.

Google’s “global arguments” for dismissal of Mary Smith’s fraud complaint involving Google Analytics' tracking pixel on tax-filing websites “lack merit,” said her response Monday to Google’s motion to dismiss her class action, part of an Oct. 9 consolidated complaint, in U.S. District Court for Northern California in San Jose (docket 5:23-cv-03527). Google argues that because privacy policies on H&R Block, TaxAct and TaxSlayer disclosed the use of Google Analytics, plaintiffs consented to the disclosure of their tax-filing information to the defendant, said the response. “In Google’s view, these privacy policies are ‘judicially noticeable’ and therefore establish consent as a matter of law,” the response said, but the court “should reject Google’s position and its request for judicial notice” of the policies, which aren’t referenced in the complaint. Google submitted no evidence that any of the plaintiffs saw and agreed to the documents relied on by Google to support any consent, said the response: “Google must show that Plaintiffs took ‘affirmative action to demonstrate assent,’ but it has not done so,” it said. The privacy policies referenced are dated either January 2023 or October 2023, but plaintiffs allege their financial information was disclosed “years before those dates,” said the response. Google asks the court to “draw inferences in its favor” from “random versions” of the privacy policies, and it also “recycles an argument already rejected in similar cases involving the Meta tracking pixel,” it said, citing Gershzon v. Meta Platforms and In re Meta Pixel Healthcare Litigation. U.S. District Judge for Northern California Yvonne Gonzalez Rogers also rejected that argument a few months ago in Brown v. Google, it said. In Smith’s case, Google’s argument similarly lacks merit because “it contradicts the pleadings and requires drawing inferences in Google’s favor,” and the privacy policies Google cites didn’t disclose the sharing of “tax-filing or other confidential financial information,” it said. Smith alleges Google Analytics’ tracking pixel, embedded in the JavaScript of online tax preparation websites, sent “massive amounts” of private tax return information such as income, refund amounts, filing status and scholarship information to Google, without taxpayers’ consent, “to improve its ad business and other business tools,” in violation of California’s Invasion of Privacy Act and the Federal Wiretap Act.

Five of seven fraud class actions in conditional transfer order 27 (CTO-27) were transferred to In Re: MOVEit Customer Data Security Breach Litigation, said a clerk’s order (docket 3083) lifting a stay on the CTO Monday before the Judicial Panel on Multidistrict Litigation. Duffy v. Progress Software Corp. (docket 3:24-cv-00185), Roberts v. Progress Software Corp., which also named Delta Dental (docket 1:24-cv-00346), Pierce et al v. Premier Health Partners (docket 3:23-cv-00364), Wilkinson v. Umpqua Bank (docket 3:23-cv-06175) and McClendon v. Virginia Mason Franciscan Health (docket 3:24-cv-05048) were transferred to U.S. District Court for Massachusetts in Boston under U.S. District Judge Allison Burroughs. Two plaintiffs, Theodora Morris, who brought claims against Data Media Associates, and Brandon Roane, suing Garrett Regional Medical Center, opposed transfer (see 2401290023). The cases involve Progress Software’s May MOVEit file transfer software data breach. Since the JPML transferred five actions to the Massachusetts court on Oct. 4, 189 additional actions have been transferred, said the order.

The Judicial Panel on Multidistrict Litigation transferred two cases to In Re: MOVEit Customer Data Security Breach Litigation, said a Jan. 19 clerk’s order (docket 3083) filed Wednesday, lifting the stay on conditional transfer order 26 (CTO-26). Mendez v. Progress Software Corp. and Segal v. Corebridge Financial involve questions of fact common to actions previously transferred to the District of Massachusetts and assigned to U.S. District Judge Allison Burroughs involving the Progress Software MOVEit software data breach, it said. Since five actions were transferred to the Massachusetts court for coordinated or consolidated pretrial proceedings Oct. 4, 180 additional actions have been transferred and assigned to Burroughs, it said.

With the U.S. Bankruptcy Court for New Jersey having issued an order Tuesday authorizing and approving Rite Aid’s settlement with the FTC, Rite Aid and the commission asked the U.S. District Court for Eastern Pennsylvania in Philadelphia to lift their stay and enter their stipulated order for permanent injunction and other relief (see 2401050021), said their joint motion Wednesday (docket 2:23-cv-05023). The settlement with the FTC bars Rite Aid from using facial recognition technology for surveillance purposes in its stores for five years. The agency had alleged that Rite Aid failed to implement reasonable procedures and prevent harm to consumers in its use of facial recognition technology to combat theft in hundreds of its stores.

The transfer of plaintiff Jamie Garcia's negligence class action against Maximus Health Services involving the May Progress Software Corp. (PSC) data breach is warranted because it shares common questions of fact with cases in In Re: MOVEit Customer Data Security Breach Litigation, said PSC Friday. PSC filed its response (docket 3083) to plaintiff Jamie Garcia’s motion to vacate conditional transfer order 22 (CTO-22) before the Judicial Panel on Multidistrict Litigation. Garcia filed her class action against Maximus, a PSC file transfer software customer, but not against PSC or any other party, said the response. The JPML “has made clear that such a circumstance does not defeat centralization,” said PSC's response, noting the panel has ruled that the MOVEit vulnerability “is at the core of all cases” and it would be “impossible” to “disentangle the allegations” against PSC from those against other defendants. Centralizing the Garcia action with other cases in the MDL “achieves the same efficiencies” that the JPML identified when it created it, the filing said. Garcia doesn’t dispute the findings and doesn’t argue that she will not seek discovery from PSC in the Garcia action, it said. The plaintiff's reason justifying exclusion from the MDL a motion is pending to remand her action before the Southern District of Indiana, but exclusion from the MDL “is not the proper procedural mechanism here,” said PSC’s response, saying her situation “is not unique.” In her Jan. 2 filing in support of her motion to vacate CTO-22, Garcia said she “deliberately chose to file” in Indiana state court “for convenience purposes,” and because Maximus was the sole party she dealt with involving PSC’s data breach. Maximus “failed to adequately secure and upgrade its data systems,” and although the health services company detected the attack on May 30, it didn’t properly notify Garcia and waited over two months before informing the public Aug. 11, the brief said.