U.S. District Judge Stanley Bastian for Eastern Washington in Richland denied T-Mobile’s motion to dismiss a negligence case and stay discovery, said his signed order Tuesday (docket 4:23-cv-05166) calling the carrier’s motion to stay discovery “premature.” It’s the court’s practice to deny initial motions to dismiss with leave to renew and grant plaintiffs leave to file an amended complaint to cure any deficiencies alleged by defendants, the order said. Plaintiff Jane Doe alleged in her November complaint (see 2312070039) that a T-Mobile employee downloaded, without her consent, private images and videos from a cellphone she traded in at a T-Mobile store in a Washington mall.

U.S. District Judge Richard Bennett ordered three privacy class actions vs. Washington College to be consolidated in U.S. District Court for Maryland in Baltimore, said his order Thursday (docket 1:23-cv-03258). Collins v. Washington College (docket 1:23-cv-03258), Bresnahan v. Washington College (docket 1:23-cv-03319) and Creasy v. Washington College (docket 1:23-cv-03377) are now consolidated under In re: Washington College Data Security Incident Litigation, it said. Plaintiff Abigail Collins sued the Chestertown, Maryland, college Dec. 1 (see 2312040021) alleging unauthorized third-party cybercriminals gained access to her personally identifiable information (PII). Collins’ information was stored with the college, which informed her of the breach in a Nov. 15 notice, the complaint said. Though Collins was aware a cybersecurity incident occurred in March, she didn't know her PII might be involved until she received the letter, it said. The plaintiffs in the cases were injured by time spent dealing with consequences of the data breach and the risk to future harm they may suffer as a result of their PII being exposed, said the complaints. The consolidated complaint is due in the next 45 days, and the order applies to any subsequently filed putative class action alleging the same or substantially similar allegations, it said.

U.S. District Judge Edward Davila for Northern California in San Jose granted T-Mobile’s motion to dismiss plaintiff Branford Clements’ May 22 first amended complaint and to compel his claims against T-Mobile to arbitration, said the judge’s signed order Thursday (docket 5:22-cv-07512). Pro se plaintiff Clements alleged he was victimized in eight different data breaches during the three years he was a T-Mobile customer, and he brought claims under various California consumer protection and privacy statutes, plus the federal Stored Communications Act (see 2306060047). The judge found that the arbitration agreement between Clements and T-Mobile is valid and “encompasses the claims at issue” in Clements’ first amended complaint, said his order. Clements’ failure to file an opposition to T-Mobile’s motion to dismiss constituted grounds for dismissal under Rule 41(b) for failure to prosecute or comply with a court order, it said. He has offered no valid justification for his failure to file an opposition, it said. His notice discussing discovery disputes with T-Mobile “was wholly devoid of any circumstances that would have prevented him from filing an opposition in this motion to dismiss, or alternatively filing a request to extend his deadline to file a response,” it said.

The parties in a privacy class action weren’t able to resolve the case in mediation, said a notification Thursday (docket 1:23-cv-04953) of a status hearing in U.S. District Court for Northern Illinois in Chicago. Plaintiffs plan to amend the complaint by Feb. 1. Defendants ByteDance and its CapCut videoediting app will file a responsive pleading by Feb. 29, said the filing. Defendants plan to file a Rule 12(b)(2) motion to dismiss for lack of personal jurisdiction and possibly a Rule 12(b)(6) for failure to state a claim upon which relief can be granted, it said. If a motion is filed, plaintiffs’ response is due by April 16 with defendants’ reply due May 14, it said. Plaintiffs Evelia Rodriguez, Erikka Wilson and Wilson’s 14-year-old daughter, A.N., sued the defendants in September (see 2309280020) for violations of the Computer Fraud and Abuse Act, the California Unfair Competition Law and the Illinois Biometric Information Protection Act. ByteDance and TikTok “unjustly profit from the secret harvesting of a massive array of private and personally identifiable CapCut user data and content,” alleged the complaint. They use the information for targeted advertising, for making improvements to their AI technologies and for bolstering consumer demand for their other goods and services, it said. The complaint also alleges A.N. was able to open a CapCut account without her mother's consent.

Noah Seiler voluntarily dismissed a negligence class action (docket 1:23-cv-12594) against Athene Annuity and Life Co. involving the MOVEit file transfer software data breach, said a Thursday notice (docket 3083) in In Re: MOVEit Customer Data Security Breach Litigation in U.S. District Court for Massachusetts in Boston. Individual and putative class claims are dismissed without prejudice, it said. In the September lawsuit, Seiler sued the defendant for a failure to properly secure his personally identifiable information (PII) in Progress Software Corp.’s (PSC) May MOVEit software data breach. Athene provided Seiler’s PII to Pension Benefits Information, which used PSC’s file transfer software, the complaint said.

Two class actions involving the May data breach of Progress Software Corp. were transferred to In Re: MOVEit Customer Data Security Breach Litigation in conditional transfer order 26 (CTO-26) before the Judicial Panel on Multidistrict Litigation Thursday. Mendez v. Progress Software Corp. (docket 1:24-cv-00018) and Segal et al v. Corebridge Financial (docket 4:23-cv-03727) involve questions of fact that are common to the actions previously transferred to the U.S. District Court for Massachusetts in Boston and assigned to U.S. District Judge Allison Burroughs, said the order. Thursday, PSC said transfer of Newman v. American Multi-Cinema Inc. (docket 2:23-cv-02358) to the MDL is warranted because it shares common questions of fact with cases in the MDL and transfer will promote “the just and efficient conduct of this litigation.” PSC was responding to defendant AMC’s Dec. 21 motion to vacate CTO-20, in which the movie chain said efficiency in Newman would be best achieved outside the MDL. If Newman were transferred, it would unnecessarily delay resolution of AMC’s motion to compel arbitration, which, if granted, would allow the case to proceed in arbitration, not a court of law, it said. The panel should allow the District of Kansas time to rule on the motion to compel arbitration in Newman before transferring it to the MDL, it said. In her Dec. 21 response opposing arbitration (docket 2:23-CV-02358), plaintiff Melanie Newman said her claims arise from the MOVEit data breach “that occurred long after she terminated her employment relationship with AMC.” AMC “now seeks to avoid answering to Plaintiff’s claims arising out of the data breach by attempting to tie its failure to implement reasonable data security to Plaintiff’s role as an employee of the company.”

Quimbee, a website tailored to law students, violated the Video Privacy Protection Act by knowingly disclosing personally identifiable information of plaintiff Isaac Shapiro and his class members, including a record of case brief videos they watched on the website, without their consent, alleged Shapiro’s Jan. 4 class action (docket 4:24-cv-00079) against Quimbee’s parent company, Sellers International, in U.S. District Court for Northern California in Oakland. Quimbee installed the HubSpot tracking code on its website, which tracks and records visitors’ private video consumption, said the complaint. “Behind the scenes” of the webpages that display the case briefs, and “unbeknownst” to video viewers, this code collects visitors’ video-watching history and discloses it to HubSpot, it said. HubSpot is a customer relations management platform, “which offers its users the power to automate marketing, lead generation, and sales engagement tools,” said the complaint. Shapiro’s three-count complaint seeks an award of statutory damages “to the extent available,” plus punitive damages, “as warranted, in an amount to be determined at trial.”

Jan. 22 oral argument on Samsung’s pending motions to dismiss the plaintiffs’ amended consolidated complaint and to strike their class allegations arising from a July 2022 data breach was adjourned to Feb. 7, said a text-only order Tuesday (docket 1:23-md-3055) from U.S. District Judge Christine O'Hearn for New Jersey in Camden. Despite the “benign nature” of the data stolen in the breach, the amended consolidated complaint “cobbles together 49 individuals from 34 states alleging violations of numerous different state laws based on sharply diverging experiences and injuries” that the plaintiffs attribute to the data breach, said Samsung’s motion to strike (see 2308230018). In light of the “divergent experiences” of the 49 named plaintiffs, “the reality is that no factual development could alter the conclusion that this case cannot be certified as a class action,” it said.

The initial case management conference in Nicholas Furia v. 23andMe should be modified to 30 days after the court rules on the defendant’s motion to stay proceedings pending a decision by the Judicial Panel on Multidistrict Litigation (JPML) regarding consolidation of at least 30 related privacy cases against the online genetic testing company. So said a proposed order (docket 3:23-cv-05565) Tuesday in U.S. District Court for Northern California in San Francisco. Furia filed his negligence class action Oct. 27, alleging the company (see 2310300040) failed to implement basic data security practices, leading to a data breach that compromised his personally identifiable information. On Dec. 21, 23andMe filed a motion to transfer actions to the Northern California court for coordinated or consolidated pretrial proceedings with the JPML. It asked the court to enter a stay of all proceedings on Dec. 29 until the JPML rules on the motion, then filed a re-notice of the motion to stay to correct the briefing schedule Friday, said the proposed order. The parties agreed to reschedule the initial case management conference and related deadlines to 30 days after the court’s decision, said the proposed order.

A further case management videoconference that had been slated for Friday in the AirTags stalking lawsuit against Apple was reset to Feb. 9 at 10 a.m. PST, said a text-only clerk’s notice Tuesday (docket 3:22-cv-07668) in U.S. District Court for Northern California in San Francisco. Apple and the 38 plaintiffs seeking to hold the company accountable for the growing use of the AirTag as a stalking device (see 2311140041) attended private mediation April 27 and a follow-up mediation session Aug. 31, “and have been in contact with the mediator in between and after those sessions,” said the parties’ Friday joint case management report. The parties haven’t reached a resolution, said the report. The plaintiffs’ “primary concern” in the litigation “is to obtain injunctive relief that remedies the immediate and ongoing risks to safety caused by the AirTag as it currently operates,” it said. But finding solutions “involves working with complex technology not only of the AirTag product but also other Apple products and IP, and even with technology of non-parties,” it said. Because of these “issues of scope,” and “in light of the unique nature of the relief sought,” the plaintiffs sought to begin an early mediation process so that they could begin to evaluate how the safety needs of the class “may best be protected in light of Apple’s existing technology,” it said. Another goal of early mediation was to identify “all stakeholders within Apple’s organization who would need to participate in the development and implementation of changes, and accordingly identify areas of alignment and find achievable solutions in as expeditious a manner as possible,” it said. The report was a forerunner to the case management videoconference.