Five tax preparation companies could face civil penalties if they use or disclose confidential data collected from consumers for other unrelated purposes, such as advertising, without obtaining their consent, said the agency Monday. Violators could incur civil penalties of up to $50,120 per instance if they misuse personal data in ways that aren't the original purpose for which the information was collected, the agency said. To remind tax preparers of the law, the FTC is using its penalty offense authority, which allows it to seek civil penalties against a company that engages in conduct it knows is unlawful and that has been found unlawful in a previous FTC administrative order, other than a consent order, it said. The notices detail practices found to be a violation of the FTC Act in a case against Beneficial Corp. in which the FTC found the company used information collected for tax preparation for unrelated loan solicitation purposes.

The eight plaintiffs in the July 11 data-scraping class action against Google voluntarily dismissed their claims without prejudice, said their notice Tuesday (docket 3:23-cv-03440) in U.S. District Court for Northern California in San Francisco. The plaintiffs, all identified in the complaint by their initials only, alleged Google has been scraping the internet for years to secretly steal their personal information, and using it to build commercial AI products like Bard, the chatbot Google recently introduced to compete with OpenAI’s ChatGPT.

Plaintiff Herman Burkett and defendant Genworth Life and Annuity Insurance (GLAIC) jointly moved the court for an order staying Burkett's action, pending a ruling by the U.S. Judicial Panel on Multidistrict Litigation (JPML) on a motion for transfer of actions for centralized pretrial proceedings pending before it in Re: MOVEit Customer Data Security Breach Litigation, said their Friday filing (docket 3:23-cv-00528 ) in U.S. District Court for Eastern Virginia in Richmond. The parties noted other judges in the district stayed related actions pending JPML, all of which listed Genworth Financial, Inc. (GFI) or parent GLAIC as a defendant. Plaintiff, a GLAIC customer, initiated the action related to the MOVEit data breach after Pension Benefit Information (PBI) advised GLAIC of a security event involving the software vulnerability in MOVEit file transfer software that PBI uses. In July, plaintiff Bruce Bailey in Bailey v. Progress Software Corp. and Pension Benefit Information filed a motion requesting the JPML to transfer MOVEit actions to the U.S. District Court for Minnesota for coordinated pretrial proceedings (see 2307120053). The panel’s hearing on the transfer motion is set for Sept. 28. Progress Software Corp. (PSC), which sells MOVEit software; Ipswitch, which developed MOVEit; and PBI, which used the software to perform services for GLAI, GFI and others, support the transfer motion, but PSC, PBI and GFI asked that the actions be transferred to the District of Massachusetts rather than Minnesota. Last month, plaintiffs in Hale v. Genworth Financial filed an opposition to Bailey’s motion to transfer (see 2308250037), saying Genworth “improperly sought” to tag several actions against GFI as related actions in the MDL.

Sixteen plaintiffs identified only by their initials -- “to avoid intrusive scrutiny” or any “potentially dangerous backlash”-- dismissed without prejudice a privacy class action against OpenAI, said their Friday filing (docket 3:23-cv-03199) in U.S. District Court for Northern California in San Francisco. Plaintiffs sued OpenAI, Microsoft and 20 “Does” in June (see 2306290030), alleging they use AI products, “integrated into every industry,” to collect, store, track, share and disclose the private information of millions of users. The plaintiffs ranged from a 6-year-old, K.S., who used the mic feature to ask ChatGPT-3.5 questions and to generate art, to plaintiff B.B., an actor whose likeness appears across YouTube and social media sites. AI technology from OpenAI, Microsoft and others uses stolen personally identifiable information from “hundreds of millions of internet users,” including children, to train their products without individuals’ knowledge or consent, said the complaint.

Plaintiffs in a June privacy class action can’t satisfy their burden of establishing the first two prongs of a three-part jurisdiction text, said defendants Desert Care Network, Desert Regional Medical Center, JFK Memorial Hospital, Palm Beach Health Network, Palm Beach Gardens Medical Center, Tenet Healthcare and Tenet Healthsystem Medical Friday in a memorandum (docket 2:23-cv-05021) of points and authorities moving the court to dismiss the case. Plaintiffs B.K. and N.Z., California residents, and R.P., a Florida resident, sued Tenet’s Desert Care Network, including Desert Regional Medical Center in California; JFK Hospital in California; and Palm Beach Gardens Medical Center in Florida for collecting their confidential and private personal health information (PHI) -- including details about their medical conditions, treatments and providers sought, and appointments -- and then sending it to Facebook without prior, informed consent. The non-California defendants in the action aren’t subject to general or specific jurisdiction in California and have not purposefully directed activities at California, said the memorandum.

Tonal Systems’ opposition to plaintiff Julie Jones’ motion to remand her California Invasion of Privacy Act case against the maker of smart home fitness equipment to state court (see 2309010044) “is a hollow act of panic that recklessly casts aspersions when it comes up short on logic,” said Jones’ reply Thursday (docket 3:23-cv-01267) in U.S. District Court for Southern California in San Diego in support of her remand motion. Jones alleges the company uses third parties' software to “secretly wiretap and eavesdrop on the private conversations of users of the chat features on Tonal’s website in real time.” Tonal’s opposition “offers nothing but an endlessly circular argument,” said Jones’ reply. The defendant argues Jones didn’t supply evidence to support remand but then argues she “should be denied all evidence that could support remand,” it said. Tonal so argues while “ignoring” 9th Circuit U.S. Court of Appeals precedent that fully supports Jones’ request for jurisdictional discovery, the reply said. Tonal is also incorrect “on the applicable legal standard for determining class member citizenship,” it said. Jones doesn’t need to prove every class member’s intent to remain in California, it said. She rather “is entitled to a reasonable inference that each class member intended to remain where they resided at their last known location” July 7 when Tonal removed her complaint to the Southern District of California, it said. Ultimately, the only point Tonal “successfully makes” in its opposition is that it “dreads” that Jones’ “chosen forum will hear her case,” it said.

Google removed to U.S. District Court for Central California in Los Angeles Wednesday a complaint (docket 2:23-cv-07389) in which pro se plaintiff Virginia Hoge alleges she was “stalked, harassed and spied on online” for 13 years by “trolls” connected with Chris Tolles, then-CEO of the social media website Topix. The crimes were “facilitated and supported” by former Google CEO Eric Schmidt, it said. Hoge alleges this was in retaliation for her having become a whistleblower on Topix, which Tolles sold to Publishers Clearing House in 2019. The trolls used sophisticated tools to spy on the Hoge’s phone calls, emails, text messages and photos on her phone, said her complaint. They also were able to stalk Hoge’s Amazon and YouTube online viewing, it said.

U.S. Chief Magistrate Judge David Christel granted Milliman Solutions’ motion to stay its response to a class action arising from the May MOVEit data breach until 45 days after a final determination for transfer of actions for centralized pretrial proceedings pending before the U.S. Judicial Panel on Multidistrict Litigation in MOVEit Customer Data Security Breach Litigation (docket 3083), said his Tuesday order (docket 2:23-cv-01206) in U.S. District Court for Western Washington in Seattle. Plaintiff David Hale’s August complaint (see 2308280020) was one of four filed by attorney Craig Mariam of Gordon Rees against Milliman, a provider of insurance products to TruStage Financial Group, among others. The class actions allege Milliman violated its privacy policy that says it has security policies in place intended to ensure the security and integrity of all customers' personal data. Those four actions don’t name MOVEit software provider Progress Software as a defendant.

Plaintiff Julie Jones seeks to remand her California Invasion of Privacy Act case against Tonal Systems to state court, but she does’t dispute “the core factors demonstrating” that Tonal properly removed the case to federal court (see 2308070008), said the company’s opposition Thursday (docket 3:23-cv-01267) in U.S. District Court for Southern California in San Diego. Jones alleges Tonal, a maker of smart home fitness equipment, uses third parties' software to “secretly wiretap and eavesdrop on the private conversations of users of the chat features on Tonal’s website in real time” (see 2307110047). Jones never contests the company established the required elements to remove this putative class action to federal court under the Class Action Fairness Act, said Tonal’s opposition. She nonetheless seeks remand based on the purported application of CAFA’s “home-state controversy exception,” it said. As the party seeking to invoke the exception, Jones “must proffer facts showing by a preponderance of the evidence that two-thirds of all proposed class members are California citizens,” it said. She hasn’t carried her burden, and her motion for remand “must be denied,” it said.

Amy Sue Radford seeks $1 million in punitive damages from Charter Communications for violating the 1974 Privacy Act when it gave or sold to direct marketers the “confidential address” she enrolled for herself and her children in Minnesota’s Safe at Home program while subscribing to Spectrum’s phone and internet service in July 2017, alleged her complaint Thursday in U.S. District Court for Minnesota in St. Paul. The program “is designed to help people who fear for their safety maintain a confidential address,” said her pro se complaint. “Many times program participants are survivors of domestic violence, sexual assault, or stalking,” it said. Radford closed her Spectrum account in January 2021, and by March 2021, she began receiving at least two direct-marketing mailings a month addressed to “Amy Radford or current resident,” it said. In addition to the punitive damages for the “intrusion” into her “seclusion, solitude, and safety,” Radford wants the court to order Charter to remove her personally identifiable information from its database and to identify all third parties that Charter gave or sold her information to, said her complaint. A Charter spokesperson declined comment Friday.