The FTC’s first amended complaint still fails to “plausibly allege” Kochava’s practices cause or are likely to cause substantial injury to consumers under the FTC Act, said Kochava’s memorandum Wednesday (docket 2:22-cv-00377) in U.S. District Court for Idaho in Coeur D’Alene in support of its motion to dismiss. The FTC seeks an injunction enjoining Kochava from acquiring consumers’ geolocation data associated with unique persistent identifiers that reveal consumers’ visits to sensitive locations and selling it in a format that allows entities to track their movements (see 2305050026). Kochava contends there’s no way to determine whether a particular individual is at a particular place using the device identifier and geolocation data the company sells to third parties. Even taken as true for purposes of the pleading, said Kochava’s memorandum, the allegations in the first amended complaint demonstrate that substantial injury is still only “theoretically” possible. The court “has previously addressed this issue, dismissing the prior iteration of the pleading,” it said. The FTC’s own “word choices” suggest any injury is only “hypothetical,” it said. The first amended complaint offers nothing more than a “sheer possibility” that Kochava’s acts or practices “might create a hypothetical risk that third parties could identify consumers and cause them substantial injury,” it said. The FTC’s allegations don’t demonstrate “any purported privacy intrusion is sufficiently severe to constitute substantial injury” under the statute, said the memorandum: “The FTC’s own allegations confirm that Kochava’s data is not sensitive or private on its face.” The FTC also concedes that any purported identifying information revealed in Kochava’s data bank is “entirely inferential,” it said. Purported personal information ascertained by series of inferences isn’t “reliable information that can identify a consumer with certainty,” it said.

Paramount Global's motion to compel arbitration and stay a lawsuit claiming Video Privacy Protection Act violations by the company (see 2211180042) has been granted, U.S. District Judge for the Northern District of Illinois John Kness ordered Tuesday (docket 1:22-cv-03666). The suit alleged Paramount Global shared with Facebook personally identifiable information of people watching videos on CBS.com. Kness said the CBS.com terms of service don't contain an explicit clause about delegating to arbitration, but they incorporate references that give an arbitrator the power to determine arbitratability.

Plaintiff Jane Doe’s plan to dismiss Hey Favor and her aiding and abetting claim from a lawsuit that also names FullStory, Meta Platforms and TikTok “removes the risk of parallel litigation and any corresponding basis to continue the stay,” said Doe’s Monday reply (docket 3:23-cv-00059) in support of her motion to lift the stay of proceedings in a privacy case in U.S. District Court for Northern California in San Francisco. After dismissal of Hey Favor, which filed a petition for Chapter 11 bankruptcy protection in April, the action will exist against the advertising and analytics defendants “alone as if Plaintiff never named Favor,” said the filing. Since the advertising and analytics defendants “would have no basis to stay the claims against them in that instance, they have no basis to continue the stay now,” said the reply. Doe alleges healthcare platform Hey Favor knowingly and intentionally sent personally identifiable information about her medical history to Meta, TikTok and analytics company FullStory. Those defendants argued last week (see 2306200043) that a stay is warranted because of a risk that Doe may refile the same claims against Favor after its bankruptcy is resolved. Doe called that “speculative theory” and not a basis to continue the stay. The advertising and analytics defendants’ argument that seeking discovery from Hey Favor would be difficult is “unavailing,” since Favor would be a third party and subject to discovery under Rule 45, the reply said. Bankruptcy proceedings could take “years to conclude,” said Doe, and if Favor is dismissed from the action with prejudice, there’s no reason to delay the adjudication of her claims against the remaining defendants. “Should the case continue to be stayed," plaintiff won't be able to seek discovery from Favor for an unknown amount of time while Favor resolves its bankruptcy, "at which point it may become impossible to seek discovery from Favor if it no longer exists,” said the reply. The court should “lift the stay against” the advertising and analytics defendants, dismiss Favor from the action with prejudice, and allow the case to proceed so the other parties can seek appropriate discovery from Favor “without any delay.”

Nine plaintiffs suing Dish in privacy complaints over data breaches moved the court to consolidate the related cases, said their Friday motion (docket 1:23-cv-01315) in U.S. District Court for Colorado in Denver. The proposed cases -- Owen-Brooks v. Dish (1:23-cv-01168), Clark v. Dish (docket 1:23-cv-01315), Cruse v. Dish (docket 1:23-cv-01319), Turley v. Dish (docket 1:23-cv-01346), Ellerbrock v. Dish (1:23-cv-01372), Jenkins v. Dish (docket 1:23-cv-01387), Cardenas v. Dish (docket 1:23-cv-01405), Garza v. Dish (docket 1:23-cv-01458), and Vest v. Dish (docket 1:23-cv-01462) -- allege the defendant failed to properly secure customers’ and employees’ personally identifiable information from hackers after a February network outage. The motion seeks to stay all deadlines in the cases proposed for consolidation. The motion proposed Mason Barney of Siri & Glimstad, Bryan Bleichner of Chestnut Cambronne and Scott Cole of Cole & Van Note as interim co-lead class counsel.

Arkansas Attorney General Tim Griffin’s (R) “strained portrayal” of his lawsuit against TikTok as deserving to be remanded to state court (see 2306090047) “ignores reality,” said TikTok’s opposition Monday (docket 1:23-cv-01038) to the remand motion in U.S. District Court for Western Arkansas in El Dorado. Griffin alleges TikTok is violating the Arkansas Deceptive Trade Practices Act by duping Arkansas residents about the privacy and data risks of using the social media platform. However the court views the state’s claims at the current stage of the case, those claims “implicate core federal concerns,” and the state shouldn’t be allowed “to ignore them to remain in state court,” it said. “When boiled down to its essence,” the case involves the state’s “extraordinary attempt” to regulate “sensitive issues of national security and foreign affairs,” it said. Those issues “at this very moment” are under “active consideration” by the federal government, it said. Federal question jurisdiction exists and the state’s motion to remand should be denied, it said. In its remand motion, the state argues the court lacks jurisdiction because the case doesn’t require the resolution of any federal issue, said TikTok. But the state concedes that to succeed on its claims, “it must establish that TikTok user data may be accessed and exploited by a hostile foreign government,” it said. The question of whether China is accessing and exploiting TikTok user data “is one that the U.S. government has been evaluating through a formal review and investigation” conducted by the Committee on Foreign Investment in the U.S., it said. Because adjudicating the state’s claims “would require a state court to second-guess the federal government’s assessment of the nature and degree of any national security threat from China vis-a-vis TikTok, this case necessarily raises disputed and substantial questions of federal law,” it said.

Plaintiffs in a data breach lawsuit against Macmillan voluntarily dismissed their action without prejudice, said a Thursday notice (docket 1:23-cv-01217) in U.S. District Court for Southern New York in Manhattan. Plaintiffs Victoria Batchelor, Diana Griffin and Jaime Ariza alleged harms resulting from a June 2022 data breach. Macmillan sought to dismiss the suit for lack of standing under Rule 12(b)(1) (see 2305190027). No facts in the second amended complaint suggested the plaintiffs “suffered any actual resulting injury, and the allegations of increased risk of identity theft are insufficient,” Macmillan said in May. To the extent that the plaintiffs alleged their damages included time spent reviewing account statements and credit reports for indications of identity theft, “such mitigation efforts are insufficient to establish an injury for standing,” it said.

An April privacy lawsuit against Southern Theatres should be dismissed for failure to state a claim, said the defendant's Wednesday brief (docket 1:23-cv-00346) in support of its motion to dismiss. Plaintiff Jeffrey Hoge sued the North Carolina theater, alleging it shared his private video viewing information without consent, in violation of the Video Privacy Protection Act (see 2304270016). Southern “partnered with Facebook” to collect personally identifiable information (PII) each time Hoge viewed a video or bought a ticket on Southern’s websites, alleged the complaint. The theater chain’s Wednesday brief said the alleged facts of the case are “far removed from the circumstances” that led to the passage of the VPPA, citing the publishing in a newspaper of a list of movies rented by former U.S. Solicitor General Robert Bork, then a U.S. Supreme Court nominee, from a video rental store. “Plaintiff does not allege Southern Theatres did anything like handing a list of Judge Bork’s video rentals to a reporter,” said the brief. Hoge’s complaint asserts Facebook could combine Southern’s webpage address and Hoge’s Facebook user ID to reveal that he visited a web page for a specific movie “and that this violates a statute enacted to prevent ‘video tape service providers’ from disclosing their customers’ rental history,” said the defendant. It noted Hoge’s statutory damage award claim of $2,500 for every Facebook user who purchased tickets on the Southern Theatres websites in the past two years, plus attorneys’ fees. The case should be dismissed because (1) Congress didn’t include movie theaters in the VPPA, (2) Hoge fails to plausibly allege the information disclosed constitutes PII, and (3) even if the allegedly disclosed information is PII, Hoge “fails to plausibly allege that Southern Theatres knowingly disclosed that information," said the brief.

IBM unlawfully procured the wiretapping of electronic communications of visitors to Weather.com through an arrangement with Oracle, alleged a class action Tuesday (docket 7:23-cv-05203) in U.S. District Court for Southern New York in Manhattan. Through its BlueKai Pixel, Oracle, as procured by IBM, IBM “secretly observed, recorded, and otherwise intercepted website visitors’ electronic communications” with IBM and “used that data to improve its own marketing and analytical capabilities,” it said. The suit, which alleges violations of the Maryland Wiretapping and Electronic Surveillance Act, names IBM as the defendant, but not Oracle. The complaint said Oracle maintains a “symbiotic relationship” with its clients. Oracle doesn’t simply manage its clients’ data but also “retains and uses the same data to assist other clients,” it said: “With each piece of data Oracle collects, the BlueKai profiling software becomes even more useful.” IBM didn’t comment.

Plaintiff Emma Mendoza voluntarily dismissed with prejudice a privacy class action against Newsweek, said a Tuesday joint stipulation of dismissal (docket 1:23-cv-00643) in U.S. District Court for Southern New York in Manhattan. Last week, U.S. District Judge Vernon Broderick threatened to dismiss Mendoza’s Video Privacy Protection Act class action against Newsweek Digital for failure to prosecute if the parties failed to file a proposed joint case management plan and scheduling order by June 19 (see 2306130035). All claims of any unnamed member of the alleged class are dismissed without prejudice, said the filing. Each party will bear its own costs. Mendoza’s Jan. 25 complaint alleged Newsweek Digital unlawfully tracks and discloses to Facebook its subscribers’ viewed video media and Facebook IDs without their consent.

No discovery deadline should be set in an Illinois Biometric Privacy Act (BIPA) lawsuit while defendant Old Dominion Freight Line's motion to dismiss is pending, said the defendant in a Tuesday status report (docket 1:23-cv-2187) in U.S. District Court for Northern Illinois in Chicago. If discovery goes forward, nine months for completing fact discovery “is appropriate,” said Old Dominion, giving a March 22 date. Plaintiffs in the case assert BIPA violations related to fingerprints collected by Old Dominion’s time clock system. The company said Rule 26(a)(1) disclosures shouldn’t be made unless the court denies its motion to dismiss. If disclosures are required while the motion is pending, the defendant proposed a July 13 deadline to prepare. Old Dominion moved to dismiss the second amended complaint Friday (see 2306200038); plaintiffs’ response to the motion is due July 17, with defendant’s reply due July 31. The parties are attempting to negotiate the parameters of private mediation but haven't reached agreement.