All four named plaintiffs in the consolidated amended Video Privacy Protection Act complaint against Google requested, rented and obtained their videos years ago, yet all of their Google accounts “still display the titles of the videos they requested and obtained,” said their opposition Tuesday (docket 4:22-cv-05652) in U.S. District Court for Northern California in Oakland to Google’s motion to dismiss. Their Google accounts also still bear the dates they requested and obtained their videos and the price they paid for them, it said. Google “has no reason, related to the transaction, to keep the information,” it said. Google is “systematically violating” New York and Minnesota video privacy law by storing and maintaining its consumers’ information “for longer than 30 days, or at the very least, for longer than one year,” it said. Faced with those “clear violations,” Google’s motion to dismiss “resorts to an array of meritless arguments for dismissal,” it said. Google argues that the New York and Minnesota statutes don’t provide a private right of action for wrongful retention of personal information, “but that argument contravenes the plain text and meaning of the statutes,” it said. Google cites case law interpreting the VPPA, but “it ignores that the VPPA is structured such that the private right of action provision comes immediately after the prohibition on disclosure, but before the prohibition on wrongful retention,” it said. The New York and Minnesota statutes, in contrast, “are structured such that their private right of action provisions come at the end of the statute, after their wrongful retention provisions,” it said.

Old Dominion Freight Line’s Kronos time clock system required plaintiff John Kararo and other employees to scan, upload and use their fingerprints to use its time clock and track hours worked, alleged (docket 1:23-cv-02187) the plaintiff in a Thursday class action U.S. District Court for Central Illinois in Peoria. Kararo, an Illinois resident, said the time clock system used, collected, stored and “otherwise obtained” his unique biometric identifiers without prior consent in violation of Illinois’ Biometric Information Privacy Act (BIPA). BIPA codified that individuals have a right to privacy concerning their biometric identifiers and biometric information, said the complaint, citing Illinois Supreme Court Case Rosenbach v. Six Flags. BIPA vests in individuals the right to control their biometric information by requiring notice before collection and giving them the power to say no by withholding consent, it said. Kararo seeks an order requiring Old Dominion to publish a public policy that identifies its data retention and destruction protocols; an order requiring it to destroy biometric identifiers and information after the initial purpose for collecting them has been satisfied; and awards for damages for negligent BIPA violations, plus reasonable attorneys’ fees and legal costs.

Cedars-Sinai health organization presented “no persuasive reason” for the court to deny plaintiff “John Doe’s” motion to remand a privacy lawsuit to Los Angeles County Superior Court, said plaintiff’s Friday reply memorandum (docket 2:23-cv-00870) in further support of his motion for remand from U.S. District Court for Central California in Los Angeles. In a Jan. 13 complaint, John Doe alleged Cedars-Sinai shared patients’ sensitive and protected personal identifiable information with unrelated parties including Facebook, Google and Microsoft Bing without patients’ consent. Tracking code on the Cedars-Sinai website “diverted customers’ private information to outside entities for analytics and marketing purposes without adequate disclosure” or consent from customers, he alleged. Cedars-Sinai’s Feb. 3 notice of removal said defendants may remove a case under 28 U.S.C. § 1442(a) “when they are acting under color of federal office.” To do so, they must show 1) it's a “person” within the meaning of the statute, 2) there's a causal nexus between its actions, taken pursuant to a federal officer’s directions, and plaintiff’s claims; and 3) it can assert a “colorable federal defense.” Since 2004, the federal government has directed and overseen a public-private initiative to develop a nationwide infrastructure for health information technology, and Cedars-Sinai “dutifully assisted and followed the federal government’s direction in this effort” with a “Meaningful Use” program to increase patients’ use of electronic health records, it said. In his Friday response, John Doe said the argument that the hospital was acting on behalf of the federal government “lacks credibility.” Doe sued Cedars-Sinai Dec. 30 for violations of California’s Invasion of Privacy Act, invasion of privacy/intrusion upon seclusion in violation of California common law, breach of implied contract and covenant, negligence and violation of California’s Confidentiality of Medical Information Act.

Plaintiff Cindy Murphy amended her privacy class action against Kochava to add three named plaintiffs to her claims that Kochava acquires consumers' precise geolocation data and sells it in a format that allows entities to track the consumers' movements to and from sensitive locations, said her complaint Friday (docket 2:23-cv-00058) in U.S. District Court for Idaho in Coeur D’Alene. New plaintiff Scott Connelly, like Murphy, lives in Washington state, and Jenny Watson and Adriana Ingram are Californians. Murphy lacks Article III standing because she can’t show she suffered an injury in fact that's “fairly traceable” to Kochava’s conduct, said Kochava’s motion to dismiss last month (see 2303200036).

Meta’s March 28 conditional motion to sever claims (see 2303300042) is “part of its many tactics" to avoid litigating “Jane Doe’s” privacy claims against it, Hey Favor, FullStory and TikTok, said Doe’s Thursday opposition in U.S. District Court for Northern California in San Francisco. Doe noted Meta “already failed once” to relate the case to Doe v. GoodRx, saying “this time” the tech company is arguing the claims against it should be severed for purposes of consolidating with Meta Pixel Healthcare Litigation (docket 3:22-cv-03580). Severance wouldn't bring efficiencies because “the claims Meta seeks to excise concern different services, that incorporate different technology, used by different individuals, for different purposes, that caused the transmission of different data” to different defendants from those in the hospital actions, said the opposition. The Hey Favor case “is not, and has never been” related to the hospital actions, it said. The hospital actions, brought by five hospital patients who used online “patient portals” (myMedStar, MyChart and MyHealth), “are even less like this Action than the GoodRx Action,” said the opposition. Doe v. Hey Favor seeks to represent a class that used Hey Favor’s mobile and web app that provides contraception and birth control. Jane Doe alleges Favor sends answers to personal information, such as answers to birth control questions and purchase history, through tracking tools, to Meta, TikTok, ByteDance and FullStory. Plaintiffs in the hospital actions claim their data was collected exclusively through web-based patient portals that incorporated a single technology -- the Meta Pixel -- "which is not present (and cannot be used) on the mobile version of the Favor App," Doe said. The hospital actions, by contrast, represent hospital patients who allegedly used passive patient portals on hospital websites. Meta argued in its motion to sever claims that the allegations and claims in Hey Favor were “fully covered and subsumed within” Meta Pixel Healthcare Litigation.

Video Privacy Protection Act plaintiff Gregory Roland now consents to defendant Chive Media Group’s motion to transfer the case to the Western District of Texas in Austin from U.S. District Court for Northern Illinois in Chicago, said the parties' joint stipulation Friday (docket 1:23-cv-00337). Roland’s putative class action alleges Chive violated the VPPA by knowingly sharing his viewing data with Meta, but Chive asserts that Roland acquiesced to a “valid forum-selection clause” to litigate his claims in the Western District of Texas where Chive is headquartered when he agreed to Chive’s terms and conditions (see 2303240008). The parties agree that Roland’s stipulation to a venue transfer is made without waiving his right to challenge Chive’s terms and conditions as not being an agreement to which he or any other putative class member is a party, said the joint stipulation. The parties also agree that Roland doesn’t waive his rights to challenge the terms and conditions “on any grounds allowable at law,” it said.

The parties in the AirTags privacy class action involving Apple have scheduled a mediation session for April 27, and again seek a stay of the action pending the outcome of their efforts to resolve the dispute through alternative means. said their joint case management statement Friday (docket 3:22-cv-07668) in U.S. District Court for Northern California in San Francisco. U.S. District Judge Vince Chhabria previously denied their motion for a long-term stay because he said it would be unfair to potential class members to delay the case for so long at its outset (see 2303300031). If Chhabria again declines to impose a stay, Apple will move to dismiss the case and the plaintiffs will oppose that motion, said Friday’s statement. If no stay is granted, the plaintiffs will move for class certification, which Apple will oppose. Plaintiffs Lauren Hughes and “Jane Doe” allege the AirTag location transmitter is “the weapon of choice of stalkers and abusers,” and both claim to be victims of AirTag stalking. Their “primary concern” in this litigation is to obtain injunctive relief “that remedies the immediate and ongoing risks to safety caused by the AirTag as it currently operates,” said the statement. “But finding solutions involves working with complex technology not only of the AirTag product but also other Apple products and IP, and even with technology of non-parties,” it said. Because of the issues of “scope,” and in light of the “unique nature of the relief sought,” the plaintiffs sought to begin an early mediation process so that they could evaluate how the safety needs of the class “may best be protected in light of Apple’s existing technology,” it said. Early mediation also would help the parties “identify all stakeholders within Apple’s organization who would need to participate in the development and implementation of changes, and accordingly identify areas of alignment and find achievable solutions in as expeditious a manner as possible,” it said. Because any resolution is “unlikely to be reached in a single mediation,” the parties are seeking a stay of six months “to invest all of their time and resources into their attempts to resolve this matter,” it said.

A digital subscriber and The Boston Globe reached settlement agreement in a class action complaint against the paper for allegedly violating the Video Privacy Protection Act by sharing digital subscribers' data with Meta's Facebook, per a joint settlement notice Friday in U.S. District Court for the District of Massachusetts (docket 1:22-cv-10195). Multiple streaming video providers have faced VPPA suits for use of Meta Pixel for analytics and ad targeting (see 2210260008).

As the removing party invoking federal jurisdiction, it’s the burden of defendant Amazon Web Services to establish subject-matter jurisdiction of the U.S. District Court for Northern Illinois in Chicago over plaintiff Cynthia Redd’s Illinois Biometric Information Privacy Act claims, said Redd’s reply Wednesday (docket 1:22-cv-06779) in support of her motion to remand her case to Cook County Circuit Court where it originated before AWS removed (see 2303160070). Establishing subject-matter jurisdiction in federal court includes demonstrating Redd’s Article III standing, “a necessary component of federal jurisdiction,” it said. That means AWS must show Redd has Article III standing, but it “fails to carry that burden,” it said. AWS misrepresents Redd’s procedural 15(c) allegations and adds language that Redd didn’t plead, it said. Redd, for example, doesn’t allege AWS’ Section 15(c) violations resulted in her loss of the right to control her biometric data, it said. She rather alleges AWS’ actions in violating the BIPA “disregard her and other users’ rights to biometric privacy and control over the collection, use, and storage of sensitive biometric data,” it said. AWS also tries to take a second bite of its “motion to dismiss apple” by improperly rearguing the issue of personal jurisdiction, said Redd’s reply. AWS admits subject-matter jurisdiction “should be addressed first and foremost,” it said. Yet it nonetheless cites “irrelevant and inapplicable cases” to argue the issue of subject-matter jurisdiction in the present case is too complex and novel here that personal jurisdiction “should be decided first and in its favor,” it said. “That’s simply untrue.” Numerous courts within the Northern District of Illinois “addressed the same remand issue and have found remand appropriate,” it said.

U.S. District Judge Vince Chhabria for Northern California in San Francisco denied the parties’ March 6 joint stipulation to stay the AirTags privacy class action against Apple to seek an alternative means to resolve the dispute (see 2303080065), said his signed order Wednesday (docket 3:22-cv-07668). Plaintiffs Lauren Hughes and “Jane Doe” haven’t adequately explained “why it would be consistent with their duty to represent the proposed class members to delay the case for so long right at the outset,” said the judge’s rationale for his denial. The matter can be discussed further at the April 7 case management conference, said the order. “Apple need not respond to the amended complaint until some time after the conference,” it said. The AirTag location transmitter is “the weapon of choice of stalkers and abusers,” alleges the class action brought against Apple by Hughes of Travis County, Texas, and Doe of Brooklyn, who both claim to be victims of AirTag stalking.