Microsoft “expressly preserves” any and all defenses available against pro se plaintiff Michele Hondros’ allegations that Microsoft and Alphabet are conducting unlawful surveillance and eavesdropping through her computer and Android phone, said Microsoft’s notice Friday (docket 4:23-cv-00799) in U.S. District Court for Southern Texas in Houston of the complaint's removal from 11th Judicial District Court of Harris County. The Houston resident discovered a “cyber intrusion” on her PC May 29, and her phone showed it was infected with a virus about two months later, said her Nov. 15 complaint. She alleges she was sent “alarming, harassing, annoying and unwanted emails” because of the breaches to her PC and phone. The incidents put Hondros under “extreme, and undue duress,” causing her to live “in a constant state of fear,” it said. She seeks $2 million in “actual damages,” plus $500 million in punitive damages.

The battle of legal words continued Wednesday between lawyers for plaintiff Jazmine Harris and defendant PBS over the impact the Southern District of New York’s dismissal of a Video Privacy Protection Act complaint should have on PBS' motion to dismiss Harris’ VPPA claims in U.S. District Court for Northern Georgia in Atlanta. Days after PBS asked the court to “disregard” Harris’ opposition to its motion for leave to file a notice of supplemental authority documenting SDNY’s Feb. 17 dismissal in Martin v. Meredith (see 2302270048), Harris’ lawyers made a strong rebuttal (docket 1:22-cv-02456). PBS asks the court to enter an order disregarding Harris’ opposition based on Local Rule 56.1, they said. “As an initial matter, Local Rule 56.1 pertains only to motions for summary judgment, not motions to dismiss,” they said. PBS cites no authority for the proposition that the court can disregard Harris’ response “based on a purported violation of the local rule concerning summary judgment,” they said. PBS’ reliance on Local Rule 56.1 “is indicative of the greater flaw” in its arguments to convince the court to disregard Harris’ opposition and its motion to dismiss her claims altogether, they said. The court should also reject the PBS motion to disregard because Harris’ opposition “is not alleging new facts or amending its pleading,” said her lawyers. Her opposition “provided illustrations” of how PBS transmits its customers’ confidential information to Facebook “to preview the evidence supporting its well-pleaded factual allegations and to show that such allegations are neither speculative nor conclusory,” they said. The court can deny the PBS motion to dismiss without relying on her illustrations because her complaint “contains sufficient factual allegations to state a cause of action for violation of the VPPA,” they said.

GoodRx emailed customers Wednesday advising them the FTC alleged the company shared their personal identifiable information July 2017-April 2020 without their permission. Information included details about drug and health conditions customers searched for and their prescription medications. “We shared this information with third parties, including Facebook,” said the prescription discount drug firm. In some cases, GoodRx used the information to target customers with health ads, it said. “The Federal Trade Commission alleges we broke the law by sharing your health information without your permission,” it said, and to resolve the case, GoodRx agreed to an FTC order that it would tell third parties like Facebook to delete information it received from GoodRx, never share customers’ health information with third parties for advertising purposes, or without their permission, and put in place a comprehensive privacy program. The program will have “heightened procedures and controls” to protect personal and health information, and an auditor will review the program every two years for 20 years, it said. The FTC last month ordered GoodRx to pay a $1.5 million civil penalty for failing to notify consumers and others of its unauthorized disclosures of consumers’ personal health information to Facebook, Google and other companies in violation of its health breach notification rule. A class action filed last week in U.S. District Court for Northern California in San Francisco alleges GoodRx’s representations that it complies with Health Insurance Portability and Accountability Act privacy rules and follows the Digital Advertising Alliance “Sensitive Data Principle” are false (see Ref:2302220043).

Sunglasses maker Blue Otter collects without consent detailed and sensitive biometric identifiers and information from customers who use its virtual try-on feature, alleged a Monday privacy class action (docket 1:23-cv-1187) in U.S. District Court for Northern Illinois in Chicago. Plaintiff Lance Webb, a Chicago resident, used Blue Otter’s virtual try-on feature three or four times in June or July on his iPhone and iPad to see how sunglasses would look on his face but didn’t buy a product, said the complaint. The Blue Otter website has links to the try-on feature on each product page. Clicking on the link automatically activates users’ webcam or device camera so their real-time image appears immediately, the complaint said. Users can navigate to a menu of sunglasses and see what each one will look like on their face, and they can take snapshots of the virtual try-ons, which they can download or share to Facebook, it said. Blue Otter doesn’t have a publicly available written policy establishing a retention schedule or guidelines for permanently destroying biometric identifiers or biometric information obtained from consumers, as required by the Illinois Biometric Information Privacy Act, alleged Webb. A consumer whose biometrics are compromised “has no recourse” and is at a heightened risk of identity theft, said the complaint. The plaintiff seeks preliminary and permanent injunctive and equitable relief on behalf of the class to prevent Blue Otter from continuing to collect users' face geometry through the virtual try-on feature without written release and to develop a written policy on retention and deletion of biometric information. The class action seeks awards of $1,000 per negligent violation, $5,000 per willful or reckless violation, or actual damages, whichever is more, plus reasonable attorneys’ fees and legal costs.

Massachusetts Department of Public Health Commissioner Margaret Cooke moved to dismiss a November privacy class action complaint involving the state's COVID-19 exposure notification system, said a Monday filing (docket 3:22-cv-11936) in U.S. District Court for Massachusetts in Springfield. Plaintiffs Robert Wright and Johnny Kula alleged the Massachusetts Department of Health “secretly installed” an exposure notification settings feature on Android devices that would alert users who may have been exposed to COVID-19. Cooke said plaintiffs’ complaint and supporting materials that the system allows the department to track their locations without their consent asserts “a host of groundless claims" under federal and state law that “do not support their narrative.” The exposure notification system is "an optional, anonymous service that does not collect information," she said. Plaintiffs’ claim that installation of the feature was an “unreasonable search” isn't a plausible allegation, she said. The complaint doesn't allege facts about plaintiffs’ claimed property interest in digital storage, nor does a claim plead the necessary elements of a civil action under the Computer Fraud and Abuse Act, the motion said. Massachusetts’ 11th amendment immunity bars all of the plaintiffs’ claims against the department, the commission and claims for monetary damages, the motion said.

Plaintiff Jazmine Harris opposes the PBS motion for leave to file a notice of supplemental authority documenting the Southern District of New York’s dismissal Feb. 17 of a Video Privacy Protection Act complaint in Martin v. Meredith (see 2302220035), said her opposition Thursday (docket 1:22-cv-02456) in U.S. District Court for Northern Georgia in Atlanta. PBS said Martin alleged the same VPPA claim that plaintiff Harris is asserting against PBS, and the SDNY, in dismissing Martin, adopted the same arguments PBS asserted in its own dismissal motion against Harris. But Martin doesn't support dismissal under the facts alleged in Harris’ complaint, said her opposition. Martin is “inapplicable” because, unlike the complaint in that case, Harris’ complaint is supported by specific allegations that PBS disclosed to Facebook the media content the digital subscribers watched, including the video content name, its URL and, most notably, the viewers’ Facebook ID, said the opposition. The Martin plaintiff, by comparison, alleged only the defendant’s disclosure of the name of the webpage. PBS replied Friday with a rebuttal, urging the court to “disregard” Harris’ opposition to the PBS motion for leave. Harris previously had the opportunity to respond to PBS’ argument, but “nowhere” in her opposition did she contest PBS’ assertion that the screenshots in her own complaint “fail to show that any information is transmitted when a user actually clicks on a video to play the video,” said PBS. The SDNY has now agreed with PBS that sending an URL doesn’t identify a person as having requested or obtained the video on a page since the person may instead have merely reviewed an article on the page or opened the page and done nothing more, it said. Harris “improperly attempts to supplement her pleading with new allegations that information is transmitted when a user clicks certain video-related buttons on the website,” said PBS.

Plaintiff Cynthia Lepur’s opposition to Educational Credit Management Corp.’s (ECMC) motion to dismiss her privacy complaint (see 2302170027) demonstrates she and her counsel “want unlimited bites at the apple,” said ECMC’s reply Thursday (docket 3:23-cv-00014) in U.S. District Court for Southern California in San Diego. Lepur alleges ECMS, a student loan servicer, recorded its phone conversations with consumers without their consent in violation of the California Invasion of Privacy Act. ECMC since 2015 has been “continuously harassed” by five “repetitive” class actions, including Lepur’s, based on the same claim, it said. Lepur’s case was filed as “a calculated strategy” to minimize or avoid completely any actual or potential outcomes unfavorable to Lepur in two other ongoing cases, it said: “The law does not allow a dispute to be litigated piecemeal in this manner.” Lepur admits in her opposition that her case arises from the same facts as the other cases, but asks the court to stay her case and not dismiss it due to the special circumstances of her action, said ECMC. “There are no special circumstances which would warrant saving this case from dismissal,” it said. The entire purpose of the “claim-splitting doctrine” is to avoid repetitive actions, promote judicial economy and convenience, and “not re-litigate a claim in a second suit if the first fails,” it said. Yet that’s exactly what Lepur “seeks to do,” it said: “She tacitly if not expressly admits that her suit should only proceed in the event that all the earlier-filed cases fail.” ECMC is forced to defend against the same claim “in a seemingly never-ending string of duplicative class action lawsuits,” it said. “There is no equitable ground to save this case from dismissal under these circumstances.”

U.S. District Judge William Orrick for Northern California in San Francisco signed an order Wednesday (docket 3:22-cv-03580) reassigning himself another case, Smart v. Main Line Health (docket 3:23-cv-00528), and relating it to the newly consolidated healthcare class action against Meta (see 2302220038). The plaintiffs in the consolidated complaint are Facebook users who allege Meta acquires their confidential information via the Meta Pixel in violation of federal and state laws.

U.S. District Judge for Northern California William Orrick denied defendant Meta’s administrative motion to consider whether two privacy cases -- Jane Doe v. Hey Favor and Jane Doe v. GoodRx -- should be related, said a Tuesday order (docket 3:23-cv-00059) in the San Francisco court. GoodRx, a nonparty in the Hey Favor case, and defendant Google, filed oppositions to Meta’s request. The two cases don't “concern substantially the same parties, property, transaction or event,” said Google's response. GoodRx’s opposition cited Meta’s contention the two cases are related because both name Meta as a defendant and both plaintiffs “allege that they used platforms on which [software development kits] and pixels were installed,” and that as a result, “Meta and other defendants received sensitive health information about them.” No other parties overlap between the two matters, GoodRx noted.

U.S. Magistrate Judge Jonathan Hawley for Central Illinois in Peoria entered a text order Wednesday (docket 1:23-cv-1050) transferring plaintiff Zachary Rohlfs’ Video Privacy Protection Act complaint against Nexstar Media to the courthouse in Urbana. Hawley had ordered Rohlfs on Feb. 14 to show cause why the case shouldn’t be transferred since he lives in Kankakee County, Illinois, which is within Urbana’s jurisdiction. Rohlfs agreed in his response Tuesday that moving the case to Urbana was “appropriate.” Not only does Rohlfs live in Kankakee County but “a substantial part of the conduct at issue in this case occurred and/or emanated” from there, it said. The Urbana courthouse reassigned the case Wednesday to U.S. District Judge Colin Stirling Bruce and Magistrate Judge Eric Long, said a text-only entry in the docket. Rohlfs’ Feb. 9 class action alleges Nexstar knowingly disclosed to Facebook data containing subscribers’ personal identifiable information and digital video viewing activity on its WGNTV.com website (see 2302100028).