The hearing on the plaintiffs’ motion for final approval of a class-action settlement in a privacy case vs. Google has been rescheduled for Aug. 7, said a signed joint stipulation and order (docket 4:20-cv-03664) by U.S. District Judge Yvonne Gonzalez Rogers for Northern California in Oakland. Google requested that the hearing take place a week later than the original July 30 date, and the plaintiffs didn't oppose, said the Tuesday order. Class-action plaintiffs Chasom Brown, William Byatt, Jeremy Davis, Christopher Castillo and Monique Trujillo alleged in their March 2 fourth amended complaint that Google engages in “surreptitious interception and collection” of personal and sensitive user data while users are in a private browsing mode, and does this without “disclosure or consent (see 2304140026).” The deadline for Google to file opposition to plaintiffs’ fee motion for an award of attorneys’ fees, costs and service awards is June 7, with plaintiffs’ reply in support of their fee motion slated for June 21, said the order.
Transfer of a negligence lawsuit brought by Arkansas Local Police and Fire Retirement System (LOPFI) v. Pension Benefit Information (PBI) to In Re: MOVEit Customer Data Security Breach Litigation is warranted because it shares common questions of fact with the cases in the MDL, and the transfer will promote judicial efficiency, said PBI's response (docket 3083) to LOPFI’s March notice of opposition (see 2403150006). PBI’s Monday response before the Judicial Panel on Multidistrict Litigation said LOPFI’s motion to vacate fails to acknowledge the prior decisions and conclusions of the JPML in creating the MDL and omits that LOPFI’s claims vs. PBI all emanate from Progress Software’s May MOVEit file transfer software data breach. LOPFI’s complaint alleges PBI failed to protect and keep its members' personally identifiable information confidential during the breach.
U.S. District Judge Nicholas Garaufis for Eastern New York in Brooklyn denied plaintiff Benjamin Kyle’s motion to remand a SIM swap case against T-Mobile to state court, his Friday memorandum and order said (docket 1:23-cv-05206). Garaufis’ order follows Magistrate Judge Robert Levy’s March 25 report and recommendation that Kyle’s motion be denied; no party objected to the R&R, said the filing. A status conference by telephone is set for Wednesday. Kyle’s July 7 lawsuit alleges T-Mobile store employees unlawfully accessed his phone’s SIM card and stole more than $30,000 in cryptocurrency. T-Mobile maintains Kyle agreed to its terms and conditions, including an agreement to arbitrate claims about T-Mobile services (see 2307070024).
Although the plaintiffs in a negligence class action vs. ESO Solutions over a September data breach timely responded to the medical software company’s motion to strike class allegations, their response to its March 28 motion to dismiss is “past due,” said U.S. District Judge Robert Pitman for Western Texas in Austin Wednesday. Pitman ordered (docket 1:23-cv-01557) the plaintiffs in In Re: ESO Solutions Inc. Breach Litigation to file a response to the motion to dismiss by Monday. Plaintiffs Steven Guiffre, Billy Love, George Simpson, Jamie Thomas, Deborah Todd and Robert Day called ESO’s March 26 motion to strike class allegations “premature and meritless” in their April 9 motion to strike allegations (see 2404100041). The Sept. 17 data breach allegedly affected about 2.7 million individuals whose personally identifiable information and personal health information was compromised when an unauthorized actor gained access to the software company's network and computer systems.
U.S. District Judge Gary Klausner for Central California in Los Angeles denied the motion to remand of a Jane Doe plaintiff who sued PHE, owner of adult products website Adam & Eve, for privacy violations, said his order (docket 2:24-cv-01065) Monday. Doe filed a class action complaint against PHE Jan. 3, alleging that after she used the Adam & Eve website, the company disclosed her personal sexual information and IP address to Google via Google Analytics without her consent. Doe originally filed the action against PHE in Central California district court Sept. 25. The case was dismissed and Doe then added Google to the lawsuit and filed in state court; Google removed the case to district court in February (see 2403110004). The defendants argued that Doe didn’t meet the local controversy exception's three requirements for a district court to decline federal jurisdiction under the Class Action Fairness Act (CAFA): that two-thirds of the putative class are California citizens; that the principal injuries from the alleged conduct were incurred in California; and that no similar class actions have been filed vs. the defendant in the past three years. The court disagreed with Doe’s contention that the class was comprised solely of California residents. On the injuries question, Doe failed to convince the court to depart from the “numerous California district courts which have routinely held that artificially restricting a nationwide injury to appear purely Californian in nature does not warrant remand”; therefore, the principal injuries requirement wasn't met, said the order. In a separate order, Klausner dismissed Doe’s complaint, saying she can refile within seven days of the order “with her true legal name.” In response to the court’s order to show cause for proceeding by pseudonym, Doe argued that she would otherwise be forced to publicly reveal her purchase history, which would reveal her sexual practices, preferences and orientation, which could lead to public ridicule and social stigmatization, said the order. Doe’s purchase history may subject her to “severe ridicule and stigma so as to outweigh public interest,” but that harm can be avoided “simply by obtaining a protective order and filing that information under seal,” the order said.
Isaac Shapiro voluntarily dismisses his Video Privacy Protection Act claims against Quimbee parent company Sellers International with prejudice, said his notice of dismissal Tuesday (docket 3:24-cv-00079) in U.S. District Court for Northern California in Oakland. Shapiro alleged that Quimbee, a website tailored to law students, violated the VPPA by knowingly disclosing his personally identifiable information and that of his class members, including a record of case brief videos they watched on the website, without their consent (see 2401110045).
Kochava’s affirmative defenses give the FTC “fair notice” of the defenses it will raise, thus satisfying the only pleading standard the 9th U.S. Circuit Court of Appeals “has ever applied to affirmative defenses” and the only standard contemplated by the Federal Rules of Civil Procedure, said the defendant’s opposition to the FTC’s motion to strike (docket 2:22-cv-00377) affirmative defenses Tuesday in U.S. District Court for Idaho in Coeur d’Alene (see 2403070026). The FTC sued Kochava in August 2022 for allegedly selling vast amounts of personal information about millions of people. The agency alleges that the data can reveal a person’s sensitive information, including religious affiliations, sexual orientation and medical conditions, and by selling that data, Kochava invades consumers’ privacy and exposes them to significant risks of secondary harms. The FTC fails to show that Kochava’s defenses could not apply under any set of circumstances, which is the standard to grant the FTC’s motion, said the opposition. The FTC’s “pejorative characterization of Kochava’s ‘laundry list’ of affirmative defenses misses the point that a defendant is required to assert every applicable defense in its responsive pleading, to avoid waiver of same,” it said, citing Morrison v. Mahoney. The court should not strike factually based defenses when Kochava hasn’t had the opportunity to conduct “meaningful discovery,” since discovery may reveal that the defenses “are in fact well-supported,” and the adequacy or inadequacy of the defenses is unclear as a matter of law, the filing said. Kochava asked the court to deny the FTC’s motion to strike in its entirety; if any part of the motion is granted, the defendant requests leave to amend. Kochava also requests a jury trial.
Verizon seeks the dismissal of plaintiff William Lawshe's AI defamation complaint against the carrier and its cloud storage vendor, Synchronoss Technologies, said its motion Friday (docket 3:24-cv-00137) in U.S. District Court for Middle Florida in Jacksonville. Lawshe, a Verizon customer, alleges that Verizon and Synchronoss used AI to monitor and screen his data and incorrectly identified a file in his possession as containing child sexual abuse material (CSAM) (see 2402070004). Lawshe’s amended complaint shows that he has “no viable claim” against Verizon, said its motion to dismiss. His claims against Verizon arise out of the fact that Verizon reported images in his Verizon account to the National Center for Missing and Exploited Children (NCMEC) based on “matched hash values” with other images previously identified as likely CSAM, it said. Even when viewing all facts in the light most favorable to Lawshe, these claims “should be dismissed for two independent reasons,” it said. First, Verizon is immune from suit “under multiple statutory provisions that bar actions against providers” based on precisely the type of reporting that Lawshe alleges, it said. Second, disclosures to NCMEC also aren’t actionable under federal law, it said. Synchronoss also filed a motion to dismiss Friday in which it contends that Lawshe is barred from proceeding with a claim for defamation against Synchronoss “because certain statutory provisions bar actions against Synchronoss for the specified conduct.”
Virgin Atlantic doesn’t disclose to consumers at the beginning of a call that it’s recording phone communications, in violation of the California Penal Code, alleged a complaint Wednesday (docket 5:24-cv-02158) in U.S. District Court for Northern California in San Jose. Kenneth Tang, a San Jose resident, called Virgin Atlantic on Dec. 7 from his cellphone to book a flight, his complaint said. When a customer calls Virgin’s customer service number and selects a prompt for a new booking, there is no disclaimer regarding call recording, it said. Because he was never told the call was being recorded, and never consented to it, Tang “reasonably expected that his communications” with the airline weren't being recorded and were “confidential” as defined by the California Penal Code, the complaint said. But on information and belief, Virgin was recording the call and “captured the entire contents of his communications with the automated agent and the live agent using Genesys’ software,” said the complaint. Genesys’ software allows for scripting of interactive voice responses that allows customers to “speak” with an artificial agent, the complaint said. The software routes customers to the appropriate live-person agent, but it also records the real-time contents of the calls, it said. The airline’s policy of monitoring and recording calls without informing customers is a “uniform practice” that occurs whenever a customer calls the airline, the complaint said. Tang seeks statutory damages, prejudgment interest and injunctive relief, plus attorneys’ fees and legal costs.
The 9th U.S. Circuit Appeals Court’s March 5 decision in Hammerling v. Google supports affirmance in the appeal brought by six Chrome users seeking to reverse the district court’s dismissal of their privacy complaint (see 2212290037), said Google in a letter Tuesday (docket 22-16993) to the 9th Circuit clerk. The six appellants allege that Chrome secretly sent users’ personal information to Google, regardless of whether the browser’s “sync mode” was turned on or off. The plaintiffs in Hammerling alleged that Google breached the same terms of service and privacy policy at issue in the Chrome appeal by collecting similar activity data relating to use of mobile applications, said Google’s letter. The 9th Circuit affirmed the dismissal of the plaintiffs’ breach of contract, privacy and Unfair Competition Law claims because Google’s privacy policy explains that Google collects data about users’ activity on third-party sites and apps that use Google’s services, it said. In so doing, the privacy policy unambiguously discloses Google’s collection of user activity data, it said.