The March 21 decision in U.S. District Court for Southern California in San Diego granting Ford’s motion to dismiss a California Invasion of Privacy Act complaint is “relevant” to defendant Tonal Systems’ own motion to dismiss plaintiff Julie Jones’ CIPA class action in the same court for failure to state a claim on which relief can be granted (see 2308300028), said Tonal’s notice Tuesday (docket 3:23-cv-01267). Jones alleges Tonal, a maker of home gym equipment, violated the CIPA and the state’s Unfair Competition Law when it used software from a third-party vendor, Drift, to secretly eavesdrop on the private conversations of users of the chat features on Tonal’s website (see 2307110047). Tonal’s motion to dismiss was fully briefed, and the motion hearing was held Oct. 18, said the notice. Jones lacks a “viable statutory claim for wiretapping” under the CIPA, said Tonal’s motion to dismiss. In the Ford case, plaintiff Rebeka Rodriguez alleged that the automaker secretly enables and allows a third-party spyware company to eavesdrop on the private conversations of everyone who visits Ford’s website and communicates through its chat feature. She alleged that the spyware company then monetized that data by sharing it with other third parties, which used it to bombard the unsuspecting visitors with targeted marketing, all without their informed consent. The court construed Rodriguez's argument in her opposition to the motion to dismiss as declining to pursue a claim against Ford for direct liability under the first three clauses of the CIPA’s Section 631(a). It dismissed any such claim against Ford with prejudice because amendment would be futile.

The plaintiffs’ opposition to Banner Health’s motion to dismiss their consolidated privacy complaint gives the "false impression” that Banner “surreptitiously discloses” the contents of their “actual medical communications or records to third parties” for profits, said Banner's reply Monday (docket 2:23-cv-00985) in U.S. District Court for Arizona in Phoenix in support of its motion to dismiss. The plaintiffs instead “conflate Banner’s public website with its patient portal,” the opposition said. Cheryl McCulley’s class action, combined with two similar actions in November (see 2311150002), allege Banner installed Meta Pixel and other tracking technologies on its website to “intercept” and send private information to third parties such as Facebook and Google without users’ “informed consent,” in violation of invasion of privacy common law, the Arizona Consumer Fraud Act and the Electronic Communications Privacy Act. But plaintiffs’ claims rely on generalized allegations of how they used Banner’s public website, how they received ads relating to their medical conditions after alleging they used the free public websites, and how a “hypothetical website visitor’s browsing activity may have been transmitted to Meta or other third parties,” said the opposition. Their allegations are “merely speculations about what happens when they intentionally search a public website for medical topics,” it said. Plaintiffs “fail to allege a single fact” about how the Pixel was configured on Banner’s patient portal, saying information available on the publicly accessible websites “stands in stark contrast to the personally identifiable patient records and medical histories protected by these statutes.”

The parties in a privacy class action vs. NBCUniversal Media and Peacock TV don’t consent to conducting all further proceedings before a U.S. magistrate judge, including motions and trial, said a case management plan and scheduling order Monday (docket 1:23-cv-09433) from U.S. District Judge Vernon Broderick in U.S. District Court for Southern New York in Manhattan. The October lawsuit, brought by Amma Afriyie of Hamilton, Ohio, and Roy Campbell of Glens Falls, New York, alleges software development kits in NBC apps allow app and website developers to “surreptitiously collect and transmit data to third parties,” including viewing history and personally identifiable information (see 2310270060). The parties have not engaged in settlement discussions, said the order. No additional parties may be joined to the case, and no additional causes of action may be asserted after 30 days from the entry of the order “absent a showing of good cause.” Fact discovery is to be completed no later than April 15, 2025, and the case is to be tried to a jury, it said.

The multidistrict litigation docket was prematurely “and incorrectly” closed March 14 for litigation against Comcast involving the Citrix data breach, said a joint status report (docket (2:23-cv-05092) in Nanez et al v. Comcast Friday in U.S. District Court for Eastern Pennsylvania in Philadelphia. The plaintiffs sued Comcast Dec. 21 for negligence; the class action was one of a dozen included in a January motion (see 2401120011) filed by plaintiff Kenneth Hasson with the Judicial Panel on Multidistrict Litigation, aiming to transfer and consolidate cases with similar allegations and claims arising out of the October data breach. A motion filed jointly by Comcast, Citrix and Hasson on March 14 to vacate that day's order closing the MDL docket and reinstating the MDL transfer motion was denied March 18, said the report. Thursday, Hasson filed a notice of unopposed motion to consolidate cases (see 2403220046); Alyssia Nanez is listed for potential consolidation within Hasson’s motion to consolidate cases, it said. The parties support the request for consolidation, it said.

Interested party Kenneth Hasson moved to consolidate 24 cases pending in the Eastern District of Pennsylvania against Comcast and/or Citrix involving Citrix's October data breach, said Hasson's unopposed motion Thursday (docket 2:24-cv-01198). Hasson requests that the court consolidate the two dozen actions and assign them to U.S. District Judge John Younge as the “already-assigned judge’ in 17 of the actions. The plaintiff moves to establish his case, the first-filed Hasson v. Comcast Cable Communications (docket 2:23-cv-05039), as the master docket for the consolidated cases. The cited rule 42(a) of the Federal Rules of Civil Procedure provides that when several actions involving common questions of law or fact are pending before a court, it's authorized to consolidate the actions to avoid unnecessary costs or delay, said the motion. The 24 cases involve an “array of shared common questions of law and fact" against defendants Comcast and/or Citrix on behalf of overlapping putative nationwide classes arising out of the breach by cybercriminals of internal Comcast systems and customer data, including plaintiffs’ personally identifiable information, which allegedly occurred because of a vulnerability in an on-premises Citrix product used by Comcast, said the motion. Litigation of the Comcast actions will require resolution of seven common issues: the cause, extent and scope of the data breach; defendants’ investigations into the breach; communications between Comcast and Citrix about the breach; defendants’ data security measures before the breach; actions taken to remedy the incident and the data security “deficiencies that led to it”; contractual obligations between the defendants; the adequacy of the notice of the breach; and harm stemming from it, the motion said. The motion proposed a standing order that any action subsequently filed, transferred or removed to the court that arises out of the same or similar operative facts as the consolidated action be consolidated with it for all pretrial purposes. Hasson proposes an order that plaintiffs file a single consolidated complaint no later than 45 days after an order appointing interim lead counsel is entered, it said. All parties support the request for consolidation. Hasson filed a reply in support for transfer and centralization of cases before the Panel on Multidistrict Litigation in February (see 2402050030).

Two negligence class actions involving Progress Software’s May MOVEit file transfer software data breach were transferred to In Re: MOVEit Customer Data Security Breach Litigation in conditional transfer order 35 (CTO-35), said a clerk’s order (docket 3083) Tuesday at the Judicial Panel on Multidistrict Litigation. Eric E. Eufusia v. Medical Eye Services (docket 8:24-cv-00432) was transferred from U.S. District Court for Central California and Werkmeister v. Wayne Bank (docket 3:24-cv-00254 ) was transferred from U.S. District Court for Middle Pennsylvania. The order is stayed for seven days pending any notices of opposition, the order said. Since five actions were transferred to the U.S. District Court for Massachusetts for coordinated or consolidated pretrial proceedings Oct. 4, 216 additional actions have been transferred to the court and assigned to U.S. District Judge Allison Burroughs for Massachusetts in Boston, it said.

A social media vlogger with a career-related YouTube channel is suing an individual for fraudulently creating a domain name under his name and posting intimate photos of him for public viewing, said the vlogger's complaint Friday (docket 5:24-cv-01621) in U.S. District Court for Northern California in San Jose. Plaintiff Cory Liguore, of Pleasanton, California, previously owned and used an account on the video chat and dating app, Fuzz, on which he would “only stream to public audiences or to private individuals by invitation only,” said the complaint. Liguore also owned and used an educational YouTube channel under his name, it said. Liguore alleges defendant Kendall Simmons, “primary decision-maker” for 7+6 Management,” is responsible for “the use and public dissemination of” Liguore’s name, likeness, intimate photos from Liguore’s Fuzz account, and personal information from Liguore’s LinkedIn account and YouTube channel -- without the plaintiff’s notice or consent – to create websites on which Simmons “impersonates” Liguore and posts intimate photos of him “for any person in the public to view.” The defendants are responsible for using “coryliguore.com” as the domain name on which the fraudulent activities occurred, the complaint said. Liguore was dismissed by his employer on Nov. 13 under his employer’s belief Liguore had posted intimate photos of himself, the complaint said. The day Liguore was fired was the first day he became aware of any use of his name, intimate photos, or personal information on any website created by the defendants, it said. Liguore has suffered “severe emotional and physical stress” as a result of the discovery and publication of the website, which has violated his privacy, and from the loss of his job, it said. On Nov. 18, after filing a police report, Liguore filed a request with Google to remove the domain name and website from search results relating to his name, “because it was using his name and information without his knowledge or consent"; Google complied, said the complaint. The Pleasanton Police Dept. convinced Wix.com, the domain registrar, to take the website down and cease domain services for coryliguore.com, it said. Wix.com also identified the owner and creator of coryliguore.com as Kendall Simmons from Villa Park, Illinois, it said. Liguore asserts claims of cyberpiracy protection for individuals, cyber piracy, civil harassment, disorderly conduct and cyber exploitation, intentional and negligent infliction of emotional distress, and unfair competition. He requests preliminary and permanent injunctions, a transfer of the domain to himself, an award of statutory and other monetary compensation, plus attorneys’ fees and costs.

The Arkansas Local Police and Fire Retirement System (docket LOPFI) opposes conditional transfer order 34 (CTO-34) in In Re: MOVEit Customer Data Security Breach Litigation, said its notice of opposition (docket 3083) Thursday before the Judicial Panel on Multidistrict Litigation. Arkansas Local Police and Fire Retirement System vs. Pension Benefit Information (docket 4:24-cv-00168), filed Dec. 21 in Circuit Court of Pulaski County, Arkansas, and removed Feb. 26 to the Eastern District of Arkansas, alleges PBI failed to protect and keep secure confidential information provided by LOPFI in Progress Software’s May data breach.

Christopher Barulich's lawsuit against Home Depot and Google involves “a material part” of the same subject matter as Misael Ambriz v. Google, said Google’s notice of pendency (docket 2:24-cv-01253) of other actions or proceedings Thursday in U.S. District Court for Central California in Los Angeles. Barulich's class action alleges the retailer allows Google to access, record, read and learn the contents of customers’ calls via its Cloud Contact Center (CCAI) in violation of the California Invasion of Privacy Act (CIPA) (see 2402160030). The Ambriz action is pending before U.S. District Judge Rita Lin in the Northern District of California. Google filed a motion to dismiss in Ambriz Jan. 16, and that motion is scheduled for a hearing Tuesday, said the filing. Barulich and Ambriz are both putative class actions alleging Google violated CIPA through CCAI, and in both actions, plaintiffs allege they called the customer service line of a Google customer, Home Depot and Verizon, that used CCAI. The plaintiffs allege they spoke to live customer service representatives while the Google software “provided assistance to the live agent in the background,” said the notice. Plaintiffs said Google through CCAI “eavesdropped” or “surreptitiously listened in and monitored” their conversations. Because the actions are both against Google, relate to the same technology, and involve many of the same facts and the legal issues, Google asked Barulich’s counsel for their position on consolidation with the Ambriz action, but on Tuesday, Barulich’s counsel communicated that they don’t believe consolidation with Ambriz is appropriate, the notice said.

Plaintiff Michelle Righetti moved to relate 14 class actions arising out of MGM Resorts International’s September data breach, said her motion to consolidate Wednesday (docket 2:23-cv-01719) in U.S. District Court for Nevada in Las Vegas. All the cases involve the same defendant, set forth similar or identical proposed classes, raise virtually identical legal and factual issues, and seek the same or substantially similar relief, said the motion, saying consolidation would provide “judicial efficiency and economy of resources.” Righetti sued MGM on Dec. 14, alleging claims for negligence, violations of the California’s Privacy and Customer Records acts and its Unfair Competition Law. The motion includes the 14 class actions plus any additional related cases that may be filed or transferred to the Nevada court, it said.