Newsletter RSS

Mealey's Data Privacy

  • October 13, 2025

    Judge: Individuals Who Sued Over U.S. Centralized Database May Face Retaliation

    WASHINGTON, D.C. — A federal judge in the District of Columbia on Oct. 10 granted a sealed motion to proceed under pseudonyms filed by individuals who, along with several nonprofits, sued the federal government on behalf of a putative nationwide class seeking to enjoin the use of their personal data in a centralized database of Americans’ personal data; the judge ruled that the individuals “have demonstrated specific retaliation risks that far outweigh any prejudice to Defendants.”

  • October 13, 2025

    FBI Seeks High Court Review Of Ruling In State Secrets Surveillance Dispute

    WASHINGTON, D.C. — Arguing in a petition for a writ of certiorari that the Ninth Circuit U.S. Court of Appeals “adopted improper and wholly novel procedural requirements that essentially negate the [state secrets] privilege in myriad cases,” the Federal Bureau of Investigation urged the U.S. Supreme Court to again consider a case in which it previously reversed the Ninth Circuit; the ruling established a new procedure for courts to consider information covered by the state secrets privilege rather than simply excluding all such information from a lawsuit alleging improper surveillance of Muslims.

  • October 10, 2025

    Subscriber Says High Court Review Of NBA’s Petition In VPPA Suit May Be Complicated

    WASHINGTON, D.C. — A digital subscriber to the National Basketball Association’s website, nba.com, who claims that his video-watching history was disclosed without his consent in violation of the Video Privacy Protection Act (VPPA) filed a notice of appeal to the Second Circuit U.S. Court of Appeals following a New York federal judge’s dismissal of his second amended complaint and filed a supplemental brief in the U.S. Supreme Court, notifying the high court of the case developments and urging the high court to deny review of the NBA’s petition for writ of certiorari because the competing appeals may complicate the high court’s review.

  • October 10, 2025

    Partial Dismissal Granted In Data Breach Suit Against Chicago Children’s Hospital

    CHICAGO — A federal judge in Illinois partially granted a Chicago children’s hospital’s motion to dismiss a consolidated amended class complaint filed by patients and parents after nearly 800,000 patients’ personal and medical data was accessed by cybercriminals.

  • October 10, 2025

    $2.62M Settlement Over Debt Collection Company Data Breach Gets Final OK

    PHILADELPHIA — A federal judge in Pennsylvania has granted final approval of a $2,625,000 settlement in a consolidated class action over a 2023 data breach experienced by a national debt collection and accounts receivable management company, finding it “fair, reasonable, and adequate.”

  • October 08, 2025

    Valuation, Attorney Fee Issues Lead To Preliminary Denial Of Privacy Settlement

    PHOENIX — An Arizona federal judge denied preliminary approval of a proposed class settlement to resolve claims over a mental health provider’s alleged use of Meta’s Pixel to share patient data, holding that the agreement lacked evidence to establish its overall value and contained an attorney fee structure that was disproportionate to class recovery.

  • October 08, 2025

    Federal Judge Says Law Firm, Insurer Have Settled Cyber Crime Coverage Dispute

    SEATTLE — A federal judge in Washington reported that a settlement has been reached in a law firm insured’s lawsuit seeking commercial cyber insurance coverage for a breach of the firm’s security measures, striking the June 1, 2026, trial date and ordering that dismissal and settlement papers be submitted by Dec. 5.

  • October 06, 2025

    U.S. Supreme Court Won’t Decide Conflict On FERPA Interpretations

    WASHINGTON, D.C. — A school district’s petition for a writ of certiorari that asking U.S. Supreme Court justices to clear up conflicting court interpretations regarding enforcement of the Family Education Rights and Privacy Act of 1974 (FERPA) alongside state public records acts (PRAs) was denied by the high court on Oct. 6.

  • October 06, 2025

    Covert Records State Ban Won’t Be Considered By U.S. High Court

    WASHINGTON, D.C. — A petition for a writ of certiorari filed by a pair of nonprofit media organizations that oppose an Oregon statutory ban on most covert recordings was denied Oct. 6 by the U.S. Supreme Court.

  • October 06, 2025

    U.S. High Court Denies Debt Collection Firm’s Petition On Jurisdiction

    WASHINGTON, D.C. — The U.S. Supreme Court on Oct. 6 denied a petition for a writ of certiorari filed by a debt collection firm seeking clarification on whether a single errantly sent letter is sufficiently comparable to the tort of intrusion upon seclusion to establish jurisdiction for a claim under the Fair Debt Collection Practices Act (FDCPA).

  • October 06, 2025

    Partial Dismissal Granted To LinkedIn Over Claims Of Data Gathering, Sharing

    SAN JOSE, Calif. — LinkedIn Corp. partially succeeded in its motion to dismiss claims that it used a tracking pixel to intercept and share users’ personal data with third-party advertisers, with a California federal judge disposing of one claim under the California Invasion of Privacy Act (CIPA) and dismissing one of four putative class complaints in its entirety.

  • October 03, 2025

    Some Subclasses Certified In Accellion Privacy Suit; Some Expert Opinions Struck

    SAN JOSE, Calif. — The plaintiffs in a consolidated class action over the hacking of software created by Accellion Inc. saw some of their expert’s testimony stricken for his lack of experience by a California federal judge who also partly granted the plaintiffs’ motion to certify several subclasses related to Accellion’s customers who were affected by the data breach incidents.

  • October 01, 2025

    Class Suit Accuses Federal Government Of Unlawfully Pooling Citizens’ Data

    WASHINGTON, D.C. — Federal government agencies and their heads are violating U.S. citizens’ privacy rights and opening millions to “massive cybersecurity risks” by creating centralized records systems at the U.S. Department of Homeland Security, a Sept. 30 putative class complaint filed by the League of Women Voters (LWV) and others alleges.

  • September 30, 2025

    Sendit App Maker Sued By Government For Collecting Kids’ Data, Fake Messages

    LOS ANGELES — California-based Iconic Hearts Holdings Inc. was sued by the U.S. government for violating children’s privacy and for engaging in deceptive practices related to the popular Sendit app, including gathering children’s data without parental consent, inadequate disclosure of automatic renewals for memberships and misrepresenting the identity of the senders of purported personal messages sent to app users.

  • September 30, 2025

    Privacy Suit Over Zillow’s Watched Videos Disclosure Dismissed At Parties’ Request

    SAN DIEGO — A federal judge in California dismissed without prejudice a putative privacy class action against Zillow Group Inc. for purportedly sharing the video-viewing history of users of its app and website after the plaintiffs and online real estate platform operator filed a joint motion and stipulation to dismiss.

  • September 30, 2025

    Judge Partly Dismisses Illinois Woman’s Privacy Suit Over Hospital’s Website

    ROCK ISLAND, Ill. — A putative class action over a hospital’s purported sharing of the private information of its website’s users was partially dismissed, with an Illinois federal judge disposing of breach of contract, bailment, eavesdropping and computer fraud claims, with leave to amend.

  • September 26, 2025

    DOJ Sues 6 States For Not Providing Full Voter Registration Information

    The U.S. Department of Justice (DOJ), on behalf of the United States, filed lawsuits against six states in corresponding federal district courts, seeking orders requiring each state to submit a computerized statewide voter registration list in compliance with the Help America Vote Act (HAVA) for the purpose of “safeguard[ing] American elections in compliance with Federal laws.”

  • September 25, 2025

    Florida Health System Granted Sovereign Immunity In Class Suit Over Data Sharing

    FORT MYERS, Fla. — A Florida health care provider that is a political subdivision of the state is entitled to sovereign immunity from putative class claims by a patient who alleged that patients’ privacy rights were violated when their medical information was transmitted to Facebook, a federal judge in Florida ruled Sept. 24.

  • September 24, 2025

    Claims Over Website’s Sharing ED Data With Google, Meta Lack Support, Judge Finds

    SAN FRANCISCO — Three men who claimed that an erectile dysfunction (ED) treatment website improperly shared their protected health information (PHI) with Google LLC and Meta Platforms Inc. failed to demonstrate that they did not consent to this sharing by agreeing to terms in the operative version of the website operator’s privacy policy, a California federal judge ruled Sept. 23.

  • September 23, 2025

    USDA Temporarily Restrained From Demanding SNAP Users’ Data From States

    SAN FRANCISCO — A group of states successfully stopped, at least for now, the U.S. Department of Agriculture from enforcing its demand that each state submit the personal data of its residents who receive benefits under the Supplemental Nutrition Assistance Program (SNAP), with a California federal judge issuing a temporary restraining order (TRO) and finding the states likely to succeed on their claim, under the Administrative Procedure Act (APA), that the data demand was contrary to law.

  • September 23, 2025

    Negligence, Contract Claims Over Organ Donation Firm’s Data Exposure May Proceed

    RICHMOND, Va. — An organ donor whose personally identifiable information (PII) was potentially exposed in an unencrypted state for 16 years adequately alleged negligence and breach of contract claims against the donor administration organization, a Virginia federal judge concluded, mostly denying the defendant’s motion to dismiss.

  • September 22, 2025

    Minors Sue Disney Over Data Collection On Videos For Children

    LOS ANGELES — Three minors filed a putative class action in California state court accusing two Disney companies of violating California’s unfair competition law (UCL) and other laws by failing to designate certain YouTube videos as “for kids” and collecting information about those viewers, which was also the subject of a recent $10 million settlement by Disney with the Federal Trade Commission.

  • September 19, 2025

    Final Approval Given To $20 Million Global Settlement Of Fortra Data Breach MDL

    MIAMI — Five months after a Florida federal judge preliminarily approved a $20 million global settlement of a multidistrict litigation over a 2023 data breach experienced by users of a file-transfer program, he granted final approval to the settlement, thus resolving all remaining claims against software firm Fortra LLC, its customers and their clients by class members who claim that their personally identifiable information (PII) was compromised in the cyberattack.

  • September 18, 2025

    Meta Denied Posttrial JMOL, Decertification Motions In Period App Privacy Suit

    SAN FRANCISCO — Rejecting an attempt by Meta Platforms Inc. “to overturn just about everything related to the verdict” in a trial over its purported eavesdropping and data collection from an ovulation-tracking app in violation of the California Invasion of Privacy Act (CIPA), a California federal judge denied the social media operator’s motions for judgment as a matter of law (JMOL) and to decertify the class of app users.

  • September 17, 2025

    Data Breach Suit Against Casino Mostly Survives Dismissal

    LAS VEGAS — The operator of a casino that was hit by a data breach in 2024 saw its motion to dismiss putative class privacy, negligence and unfair competition claims mostly denied by a Nevada federal judge, who found that a group of customers and former employees adequately alleged most of their claims and supported them with assertions of cognizable injuries.