Newsletter RSS

Mealey's Data Privacy

  • February 25, 2026

    Image Hosting Service: No Photos Shared For AI, No Injury For Proposed Class

    DENVER — An online image hosting site pushed back on claims that it intended to license users’ photographs for use in training artificial intelligence, saying negotiations with unnamed third parties and speculative future conduct cannot form the basis of a class action.

  • February 24, 2026

    Opening Merits Brief Is Filed In High Court’s Geofence Warrant Case

    WASHINGTON, D.C. — In a Feb. 23 merits brief arguing in part that accessing location information culled from user’s mobile devices via a geofence warrant constitutes a search, a man who was convicted of armed robbery through evidence obtained via such a warrant urged the U.S. Supreme Court to rule that the warrants violate the Fourth Amendment to the U.S. Constitution.

  • February 24, 2026

    Employers To Pay $1.7M In Attorney Fees Over Invasive Application Questions

    SAN DIEGO — A California federal judge granted final approval to a settlement of $1 per class member, amounting to approximately $172,000, and granted a motion for attorney fees of $1,775,000 to the plaintiffs’ attorneys to resolve class action claims against multiple employers for requiring job applicants to answer invasive medical inquiries, including when one plaintiff’s last menstrual period was, in violation of the California Fair Employment and Housing Act (FEHA) and California’s unfair competition law (UCL).

  • February 23, 2026

    City Waives Response To Officers’ Petition For Review Of COVID Shot Data Suit Toss

    WASHINGTON, D.C. — The city of Chicago waived its right to respond to a petition for writ of certiorari filed by current and former police officers asking the U.S. Supreme Court to address a circuit split regarding discovery and determine if a decision in an early 20th century smallpox case “should be limited or overturned in favor of a tiers-of-scrutiny approach in assessing First Amendment religious discrimination claims” in challenging the dismissal of claims that collection of their COVID-19 testing results and vaccination statuses violated federal and state law.

  • February 23, 2026

    $3.25M Data Breach Class Settlement Receives Final Approval; Judgment Entered

    SALT LAKE CITY — A Utah federal judge granted final approval of a $3.25 million class action settlement resolving nationwide negligence and California Consumer Privacy Act claims stemming from a September 2023 data breach, with final judgment entered three days later, closing the case.

  • February 23, 2026

    Notice Of Settlement Filed In Data Breach Class Case Against Medical Device Maker

    BOSTON — A medical device manufacturer and the patients who have accused the company of failing to protect their personal data from being stolen in two different breach incidents and made publicly available have until April 10 to file a motion for preliminary settlement approval, according to an electronic order filed by a federal judge in Massachusetts one day after the parties filed a joint notice of class settlement.

  • February 23, 2026

    $6 Million Settlement Approved In YouTube Biometric Privacy Class Action

    SAN FRANCISCO — A California federal judge granted final approval to a $6,022,500 nonreversionary class action settlement resolving claims that YouTube and Google violated the Illinois Biometric Information Privacy Act (BIPA) by collecting and storing scans of users’ facial geometry through a pair of video editing features without providing written notice, obtaining consent or maintaining a retention policy.

  • February 20, 2026

    Verizon, AT&T Tell High Court That FCC Forfeiture ‘Scheme’ Violates 7th Amendment

    WASHINGTON, D.C. — In consolidated cases before the U.S. Supreme Court asserting constitutional challenges to the Federal Communications Commission’s enforcement of  monetary forfeitures under the Communications Act, Verizon Communications Inc. and AT&T Inc. argue that “[t]he FCC’s in-house forfeiture scheme violates the Seventh Amendment and Article III” of the U.S. Constitution when “used to adjudicate legal disputes.”

  • February 20, 2026

    23andMe Data Breach MDL Dismissed After Settlements Approved In Bankruptcy Court

    The California federal judge overseeing multidistrict litigation against 23andMe Inc. and affiliates for a data breach in which millions of customers’ genetic data and personally identifiable information (PII) was hacked entered an order dismissing the MDL, following the final approval in Missouri federal bankruptcy court of a settlement worth up to $50 million to resolve U.S. customers’ claims against 23andMe and the final approval of a  $3.25 million settlement for Canadian class members.

  • February 20, 2026

    ECPA Suit Against Health Care Provider Dismissed Upon Joint Stipulation

    RIVERSIDE, Calif. — A federal judge in California dismissed a putative class action complaint alleging that a health care provider violated the Electronic Communications Privacy Act (ECPA) by using Facebook pixels to purportedly gather and share patients’ protected health information (PHI) with third parties in violation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) the day after the parties filed a joint stipulation of dismissal.

  • February 19, 2026

    Former NPR Host Accuses Google Of Stealing His Voice For Use In AI

    SAN JOSE, Calif. — Google LLC and Alphabet Inc. stole National Public Radio host David Greene’s voice without authorization and used it as the default voice in NotebookLM, its artificial intelligence broadcasting product, the award-winning journalist claims in a California state court lawsuit alleging violation of the California unfair competition law, a pair of privacy laws and unjust enrichment.

  • February 18, 2026

    9th Circuit Affirms $115M Oracle Data Collection Settlement Over Objections

    SAN FRANCISCO — A Ninth Circuit U.S. Court of Appeals affirmed the $115 million settlement of a privacy and wiretap class action against Oracle America Inc., rebuffing an objecting class member’s arguments that the class claims could have been worth $100 billion and should have been allocated based on which state’s members allegedly had more valuable claims.

  • February 18, 2026

    8th Circuit Affirms Ruling Denying Substitution In Health Center Data Breach Suit

    ST. LOUIS — The Eighth Circuit U.S. Court of Appeals affirmed a lower court ruling denying a motion to substitute as a defendant the United States in a consolidated putative class action over an unauthorized third party gaining access to confidential information in a nonprofit health center’s data breach, finding that immunity under federal law related to medical treatment does not provide immunity in claims related to data security.

  • February 17, 2026

    Delaware High Court: Insurers Properly Pleaded Claim In Suit Over Ransomware Attack

    DOVER, Del. — The Delaware Supreme Court held Feb. 13 that insurers have adequately pleaded a breach of contract claim in their subrogation lawsuit seeking recovery from an application service provider for the amount they paid to nonprofit insureds for investigative and remediation steps arising from a ransomware attack, reversing a lower court’s grant of the provider’s motion to dismiss the insurers’ amended complaint and remanding.

  • February 12, 2026

    Judge Grants Partial Dismissal In Website Data Tracking Class Suit Against Cigna

    PHILADELPHIA — A Pennsylvania federal judge granted in part dismissal to Cigna in a putative class action suit against the insurer alleging violations of federal and state privacy laws and common-law invasion of privacy for its purported use of third-party tracking technology on its webpages, finding that the privacy claims failed because the plaintiffs consented to the data collection practices when agreeing to the website’s terms of use.

  • February 11, 2026

    Panera Bread Settles Over Data Breach As More Class Complaints Mount

    ST. LOUIS — A Missouri federal judge on Feb. 10 granted final approval to a $2.5 million nonreversionary class settlement resolving data privacy claims arising from Panera LLC’s 2024 data security breach involving unauthorized access to the names and Social Security numbers of the company’s employees, authorizing reimbursements of up to $500 in ordinary losses and up to $6,500 in extraordinary losses; following a separate data breach in January, Panera has been named as the defendant in a series of class complaints in the same court.

  • February 11, 2026

    5th Circuit Affirms Remand Of Data Breach Suit Against Health Care Provider

    NEW ORLEANS — The Fifth Circuit U.S. Court of Appeals affirmed the remand of a putative class action against a Texas health care provider for allegedly failing to protect patient data from a cyberattack, writing that a federal statute allowing removal and substitution of the United States as defendant for private health centers receiving federal funds did not apply to this case in which the center was facing claims for a “criminal data breach.”

  • February 06, 2026

    9th Circuit VPPA Appeal Vacated, Held In Abeyance Pending Supreme Court Ruling

    SAN FRANCISCO — The Ninth Circuit U.S. Court of Appeals vacated submission and held in abeyance an appeal of the dismissal of a Video Privacy Protection Act (VPPA) class action that alleged that a health website operator unlawfully disclosed personal information to Meta Inc., pending resolution of a U.S. Supreme Court case addressing a circuit split over several VPPA definitions.

  • February 05, 2026

    Dismissal Denied In Privacy Suit Over Information Allegedly Shared To Facebook

    CHICAGO — An Illinois federal judge denied dismissal to a video website retailer in a putative class action alleging that the company disclosed individuals’ private information regarding the purchase of movies and television shows to Facebook in violation of the Video Privacy Protection Act (VPPA), finding that the plaintiffs have sufficiently alleged an injury and that there is “little doubt that the VPPA addresses a significant privacy interest in an appropriately tailored fashion.”

  • February 04, 2026

    Judge Seeks More Settlement Details In Class Suit Over Tire Company Data Theft

    MADISON, Wis. — A federal judge in Wisconsin denied preliminary approval of a tire company’s cyberattack class settlement that would provide the class of customers and employees with credit monitoring, losses of up to $5,000 per person or an alternative cash payment of $45, compensation for lost time and business changes and directed the lead plaintiff, a former employee of the defendant, to provide more information about the amount in controversy, the settlement class, the proposed payments to class members and the proposed attorney fees.

  • February 04, 2026

    Judge Finds Unconstitutional Provisions Of Trump Federal Election Executive Order

    WASHINGTON, D.C. — A District of Columbia federal judge granted in part and denied in part cross-motions for summary judgment in consolidated cases challenging President Donald J. Trump’s executive order (EO) in which he purported to make changes to federal election procedures, declaring provisions of the EO related to verifying the U.S. citizenship of persons registering to vote or applying for absentee ballots “inconsistent with the constitutional separation of powers.”

  • February 04, 2026

    Judge Denies Google Users’ Bid For $2.36B, Won’t Decertify Data-Gathering Classes

    SAN FRANCISCO — Following a California federal jury’s award of $425 million to two classes of mobile device users against Google LLC for tracking their online activity after telling them that it would not, a judge denied a posttrial motion by the plaintiffs for a permanent injunction and disgorgement of $2.36 billion of Google’s profits allegedly from “misconduct” and denied a motion by Google to decertify the plaintiffs’ classes.

  • February 03, 2026

    Illinois Graduate Class Certified In BIPA Case Against Ceremony Photographer

    EAST ST. LOUIS, Ill. — Illinois graduates suing the company that captured photos of their ceremonies for allegedly violating the Illinois Biometric Information Privacy Act (BIPA) by collecting their biometric identifiers to use facial recognition to identify all photos in which each graduate appears and offer them for sale may proceed as a class, a federal judge in Illinois ruled, granting a motion for class certification.

  • February 03, 2026

    Judge Approves $3M Settlement Of Consumers’, Employees’ Data Breach Claims

    SEATTLE — A federal judge in Washington granted final approval to a settlement worth $3 million, including $1 million in attorney fees, in favor of a class of more than 34,000 individuals who alleged that their sensitive data was breached during a hack of a workflow solutions company and its subsidiaries in violation of California’s unfair competition law (UCL) and other laws.

  • February 03, 2026

    23andMe Bankruptcy Judge Approves $50M Settlement; Data Breach MDL To Be Dismissed

    The parties to multidistrict litigation in California federal court against 23andMe Inc. and affiliates for a data breach in which millions of customers’ genetic data and personally identifiable information (PII) was hacked filed a joint status report on Feb. 2 stating the plaintiffs will move to dismiss the MDL following the final approval in Missouri federal bankruptcy court of a settlement worth up to $50 million to resolve U.S. customers’ claims against 23andMe, with 25% allocated for attorney fees.

Can't find the article you're looking for? Click here to search the Mealey's Data Privacy archive.