Walmart’s “unlawful collection,” storage and use of its employees’ biometric data “exposes them to serious and irreversible privacy risks,” alleged Joann Davis’ privacy class action Thursday (docket 1:24-cv-03373) in U.S. District Court for Northern Illinois in Chicago. If Walmart’s database containing its employees’ fingerprint scans is hacked, breached or otherwise exposed, employees “have no means by which to prevent identity theft, unauthorized tracking or other unlawful or improper use of this highly personal and private information,” said the complaint. As an employee of the Silvis, Illinois, Walmart Davis was required when clocking into and out of her daily shift, including any lunch breaks, to have her fingerprint scanned, said her complaint. Illinois enacted the Biometric Information Protection Act “to protect residents' privacy interests in their biometric data,” it said. Courts “analogize an individual's privacy interest in their unique biometric data to their interest in protecting their private domain from invasion, such as from trespass,” it said. Walmart “has collected and stored the fingerprint of each employee who was required to use the fingerprint scanning technology as part of Walmart’s timeclock procedure,” said the complaint. Each fingerprint scan the retailer extracts “is unique to a particular individual in the same way that facial geometry or voiceprint uniquely identifies a particular individual,” it said. The suit seeks a declaration that Walmart has violated the BIPA, plus statutory damages of $5,000 for those “intentional and reckless” violations.
Progress Software Corp. (PSC) requests that the U.S. Judicial Panel on Multidistrict Litigation deny Arkansas Local Police and Fire Retirement System’s (LOPFI) motion to vacate conditional transfer order 34 in In Re: MOVEit Customer Data Security Breach Litigation because Arkansas Local Police and Fire Retirement System v. Pension Benefit Information, LLC properly belongs within the MDL, said its response (docket 3083) Tuesday before the panel. The plaintiff doesn’t dispute that its action arose from the same May MOVEit file transfer software vulnerability that’s the subject of the MDL, “which covers cases that share common questions of fact about Progress’s MOVEit software,” the response said. Like other cases in the MDL, the Arkansas action alleges the compromise of plaintiff’s members’ personal information, it said. The JPML has found that for all cases involving the MOVEit data breach, “it would be 'impossible’ to 'disentangl[e] the allegations against Progress (and, in many cases, direct users of MOVEit software like PBI and IBM) from the allegations against other defendants,’” said the response. That LOPFI brings claims solely against PBI, and not PSC or other defendants, “does not bar transfer,” the response said.
The hearing on the plaintiffs’ motion for final approval of a class-action settlement in a privacy case vs. Google has been rescheduled for Aug. 7, said a signed joint stipulation and order (docket 4:20-cv-03664) by U.S. District Judge Yvonne Gonzalez Rogers for Northern California in Oakland. Google requested that the hearing take place a week later than the original July 30 date, and the plaintiffs didn't oppose, said the Tuesday order. Class-action plaintiffs Chasom Brown, William Byatt, Jeremy Davis, Christopher Castillo and Monique Trujillo alleged in their March 2 fourth amended complaint that Google engages in “surreptitious interception and collection” of personal and sensitive user data while users are in a private browsing mode, and does this without “disclosure or consent (see 2304140026).” The deadline for Google to file opposition to plaintiffs’ fee motion for an award of attorneys’ fees, costs and service awards is June 7, with plaintiffs’ reply in support of their fee motion slated for June 21, said the order.
Transfer of a negligence lawsuit brought by Arkansas Local Police and Fire Retirement System (LOPFI) v. Pension Benefit Information (PBI) to In Re: MOVEit Customer Data Security Breach Litigation is warranted because it shares common questions of fact with the cases in the MDL, and the transfer will promote judicial efficiency, said PBI's response (docket 3083) to LOPFI’s March notice of opposition (see 2403150006). PBI’s Monday response before the Judicial Panel on Multidistrict Litigation said LOPFI’s motion to vacate fails to acknowledge the prior decisions and conclusions of the JPML in creating the MDL and omits that LOPFI’s claims vs. PBI all emanate from Progress Software’s May MOVEit file transfer software data breach. LOPFI’s complaint alleges PBI failed to protect and keep its members' personally identifiable information confidential during the breach.
U.S. District Judge Nicholas Garaufis for Eastern New York in Brooklyn denied plaintiff Benjamin Kyle’s motion to remand a SIM swap case against T-Mobile to state court, his Friday memorandum and order said (docket 1:23-cv-05206). Garaufis’ order follows Magistrate Judge Robert Levy’s March 25 report and recommendation that Kyle’s motion be denied; no party objected to the R&R, said the filing. A status conference by telephone is set for Wednesday. Kyle’s July 7 lawsuit alleges T-Mobile store employees unlawfully accessed his phone’s SIM card and stole more than $30,000 in cryptocurrency. T-Mobile maintains Kyle agreed to its terms and conditions, including an agreement to arbitrate claims about T-Mobile services (see 2307070024).
Although the plaintiffs in a negligence class action vs. ESO Solutions over a September data breach timely responded to the medical software company’s motion to strike class allegations, their response to its March 28 motion to dismiss is “past due,” said U.S. District Judge Robert Pitman for Western Texas in Austin Wednesday. Pitman ordered (docket 1:23-cv-01557) the plaintiffs in In Re: ESO Solutions Inc. Breach Litigation to file a response to the motion to dismiss by Monday. Plaintiffs Steven Guiffre, Billy Love, George Simpson, Jamie Thomas, Deborah Todd and Robert Day called ESO’s March 26 motion to strike class allegations “premature and meritless” in their April 9 motion to strike allegations (see 2404100041). The Sept. 17 data breach allegedly affected about 2.7 million individuals whose personally identifiable information and personal health information was compromised when an unauthorized actor gained access to the software company's network and computer systems.
Isaac Shapiro voluntarily dismisses his Video Privacy Protection Act claims against Quimbee parent company Sellers International with prejudice, said his notice of dismissal Tuesday (docket 3:24-cv-00079) in U.S. District Court for Northern California in Oakland. Shapiro alleged that Quimbee, a website tailored to law students, violated the VPPA by knowingly disclosing his personally identifiable information and that of his class members, including a record of case brief videos they watched on the website, without their consent (see 2401110045).
Kochava’s affirmative defenses give the FTC “fair notice” of the defenses it will raise, thus satisfying the only pleading standard the 9th U.S. Circuit Court of Appeals “has ever applied to affirmative defenses” and the only standard contemplated by the Federal Rules of Civil Procedure, said the defendant’s opposition to the FTC’s motion to strike (docket 2:22-cv-00377) affirmative defenses Tuesday in U.S. District Court for Idaho in Coeur d’Alene (see 2403070026). The FTC sued Kochava in August 2022 for allegedly selling vast amounts of personal information about millions of people. The agency alleges that the data can reveal a person’s sensitive information, including religious affiliations, sexual orientation and medical conditions, and by selling that data, Kochava invades consumers’ privacy and exposes them to significant risks of secondary harms. The FTC fails to show that Kochava’s defenses could not apply under any set of circumstances, which is the standard to grant the FTC’s motion, said the opposition. The FTC’s “pejorative characterization of Kochava’s ‘laundry list’ of affirmative defenses misses the point that a defendant is required to assert every applicable defense in its responsive pleading, to avoid waiver of same,” it said, citing Morrison v. Mahoney. The court should not strike factually based defenses when Kochava hasn’t had the opportunity to conduct “meaningful discovery,” since discovery may reveal that the defenses “are in fact well-supported,” and the adequacy or inadequacy of the defenses is unclear as a matter of law, the filing said. Kochava asked the court to deny the FTC’s motion to strike in its entirety; if any part of the motion is granted, the defendant requests leave to amend. Kochava also requests a jury trial.
U.S. District Judge Gary Klausner for Central California in Los Angeles denied the motion to remand of a Jane Doe plaintiff who sued PHE, owner of adult products website Adam & Eve, for privacy violations, said his order (docket 2:24-cv-01065) Monday. Doe filed a class action complaint against PHE Jan. 3, alleging that after she used the Adam & Eve website, the company disclosed her personal sexual information and IP address to Google via Google Analytics without her consent. Doe originally filed the action against PHE in Central California district court Sept. 25. The case was dismissed and Doe then added Google to the lawsuit and filed in state court; Google removed the case to district court in February (see 2403110004). The defendants argued that Doe didn’t meet the local controversy exception's three requirements for a district court to decline federal jurisdiction under the Class Action Fairness Act (CAFA): that two-thirds of the putative class are California citizens; that the principal injuries from the alleged conduct were incurred in California; and that no similar class actions have been filed vs. the defendant in the past three years. The court disagreed with Doe’s contention that the class was comprised solely of California residents. On the injuries question, Doe failed to convince the court to depart from the “numerous California district courts which have routinely held that artificially restricting a nationwide injury to appear purely Californian in nature does not warrant remand”; therefore, the principal injuries requirement wasn't met, said the order. In a separate order, Klausner dismissed Doe’s complaint, saying she can refile within seven days of the order “with her true legal name.” In response to the court’s order to show cause for proceeding by pseudonym, Doe argued that she would otherwise be forced to publicly reveal her purchase history, which would reveal her sexual practices, preferences and orientation, which could lead to public ridicule and social stigmatization, said the order. Doe’s purchase history may subject her to “severe ridicule and stigma so as to outweigh public interest,” but that harm can be avoided “simply by obtaining a protective order and filing that information under seal,” the order said.
Verizon seeks the dismissal of plaintiff William Lawshe's AI defamation complaint against the carrier and its cloud storage vendor, Synchronoss Technologies, said its motion Friday (docket 3:24-cv-00137) in U.S. District Court for Middle Florida in Jacksonville. Lawshe, a Verizon customer, alleges that Verizon and Synchronoss used AI to monitor and screen his data and incorrectly identified a file in his possession as containing child sexual abuse material (CSAM) (see 2402070004). Lawshe’s amended complaint shows that he has “no viable claim” against Verizon, said its motion to dismiss. His claims against Verizon arise out of the fact that Verizon reported images in his Verizon account to the National Center for Missing and Exploited Children (NCMEC) based on “matched hash values” with other images previously identified as likely CSAM, it said. Even when viewing all facts in the light most favorable to Lawshe, these claims “should be dismissed for two independent reasons,” it said. First, Verizon is immune from suit “under multiple statutory provisions that bar actions against providers” based on precisely the type of reporting that Lawshe alleges, it said. Second, disclosures to NCMEC also aren’t actionable under federal law, it said. Synchronoss also filed a motion to dismiss Friday in which it contends that Lawshe is barred from proceeding with a claim for defamation against Synchronoss “because certain statutory provisions bar actions against Synchronoss for the specified conduct.”