Conspiring with a private company to “hijack” residents’ smartphones by installing a contact-tracing app on their devices without the owners’ knowledge or consent isn’t a tool the Massachusetts Department of Public Health “may lawfully employ in its efforts to combat COVID-19,” alleged six Android users. The users, including Robert Wright, a senior faculty fellow at the American Institute of Economic Research, filed an amended complaint Monday against the department and Massachusetts Gov. Maura Healey (D) in U.S. District Court for Massachusetts in Springfield. The defendants’ “brazen disregard” for civil liberties violates the Constitution, “and it must stop now,” it said. A month earlier, the state moved to dismiss the original Nov. 14 lawsuit for failure to state a claim (see 2211250008). To increase the app’s adoption, the state started working with Google in June 2021 to secretly install it on more than a million Android smartphones, it said. When owners discovered and deleted the app, the state would reinstall it on their phones, it said. Even if a user doesn’t opt into the department’s COVID-19 notification system, the app “still causes the mobile device to broadcast and receive Bluetooth signals,” it said. “In sum,” the department installed “spyware” that deliberately tracks and records movement and personal contacts for more than a million smartphones “without their owners’ permission and awareness,” it said. The spyware still resides “on the overwhelming majority of the devices on which it was installed,” it said. At least two dozen other states developed COVID-19 contact-tracing apps using Google’s application programming interface, said the complaint. Most engaged in community outreach, “encouraging their residents to download the apps and voluntarily opt in for contact tracing,” it said. Massachusetts appears to be the only state to “surreptitiously embed” the app on mobile devices, it said.
Plaintiff Melanie Tado and TikTok parent ByteDance submitted a motion (1:23-cv-01430) in U.S. District Court for Northern Illinois in Chicago Monday to stay all proceedings and deadlines in their action, pending resolution of similar proceedings before the U.S. Judicial Panel on Multidistrict Litigation that could affect the venue in which their case will proceed. Cook County, Illinois, plaintiff Tado alleged in a complaint this month that TikTok violated the Federal Wire Tap Act, intercepting her communications when she used its in-app browser to communicate with third-party websites (see 2303080049) by using JavaScript code it inserted to record every mouse movement, click, keystroke, URL visited and other electronic communication. Also this month, defendants filed a notice of Tado as a potential tag-along action to an existing MDL proceeding (MDL No. 2948) in the same district, currently pending before Chief Judge Rebecca Pallmeyer. TikTok and ByteDance have similar notices in 16 related cases in U.S. courts. In addition to the pending proceedings in MDL No. 2948, a plaintiff in Recht v. TikTok (docket 2:22-cv-08613) filed a motion in December to consolidate that action and other related cases into a new MDL in the U.S. Central District of California, the motion said.
Kochava seeks an order from the U.S. District Court for Idaho in Coeur D’Alene dismissing plaintiff Cindy Murphy’s privacy claims with prejudice in their entirety, said its motion Friday (docket 2:23-cv-00058). Murphy lacks standing “to prosecute this action,” and her complaint “fails to state a claim as a matter of law,” it said. Murphy’s Feb. 1 class action alleges Kochava violates consumer protection laws by acquiring consumers' precise geolocation data and selling it in a format that allows entities to track the consumers' movements to and from “sensitive locations” (see 2302030001). Her complaint bears strong similarities to the FTC’s Aug. 29 lawsuit in which the agency seeks a permanent injunction enjoining Kochava from acquiring the data (see 2212050061). Murphy lacks Article III standing because she can’t show she suffered an injury in fact that's “fairly traceable” to Kochava’s conduct and will be “redressed” by a decision favorable to her, said Kochava’s memorandum in support of its motion.
Plaintiff William Martin is appealing to the 2nd U.S. Circuit Appeals Court the Feb. 17 opinion and order granting Dotdash Meredith’s motion to dismiss his Video Privacy Protection Act claims, said his notice Friday (docket 1:22-cv-04776). Meredith Dotdash argued successfully that Martin’s alleged injury isn’t an injury in fact because the information disclosed to Facebook via the Meta pixel tracking tool didn’t include the type of video viewing history information that’s protected by the VPPA, ruled U.S. District Judge Denise Cote for Southern New York. Her decision gained notoriety days later when PBS filed a notice of supplemental authority documenting the opinion as supporting its own motion to dismiss plaintiff Jazmine Harris’ VPPA claims on similar grounds (see 2302220035).
U.S. Magistrate Judge Virginia DeMarchi for Northern California in San Francisco signed an order Friday (docket 3:22-cv-03580) scheduling an April 6 discovery conference at 9 a.m. PDT in the consolidated privacy healthcare litigation involving Meta’s pixel tracking tool. The parties continue to have disputes in four areas of discovery, including document preservation for electronically stored information, said the order. The court prefers to hold the conference in person but is amenable to those who want to participate remotely, “given the number of counsel involved,” it said.
The 9th U.S. Circuit Court of Appeals should deny Google’s motion for limited remand to allow the district court to clarify its order of dismissal “for the simple reason that there is no fundamental dispute here,” said the plaintiff-appellants’ opposition Friday (docket 22-16993). They are six Chrome users who seek to reverse the dismissal of their claims that Google unlawfully collected their personal data despite their having declined to sync their browsers to their Google accounts. “The parties agree that the district court granted Google’s motion for summary judgment and closed the case,” said their opposition. Google’s “real objective” in seeking limited remand “is not clarification but something else,” it said. If the 9th Circuit were to grant limited remand, “Google will ask the district court to substantially alter its original opinion by appending two full pages of Google’s preferred legal analysis and discussion to its order granting summary judgment,” it said. But the district court already ruled it would deny Google’s proposed relief as improper, it said. It would therefore be “pointless” to grant the motion, it said.
Bucks County v. Meta Platforms (docket 4:23-cv-01149), one of numerous privacy suits against social media companies alleging their role in a growing mental health crisis in the U.S., was assigned to Judge Yvonne Gonzalez Rogers of U.S. District Court for Northern California in Oakland, said a Wednesday notice. Some 70 similar actions have been transferred and assigned to Gonzalez Rogers since October.
U.S. District Court Judge William Orrick for Northern California advised Tuesday that Magistrate Judge Virginia DeMarchi in San Jose will address discovery issues raised in the case management statement for three Meta Pixel-related privacy cases. DeMarchi will address ESI protocol, protective order, clawback order and document preservation issues, said the minutes from a Tuesday videoconference. It is anticipated DeMarchi will manage discovery in all the Meta Pixel-related matters in the district, said Orrick, pegging fall 2025 as a “reasonable time for trial."
The functionality behind the “virtual try-on” feature at the website of cosmetics merchant Makeup by Mario (MBM) violates the Illinois Biometric Information Privacy Act, alleged Rockford, Illinois, consumer Nikita Hackler in a class action Tuesday (docket 1:23-cv-01586) in U.S. District Court for Northern Illinois in Chicago. Visitors to MBM’s website who use the virtual try-on feature “can see what they would look like” wearing different MBM products, it said. “All a user must do is enable his or her computer or smartphone camera to take a photo to be used by the website or upload a photo to the website,” it said. But unknown to the user, MBM’s virtual try-on feature “collects detailed and sensitive biometric identifiers and information, including complete face geometry scans,” it said. It does so without first obtaining users’ consent, “or informing them that this data is being collected,” it said. MBM also doesn’t give users a schedule “setting out the length of time during which their biometric information or biometric identifiers will be collected, stored, used, or will be destroyed,” it said. Hackler used the virtual try-on feature two or three times on her iPhone 13 Pro via the Safari browser “to see how various lipstick and eyeliner products would look applied to her face,” it said. “She never bought a product from MBM.” Hackler alleges MBM “lacks a publicly available written policy establishing a retention schedule and guidelines for permanently destroying biometric identifiers or biometric information obtained from consumers, as required by BIPA.” MBM didn’t comment Wednesday.
Plaintiff Jazmine Harris and defendant PBS continue trading notices of supplemental authority back and forth to bolster their positions in Harris’ class action accusing the network of Video Privacy Protection Act wrongdoing and PBS’ motion to dismiss her claims. In his March 7 opinion in Goldstein v. Fandango Media (docket 9:21-cv-80466), U.S. District Judge Kenneth Mara for Southern Florida denied the defendant’s motion to dismiss “in a case with similar claims and factual allegations” to those asserted by Harris, said the plaintiff's notice Monday (docket 1:22-cv-02456) in U.S. District Court for Northern Georgia in Atlanta. Mara said the plaintiffs “plausibly allege” VPPA violations resulting from defendant’s practice of disclosing its users’ personally identifiable information (PII) via the Facebook tracking pixel tool that’s installed on its website, said the notice. Mara’s opinion is relevant to Harris’ argument that, based on the facts alleged in the complaint, she “sufficiently alleged a violation of the VPPA, particularly at the motion to dismiss stage,” it said. PBS filed its own notice of supplemental authority last month documenting the Southern District of New York’s dismissal Feb. 17 of a VPPA complaint in Martin v. Meredith (docket 1:22-cv-04776), alleging the same VPPA claim plaintiff Harris is asserting against PBS (see 2302220035). The SDNY based its dismissal on its finding that the alleged transmissions of data didn’t qualify as PII under the VPPA, just as PBS is asserting against Harris.