Microsoft “expressly preserves” any and all defenses available against pro se plaintiff Michele Hondros’ allegations that Microsoft and Alphabet are conducting unlawful surveillance and eavesdropping through her computer and Android phone, said Microsoft’s notice Friday (docket 4:23-cv-00799) in U.S. District Court for Southern Texas in Houston of the complaint's removal from 11th Judicial District Court of Harris County. The Houston resident discovered a “cyber intrusion” on her PC May 29, and her phone showed it was infected with a virus about two months later, said her Nov. 15 complaint. She alleges she was sent “alarming, harassing, annoying and unwanted emails” because of the breaches to her PC and phone. The incidents put Hondros under “extreme, and undue duress,” causing her to live “in a constant state of fear,” it said. She seeks $2 million in “actual damages,” plus $500 million in punitive damages.
Meta supports Chief U.S. Magistrate Judge Joseph Spero’s referral to determine relationship of Nancy Murphy et al. v. Meta Platforms (docket 23-cv-00899) to another Meta Pixel Healthcare class action (3:22-cv-3580), said a Sunday filing in U.S. District Court for Northern California in San Francisco. Plaintiffs in Murphy allege healthcare provider Thomas Jefferson University Hospitals installed Meta’s pixel tracking tool on its online patient portal, leading Meta to receive patients’ protected healthcare information in violation of the Electronic Communications Privacy Act. The plaintiffs agree the case is related to the consolidated action. The court granted a motion to consolidate four related cases in October. Plaintiffs in the consolidated action and in Murphy bring parallel claims against Meta, seeking to represent a class of hospital website and online patient portal users who allege their data was collected through Meta’s pixel tool. Each set of plaintiffs also assert privacy-related claims against Meta.
Plaintiff Cynthia Redd seeks to hold Amazon Web Services liable under the Illinois Biometric Information Privacy Act “merely because she interacted with Wonolo, a non-party who happens to use AWS’s cloud-based services to provide its own services,” said AWS’s reply Friday (docket 1:22-cv-06779) in U.S. District Court for Northern Illinois to Redd’s opposition to AWS’s motion to dismiss her claims. Redd also seeks an order remanding her BIPA class action to Cook County Circuit Court, where it originated before AWS removed it Dec. 2 (see 2302130041). “No court has ever endorsed such a sweeping interpretation of BIPA, and it has no basis in BIPA’s text or purpose,” said the AWS reply. “Redd’s novel attempt to hold AWS liable for providing back-end cloud services to a third party suffers from three fatal legal flaws, none of which her opposition brief can explain away,” it said. AWS says Redd didn’t allege facts or cite evidence showing AWS is subject to this court’s “personal jurisdiction,” it said. She also doesn’t “adequately allege the basic elements of her claims,” it said. Even if AWS is subject to BIPA in the context of Redd’s claims -- it’s not -- AWS “fulfilled any duties it may have under the law by contractually requiring its customers, including Wonolo, to comply with BIPA’s requirements,” it said.
The battle of legal words continued Wednesday between lawyers for plaintiff Jazmine Harris and defendant PBS over the impact the Southern District of New York’s dismissal of a Video Privacy Protection Act complaint should have on PBS' motion to dismiss Harris’ VPPA claims in U.S. District Court for Northern Georgia in Atlanta. Days after PBS asked the court to “disregard” Harris’ opposition to its motion for leave to file a notice of supplemental authority documenting SDNY’s Feb. 17 dismissal in Martin v. Meredith (see 2302270048), Harris’ lawyers made a strong rebuttal (docket 1:22-cv-02456). PBS asks the court to enter an order disregarding Harris’ opposition based on Local Rule 56.1, they said. “As an initial matter, Local Rule 56.1 pertains only to motions for summary judgment, not motions to dismiss,” they said. PBS cites no authority for the proposition that the court can disregard Harris’ response “based on a purported violation of the local rule concerning summary judgment,” they said. PBS’ reliance on Local Rule 56.1 “is indicative of the greater flaw” in its arguments to convince the court to disregard Harris’ opposition and its motion to dismiss her claims altogether, they said. The court should also reject the PBS motion to disregard because Harris’ opposition “is not alleging new facts or amending its pleading,” said her lawyers. Her opposition “provided illustrations” of how PBS transmits its customers’ confidential information to Facebook “to preview the evidence supporting its well-pleaded factual allegations and to show that such allegations are neither speculative nor conclusory,” they said. The court can deny the PBS motion to dismiss without relying on her illustrations because her complaint “contains sufficient factual allegations to state a cause of action for violation of the VPPA,” they said.
GoodRx emailed customers Wednesday advising them the FTC alleged the company shared their personal identifiable information July 2017-April 2020 without their permission. Information included details about drug and health conditions customers searched for and their prescription medications. “We shared this information with third parties, including Facebook,” said the prescription discount drug firm. In some cases, GoodRx used the information to target customers with health ads, it said. “The Federal Trade Commission alleges we broke the law by sharing your health information without your permission,” it said, and to resolve the case, GoodRx agreed to an FTC order that it would tell third parties like Facebook to delete information it received from GoodRx, never share customers’ health information with third parties for advertising purposes, or without their permission, and put in place a comprehensive privacy program. The program will have “heightened procedures and controls” to protect personal and health information, and an auditor will review the program every two years for 20 years, it said. The FTC last month ordered GoodRx to pay a $1.5 million civil penalty for failing to notify consumers and others of its unauthorized disclosures of consumers’ personal health information to Facebook, Google and other companies in violation of its health breach notification rule. A class action filed last week in U.S. District Court for Northern California in San Francisco alleges GoodRx’s representations that it complies with Health Insurance Portability and Accountability Act privacy rules and follows the Digital Advertising Alliance “Sensitive Data Principle” are false (see Ref:2302220043).
Massachusetts Department of Public Health Commissioner Margaret Cooke moved to dismiss a November privacy class action complaint involving the state's COVID-19 exposure notification system, said a Monday filing (docket 3:22-cv-11936) in U.S. District Court for Massachusetts in Springfield. Plaintiffs Robert Wright and Johnny Kula alleged the Massachusetts Department of Health “secretly installed” an exposure notification settings feature on Android devices that would alert users who may have been exposed to COVID-19. Cooke said plaintiffs’ complaint and supporting materials that the system allows the department to track their locations without their consent asserts “a host of groundless claims" under federal and state law that “do not support their narrative.” The exposure notification system is "an optional, anonymous service that does not collect information," she said. Plaintiffs’ claim that installation of the feature was an “unreasonable search” isn't a plausible allegation, she said. The complaint doesn't allege facts about plaintiffs’ claimed property interest in digital storage, nor does a claim plead the necessary elements of a civil action under the Computer Fraud and Abuse Act, the motion said. Massachusetts’ 11th amendment immunity bars all of the plaintiffs’ claims against the department, the commission and claims for monetary damages, the motion said.
Sunglasses maker Blue Otter collects without consent detailed and sensitive biometric identifiers and information from customers who use its virtual try-on feature, alleged a Monday privacy class action (docket 1:23-cv-1187) in U.S. District Court for Northern Illinois in Chicago. Plaintiff Lance Webb, a Chicago resident, used Blue Otter’s virtual try-on feature three or four times in June or July on his iPhone and iPad to see how sunglasses would look on his face but didn’t buy a product, said the complaint. The Blue Otter website has links to the try-on feature on each product page. Clicking on the link automatically activates users’ webcam or device camera so their real-time image appears immediately, the complaint said. Users can navigate to a menu of sunglasses and see what each one will look like on their face, and they can take snapshots of the virtual try-ons, which they can download or share to Facebook, it said. Blue Otter doesn’t have a publicly available written policy establishing a retention schedule or guidelines for permanently destroying biometric identifiers or biometric information obtained from consumers, as required by the Illinois Biometric Information Privacy Act, alleged Webb. A consumer whose biometrics are compromised “has no recourse” and is at a heightened risk of identity theft, said the complaint. The plaintiff seeks preliminary and permanent injunctive and equitable relief on behalf of the class to prevent Blue Otter from continuing to collect users' face geometry through the virtual try-on feature without written release and to develop a written policy on retention and deletion of biometric information. The class action seeks awards of $1,000 per negligent violation, $5,000 per willful or reckless violation, or actual damages, whichever is more, plus reasonable attorneys’ fees and legal costs.
Plaintiff Jazmine Harris opposes the PBS motion for leave to file a notice of supplemental authority documenting the Southern District of New York’s dismissal Feb. 17 of a Video Privacy Protection Act complaint in Martin v. Meredith (see 2302220035), said her opposition Thursday (docket 1:22-cv-02456) in U.S. District Court for Northern Georgia in Atlanta. PBS said Martin alleged the same VPPA claim that plaintiff Harris is asserting against PBS, and the SDNY, in dismissing Martin, adopted the same arguments PBS asserted in its own dismissal motion against Harris. But Martin doesn't support dismissal under the facts alleged in Harris’ complaint, said her opposition. Martin is “inapplicable” because, unlike the complaint in that case, Harris’ complaint is supported by specific allegations that PBS disclosed to Facebook the media content the digital subscribers watched, including the video content name, its URL and, most notably, the viewers’ Facebook ID, said the opposition. The Martin plaintiff, by comparison, alleged only the defendant’s disclosure of the name of the webpage. PBS replied Friday with a rebuttal, urging the court to “disregard” Harris’ opposition to the PBS motion for leave. Harris previously had the opportunity to respond to PBS’ argument, but “nowhere” in her opposition did she contest PBS’ assertion that the screenshots in her own complaint “fail to show that any information is transmitted when a user actually clicks on a video to play the video,” said PBS. The SDNY has now agreed with PBS that sending an URL doesn’t identify a person as having requested or obtained the video on a page since the person may instead have merely reviewed an article on the page or opened the page and done nothing more, it said. Harris “improperly attempts to supplement her pleading with new allegations that information is transmitted when a user clicks certain video-related buttons on the website,” said PBS.
Plaintiff Cynthia Lepur’s opposition to Educational Credit Management Corp.’s (ECMC) motion to dismiss her privacy complaint (see 2302170027) demonstrates she and her counsel “want unlimited bites at the apple,” said ECMC’s reply Thursday (docket 3:23-cv-00014) in U.S. District Court for Southern California in San Diego. Lepur alleges ECMS, a student loan servicer, recorded its phone conversations with consumers without their consent in violation of the California Invasion of Privacy Act. ECMC since 2015 has been “continuously harassed” by five “repetitive” class actions, including Lepur’s, based on the same claim, it said. Lepur’s case was filed as “a calculated strategy” to minimize or avoid completely any actual or potential outcomes unfavorable to Lepur in two other ongoing cases, it said: “The law does not allow a dispute to be litigated piecemeal in this manner.” Lepur admits in her opposition that her case arises from the same facts as the other cases, but asks the court to stay her case and not dismiss it due to the special circumstances of her action, said ECMC. “There are no special circumstances which would warrant saving this case from dismissal,” it said. The entire purpose of the “claim-splitting doctrine” is to avoid repetitive actions, promote judicial economy and convenience, and “not re-litigate a claim in a second suit if the first fails,” it said. Yet that’s exactly what Lepur “seeks to do,” it said: “She tacitly if not expressly admits that her suit should only proceed in the event that all the earlier-filed cases fail.” ECMC is forced to defend against the same claim “in a seemingly never-ending string of duplicative class action lawsuits,” it said. “There is no equitable ground to save this case from dismissal under these circumstances.”
U.S. District Judge William Orrick for Northern California in San Francisco signed an order Wednesday (docket 3:22-cv-03580) reassigning himself another case, Smart v. Main Line Health (docket 3:23-cv-00528), and relating it to the newly consolidated healthcare class action against Meta (see 2302220038). The plaintiffs in the consolidated complaint are Facebook users who allege Meta acquires their confidential information via the Meta Pixel in violation of federal and state laws.