On June 25, 2021, the U.S. Supreme Court in TransUnion LLC v. Ramirez held in a 5-4 decision that certain members of a class action lawsuit, whose inaccurate credit reports were not provided to third parties, did not suffer a “concrete” injury sufficient to confer Article III standing.
Continue Reading Spokeo 2.0 – The Supreme Court Provides Clarity on the “Injury” Necessary to Bring Suit

As reported on the Hunton Retail Law Blog, the U.S. Court of Appeals for the Second Circuit has affirmed the dismissal on Article III standing grounds of a data breach class action predicated on an alleged increased risk of identity theft. Notably, the district court that dismissed the action raised the issue of standing sua sponte in advance of a scheduled class settlement fairness hearing.
Continue Reading Second Circuit Affirms Dismissal of Data Breach Class Action on Article III Standing Grounds

On April 9, 2021, the First-Tier Tribunal of the General Regulatory Chamber stayed proceedings in Ticketmaster UK Limited’s (“Ticketmaster’s”) appeal against a fine issued by the UK Information Commissioner’s Office (“ICO”) until 28 days after a judgment in civil litigation brought by 795 customers against Ticketmaster. The group action, which relates to the breach for which Ticketmaster was fined by the ICO, is currently before the High Court in England. As a result of the stay in proceedings, the appeal likely will not be heard before the Tribunal until mid to late 2023.

Continue Reading Ticketmaster Appeal of ICO Fine Stayed by UK Tribunal Until 2023

On November 24, 2020, a multistate coalition of Attorneys General announced that The Home Depot, Inc. agreed to pay $17.5 million and implement a series of data security practices in response to a data breach the company experienced in 2014.
Continue Reading Home Depot Agrees to Pay $17.5 Million in Multistate Settlement Following 2014 Data Breach

On November 12, 2020, Chief Judge Nancy J. Rosenstengel of the U.S. District Court for the Southern District of Illinois rejected Apple Inc.’s (“Apple’s”) motion to dismiss a class action alleging its facial recognition software violates Illinois’ Biometric Information Privacy Act (“BIPA”). Judge Rosenstengel agreed with Apple, however, that the federal court lacks subject matter jurisdiction over portions of the complaint.

Continue Reading BIPA Lawsuit Proceeds Against Apple in Federal Court

Earlier this year, The Retail Equation and Sephora were hit with a class action lawsuit in which the plaintiff claimed Sephora improperly shared consumer data with The Retail Equation without consumers’ knowledge or consent. On August 3, 2020, the plaintiff, now joined by others, amended her complaint to cast an even wider net.
Continue Reading Multiple Retailers Sued Under CCPA for Sharing Data Used to Identify Fraudulent Returns

On October 2, 2019, the UK Court of Appeal handed down its judgment on the appeal in Richard Lloyd v. Google LLC, in which Richard Lloyd, a consumer protection advocate, seeks to bring a representative action on behalf of four million Apple iPhone users against Google LLC in the United States. Previously, the High Court had refused to grant permission for the proceedings to be served outside the UK. The Court of Appeal reversed the High Court’s judgment, granting permission for service outside the UK and allowing the representative action to proceed. The judgment is significant as it paves the way for representative actions (equivalent to class actions) for data protection infringements in the UK.

Continue Reading UK Court of Appeal Permits Activist to Proceed with Claim for Damages Against Google

On August 8, 2019, the United States Court of Appeals for the Ninth Circuit allowed a class action brought by Illinois residents to proceed against Facebook under the Illinois Biometric Information Privacy Act. This blog entry provides details on the case.
Continue Reading Ninth Circuit Allows Class Action Challenging Facebook’s Facial Recognition Technology Under Illinois BIPA