On November 12, 2020, Chief Judge Nancy J. Rosenstengel of the U.S. District Court for the Southern District of Illinois rejected Apple Inc.’s (“Apple’s”) motion to dismiss a class action alleging its facial recognition software violates Illinois’ Biometric Information Privacy Act (“BIPA”). Judge Rosenstengel agreed with Apple, however, that the federal court lacks subject matter jurisdiction over portions of the complaint.

Continue Reading BIPA Lawsuit Proceeds Against Apple in Federal Court

Earlier this year, The Retail Equation and Sephora were hit with a class action lawsuit in which the plaintiff claimed Sephora improperly shared consumer data with The Retail Equation without consumers’ knowledge or consent. On August 3, 2020, the plaintiff, now joined by others, amended her complaint to cast an even wider net.
Continue Reading Multiple Retailers Sued Under CCPA for Sharing Data Used to Identify Fraudulent Returns

On June 16, 2020, the Litigation Chamber of the Belgian Data Protection Authority imposed a fine on a company for unlawful and incorrect processing of personal data and non-compliance with the EU General Data Protection Regulation’s data subject rights provisions.
Continue Reading Belgian DPA Fines Company for Unlawful Processing and Non-Compliance with Data Subject Rights

Last month, in In re: Capital One Customer Data Security Breach Litigation, E.D. Va., No. 1:19-md-02915, U.S. Magistrate Judge John Anderson (the “Judge”) ordered Capital One Financial Corp. (“Capital One”) to disclose a forensic report to the plaintiffs in a lawsuit stemming from Capital One’s 2019 data breach. In doing so, the Judge rejected Capital One’s argument that the report is protected from disclosure to the plaintiffs by the work product doctrine.

Continue Reading Forensic Report Deemed Not Privileged: Capital One Ordered to Release Report

On April 2, 2020, Hunton Andrews Kurth LLP will host a webinar on the California Consumer Privacy Act (“CCPA”): The CCPA Is Here—Are You Litigation-Ready? Most companies have now developed a framework for compliance with the CCPA. Having a compliance program in place is critical, and that includes preparing for the inevitable onslaught of class action litigation that is coming.
Continue Reading Hunton Webinar on the California Consumer Privacy Act: Preparation for Class Action Litigation

The meaning of an “automatic telephone dialing system” (“ATDS”) as defined by the Telephone Consumer Protection Act (“TCPA”) has been hotly contested since the D.C. Circuit invalidated the prior Federal Communications Commission (“FCC”) rulings interpreting the TCPA in 2018. The Ninth Circuit has held that merely calling numbers from a stored list is sufficient to meet the definition of an ATDS, while the Third Circuit has at least indicated that the ability to generate numbers randomly or sequentially is the defining characteristic.
Continue Reading Good News for TCPA Defendants

As previously posted on our Hunton Insurance Recovery blog, a Maryland federal court awarded summary judgment to policyholder National Ink in National Ink and Stitch, LLC v. State Auto Property and Casualty Insurance Company, finding coverage for a cyber attack under a non-cyber insurance policy after the insured’s server and networked computer system were damaged as a result of a ransomware attack.
Continue Reading Maryland Court Finds Coverage for Lost Data and Slow Computers After Ransomware Attack

On October 2, 2019, the UK Court of Appeal handed down its judgment on the appeal in Richard Lloyd v. Google LLC, in which Richard Lloyd, a consumer protection advocate, seeks to bring a representative action on behalf of four million Apple iPhone users against Google LLC in the United States. Previously, the High Court had refused to grant permission for the proceedings to be served outside the UK. The Court of Appeal reversed the High Court’s judgment, granting permission for service outside the UK and allowing the representative action to proceed. The judgment is significant as it paves the way for representative actions (equivalent to class actions) for data protection infringements in the UK.

Continue Reading UK Court of Appeal Permits Activist to Proceed with Claim for Damages Against Google