Bitcoin Depot failed to adequately protect the personally identifiable information (PII) of more than 26,000 individuals, which was then exposed in a data breach, a class-action complaint alleged Friday in the U.S. District Court for Northern Georgia. Lead plaintiff Quincey Hall's lawsuit alleges negligence, invasion of privacy, breach of implied contract and violations of the Georgia Uniform Deceptive Trade Practices Act, among other claims.

The U.S. Supreme Court's June decision that upheld a Texas law requiring age verification for access to porn sites (see 2506270041) could have wide implications for future legislation at the federal and state levels, said privacy lawyers.

Several court decisions in California have benefited the plaintiffs as they pursue website tracker litigation, according to two recent attorney blogs.

Illinois renewed its request for a federal court to dismiss a DOJ workplace privacy suit Monday. The state argued that DOJ didn't prove how federal law preempts elements of the state's Right to Privacy in the Workplace Act (Privacy Act).

Home Depot's AI-powered system that manages inventory and mitigates theft at self-checkout stations violates the Illinois Biometric Information Privacy Act (BIPA), said a class-action lawsuit filed Friday. Called Computer Vision, the system uses cameras and machine learning to perform facial recognition and collect customer facial geometry, lead plaintiff Benjamin Jankowski alleged in case 25-09144.

A federal court sided with education technology platform Instructure and ruled that a case against it failed to plausibly allege specific facts about the taking or use of data. The U.S. District Court for Central California dismissed case 25-02711.

Satirical news site The Onion asked a federal court Friday to drop a case against it alleging violations of the Video Privacy Protection Act (VPPA), on the grounds that the plaintiff lacks standing and because "courts are beginning to 'shut the door for Pixel-based VPPA claims.'” Case 25-05471 alleges the news site deployed a tracking pixel on its site that transmitted a subscriber's personally identifiable information (PII) to third parties without his prior knowledge or consent (see 2505200012).

A recently dismissed case involving the California Invasion of Privacy Act (CIPA) and email tracking shows courts are increasingly questioning whether the old statute applies to internet communications, said privacy lawyer David Klein in a blog post Friday. However, CIPA lawsuits will likely continue despite this growing trend, the Klein Moynihan attorney said.

Tesla was hit with a class-action suit Thursday alleging California Invasion of Privacy Act (CIPA) violations through the car company's use of tracking pixels on its website without the knowledge or consent of visitors. Plaintiff Peter Dawidzik alleged that the company uses the trackers to collect detailed user information like IP addresses, pages visited, mouse movements and even geolocation based on IP, and then shares the data with third parties such as Twitter and Google.

Health app Flo Health reached a settlement Thursday in a case involving allegations that sensitive health information was shared with third parties without user consent. Earlier in July, Google, also a defendant in case 21-00757, said it reached a settlement with the plaintiffs (see 2507090063). No details were released in either settlement.