Effective Tuesday, an amendment to the Colorado Privacy Act (CPA) that enhances protections for biometric identifiers widens the scope of whom the privacy law applies to and forces companies to review their policies, said privacy lawyers. Enacted as HB-1130 in June 2024, the measure compels entities that collect biometric data to meet stringent notice and consent requirements if they use or intend to use it for unique identification (see 2406030010).
Education technology vendor Instructure renewed its request that a district court dismiss a privacy suit against it, arguing that the plaintiffs failed to allege constitutional violations or invasion of privacy, and didn't prove violations of California law.
Affirming a circuit court's earlier ruling, an Illinois appellate court Tuesday certified class for railway workers who want to file a class-action suit claiming violations of the state's Biometric Information Privacy Act (BIPA). Plaintiffs in case 1-24-1961 allege that railway industry service provider ITS Technologies' use of employee biometric information for time clocks violates the state statute.
Microsoft sought dismissal of a lawsuit alleging it improperly collects ad data in a way that mimics surveillance and can identify individual users. It argued Monday that plaintiffs in case 25-00570 -- individuals who used Microsoft to access various websites -- were attempting to "stretch common-law privacy and wiretap laws beyond their intended scope.”
A court dismissed a class action lawsuit against the NFL that alleged the league violated the Video Privacy Protection Act (VPPA) by employing the Meta-tracking pixel without user notice and consent. Issued Friday, the summary order ruled that an "ordinary person" could not determine a user's Facebook ID through the pixel's transmission.
In a decision with nationwide implications, the U.S. District Court for Northern Texas on Wednesday vacated a majority of the Health Insurance Portability and Accountability Act's (HIPAA) Privacy Rule to Support Reproductive Health Care Privacy. A U.S. Department of Health and Human Services motion to dismiss the suit, case 24-00228, was also denied.
Cookies and other tracking technologies were considered simple tools to enhance website users' experience but have become "ground zero" in the data-protection consent space, privacy and cybersecurity attorney Scott Loughlin said at a June 12 Hogan Lovells webinar.
The reasoning behind court decisions to grant or deny class certification in recent privacy cases serves to show what parts of a website are most open to lawsuits and warn businesses to ensure their privacy policies and practices are up to par, according to two Fisher Phillips blogs.
Parents pushed back against an EdTech company's assertion Friday that it can collect student data without parental consent, calling it “hostile to children’s rights.”
Plaintiffs in 13 class-action lawsuits against New York University proposed on Monday to consolidate their claims into a single complaint that the university violated their privacy rights. NYU is accused of exposing personally identifiable information (PII) during a cybersecurity incident as a result of its inadequate protective measures.