Recent court rulings in California Invasion of Privacy Act (CIPA) cases may signal that judges are more skeptical about what counts as an actual injury under violations of the statute, said privacy lawyers: That could lead to more decisions in favor of businesses over plaintiffs. However, the lawyers said there's a long way to go before a definitive ruling is made.
Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching on the title or by clicking on the hyperlinked reference number.
The U.S. District Court for Western Washington partially dismissed a class-action complaint Tuesday claiming that a hospital violated the Health Insurance Portability and Accountability Act (HIPAA) and other laws. Plaintiffs alleged that Overlake Hospital Medical Center implemented the Facebook Tracking Pixel and other browser plugins on its website, then disclosed website users' information to third parties, including Facebook and Google, without consent, in violation of HIPAA and the center's privacy policies.
Websites with cookie banners allowing a visitor to opt out may still store cookies or scripts, raising compliance risks, said privacy experts on a Privado panel Thursday.
Gambling platform DraftKings asked the U.S. District Court for Southern New York to dismiss a case against it Friday, arguing the complaint in case 24-05997 oversteps the Video Privacy Protection Act (VPPA).
A federal judge for the U.S. District Court for Northern Georgia on Thursday granted class-action status to a plaintiff who alleged that health and medical corporation WebMD violated the Video Privacy Protection Act (VPPA) by disclosing video-viewing information to Meta Platforms. WebMD had argued that class certification should not be granted because the proposed class is not adequately defined or ascertainable and that individual privacy settings impede the commonality requirement.
On Tuesday, monetization platform Patreon asked the U.S. District Court for Northern California to reject more than 900 opt-outs in a settlement about privacy violations. Patreon argued the opt-outs, submitted by the law firm Lexclaim, the contingent objector in the case, violate the settlement agreement’s ban on group opt-outs and did not comply with the court-approved class notice.
The first class-action complaint under Washington’s 2024 My Health My Data Act was filed Monday against Amazon for allegedly harvesting the location data of users without their consent.
LinkedIn was hit with a class-action lawsuit Monday in the U.S. District Court for Northern California for allegedly disclosing personally identifiable information (PII) and video viewing activity to Facebook without users’ consent, in violation of the Video Privacy Protection Act (VPPA).
The U.S. District Court for Massachusetts ruled Friday that it will dismiss a class-action lawsuit against TJX Companies, parent of retailer Marshalls, for lack of jurisdiction and since the plaintiff failed to allege a concrete harm. The plaintiff alleged that a “spy pixel” was embedded in TJX's promotional emails, which collected information from the receivers without their consent, violating the Arizona Telephone, Utility and Communication Service Records Act.