Art. III Standing

Ruling on a motion for class certification, Judge Edward Chen of the Northern District of California, identifies the following relevant facts: Reuters also owns an online platform called CLEAR, which provides access to public and non-public information about American consumers, including Californians. FAC ¶¶ 1–2. Reuters collects surface and deep web data, including from social media, third-party data brokers, law… Read More

In MARILYN HERNANDEZ, individually & on behalf of all others similarly situated, Plaintiff, v. NOOM, INC., Defendant., No. 1:23-CV-00641-JRR, 2023 WL 8934019, at *1–2 (D. Md. Dec. 27, 2023), Judge Rubin found no Article III standing for a wiretapping claim based on a website's capture and recording of users’ electronic interactions with the website. Plaintiff Marilyn Hernandez, individually and on… Read More

In Felicia Durgan, et al., Plaintiffs, v. U-Haul Int'l Inc., Defendant., No. CV-22-01565-PHX-MTL, 2023 WL 7114622, at *6–7 (D. Ariz. Oct. 27, 2023), the Arizona district court allowed a CCPA claim to proceed past the pleadings stage.  The Court found that the Plaintiff had properly pleaded an absence of reasonable policies and procedures under the CCPA. The CCPA provides a… Read More

In Jones v. Ford Motor Co., No. 22-35447, 2023 WL 7097365 (9th Cir. Oct. 27, 2023), the Court of Appeals for the 9th Circuit affirmed dismissal of a privacy class action due to absence of standing.  In Jones, the Owner of a vehicle equipped with “infotainment” system that automatically downloaded, copied, and indefinitely stored the call logs and text messages of… Read More

In Bohnak v. Marsh & McLennan Companies, Inc., No. 22-319, 2023 WL 5437558, at *1 (2d Cir. Aug. 24, 2023), the Court of Appeals for the Second Circuit addressed Article III standing requirements and a framework in data breach cases where an individual whose personally identifying information (“PII”) is exposed to unauthorized actors, but has not (yet) been used for… Read More

United States District Court Judge Cynthia Bashant, of the Central District of California, ruled on several privacy claims on a motion to dismiss. Addressing injury in fact: "Plaintiff alleges Defendant collected his personal information in violation of the California Constitution and various California statutes. (Am. Compl. ¶ 1.) Among the collected data are his “geolocation, ... communications related to his… Read More

A District Court in Washington dismissed Plaintiffs' claim for statutory damages because they failed to give pre-suit notice under the CCPA.  The Court dismissed the request for statutory damages without prejudice meaning Plaintiffs can give notice (despite the pending action) and then seek to amend and add back in a request for statutory damages. Plaintiffs ... insist that they seek… Read More

In Wynne v. Audi of Am., No. 21-cv-08518-DMR, 2022 U.S. Dist. LEXIS 131625, at *2-4 (N.D. Cal. July 25, 2022), Judge Ryu found that the CCPA, by itself, does not confer Article III standing under the SCOTUS' TransUnion decision.  The facts of the data breach were as follows: Wynne makes the following allegations in the amended complaint: Defendant Audi is a… Read More

In Tukin v. Halsted Financial Services, LLC, Judge Wood found no Article III standing for a Hunstein claim (of sharing a consumer's data with a vendor) where the sharing was done by way of encrypted data transfer. First, of note, Judge Wood found no "glassine window" violation for use of an "Intelligent Mail Code" on the dunning letter's envelope. Count III alleges that… Read More

In Patterson v. Med. Review Inst. of Am., LLC, No. 22-cv-00413-MMC, 2022 U.S. Dist. LEXIS 111617, at *5-8 (N.D. Cal. June 23, 2022), Judge Chesney surveyed California law on the subject and dismissed a data breach case on Art. III standing grounds. First, with respect to an increased risk of fraud and identity theft, although Patterson alleges the hackers "accessed… Read More

In In re Ge/Cbps Data Breach Litig., 2021 U.S. Dist. LEXIS 146020, at *16-18 (S.D.N.Y. Aug. 4, 2021), Judge Polk Failla found Article III standing and a negligence case arising out of a data breach.  The facts were as follows: GE contracts with Canon to process documents relating to current and former GE employees and their beneficiaries. (Compl. ¶ 41).… Read More

In McMorris v. Carlos Lopez & Assocs., LLC, No. 19-4310, 2021 U.S. App. LEXIS 12328, at *2-7 (2d Cir. Apr. 26, 2021), the Court of Appeals for the Second Circuit approved of the District Court's dismissal on Art. III grounds of an ID Theft class action that the parties had settled and were seeking court approval of.  The underlying proceedings were… Read More

In In re Brinker Data Incident Litig., No. 3:18-cv-686-TJC-MCR, 2021 U.S. Dist. LEXIS 71965, at *3-5 (M.D. Fla. Apr. 14, 2021), Judge Corrigan certified a class in a data breach class action.  The facts were as follows: The Court has detailed the facts of this case in prior orders (Docs. 65, 92, 122), but several new facts have come to… Read More

In Calhoun v. Google, LLC, Judge Koh allowed part of a claim against Google to proceed based Google Chrome's sharing of data with Google. Plaintiffs are users of Google’s Chrome browser who allege that they “chose not to ‘Sync’ their [Chrome] browsers with their Google accounts while browsing the web . . . from July 27, 2016 to the present.”… Read More

In Tsao v. Captiva MVP Rest. Partnres, Ltd. Liab. Co., No. 18-14959, 2021 U.S. App. LEXIS 3055 (11th Cir. Feb. 4, 2021), the Court of Appeals for the 11th Circuit held that a data theft victim had no Articile III standing. We begin with Tsao's theory that he has Article III standing because he faces a "substantial risk of identity… Read More

On February 2, 2021, Judge Susan Van Keulen, in the Northern District of California, denied in part and granted in part Defendant's Motion to Dismiss.  Flores-Mendez et al v. Zoosk, Inc. et al. (N.D. CA; 3:20-cv-04929-WHA). Evaluating Article III standing based on Plaintiff's consent to Defendant's online privacy policy and terms of use, the Court held that: [i]f “the contract language… Read More

On January 12, 2021, Judge David O. Carter granted Marriott’s Motion to Dismiss and dismissed the case, including Plaintiffs’ CCPA claim based on lack of standing.  Rahman v. Marriott International, Inc., et al.  (C.D. CA; 8:20-cv-00654), here, “Plaintiff alleges that class members were victims of a cybersecurity breach at Marriott when two employees of a Marriott franchise in Russia accessed… Read More

In Stasi v. Inmediata Health Grp. Corp., No. 19cv2353 JM (LL), 2020 U.S. Dist. LEXIS 217097 (S.D. Cal. Nov. 19, 2020), Judge Miller allowed a data security breach class action to proceed.  The basis of the class action was as follows: According to Plaintiffs' FAC,1 Inmediata provides billing and health record software and service solutions to healthcare providers. (FAC ¶¶… Read More

In Foster v. Health Recovery Servs., No. 2:19-CV-4453, 2020 U.S. Dist. LEXIS 186508 (S.D. Ohio Oct. 7, 2020), Judge Marbley found that at least one claim of damages for a data breach victim satisfied Art. III standing. In a recent data breach case brought pursuant to the FCRA, the [*14]  Third Circuit examined both the congressional judgment and common law factors… Read More

In Kylie S. v. Pearson Plc, No. 19 C 5936, 2020 U.S. Dist. LEXIS 133299 (N.D. Ill. July 28, 2020), Judge Lee dismissed a data breach class action for absence of Article III standing.  The facts were as follows: Sometime in late 2018, hackers penetrated AIMSweb's defenses and gained access to the data stored on the platform. Am. Compl. ¶… Read More