Pennsylvania

Last week, the United States Court of Appeals for the Third Circuit denied rehearing en banc in a case about the application of Pennsylvania’s Wiretapping and Electronic Surveillance Control Act (“WESCA”), 18 Pa. C.S. § 5701 et seq., and issued an amended opinion to “clarify issues raised” by the defendants—an online retailer and an internet marketing company. The order leaves in place the Third Circuit’s August 2022 judgment in favor of the plaintiff consumer, which held that, dependent on further fact finding, defendants may be liable under WESCA for “intercepting” the consumer’s interactions with the retailer’s own website.
Continue Reading Third Circuit Denies Rehearing En Banc, Amends Opinion in Key Pennsylvania Wiretap Case Over Internet Third-Party Marketing

After several days of deliberating, a jury today convicted Uber Technologies Inc.’s (“Uber’s”) former chief security officer (the “Former CSO”) of criminal obstruction and concealing the theft of personal data of fifty million Uber customers and seven million Uber drivers from the Federal Trade Commission (“FTC”).

Recall that back in 2016, two hackers stole data

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

VIXIO Regulatory Intelligence Quoted CPW’s Kristin Bryan in Recent Article on FTC and CFPB Data Protection and Privacy Legislation

This week the Judicial Panel on Multidistrict Litigation (“JPML”) declined to create a multidistrict litigation (“MDL”) from competing class action lawsuits stemming from the same data incident.  Read on to learn more about this particular decision and how it relates to CPW’s prior analysis of other data incident litigation.
Continue Reading JPML Declines to Create MDL for Data Breach Cases

In a record-setting proposed settlement filed last week, T-Mobile has agreed to pay $350 million and boost its data security by $150 million over the next two years to resolve multidistrict litigation brought by T-Mobile customers whose data was allegedly exposed in a 2021 data breach.  Read on for the terms of the settlement, which may serve as a model in other high stakes data security cases going forward.

Recall that in August 2021, T-Mobile disclosed that it had been the victim of a cyberattack that resulted in the compromise of some current, former and prospective customers’ SSN, name, address, date of birth and driver’s license/ID information the “Data Event”).  By T-Mobile’s account, no “customer financial information, credit card information, debit or other payment information” was exposed in the attack.  Nevertheless, over 40 putative class action claims were filed seeking damages for the improper disclosure of Plaintiffs’ personal information.  In December 2021, the Judicial Panel on Multidistrict Litigation transferred and centralized the putative class actions into the MDL standing before the Western District of Missouri.Continue Reading T-Mobile Agrees in MDL to Record Setting $350 Million Data Breach Settlement to Resolve CCPA and Other Privacy Claims

Special thanks to our Summer Associate, Nyet Abraha, for her work on this blog.

Carnival Cruise Line, one of the largest international cruise lines, has agreed to pay $6 million to resolve claims brought by state attorneys general in response to a 2019 data breach. In March 2020, Carnival reported a data breach that compromised

In June, we discussed a putative class action filed in the Eastern District of Pennsylvania concerning a data breach involving COVID-contact tracing data.  Following the Plaintiff’s filing of an amended complaint, the remaining Defendant has now moved to dismiss on both standing and substantive grounds.  Read on below.

To recap the alleged facts underlying this

In the continuing absence of comprehensive federal law regulating data privacy and protection, the states have continued to pursue their own agenda.  Pennsylvania recently became the most recent state to throw its hat into the ring with its legislature’s introduction of HB-1126, the Consumer Data Privacy Act (“CDPA”).  If passed, the CDPA would make

CPW has been covering data breach litigations for some time (as a reminder of recent rulings of significance, check out our prior posts here and here).  This includes In Re: Wawa, Inc. Data Security Litigation and key related cases back in November and January.  On Thursday, the U.S. District Court for the Eastern