Justia Class Action Opinion Summaries
Articles Posted in Internet Law
Griggs v. NHS Management, LLC
Shymikka Griggs filed a data-breach action against NHS Management, LLC, a consulting firm providing management services for nursing homes and physical-rehabilitation facilities. NHS collects sensitive personal and health information from employees, patients, and vendors. In May 2021, NHS discovered a cyberattack on its network, which lasted 80 days. NHS notified affected individuals, including Griggs, in March 2022. Griggs, a former NHS employee, claimed her personal information was found on the dark web, leading to credit issues, spam communications, and fraudulent activities.Griggs initially filed a class-action complaint in the United States District Court for the Northern District of Alabama but later dismissed it. She then filed a class-action complaint in the Jefferson Circuit Court in June 2023, alleging negligence, negligence per se, breach of contract, invasion of privacy, unjust enrichment, breach of confidence, breach of fiduciary duty, and violation of the Alabama Deceptive Trade Practices Act. NHS moved to dismiss the complaint, arguing lack of standing and failure to state a claim. The Jefferson Circuit Court dismissed Griggs's complaint with prejudice.The Supreme Court of Alabama reviewed the case and affirmed the circuit court's judgment. The court held that Griggs failed to sufficiently plead her claims. Specifically, she did not demonstrate that NHS owed her a duty under Alabama law, failed to establish proximate cause for her negligence per se claim, did not allege intentional conduct for her invasion-of-privacy claim, and did not show that she conferred a benefit on NHS for her unjust-enrichment claim. Additionally, the court found that breach of confidence is not a recognized cause of action in Alabama and that Griggs did not establish a fiduciary relationship between her and NHS. View "Griggs v. NHS Management, LLC" on Justia Law
DOE V. WEBGROUP CZECH REPUBLIC, A.S.
The plaintiff, a survivor of childhood sex trafficking, filed a class action suit against a group of foreign and domestic corporations, alleging that they violated federal and California laws by distributing videos of her sexual abuse on the internet. The defendants included the owners and operators of two pornography websites based in the Czech Republic. The plaintiff argued that the court had personal jurisdiction over the foreign defendants under Federal Rule of Civil Procedure 4(k)(2), which allows for jurisdiction over a foreign defendant if the claim arises under federal law, the defendant is not subject to jurisdiction in any state's courts, and exercising jurisdiction is consistent with the U.S. Constitution and laws. The district court dismissed the case, ruling that it lacked personal jurisdiction over the foreign defendants.The U.S. Court of Appeals for the Ninth Circuit reversed in part and vacated in part the district court's dismissal. The court found that the plaintiff had established a prima facie case that the Czech website operators had purposefully directed their websites at the United States. The court also held that the plaintiff's claims arose from the defendants' forum-related activities, and that the defendants failed to show that the exercise of personal jurisdiction would be unreasonable. Therefore, the court reversed the district court's dismissal of the action against the Czech defendants for lack of personal jurisdiction.The court also vacated the district court's dismissal of nine additional foreign defendants. The district court had dismissed these defendants solely on the grounds that there was no personal jurisdiction over the Czech defendants. The appellate court instructed the district court to address on remand whether personal jurisdiction could be asserted against these additional defendants. View "DOE V. WEBGROUP CZECH REPUBLIC, A.S." on Justia Law
City of Creve Coeur v. DirecTV LLC
DirecTV and Dish Network (“Defendants”) provide video services in part through the Internet. The City of Creve Coeur filed this class action in Missouri state court on behalf of local government authorities, seeking a declaratory judgment that Defendants are liable under the Video Services Providers Act (“VSPA”) and implementing local ordinances, plus injunctive relief, an accounting of unpaid fees, and damages. Defendants removed the action based on diversity jurisdiction and the Class Action Fairness Act (CAFA). After the state court entered an interlocutory order declaring that VSPA payments are fees, rather than taxes, DirecTV filed a second notice of removal, arguing this order established the required federal jurisdiction. The district court granted Creve Coeur’s motion to remand.
The Eleventh Circuit affirmed on different grounds. The court explained that the district court’s remand order plainly stated that the remand was based on comity principles as articulated in Levin, not on “state-tax based comity concerns.” Comity as a basis to remand was raised and fully argued in the first remand proceeding. Federal courts have long precluded two bites at this apple. Second, the Supreme Court in Levin emphatically stated that the century-old comity doctrine is not limited to the state-tax-interference concerns that later led Congress to enact the TIA. Third, the state court’s December 2020 Order addressed, preliminarily, only the VSPA fee-or-tax issue under state law. It did not address the broader considerations comity addresses. The state court order in no way overruled or undermined the basis for the district court’s first remand order. Therefore, DirecTV failed to establish the essential basis for a second removal. View "City of Creve Coeur v. DirecTV LLC" on Justia Law
CARA JONES, ET AL V. GOOGLE LLC, ET AL
Plaintiffs, a class of children, appearing through their guardians ad litem, filed a lawsuit against Google LLC and others, alleging that Google used persistent identifiers to collect data and track their online behavior surreptitiously and without their consent in violation of the Children’s Online Privacy Protection Act (“COPPA”). They pled only state law claims arising under the constitutional, statutory, and common law of California, Colorado, Indiana, Massachusetts, New Jersey, and Tennessee, but also allege Google’s activities violate COPPA. The district court held that the “core allegations” in the third amended complaint were squarely covered, and preempted, by COPPA.
The Ninth Circuit reversed the district court’s dismissal on preemption grounds. The panel considered the question of whether COPPA preempts state law claims based on underlying conduct that also violates COPPA’s regulations. The Supreme Court has identified three different types of preemption—express, conflict, and field. First, express preemption is a question of statutory construction. The panel concluded that COPPA’s preemption clause does not bar state-law causes of action that are parallel to, or proscribe, the same conduct forbidden by, COPPA. Accordingly, express preemption does not apply to the plaintiff class’s claims. Second, even if express preemption is not applicable, preemptive intent may be inferred through conflict preemption principles. The panel held that although express and conflict preemption are analytically distinct inquiries, they effectively collapse into one when the preemption clause uses the term “inconsistent.” For the same reasons that the panel concluded there was no express preemption, the panel concluded that conflict preemption did not bar Plaintiffs’ claims. View "CARA JONES, ET AL V. GOOGLE LLC, ET AL" on Justia Law
Clemens v. Execupharm Inc
Clemens, then an employee, provided ExecuPharm with sensitive information, including her address, social security number, bank, and financial account numbers, insurance, and tax information, passport, and information relating to her family. Clemens’s employment agreement provided that ExecuPharm would “take appropriate measures to protect the confidentiality and security” of this information. After Clemens left ExecuPharm, a hacking group (CLOP) accessed ExecuPharm’s servers, stealing sensitive information pertaining to current and former employees, including Clemens. CLOP posted the data on the Dark Web, making available for download 123,000 data files pertaining to ExecuPharm, including sensitive employee information. ExecuPharm notified current and former employees of the breach and encouraged precautionary measures. Clemens reviewed her financial records and credit reports for unauthorized activity; placed fraud alerts on her credit reports; transferred her bank account; enrolled in ExecuPharm’s complimentary one-year credit monitoring services; and purchased three-bureau additional credit monitoring services for herself and her family for $39.99 per month.Clemens's suit under the Class Action Fairness Act, 28 U.S.C. 1332(d), was dismissed for lack of Article III standing. The court concluded that Clemens’s risk of future harm was not imminent, but “speculative.” Any money Clemens spent to mitigate the speculative risk was insufficient to confer standing; even if ExecuPharm breached the employment agreement, it would not automatically give Clemens standing to assert her breach of contract claim. The Third Circuit vacated. Clemens’s injury was sufficiently imminent to constitute an injury-in-fact for purposes of standing. View "Clemens v. Execupharm Inc" on Justia Law
Joffe v. Google, Inc.
Plaintiffs alleged, in this consolidated class action, that Google illegally collected their Wi-Fi data through its Street View program. After the parties reached a settlement agreement that provided for injunctive relief, cy pres payments to nine Internet privacy advocacy groups, fees for the attorneys, and service awards to class representatives—but no payments to absent class members, David Lowery, one of two objectors to the settlement proposal, appealed the district court's approval of the settlement and grant of attorneys' fees.The Ninth Circuit affirmed, concluding that the district court did not abuse its discretion in approving the settlement, certifying the class, or in its award of attorneys' fees, and it did not commit legal error by rejecting Lowery's First Amendment argument. The panel rejected the suggestion that a district court may not approve a class-action settlement that provides monetary relief only in the form of cy pres payments to third parties; Lowery has not shown that the district court abused its discretion in approving the use of cy pres payments in the settlement; the infeasibility of distributing settlement funds directly to class members does not preclude class certification; and viewing the modest injunctive relief together with the indirect benefits the class members enjoy through the cy pres provision, the panel affirmed the district court’s finding that the settlement was fair, reasonable, and adequate.The panel also concluded that the settlement agreement does not compel class members to subsidize third-party speech because any class member who does not wish to subsidize speech by a third party that he or she does not wish to support, can simply opt out of the class. The panel has never held that merely having previously received cy pres funds from a defendant, let alone other defendants in unrelated cases, disqualifies a proposed recipient for all future cases. Furthermore, the panel affirmed cy pres provisions involving much closer relationships between recipients and parties than anything Lowery alleges here. The court further concluded that the district court properly considered all relevant circumstances, including the value to the class members, and concluded that a 25% benchmark was appropriate. Finally, the panel concluded that class counsel and class representatives did not breach their fiduciary duties by entering the settlement. View "Joffe v. Google, Inc." on Justia Law
George v. eBay, Inc.
The appellants were two of a group of plaintiffs who sued eBay and PayPal, challenging provisions in their respective user agreements. Plaintiffs’ second amended complaint alleged 23 causes of action, 13 against eBay, seven against PayPal, and three against both defendants. The trial court dismissed, without leave to amend, 20 of the causes of action, including 14 claims against eBay. Three causes of action proceeded: breach of contract against both defendants and violation of the covenant of good faith and fair dealing against eBay. More than three years later, the appellants opted out of the case against eBay, and voluntarily dismissed the two claims against it. Judgment of dismissal was entered against them.The appellants appealed, contending the trial court got it wrong as to 11 of the dismissed causes of action. The court of appeal affirmed, noting that this was the third appeal of the case. The trial court properly dismissed the claims and did not abuse its discretion in doing so without leave to amend. All of the alleged causes of action failed to state a claim. The court stated that “counsel for appellants has apparently been urging the same contentions for some nine years, all without success. This is enough.” View "George v. eBay, Inc." on Justia Law
Campbell v. Facebook, Inc.
An objecting class member appealed from the district court's approval of a settlement between Facebook and a nationwide class of its users who alleged that Facebook routinely captured, read, and used website links included in users' private messages without their consent, and that these practices violated federal and California privacy laws. The district court found that the settlement was fair and approved it, granting in full class counsel's request for fees and costs.The Ninth Circuit held that the district court had Article III jurisdiction to approve the settlement and that this panel had jurisdiction to evaluate the fairness of the settlement. In this case, plaintiffs identified a concrete injury that the Electronic Communications Privacy Act and the California Invasion of Privacy Act protect; plaintiffs established standing to seek injunctive relief; and post-filing developments did not moot this case.The panel rejected the merits of objector's contentions that the district court abused its discretion by approving the settlement. The panel rejected the argument that the settlement was invalid under Koby v. ARS National Services, Inc., 846 F.3d 1071, 1081 (9th Cir. 2017). Rather, the panel held that, given how little the class could have expected to obtain if it had pursued claims further based on the facts alleged here (and, correspondingly, how little it gave up in the release), it was not unreasonable that the settlement gave the class something of modest value. The panel rejected objector's argument that the settlement was invalid under In re Bluetooth Headset Products Liability Litigation, 654 F.3d 935 (9th Cir. 2010), and held that the district court did not abuse its discretion in concluding that none of the warning signs weighed against approval of the settlement. View "Campbell v. Facebook, Inc." on Justia Law
Dancel v. Groupon, Inc.
Dancel sued, alleging Groupon had used her photograph to promote a restaurant voucher. Groupon had collected the photograph from Dancel’s public Instagram account based on data linking it to the restaurant’s location. She sought damages under the Illinois Right of Publicity Act (IRPA) on behalf of a class of Illinois residents whose Instagram photographs have appeared on a Groupon offer. The parties litigated in state court until Dancel moved to certify a class of “[a]ll persons who maintained an Instagram Account and whose photograph ... was ... acquired and used on a groupon.com webpage for an Illinois business.” The class was not defined by its members’ residency. Groupon filed a notice of removal under the Class Action Fairness Act, 28 U.S.C. 1453. The district court denied remand and denied class certification. The Seventh Circuit affirmed the denial of class certification. IRPA requires more with respect to the plaintiff’s identity than an Instagram username It demands that an attribute, even a name, serve to identify the individual whose identity is being appropriated. This individualized evidentiary burden prevents identity from being a predominating common question under Rule 23(b)(3). View "Dancel v. Groupon, Inc." on Justia Law
Patel v. Facebook, Inc.
The Ninth Circuit affirmed the district court's order certifying a class of Facebook users who alleged that Facebook's facial-recognition technology violated Illinois's Biometric Information Privacy Act (BIPA). The panel held that plaintiffs have alleged a concrete and particularized harm that was sufficient to confer Article III standing where the statutory provisions at issue were established to protect plaintiffs' concrete interests in privacy, not merely procedural rights. In this case, the development of a face template using facial-recognition technology without consent invades an individual’s private affairs and concrete interests. The panel held that the district court did not abuse its discretion by certifying the class; Illinois's extraterritoriality doctrine did not preclude the district court from finding predominance; and the district court did not abuse its discretion in determining that a class action was superior to individual actions. View "Patel v. Facebook, Inc." on Justia Law