Facebook Users BIPA Suit to Go Forward
• Denying cross-motions for summary judgment, the U.S. District Court for the Northern District of California ruled that the class action against Facebook for violating Illinois’ Biometric Information Privacy Act (BIPA) will proceed to trial.
• According to the Court, the “voluminous submissions underscore the multitude of fact disputes that bar judgment as a matter of law for either side. That is particularly true for plaintiffs’ motion, which effectively asks for entry of judgment in their favor on a record that they concede is often unsettled.”
• Trial is scheduled for July 9, 2018.
Users of Under Armour’s MyFitnessPal File Putative Class Action Over Breach
- Users of Under Armour’s popular MyFitnessPal nutrition app filed a putative class action suit in Los Angeles County Superior Court against the exercise clothing giant, alleging that the company failed to take steps to protect users’ personal information.
- In late March, Under Armour announced that an “unauthorized party” had acquired user names, email addresses and hashed passwords of 150 million users of the app but did not acquire Social Security numbers, drivers’ license numbers or payment card information.
- The named plaintiff alleges this is not correct, claiming that payment information for purchases made through the app also was compromised.
Chili’s Announces Payment Card Breach
- Brinker International, parent company of restaurant chain Chili’s, announced a data security incident in March-April 2018 at certain Chili’s restaurants.
- According to the announcement, Brinker still is investigating, but believes that payment card data of customers at certain Chili’s restaurants in March and April was compromised through point-of-sale malware. Chili’s did not announce the number of locations or customers affected.
- The incident did not involve Social Security numbers, dates of birth, or federal or state identification numbers.
Federal Trade Commission
New FTC Commissioner Wants Stiffer Penalties for Repeat Offenders
- After less than a week on the job, new FTC commissioner Rohit Chopra pushed for the Commission to take stronger steps to punish what he believes are companies that flout FTC consent orders.
- In his first public comments, Commissioner Chopra wrote that “FTC orders are not suggestions” and companies that violate FTC orders are guilty of “serious management dysfunction, a calculated risk that the payoff of skirting the law is worth the expected consequences, or both.”
- For what he referred to as “recidivist” companies, Commissioner Chopra called on the FTC to “consider contempt proceedings, referral to criminal authorities, and remedial injunctive relief.”
Amended Arizona Data Breach Law Goes Into Effect in August
- On August 1, Arizona joins the growing list of states that have expanded their data breach notification laws.
- Arizona’s revised law now requires notification of breach of a variety of additional classes of information, including healthcare and medical information, online account access, and biometric data, among other things.
- The law also requires notification within 45 days and mandates notification to the Attorney General and to credit reporting agencies if data of more than 1,000 Arizona residents is compromised.
Lawmakers Seek Information From Amazon Regarding Kids’ Device
- Ed Markey (D-Mass.) and Rep. Joe Barton (R-Texas) reached across the aisle to jointly write Amazon, seeking information about the company’s new Echo Dot Kids Edition.
- The device provides children with the Alexa voice assistant and comes equipped with a subscription to Amazon’s FreeTime service, which provides children with access to age-appropriate curated Amazon content.
- The lawmakers expressed concern about the effects of digital media and technology use on kids and teens and asked Amazon to provide information about how the company “plans to protect the privacy of children … and what steps the company is taking to ensure that using [the Echo Dot Kids Edition] will not negatively affect children’s development.”