Justia Communications Law Opinion Summaries

Two individuals brought a class action against Amazon, alleging that its Virtual Try-On (VTO) feature—used to preview makeup and eyewear products by rendering them on users’ faces via their mobile devices—violated the Illinois Biometric Information Privacy Act (BIPA). The VTO software, developed both in-house and by a third party, captured users’ facial geometry to overlay products for virtual preview. The plaintiffs claimed Amazon collected, stored, and used their facial data and that of many others in Illinois without proper notice, informed consent, or the creation of required data retention and destruction policies as mandated by BIPA.After removal from Illinois state court to the United States District Court for the Northern District of Illinois, the plaintiffs moved for class certification under Federal Rule of Civil Procedure 23(b)(3). The district court certified a class of all individuals who used Amazon’s VTO feature in Illinois after September 7, 2016. The district court found the class satisfied the requirements of numerosity, commonality, typicality, and adequacy, and that common questions—primarily concerning the VTO’s functionality and Amazon’s use of biometric data—predominated over individual questions such as location and damages. It also found a class action was superior due to the size and cost of potential individual litigation.On interlocutory appeal, the United States Court of Appeals for the Seventh Circuit reviewed only the class certification decision, focusing on predominance and superiority. The court affirmed the district court’s certification, holding that common questions about Amazon’s alleged statutory violations predominated and that individual questions regarding user location and damages were manageable. The court also agreed that a class action was superior to individual suits, given the complexity and cost of litigation, and affirmed the district court’s discretion. View "Svoboda v Amazon.com Inc." on Justia Law

A company operating movie theaters in several Midwestern states offered free movie trailers on its website to attract customers. After a website visitor viewed these trailers, she began to receive targeted advertisements on her Facebook page. She alleged that the company had installed a program, Meta Pixel, which tracked her activity and shared her personal information with Meta (Facebook’s parent company). She claimed that the company, as a “video tape service provider,” had a duty under the Video Privacy Protection Act not to disclose her personally identifiable information without consent.The United States District Court for the District of Minnesota dismissed the complaint. The district court found that the company was not a “video tape service provider” as defined by the statute, because it was not engaged in the business of renting, selling, or delivering prerecorded video cassette tapes or similar audio visual materials. As a result, the court concluded that the company had no statutory obligation to withhold the plaintiff’s personal information under the Act.On appeal, the United States Court of Appeals for the Eighth Circuit reviewed the district court’s dismissal de novo. The appellate court agreed with the district court, holding that movie theaters are not “engaged in the business” of renting, selling, or delivering prerecorded video cassette tapes or similar audio visual materials. The court reasoned that the statutory definition requires a physical medium similar to video cassette tapes, which does not include theatrical screenings or free online trailers. The court further determined that offering trailers online did not constitute a separate business of delivering audio visual materials for livelihood or gain. Accordingly, the Eighth Circuit affirmed the judgment of the district court. View "Christopherson v. Cinema Entertainment Corp." on Justia Law

The State of Nevada brought a consumer protection action against TikTok, Inc. and related entities, alleging violations of the Nevada Deceptive Trade Practices Act (NDTPA). The State claimed that TikTok knowingly designed its social media platform to addict young users, causing various harms to minors in Nevada, and made misrepresentations and material omissions about the platform’s safety. The complaint detailed TikTok’s collection and sale of young users’ personal data to advertisers, the use of design features to maximize user engagement, and public statements about youth safety that the State alleged were misleading.The case was first heard in the Eighth Judicial District Court of Nevada, where TikTok moved to dismiss for lack of personal jurisdiction and failure to state a claim, arguing that the court lacked jurisdiction, and that the Communications Decency Act (CDA) § 230 and the First Amendment immunized it from liability. The district court denied TikTok’s motion in part, finding that it had specific personal jurisdiction over TikTok based on purposeful conduct directed at Nevada, and that the State’s NDTPA claims were not barred by CDA § 230 or the First Amendment. Other claims were dismissed without prejudice.The Supreme Court of Nevada reviewed TikTok’s petition for writ relief. The court held that the district court properly exercised specific personal jurisdiction over TikTok, as the State made a prima facie showing that TikTok purposefully directed its conduct at Nevada through targeted marketing and data collection. The court further held that the CDA § 230 and the First Amendment do not bar the State’s NDTPA claims at the pleading stage, as the claims target TikTok’s own alleged misrepresentations and harmful design features, not third-party content or expressive activity. The Supreme Court of Nevada denied TikTok’s petition. View "TikTok, Inc. v. District Court" on Justia Law

Two minor boys, referred to as John Doe 1 and John Doe 2, were coerced by a trafficker into producing pornographic content, which was later posted on Twitter. Despite reporting the content to Twitter, the platform did not immediately remove it, leading to significant views and retweets. The boys and their mother made multiple attempts to have the content removed, but Twitter only acted after being prompted by the Department of Homeland Security.The United States District Court for the Northern District of California dismissed the plaintiffs' complaint, primarily based on the immunity provided under § 230 of the Communications Decency Act of 1996. The court found that Twitter was immune from liability for most of the claims, including those under the Trafficking Victims Protection Reauthorization Act (TVPRA) and California product-defect claims, as these claims treated Twitter as a publisher of third-party content.The United States Court of Appeals for the Ninth Circuit reviewed the case. The court held that Twitter is immune from liability under § 230 for the TVPRA claim and the California product-defect claim related to the failure to remove posts and the creation of search features that amplify child-pornography posts. However, the court found that the plaintiffs' claims for negligence per se and their product-liability theory based on defective reporting-infrastructure design are not barred by § 230 immunity, as these claims do not arise from Twitter's role as a publisher. Consequently, the court affirmed the dismissal of the TVPRA and certain product-defect claims, reversed the dismissal of the negligence per se and defective reporting-infrastructure design claims, and remanded the case for further proceedings. View "DOE 1 V. TWITTER, INC." on Justia Law

A data breach occurred at Wawa convenience stores, affecting customers' payment information. Wawa discovered the breach in December 2019 and contained it within days. The breach led to a class action lawsuit filed in the U.S. District Court for the Eastern District of Pennsylvania, consolidating 15 actions into three tracks: financial institution, employee, and consumer. The consumer track, which is the focus of this case, alleged negligence, breach of implied contract, and violations of state consumer protection laws, seeking both damages and injunctive relief.The District Court preliminarily approved a settlement that included compensation through Wawa gift cards and cash for out-of-pocket losses, as well as injunctive relief to improve Wawa's data security. Class member Theodore Frank objected, arguing that the settlement's attorney's fees were excessive and that the settlement included a clear sailing agreement and a fee reversion clause. The District Court approved the settlement and the attorney's fees, but Frank appealed.The United States Court of Appeals for the Third Circuit vacated the fee award and remanded the case, instructing the District Court to scrutinize the reasonableness of the attorney's fees and the presence of any side agreements. On remand, the District Court found no clear sailing agreement or collusion and determined that the fee reversion was unintentional. The court reaffirmed the attorney's fee award based on the funds made available to the class, considering the benefits provided, including the injunctive relief.The Third Circuit reviewed the District Court's findings and affirmed the judgment, holding that the attorney's fee award was reasonable and that the settlement process was free of collusion or improper side agreements. The court emphasized the meaningful benefits provided to the class members and the appropriateness of the fee award based on the amount made available rather than the amount claimed. View "In re: Wawa, Inc. Data Security Litigation" on Justia Law

Michael Salazar filed a class action lawsuit against Paramount Global, alleging a violation of the Video Privacy Protection Act (VPPA). Salazar claimed that he subscribed to a 247Sports e-newsletter and watched videos on 247Sports.com while logged into his Facebook account. He alleged that Paramount had installed Facebook’s tracking Pixel on 247Sports.com, which enabled Paramount to track and disclose his video viewing history to Facebook without his consent.The United States District Court for the Middle District of Tennessee dismissed Salazar’s complaint. The court found that Salazar had standing because the alleged disclosure of his video viewing history to Facebook constituted a concrete injury. However, the court dismissed the complaint for failure to state a claim under the VPPA, concluding that Salazar was not a “consumer” under the Act. The court reasoned that Salazar’s subscription to the 247Sports e-newsletter did not qualify him as a “consumer” because the newsletter was not “audio visual materials.”The United States Court of Appeals for the Sixth Circuit reviewed the case and affirmed the district court’s decision. The Sixth Circuit agreed that Salazar had standing but held that he did not plausibly allege that he was a “consumer” under the VPPA. The court interpreted the term “goods or services” in the context of the VPPA to mean audio-visual materials, and since Salazar’s newsletter subscription did not involve audio-visual materials, he was not a “consumer” under the Act. The court also found that the district court did not abuse its discretion in dismissing the complaint with prejudice, as Salazar had not filed a formal motion to amend his complaint. View "Salazar v. Paramount Global" on Justia Law

A cyberattack on California Pizza Kitchen, Inc. (CPK) in September 2021 compromised the personal information of over 100,000 former and current employees. This led to multiple class action lawsuits against CPK, alleging negligence and other claims. The consolidated plaintiffs reached a settlement with CPK, offering cash payments and credit monitoring services to class members, with CPK required to make payments only to those who submitted valid claims. The settlement's monetary value was estimated at around $950,000, while the attorneys sought $800,000 in fees.The United States District Court for the Central District of California approved the settlement but reserved judgment on the attorneys' fees until after the claims process concluded. The consolidated plaintiffs reported a final claims rate of 1.8%, with the maximum monetary value of the claims being around $950,000. Despite expressing concerns about the scope of attorneys' fees, the district court ultimately awarded the full $800,000 in fees and costs.The United States Court of Appeals for the Ninth Circuit reviewed the case and affirmed the district court's approval of the class settlement, finding that the district court had properly applied the heightened standard to review the settlement for collusion and had not abused its discretion in finding the settlement fair, reasonable, and adequate. However, the Ninth Circuit reversed the fee award, noting that the district court had not adequately assessed the actual value of the settlement and compared it to the fees requested. The case was remanded for the district court to determine the settlement's actual value to class members and award reasonable and proportionate attorneys' fees. View "IN RE: CALIFORNIA PIZZA KITCHEN DATA BREACH LITIGATION" on Justia Law

Ann Jones filed lawsuits against Bloomingdales.com, LLC, and Papa John's International, Inc., alleging that their websites used "session replay" technology to record her electronic communications, including mouse movements, clicks, and keystrokes, without her knowledge. She claimed this technology invaded her privacy by creating a detailed record of her website visits, which could be used for targeted advertisements and website improvements.In the Eastern District of Missouri, the district court dismissed Jones's complaint against Bloomingdales for lack of subject-matter jurisdiction, citing a lack of concrete injury as she did not allege the capture of sensitive information. In the case against Papa John's, the district court dismissed the complaint for lack of personal jurisdiction. Jones appealed both dismissals.The United States Court of Appeals for the Eighth Circuit reviewed the cases and consolidated them for oral argument. The court held that Jones did not plausibly allege a concrete injury in either case, affirming the lower courts' judgments. The court noted that Jones's allegations did not demonstrate that the session-replay technology captured any private or sensitive information, such as social security numbers, medical history, or financial details. The court compared the situation to a security camera in a physical store, where customers do not have a reasonable expectation of privacy regarding their general movements.The Eighth Circuit concluded that Jones lacked standing to sue because her allegations did not show a concrete harm to her privacy. The court emphasized that merely asserting an invasion of privacy without supporting facts is insufficient to establish standing. Therefore, the court affirmed the dismissals of both cases. View "Jones v. Bloomingdales.com, LLC" on Justia Law

Michael Terpin, a cryptocurrency investor, sued AT&T Mobility, LLC after hackers gained control over his phone number through a fraudulent "SIM swap," received password reset messages for his online accounts, and stole $24,000,000 of his cryptocurrency. Terpin alleged that AT&T failed to adequately secure his account, leading to the theft.The United States District Court for the Central District of California dismissed some of Terpin's claims for failure to state a claim and later granted summary judgment against him on his remaining claims. The court dismissed Terpin's fraud claims and punitive damages claim, holding that he failed to allege that AT&T had a duty to disclose or made a promise with no intent to perform. The court also held that Terpin failed to allege facts sufficient to support punitive damages. On summary judgment, the court ruled that Terpin's negligence claims were barred by the economic loss rule, his breach of contract claim was barred by the limitation of liability clause in the parties' agreement, and his claim under Section 222 of the Federal Communications Act (FCA) failed because the SIM swap did not disclose any information protected under the Act.The United States Court of Appeals for the Ninth Circuit affirmed the district court's dismissal of Terpin's fraud claims and punitive damages claim, agreeing that Terpin failed to allege a duty to disclose or an intent not to perform. The court also affirmed the summary judgment on Terpin's breach of contract claim, holding that consequential damages were barred by the limitation of liability clause. The court affirmed the summary judgment on Terpin's negligence claims, finding them foreclosed by the economic loss rule. However, the Ninth Circuit reversed the summary judgment on Terpin's claim under Section 222 of the FCA, holding that Terpin created a triable issue over whether the fraudulent SIM swap gave hackers access to information protected under the Act. The case was remanded for further proceedings on this claim. View "TERPIN V. AT&T MOBILITY LLC" on Justia Law

A ten-year-old girl named Nylah Anderson died after attempting the "Blackout Challenge," a dangerous activity promoted in a video recommended to her by TikTok's algorithm. Her mother, Tawainna Anderson, sued TikTok and ByteDance, Inc., alleging that the companies were aware of the challenge, allowed such videos to be posted, and promoted them to minors, including Nylah, through their algorithm.The United States District Court for the Eastern District of Pennsylvania dismissed the complaint, ruling that TikTok was immune under Section 230 of the Communications Decency Act (CDA), which protects interactive computer services from liability for content posted by third parties. The court found that TikTok's role in recommending the video fell under this immunity.The United States Court of Appeals for the Third Circuit reviewed the case and reversed the District Court's decision in part, vacated it in part, and remanded the case. The Third Circuit held that TikTok's algorithm, which curates and recommends videos, constitutes TikTok's own expressive activity, or first-party speech. Since Section 230 of the CDA only provides immunity for third-party content, it does not protect TikTok from liability for its own recommendations. Therefore, the court concluded that Anderson's claims were not barred by Section 230, allowing the lawsuit to proceed. View "Anderson v. TikTok Inc" on Justia Law