Class Actions

Google Seeks Dismissal of BIPA Class Action

• Google has sought dismissal of a putative class action lawsuit alleging violations of Illinois’ Biometric Information Privacy Act (BIPA).

• According to the original complaint, Google allegedly violated BIPA by scanning photos of nonusers uploaded to Google Photos and then “extracting geometric data” of the subjects of those photos, creating facial templates, or so-called faceprints.

• In its motion to dismiss, Google argued that the putative class representatives do not have standing because “there is no evidence of data breach; no evidence of disclosure to third parties; and no evidence of misuse of any data.”

Data Breaches

Student Loan Company Notifies of Breach

  • Access Group Education Lending, a student loan servicing company, notified approximately 16,500 customers of a data breach.
  • According to the notice, one of Access Group’s vendors inadvertently sent out files containing the names, Social Security numbers and driver’s license numbers of its borrowers to another vendor.
  • Although Access Group assured its borrowers that the vendor that received the files immediately deleted them and did not retain copies, Access Group, nevertheless, offered affected customers one year of credit monitoring services.

Federal Trade Commission

FTC Up to Full Slate of Commissioners

  • Four new commissioners were sworn in last week, bringing the Federal Trade Commission up to its full complement of commissioners for the first time since 2015.
  • New Chairman Joe Simons, a Republican, was joined by another Republican, Noah Phillips, along with two Democrats, Rebecca Slaughter and Rohit Chopra.
  • Commissioner Maureen Ohlhausen, who had been serving as acting chairwoman, will stay on until her term ends in September or until she is confirmed for a federal judgeship.

FTC Asked to Review Privacy Policies of

  • The Children’s Advertising Review Unit (CARU) has asked the Federal Trade Commission to review the privacy policies of the video-sharing app after it refused to comply with the recommendations issued by the self-regulatory organization of the advertising industry. CARU’s request alleged that may be violating the Children’s Online Privacy Protection Act (COPPA).
  • CARU’s analysis of the app found that many users appear to be under the age of 13. The app does not require age verification or date of birth to register.
  • According to CARU, respectfully declined to adopt CARU’s recommendations, saying that it did not believe that CARU was correctly applying COPPA.

Mobile Phone Maker BLU Settles With FTC

  • Mobile phone manufacturer BLU settled with the FTC regarding allegations that the company allowed a third-party service provider to correct detailed personal information about users without their consent.
  • According to the FTC’s complaint, BLU falsely claimed that it limited third-party data collection to only information needed to perform requested services, when in reality it allowed third parties to collect detailed information, including text message contents and real-time location data.
  • BLU is prohibited from misrepresenting the extent to which they protect the privacy of users’ personal information, must implement and maintain a comprehensive information security program, and will be subject to biannual third-party assessments of that program for 20 years.


Illinois AG, Not Chicago’s State’s Attorney, Is the Right Enforcer, According to Uber

  • Uber moved to dismiss or halt a lawsuit by the Cook County state’s attorney, alleging the ride-sharing company failed to protect the personal information of 57 million users and then covered up the alleged breach.
  • According to Uber, only the Illinois Attorney General has the authority to sue on behalf of state citizens under the Illinois Consumer Fraud Act (the ICFA).
  • The Cook County state’s attorney responded that its action is actually under local ordinances, which happen to incorporate certain provisions under the ICFA, and Uber’s conduct violated both the ICFA and local law.

State Legislation

Massachusetts Senate Passes Data Breach Protection Bill

  • The Massachusetts Senate unanimously passed a bill that would afford Massachusetts citizens increased protection in the event of a data breach affecting consumer credit reporting agencies.
  • The bill would require credit reporting agencies to provide consumers with five years of free credit monitoring, without having to waive future legal action, in the event of a data breach that involves Social Security numbers. The bill also would prevent the reporting agencies from charging for freezing or unfreezing their credit.
  • This resembles a similar bill that was passed in the Massachusetts House, requiring the two bills to be reconciled before heading to the governor for signature.