Data “Down Under” – AI, CyberSecurity, And Data Breach Class Action Takeaways From The ASIAL Security Exhibition + Conference In Sydney, Australia

By Alex W. Karasik

Duane Morris Takeaways Data breach litigation is a billion-dollar industry worldwide. At the ASIAL Security Exhibition + Conference in Sydney, Australia, on August 22, 2024, Partner Alex W. Karasik of the Duane Morris Class Action Defense Group gave a highly anticipated 40-minute address, “A Deep Dive Into Data Breach Class Action Litigation.” The Conference, which had over 10,000 attendees, produced excellent dialogues on cybersecurity threats, mitigation strategies, data breach litigation, and the implications of artificial intelligence on data security.

The Conference’s robust agenda featured over 35 speakers from a wide array of backgrounds, including Australian government officials, data security industry experts, executives from blue-chip companies such as Amazon and Microsoft, and a lawyer from Chicago. In a masterful way, the agenda provided valuable insight for attendees from a broad range of backgrounds, including business owners, c-suite executives, risk officers, privacy professionals, technology start-ups, vendors, attorneys, journalists, and other individuals with interests in the tech, legal, and security industries.

I had the privilege of speaking about global data breach litigation risk, with a focus on the Unites States’ data breach class action landscape. A few of the highlights from my presentation include the following:

    1. Data breach class action lawsuit filings doubled from over 300 in 2021 to over 600 in 2022, and then doubled again to over 1,300 in 2023. I do not expect this trend to slow down any time soon.
    2. The last two years procured massive settlement totals, with over $515 million in 2023. Google and T-Mobile each settled data breach class actions for $350 million in the last two years. The financial exposure is enormous in data breach class action litigation.
    3. Major U.S. Supreme Court decisions (TransUnion LLC v. Ramirez, et al., 141 S.Ct. 2190 (2021)); pending class action litigation (In Re MOVEit Customer Data Security Breach Litigation, MDL No. 3083 (J.P.M.L. Oct. 4, 2023); and the next wave of data security class action claims (stemming from the recent CrowdStrike outage) will all continue to collectively and profoundly impact the data breach class action landscape.
    4. Low class certification rates, generally trending below 50%, provide some room for optimism for data breach class action defendants. Plus, with the large number of breaches that have now impacted a plurality of major corporations across all sectors, causation of damages is more difficult to prove than ever.
    5. Some of the “toolkit takeaways” for businesses include: (i) implement a multi-faceted approach to data security mechanisms; (ii) develop a data security task force within the organization; (iii) provide extensive training to employees, which will need to evolve as the types of threats change; and (iv) utilize arbitration agreements with class action waivers.

Finally, one of the greatest joys of attending an international conference is the opportunity to draw on the wisdom of my fellow presenters from across the globe. Below are a few of the highlights:

    1. “Employers cannot contract out risk.” I loved this quote from Australian government official, Justine Jones. This sentiment echoes many of my conversations with and publications prepared by U.S. EEOC Commissioner, Keith Sonderling, who has consistently noted in the artificial intelligence context that employers cannot simply point their fingers at vendors if hiring or recruiting software procures discriminatory outputs. Jones opined that even if businesses use third-parties for data security purposes, they still remain responsible.
    2. Brett McGrath, President of the Law Society of New South Wales, provided excellent insight on what I interpreted to be “cautious optimism” from the Australian legal system in terms of embracing artificial intelligence. He discussed the creation of a task force involving judges, lawyers, academics, and technology experts. Jurisdictions in the United States – at the local, state, and federal levels – would be wise to follow suit.
    3. Amazon’s Lindsay Maloney, Lead of Security & Loss Prevention, Australia & Singapore, highlighted hiring risks associated with different geographical markets. From my perspective, the rapid emergence of artificial intelligence laws involving employment decisions are often similar but not the same. This means American businesses likewise should take heed of where they are hiring and what technology they are using in each locale.
    4. Philip Meyer, a Technology Strategist at Microsoft, delivered an impactful address that examined the history of ChatGPT and the future of artificial intelligence. Philip’s commentary regarding Microsoft’s commitment to providing training meshed well with my message about how companies must embrace the training process, so that artificial intelligence and data security measures are deployed ethically and in the best interests of the organization.
    5. Brian de Caires, CEO of the ASIAL, opined on the need for consistent security standards across Australia. For those of you who follow my publications on artificial intelligence, privacy, and data security, a motif of my writings is that there is a patchwork of laws among a myriad of jurisdictions, creating a compliance minefield for employers.

Thank you to ASIAL and its incredible team, my fellow speakers, the engaging attendees, the media personnel, and all others who helped make this week in Sydney, Australia an informative and unforgettable experience “Down Under.”

For more information on the Duane Morris Class Action Group, including its Data Breach Class Action Review e-book, please click the link here.

Announcing A New ABA Article By Duane Morris Partner Alex Karasik Explaining The EEOC’s Artificial Intelligence Evolution


By Alex W. Karasik

Duane Morris Takeaway: Available now is the recent article in the American Bar Association’s magazine “The Brief” by Partner Alex Karasik entitled “An Examination of the EEOC’s Artificial Intelligence Evolution.[1] The article is available here and is a must-read for all employers and corporate counsel!

In the aftermath of the global pandemic, employee hiring has become a major challenge for businesses across the country, regardless of industry or region. Businesses want to accomplish this goal in the most time- and cost-effective way possible. Employers remain in vigorous pursuit of anything that can give them an edge in recruiting, hiring, onboarding, and retaining the best talent. In 2023, artificial intelligence (AI) emerged as the focal point of that pursuit. The use of AI offers an unprecedented opportunity to facilitate employment decisions. Whether it is sifting through thousands of resumes in a matter of seconds, aggregating information about interviewees’ facial expressions, or generating data to guide compensation adjustments, AI has already had a profound impact on how businesses manage their human capital.

Title VII of the Civil Rights Act of 1964, which is the cornerstone federal employment discrimination law, does not contain statutory language specifically about the use of AI technologies, which did not emerge until several decades later. However, the U.S. Equal Employment Opportunity Commission (EEOC), the federal government agency responsible for enforcing Title VII, has made it a strategic priority to prevent and redress employment discrimination stemming from employers’ use of AI to make employment decisions regarding prospective and current employees.

Focusing on the EEOC’s pioneering efforts in this space, this article explores the risks of using AI in the employment context. First, the article examines the current litigation landscape with an in-depth case study analysis of the EEOC’s first AI discrimination lawsuit and settlement. Next, to figure out how we got here, the article travels back in time through the origins of the EEOC’s AI initiative to present-day outreach efforts. Finally, the article reads the EEOC’s tea leaves about the future of AI in the workplace, offering employers insight into how to best navigate the employment decision-making process when implementing this generation-changing technology.

Implications For Employers: Similar to the introduction of technologies such as the typewriter, computer, internet, and cell phone, there are, understandably, questions and resulting debates about the precise impact that AI will have on the business world, including the legal profession. To best adopt any new technology, one must first invest in understanding how it works. The EEOC has done exactly that over the last several years. The businesses that use AI software to make employment decisions must similarly make a commitment to fully understand its impact, particularly with regard to applicants and employees who are members of protected classes. The employment evolution is here, and those who are best equipped to understand the risks and rewards will thrive in this exciting new era.

[1] THE BRIEF ❭ Winter 2024 An Examination of the EEOC’s Artificial Intelligence Evolution VOLUME 53, NUMBER 2, WINTER 2024. © 2024 BY THE AMERICAN BAR ASSOCIATION. REPRODUCED WITH PERMISSION. ALL RIGHTS RESERVED. THIS INFORMATION OR ANY PORTION THEREOF MAY NOT BE COPIED OR DISSEMINATED IN ANY FORM OR BY ANY MEANS OR STORED IN AN ELECTRONIC DATABASE OR RETRIEVAL SYSTEM WITHOUT THE EXPRESS WRITTEN CONSENT OF THE AMERICAN BAR ASSOCIATION.

EEOC Weighs In On Novel Artificial Intelligence Suit Alleging Discriminatory Hiring Practices

By Gerald L. Maatman, Jr., Alex W, Karasik, and George J. Schaller

Duane Morris Takeaways: In Mobley v. Workday, Inc., Case No. 23-CV-770 (N.D. Cal. April 9, 2024) (ECF No. 60)the Equal Employment Opportunity Commission (“EEOC”) filed a Motion for Leave to File an Amicus Brief in Support of Plaintiff and in Opposition to Defendant’s Motion to Dismiss. This development follows Workday’s first successful Motion to Dismiss, about which we previously blogged here, after which the Court allowed Plaintiff a chance to amend his complaint. 

For employers utilizing Artificial Intelligence in their hiring practices, this notable case is worth monitoring. The EEOC’s decision to insert itself in the dispute demonstrates the Commission’s commitment to continued enforcement of anti-discrimination laws bearing on artificial intelligence use in employment. 

Case Background

Plaintiff, an African American male over the age of forty alleged that he suffered from anxiety and depression and brought suit against Workday claiming that its applicant screening tools discriminated against applicants on the basis of race, age, and disability.  Plaintiff further alleged that he applied for 80 to 100 jobs, but despite holding a bachelor’s degree in finance and an associate’s degree in network systems administration, he did not get a single job offer.  Id., 1-2 (ECF No. 45).

Workday moved to dismiss the Complaint in part arguing that Plaintiff did not allege facts to state a plausible claim that Workday was liable as an “employment agency” under the anti-discrimination statutes at issue.

On January 19, 2024, the Court granted the defendant’s motion to dismiss, but with leave for Plaintiff to amend, on the ground that plaintiff failed to plead sufficient facts regarding Workday’s supposed liability as an employer or “employment agency.”  Shortly thereafter, Plaintiff filed his Amended Complaint.  Id. (N.D. Cal. Feb. 20, 2024) (ECF No. 47.)

On March 12, 2024, Workday filed its Motion to Dismiss Amended Complaint, asserting that Workday is not covered by the statutes at issue – Title VII, the Americans with Disabilities Act (“ADA”), and/or the Age Discrimination in Employment Act (“ADEA”) – because Workday merely screens job seekers rather than procuring them.  Id., (ECF No. 50.)  On April 2, 2024, Plaintiff filed his opposition (id., ECF No. 59) and, on April 12, 2024, Workday filed its reply.  Id., (ECF No. 61.)

The motion is fully briefed and set for hearing on May 7, 2024.

The EEOC’s Motion for Leave to File an Amicus Brief

On April 9, 2024, before Workday filed its Reply, the EEOC filed a Motion for Leave to File an Amicus Brief in Support of Plaintiff and in Opposition to Defendant’s Motion.  Id., (ECF Nos. 60 & 60-1.)  The EEOC noticed its Motion for hearing on May 7, 2024.  Id., (ECF No. 60.)

The EEOC describes Mobley as a case that “implicate[s] whether,” Title VII, the ADA, and the ADEA, “cover[s] entities that purportedly screen and refer applicants and make automated hiring decisions on behalf of employers using algorithmic tools.”  Id., at 1 (ECF No. 60-1.)  The Commission argues that Plaintiff’s Amended Complaint satisfies federal pleading standards “with respect to all three theories of coverage alleged.”  Id., at 4.

First, with respect to Workday as an employment agency, the EEOC notes that Title VII, the ADA, and the ADEA, all prohibit discrimination by employment agencies.  Under each statute, the term “employment agency” includes “any person regularly undertaking with or without compensation to procure employees for an employer.”  Id.  The EEOC maintains courts generally construe “employment agency” based on “‘those engaged to a significant degree’ in such procurement activities ‘as their profession or business,’” and the focus on the degree to which an entity engages in “activities of an employment agency.”  Id.

The EEOC argues, among these activities, screening and referral activities are classically associated with employment agencies.  Id., at 5.  The Commission asserts that “[Plaintiff] has plausibly alleged that Workday’s algorithmic tools perform precisely the same screening and referral functions as traditional employment agencies—albeit by more sophisticated means.”  Id., at 6.  In contrasting Workday’s position, the EEOC urged the Court to find Workday’s arguments that “screening employees is not equivalent to procuring employees,” and that Workday does not “actively recruit or solicit applications” as unpersuasive.  Id., at 7.

Second, the EEOC argues leading precedent weighs in favor of Plaintiff’s allegations that Workday is an indirect employer.  Taking Plaintiff’s allegations as true, the EEOC contends that “Workday exercised sufficient control over [Plaintiff’s] and others applicants’ access to employment opportunities to qualify as an indirect employer,” and “Workday purportedly acts as a gatekeeper between applicants and prospective employers.”  Id., at 11. 

The EEOC argues Workday’s position on sufficient control misses the point.  Workday’s assertion that it “does not exert ‘control over its customers,’ who ‘are not required to use Workday tools and are free to stop using them at any time,” is not the inquiry.  Id., at 12.  Rather, the relevant inquiry is “whether the defendant can control or interfere with the plaintiff’s access to that employer,” and the EEOC notes that the nature of that control or interference “will always be a product of each specific factual situation.”  Id.

Finally, the EEOC maintains that Plaintiff plausibly alleged Workday is an agent of employers. The EEOC also maintains that under the relevant statutes the term “employer” includes “any agent of” an employer and several circuits have reasoned that an employer’s agent may be held independently liable for discrimination under some circumstances.  Id. 

In analyzing Plaintiff’s allegations, the EEOC argues that Plaintiff satisfies this requirement, where Plaintiff “alleges facts suggesting that employers delegate control of significant aspects of the hiring process to Workday.”  Id., at 13.  Accordingly, the EEOC concludes that Plaintiff’s allegations are sufficient and demonstrate “Workday’s employer-clients rely on the results of its algorithmic screening tools to make at least some initial decisions to reject candidates.”  Id., at 14.

On April 15, 2024, the Court ordered any opposition or statement of non-opposition to the EEOC’s motion for leave shall be filed by April 23, 2024.  Id.  (ECF No. 62.)

Implications For Employers

With the EEOC’s filing and sudden involvement, Employers should put great weight on EEOC enforcement efforts in emerging technologies, such as AI.  The EEOC’s stance in Mobley shows that this case is one of first impression and may create precedent for pleading in AI-screening tool discrimination cases regarding the reach of “employment decisions,” by an entity – whether directly, indirectly, or by delegation through an agent.

The Mobley decision is still pending, but all Employers harnessing artificial intelligence for “employment decisions” must follow this case closely.  As algorithm-based applicant screening tools become more common place –the anticipated flood of employment discrimination lawsuits is apt to follow.

 

EEOC Mid-Year Lawsuit Filing Update For Fiscal Year 2024


By Alex W. Karasik, Gerald L. Maatman, Jr. and Jennifer A. Riley

Duane Morris Takeaways: The EEOC’s fiscal year (“FY 2024”) spans from October 1, 2023 to September 30, 2024. Through the midway point of FY 2024, EEOC enforcement litigation filings have been noticeably down. In the first six months of FY 2023, there were 29 new lawsuits filed by the Commission, while only 14 lawsuits were filed through the midway point of FY 2024.

Traditionally, the second half of the EEOC’s fiscal year – and particularly in the final months of August and September – are when the majority of filings occur. Even so, an analysis of the types of lawsuits filed, and the locations where they are filed, is informative for employers in terms of what to expect during the fiscal year-end lawsuit filing rush in September.

Cases Filed By EEOC District Offices

In addition to tracking the total number of filings, we closely monitor which of the EEOC’s 15 district offices are most active in terms of filing new cases over the course of the fiscal year. Some districts tend to be more aggressive than others, and some focus on different case filing priorities. The following chart shows the number of lawsuit filings by EEOC district office.

The most noticeable trend of the first six months of FY 2024 is that the Atlanta and Philadelphia District Offices already filed three lawsuits each. Houston, Indianapolis, and New York each have two lawsuit filings, and Dallas and Chicago have one each. That means that many of the district offices have yet to file a lawsuit at all in FY 2024. But for employers in the Atlanta and Philadelphia metropolitan areas, these early tea leaves suggest that a higher likelihood of pending charges may turn into federal lawsuits by the end of Summer to next Fall.

Analysis Of The Types Of Lawsuits Filed In First Half Of FY 2024

We also analyzed the types of lawsuits the EEOC filed throughout the first six months, in terms of the statutes and theories of discrimination alleged, in order to determine how the EEOC is shifting its strategic priorities. The chart below shows the EEOC filings by allegation type.

The percentage of each type of filing has remained fairly consistent over the past several years. However, in FY 2024, nearly every filing has contained Title VII claims, with 12 of the 14, or 87% alleging these violations. This is a major increase over past years — in FY 2023, Title VII claims in 59% of all filings, 69% in FY 2022, and 62%. ADA cases were alleged in three lawsuits filed, for 21% of the cases, a decrease from the EEOC’s FY 2023 filings of 31%, 18% in FY 2022, and 36% in FY 2021. There was also an ADEA claim in one of the lawsuits and Pregnancy Discrimination Act claim in another.

The graph set out below shows the number of lawsuits filed according to the statute under which they were filed (Title VII, Americans With Disabilities Act, Pregnancy Discrimination Act, Equal Pay Act, and Age Discrimination in Employment Act) and, for Title VII cases, the theory of discrimination alleged.

The industries impacted by EEOC-initiated litigation have also remained consistent in FY 2024. The chart below details that hospitality, healthcare, and retail employers have maintained their lead as corporate defendants in the last 18 months of EEOC-initiated litigation.

Notable 2024 Lawsuit Filings

Gender Identity Discrimination

In EEOC v. Sis-Bro, Inc., Case No. 24-CV-968 (S.D. Ill. Mar. 28, 2024), the EEOC brought suit alleging that the farm violated federal law when it allowed an employee to be harassed because of her sex and gender identity after she began transitioning genders. The EEOC contended that the employee was subjected to frequent, derogatory comments about the employee’s gender identity; the co-owner refused to call the targeted employee by her name and referred to her by her former name; repeatedly told her she was “a guy”; and criticized her use of employer-provided health insurance and leave for gender affirming care, in violation of Title VII of the Civil Rights Act.

Disability Discrimination

In EEOC v. Atlantic Property Management, Case No. 24-CV-10370 (D. Mass. Oct. 4, 2023), the EEOC filed an action on behalf of a new hire who the company allegedly rescinded a job offer following the employee’s cancer diagnosis. The EEOC alleged that the individual was offered employment as an executive administrative assistant to the president and vice president of the two companies. Shortly after the offer of employment, the employee was diagnosed with breast cancer. Her doctor confirmed she was able to perform all aspects of her position, but she would need to receive treatment weekly resulting in a need for some limited time off from work. When she provided her doctor’s note to the companies, the president decided to withdraw her job offer without any discussion with the employee, which the EEOC alleged violated the ADA.

Race / National Origin Discrimination

In EEOC v. Bob’s Tire Company, Case No. 24-CV-10077 (D. Mass. Jan. 10, 2024), the EEOC filed an action alleging that the company violated Title VII of the Civil Rights Act by subjecting employees to egregious and constant harassment, including the owner telling Hispanic employees to “go back to [their] country”; calling Guatemalan employees “f—ing Guatemalans”; donning a U.S. Immigration and Customs Enforcement hat to intimidate Hispanic employees; and calling employees homophobic slurs. Additionally, the EEOC contended that employees were also harassed by a co-worker because of their sex, race, and national origin, and at least one employee complained to the owner, who retaliated against this complaining employee by mocking him for being in a romantic and/or sexual relationship with the harassing co-worker.

These filings illustrate that the EEOC will likely continue to prioritize sex, disability, and race discrimination claims in the second half of FY 2024.

March 2024 Release Of Enforcement Statistics

On March 12, 2024, the EEOC published its fiscal year 2023 Annual Performance Report (FY 2023 APR), highlighting the Commission’s recovery of $665 million in monetary relief for over 22,000 workers, a near 30% increase for workers over Fiscal Year 2022. This annual publication from the EEOC is noteworthy for employers in terms of recognizing the EEOC’s reach, understanding financial exposure for workplace discrimination claims, and identifying areas where the EEOC may focus its litigation efforts in the coming year. It is a must read for corporate counsel, HR professional, and business leaders.

As we blogged about here, the Commission reported having one of the most litigious years in recent memory in FY 2023, with 142 new lawsuits filed, marking a 50% increase from FY 2022. Among these new lawsuits, 86 were filed on behalf of individuals, 32 were non-systemic suits involving multiple victims, and 25 were systemic suits addressing discriminatory policies or affecting multiple victims. The EEOC also touted that it obtained $22.6 million for 968 individuals in litigation, while resolving 98 lawsuits and achieving favorable results in 91% of all federal district court resolutions.

These numbers show the EEOC is still aggressively litigating discrimination claims, and despite the slow start in FY 2024, we anticipate the EEOC will turn up the jets in the second half of the fiscal year.

Strategic Priorities

The Commission also reported significant progress in its “priority areas” for 2023, which included combatting systemic discrimination, preventing workplace harassment, advancing racial justice, remedying retaliation, advancing pay equity, promoting diversity, equity, inclusion and accessibility (“DEIA”) in the workplace, and, significantly, embracing the use of technology, including artificial intelligence, machine learning, and other automated systems in employment decisions.

In 2023, the EEOC resolved over 370 systemic investigations on the merits, resulting in over $29 million in monetary benefits for victims of discrimination. The Commission also reported that its litigation program achieved a 100% success rate in its systemic case resolutions, obtaining over $11 million for 806 systemic discrimination victims, as well as substantial equitable relief.  Further, the Commission made outreach and education programs a priority in 2023, and specifically sought to reach vulnerable workers and underserved communities, including immigrant and farmworker communities, hosting over 680 events for these groups and partnering with over 1,120 organizations, reaching over 107,000 attendees.

These statistics confirm the Commission’s prowess, dictating that employers should take heed in the coming months as the EEOC seeks to match these gaudy figures.

Other Notable Developments

Beyond touting its monetary successes, and litigation accomplishments, the FY 2023 APR also highlights the newly enacted Pregnant Workers Fairness Act (“PWFA”), which provides workers with limitations related to pregnancy, childbirth, or related medical conditions the ability to obtain reasonable accommodations, absent undue hardship to the employer.

The Commission began accepting PWFA charges on June 27, 2023 (the law’s effective date) and has conducted broad public outreach relating to employers’ compliance obligations under the new law.

Takeaways For Employers

By all accounts, FY 2023 was a record-breaking year for the EEOC. As demonstrated in the report, the Commission has pursued an increasingly aggressive and ambitious litigation strategy to achieve its regulatory goals.  The data confirms that the EEOC had a great deal of success in obtaining financially significant monetary awards.

Although the early numbers are lagging as compared with last year, we anticipate that the EEOC will continue to aggressively pursue its strategic priority areas in FY 2024.  There is no reason to believe that the annual “September surge” is not coming, in what could be another precedent-setting year.  We will continue to monitor EEOC litigation activity on a daily basis, and look forward to providing our blog readers with up-to-date analysis on the latest developments.

Finally, we are thrilled to announce that will be providing a webinar on May 13, 2024, to further analyze the above data.  Employers will gain insight on what they should be doing to ready themselves for the remainder of FY 2024.  Save the date and stay tuned!

EEOC Scores Summary Judgement Victory Against Indiana RV Maker In Disability Suit

By Gerald L. Maatman, Jr., Alex W. Karasik, and Christian J. Palacios

Duane Morris Takeaways:  In EEOC v. Keystone RV Company, Case No. 3:22-CV-831 (N.D. Ind. Mar. 27, 2024), Judge Damon R. Leichty of the U.S. District Court for the Northern District of Indiana held that an employer was liable under the Americans with Disabilities Act (“ADA”) for failing to accommodate a former employee after the company terminated the worker for attendance issues stemming from his novel medical condition. This rare summary judgement victory in favor of the Commission illustrates the importance of employers engaging in an interactive process with their employees to provide them with reasonable accommodations under federal anti-discrimination laws, and the legal liability associated with non-compliance. 

Background

The Charging party, Brandon Meeks, was diagnosed with cystinuria at the age of 19, a rare chronic illness that caused kidney stones to develop with irregular frequency. Roughly once every two years, he developed a large kidney stone that required surgical removal. In 2019 Meeks was hired as a painter at Keystone’s Wakarusa, Indiana plant, where he painted the base coat on RV wheels.  Keystone had an attendance policy whereby it would terminate an employee who accrued seven “attendance points” (absences) within a year, and allowed an employee to miss up to three consecutive days from one doctor’s note and accrue just one attendance point without applying for an ADA accommodation.  Id. at 2.  According to the record, Mr. Meeks was a “diligent and hard worker,” but he accrued several attendance points for absences related to his medical condition, including a visit to his urologist, and treatment for kidney stone pain. Id.

On November 13, 2019, Meeks collapsed in a restroom due to excruciating pain.  He was promptly rushed to the hospital and informed by a doctor that he had a “golf-ball-sized kidney stone” in his left kidney that would need to be surgically removed.  Id. at 3.  Meeks informed Keystone that he would require two weeks off of work to schedule and recover from surgery, which his employer agreed to given that Keystone’s Wakarusa plant closed down for several weeks from December to January and Meeks would only need a single day off of work. Prior to this request, Meeks had accrued 6 attendance points.  Id. at 4.  When Meeks returned to work on January 13, 2020, he informed Keystone he would need time off for another surgery scheduled on January 24, 2020. Meeks’ manager forecasted to him that he would be terminated if he missed work, and could reapply for employed 60 days later, per company policy.  Id.  According to the manager, Meeks did not provide a return to work date in connection with his second surgery request.  According to Meeks, he knew he could likely return to work on January 27, 2020, but he never communicated this timeline to Keystone because his employer “never asked.” Id. After Meeks underwent his second surgery, on January 24, 2020, his mother drove him to the plant to pick up his paycheck, upon which he was sent to the corporate office and informed he was terminated due to his attendance points.  Meeks subsequently filed a Charge with the EEOC. After its investigation, the EEOC brought suit on his behalf.  On March 27, 2024, Judge Leichty granted summary judgement in favor of the Commission.

The District Court’s Ruling

Judge Leichty began his 19-page ruling by observing that this case illustrated one reason “why the ADA existed.”  Id. at 1.  Judge Leichty observed that “[n]o one can reasonably dispute that Mr. Meeks was a qualified individual with a disability. Keystone knew of the disability. And Keystone failed to accommodate the disability reasonably. A reasonable jury could not find otherwise on this record.”  Id. at 7.

As the record reflected, the Court reasoned that Keystone clearly could have accommodated providing Meeks with two weeks leave, and yet it had not done so. The Court was unpersuaded by Keystone’s arguments that Meeks did not effectively communicate with his employer, and prior to his January surgery, he did not provide Keystone with an estimated return date.  Rather, the Court determined that Keystone had an affirmative obligation to initiate an interactive process with its employees, and had historical knowledge of Meeks’ disability; because of this, the fault was theirs alone.  Thus, “[a] reasonable jury could not lay the fault at Mr. Meeks’ feet,” and the Court granted summary judgement in the EEOC’s favor on ADA liability.  Id. at 10-11.

Judge Leichty scheduled a trial at a later date to assess the question of damages, as factual disputes remained regarding Meeks’ reasonable diligence at finding comparable employment.

Implications For Employers

As the ruling in EEOC v. Keystone RV Company illustrates, it is imperative that employers engage in an interactive process with employees with respect to disability accommodations, provided the employer has reason to know of the employee’s disability. Significantly, a formal ADA request is not necessary on the part of the employee for a court to find an employer at fault for a breakdown of the interactive process.  Because of this, employers should have robust policies in place to proactively provide their employees with reasonable accommodations for their disabilities. To do otherwise risks receiving a pre-liability judgement in favor of a federal, state, or municipal regulatory agency tasked with enforcing anti-discrimination legislation.

The EEOC’s 2023 Annual Performance Report Touts A Record $665 Million In Worker Recoveries

By Gerald L. Maatman, Jr., Alex W. Karasik, and Christian J. Palacios

Duane Morris Takeaways:  On March 11, 2024, the EEOC published its Fiscal Year 2023 Annual Performance Report (FY 2023 APR), highlighting the Commission’s accomplishments for the previous year, including a record-breaking recovery of $665 million in monetary relief for over 22,000 workers, a near 30% increase for workers over Fiscal Year 2022.

Employers should take note of the Commission’s annual report, as it provides invaluable insight into the EEOC’s regulatory priorities, and highlights the significant degree of financial risk that companies face for failing to comply with federal anti-discrimination laws. It is a must read for corporate counsel, HR professional, and business leaders.

FY 2023 Statistical Highlights

The EEOC’s recovery of $665 million in monetary relief over the past fiscal year represents an increase of 29.5% compared to Fiscal Year 2022.  Specifically, the Commission secured approximately $440.5 million for 15,143 workers in the private sector and state and local governments and another $204 million for 5,943 federal employees and applicants.

Furthermore, the Commission reported having one of the most litigious years in recent memory, with 142 new lawsuits filed, marking a 50% increase from Fiscal Year 2022. Among these new lawsuits, 86 were filed on behalf of individuals, 32 were non-systemic suits involving multiple victims, and 25 were systemic suits addressing discriminatory policies or affecting multiple victims. These numbers show an agency flexing its litigation muscles.

The EEOC’s drastic increase in filings was accompanied by a corresponding increase in complaint activity, with 81,055 new discrimination charges received, 233,704 inquiries handled in field offices, and over 522,000 calls from the public, thereby demonstrating the efficacy of the Commission’s outreach and public education efforts.

Other performance highlights from the report included obtaining more than $22.6 million for 968 individuals in litigation, while resolving 98 lawsuits and achieving favorable results in 91% of all federal district court resolutions. The Commission further reduced its private and federal sector inventories by record levels.

Strategic Developments / Systemic Litigation

The Commission also reported significant progress in its “priority areas” for 2023, which included combatting systemic discrimination, preventing workplace harassment, advancing racial justice, remedying retaliation, advancing pay equity, promoting diversity, equity, inclusion and accessibility (“DEIA”) in the workplace, and, significantly, embracing the use of technology, including artificial intelligence, machine learning, and other automated systems in employment decisions.

In 2023, the EEOC resolved over 370 systemic investigations on the merits, resulting in over $29 million in monetary benefits for victims of discrimination. The Commission also reported that its litigation program achieved a 100% success rate in its systemic case resolutions, obtaining over $11 million for 806 systemic discrimination victims, as well as substantial equitable relief.  Further, the Commission made outreach and education programs a priority in 2023, and specifically sought to reach vulnerable workers and underserved communities, including immigrant and farmworker communities, hosting over 680 events for these groups and partnering with over 1,120 organizations, reaching over 107,000 attendees.

Other Notable Developments

Beyond touting its monetary successes, and litigation accomplishments, the FY 2023 APR also highlights the newly enacted Pregnant Workers Fairness Act (“PWFA”), which provides workers with limitations related to pregnancy, childbirth, or related medical conditions the ability to obtain reasonable accommodations, absent undue hardship to the employer.

The Commission began accepting PWFA charges on June 27, 2023 (the law’s effective date) and has conducted broad public outreach relating to employers’ compliance obligations under the new law.

Takeaways For Employers

The EEOC’s Report is akin to a litigation scorecard. By all accounts, 2023 was a record-breaking year for the EEOC. As demonstrated in the report, the Commission has pursued an increasingly aggressive and ambitious litigation strategy to achieve its regulatory goals, and had a great deal of success in obtaining financially significant monetary awards.  Employers should take note of these trends and be proactive in implementing risk-mitigation strategies and EEOC-compliant policies.

We anticipate that the EEOC will continue to aggressively pursue its strategic priority areas in 2024, which could shape out to be another precedent-setting year. We will continue to track EEOC litigation activity, and look forward to providing our blog readers with up-to-date analysis on the latest developments.

It’s Here! The Duane Morris Privacy Class Action Review – 2024


By Gerald L. Maatman, Jr., Jennifer A. Riley, and Alex W. Karasik

Duane Morris Takeaways: The last year saw a virtual explosion in privacy class action litigation. As a result, compliance with privacy laws in the myriad of ways that companies interact with employees, customers, and third parties is a corporate imperative. To that end, the class action team at Duane Morris is pleased to present the Privacy Class Action Review – 2024. This publication analyzes the key privacy-related rulings and developments in 2023 and the significant legal decisions and trends impacting privacy class action litigation for 2024. We hope that companies and employers will benefit from this resource in their compliance with these evolving laws and standards.

Click here to download a copy of the Privacy Class Action Review – 2023 eBook. Look forward to an episode on the Review coming soon on the Class Action Weekly Wire!

Spygate 2.0? New England Patriots Sued In VPPA Privacy Class Action

By Alex W. Karasik and Gerald L. Maatman, Jr.

Duane Morris Takeaways:  On February 1, 2024, a football fan filed a class action lawsuit against the New England Patriots in a Massachusetts federal court, alleging that the football team’s mobile app (the “App”) knowingly disclosed users’ location data and personal information to third-parties in alleged violation of the Video Privacy Protection Act (“VPPA”). This lawsuit marks the latest high-profile VPPA class action lawsuit filing, which have significantly spiked in the last two years.

Although the recent tide of VPPA class action court rulings has generally tipped in favor of defendants, the plaintiffs’ class action bar is still exploring novel theories to bring these high-stakes cases. Companies must therefore pay close attention to privacy-related issues involving mobile applications, including what data is collected and to whom it is transmitted.

The VPPA

Congress passed the VPPA in 1988.  The statute imposes liability on, “[a] video tape service provider who knowingly discloses, to any person, personally identifiable information concerning any consumer of such provider.”  18 U.S.C. § 2710(b)(1).  A “video tape service provider” is defined as “any person, engaged in the business, in or affecting interstate or foreign commerce, of rental, sale, or delivery of prerecorded video cassette tapes or similar audio visual materials.”  Id. 3-4 (citations omitted).  “Personally identifiable information” (“PII”) is defined as “information which identifies a person as having requested or obtained specific video materials or services from a video service provider.”  Id.  In essence, the statute purports to account for advancements in video-delivery technology by defining a “video tape service provider” broadly to include any business engaged in the “rental, sale, or delivery of prerecorded video cassette tapes or similar audio visual materials.”  Id.

The New VPPA Class Action Lawsuit

Plaintiff alleges that he downloaded and installed the App to his mobile phone and regularly used it to access video content.  Id. at 2.  When downloading the App, users are presented with an option to sign into an existing account, create a new account, or continue without signing in by selecting “MAYBE LATER.”  Id. at 4-5.  Plaintiff alleges that consumers who select “MAYBE LATER” are not presented with the App’s Terms of Use or Privacy Policy.  And even if users select “JOIN NOW”, they are redirected to a login screen where they have the option to log in, but are not required to view or assent to any terms of use or privacy policy unless they take additional steps to create an account.  Id. at 5.

In terms of data collection, the lawsuit alleges that when a user opens a video on the App, the App sends the content type, video title, and a persistent identifier to the user’s device. The App then transmits to third parties the user’s information, including location (in geographical coordinates and altitude), advertising ID, and video content consumption. Id. at 6. According to the complaint, the New England Patriots allegedly leverage users’ geolocation so it can maximize advertising revenue and, to that end, uniquely identify its users. For Android software users, the complaint alleges that the Patriots unique advertising ID called an Android Advertising ID (“AAID”) for each of its users with third-parties, which enables a third party to track the user’s movements, habits, and activity on mobile applications.  Id. at 10.

Accordingly, the lawsuit alleges that through the New England Patriots’ dissemination of consumers’ PII, third parties such as Google can collect and store billions of metrics and events and make it easier for clients to make data-driven decisions, and these reports are continuously updated and metrics are reported as they occur.  Id at 16.  Plaintiff seeks to represent a class defined as “All persons in the United States who used the Patriots App to watch videos and had their personally identifiable information — including but not limited to the videos they watched, their geolocation, and their unique advertising IDs — transmitted to one or more third parties.”  Id.  On behalf of the class, Plaintiff seeks an award of damages, including, but not limited to, actual, consequential, punitive, statutory, and nominal damages.

Implications For Businesses

This lawsuit represents another example of class action plaintiffs’ lawyers using traditional state and federal laws – including the long dormant VPPA – to seek relief for alleged privacy violations.  In applying modern technologies to older laws like the VPPA (passed in 1988), courts have grappled with issues such as the determination of who qualifies as a “video tape service provider” or a “consumer” under the statute. It will be interesting to follow this lawsuit to see whether the Court follows the recent trend of courts dismissing VPPA class actions.

That said, this high-profile filing also suggests that companies should regularly update their online consent provisions as needed to specifically address the VPPA. Businesses that pro-actively implement compliance mechanisms will thank themselves later in terms of preventing class action litigation.

California Court Dismisses Artificial Intelligence Employment Discrimination Lawsuit

By Alex W. Karasik, Gerald L. Maatman, Jr. and George J. Schaller

Duane Morris Takeaways:  In Mobley v. Workday, Inc., Case No. 23-CV-770 (N.D. Cal. Jan 19, 2024) (ECF No. 45), Judge Rita F. Lin of the U.S. District Court for the Northern District of California dismissed a lawsuit against Workday involving allegations that algorithm-based applicant screening tools discriminated applicants on the basis of race, age, and disability. With businesses more frequently relying on artificial intelligence to perform recruiting and hiring functions, this ruling is helpful for companies facing algorithm-based discrimination lawsuits in terms of potential strategies to attack such claims at the pleading stage.

Case Background

Plaintiff, an African-American male over the age of forty with anxiety and depression, alleged that he applied to 80 to 100 jobs with companies that use Workday’s screening tools. Despite holding a bachelor’s degree in finance and an associate’s degree in network systems administration, Plaintiff claimed he did not receive not a single job offer. Id. at 1-2.

On July 19, 2021, Plaintiff filed an amended charge of discrimination with the Equal Employment Opportunity Commission (“EEOC”). On November 22, 2022, the EEOC issued a dismissal and notice of right to sue. On February 21, 2023, Plaintiff filed a lawsuit against Workday, alleging that Workday’s tools discriminated against job applicants who are African-American, over the age of 40, and/or disabled in violation of Title VII, the ADEA, and the ADA, respectively.

Workday moved to dismiss the complaint, arguing that Plaintiff failed to exhaust administrative remedies with the EEOC as to his intentional discrimination claims; and that Plaintiff did not allege facts to state a plausible claim that Workday was liable as an “employment agency” under the anti-discrimination statutes at issue.

The Court’s Decision

The Court granted Workday’s motion to dismiss. First, the Court noted the parties did not dispute that Plaintiff’s EEOC charge sufficiently exhausted the disparate impact claims. However, Workday moved to dismiss Plaintiff’s claims for intentional discrimination under Title VII and the ADEA on the basis of his failure to exhaust administrative remedies. Workday argued that the EEOC charge alleged only claims for disparate impact, not intentional discrimination.

Rejecting Workday’s argument, the Court held that it must construe the language of the EEOC charge with “utmost liberality since they are made by those unschooled in the technicalities of formal pleading.” Id. at 5 (internal quotation marks and citations omitted). The Court acknowledged that the thrust of Plaintiff’s factual allegations in the EEOC charge concerned how Workday’s screening tools discriminated against Plaintiff based on his race and age. However, the Court held that those claims were reasonably related to his intentional discrimination claims, and that the EEOC investigation into whether the tools had a disparate impact or were intentionally biased would be intertwined. Accordingly, the Court denied Workday’s motion to dismiss on the basis of failure to exhaust administrative remedies.

Next, the Court addressed Workday argument that Mobley did not allege facts to state a plausible claim that it was liable as an “employment agency” under the anti-discrimination statutes at issue. The Court opined that Plaintiff did not allege facts sufficient to state a claim that Workday was “procuring” employees for these companies, as required for Workday to qualify as an “employment agency.” Id. at 1. For example, Plaintiff did not allege details about his application process other than that he applied to jobs with companies using Workday, and did not land any job offers. The complaint also did not allege that Workday helped recruit and select applicants.

In an attempt to salvage these defects at the motion hearing and in his opposition brief, Plaintiff identified two other potential legal bases for Workday’s liability — as an “indirect employer” and as an “agent.” Id. To give Plaintiff an opportunity to attempt to correct these deficiencies, the Court granted Workday’s motion to dismiss on this basis, but with leave for Plaintiff to amend. Accordingly, the Court granted in part and denied in part Workday’s motion to dismiss.

Implications For Businesses

Artificial intelligence and algorithm-based applicant screening tools are game-changers for companies in terms of streamlining their recruiting and hiring processes. As this lawsuit highlights, these technologies also invite risk in the employment discrimination context.

For technology vendors, this ruling illustrates that novel arguments about the formation of the “employment” relationship could potentially be fruitful at the pleading stage. However, the Court’s decision to let Plaintiff amend the complaint and have one more bite at the apple means Workday is not off the hook just yet. Employers and vendors of recruiting software would be wise to pay attention to this case  –and the anticipated wave of employment discrimination lawsuits that are apt to be filed – as algorithm-based applicant screening tools become more commonplace.

Illinois Federal Court Partially Dismisses Class Action Privacy Claims Involving “Eufy” Security Cameras

By Gerald L. Maatman, Jr., Alex W. Karasik, and Tyler Zmick

Duane Morris Takeaways:  In Sloan, et al. v. Anker Innovations Ltd., No. 22-CV-7174 (N.D. Ill. Jan. 9, 2024), Judge Sarah Ellis of the U.S. District Court for the Northern District of Illinois granted in part a motion to dismiss privacy claims brought against the companies that manufacture and sell “eufy” security products.  The Court dismissed the claims asserted under the federal Wiretap Act because Defendants were “parties” to the communication during which the eufy products sent security recordings to Plaintiffs’ mobile devices (notwithstanding that the products also sent the data to a server owned by Defendants).  In addition, the Court partially dismissed Plaintiffs’ claims under the Illinois Biometric Information Privacy Act and under four state consumer protection statutes, thereby allowing Plaintiffs to proceed with their case only with respect to some of their claims.

For businesses who are embroiled in facial recognition software and related privacy class actions, this ruling provides a helpful roadmap for fracturing such claims at the outset of the lawsuit.

Case Background

Plaintiffs were individuals from various states who purchased and used Defendants’ “eufy” branded home security cameras and video doorbells.  The eufy products can, among other things, detect motion outside a person’s home and apply a facial recognition program differentiate “between known individuals and strangers by recognizing biometric identifiers and comparing the face template against those stored in a database.”  Id. at 3.  Eufy products sync to a user’s phone through eufy’s Security app, which notifies a user of motion around the camera by sending the use a recorded thumbnail image or text message.

Defendants advertised that the video recordings and facial recognition data obtained through eufy cameras are stored locally on user-owned equipment owned and that the data would be encrypted so that only the user could access it.  Media reports later revealed, however, that the eufy products uploaded thumbnail images used to notify users of movement to Defendants’ cloud storage without encryption, and that users could stream content from their videos through unencrypted websites.

Claiming they relied to their detriment on Defendants’ (allegedly false) privacy-related representations when purchasing the eufy products, the eight named Plaintiffs filed a putative class action against corporate Defendants involved in the manufacture and sale of “eufy” products.  In their complaint, Plaintiffs asserted that Defendants violated: (1) the Federal Wiretap Act; (2) the Biometric Information Privacy Act (the “BIPA”); and (3) the consumer protection statutes of Illinois, New York, Massachusetts, and Florida.  Defendants moved to dismiss Plaintiffs’ claims under Federal Rule of Civil Procedure 12(b)(6).

The Court’s Decision

The Court granted in part and denied in part Defendants’ motion, holding that: (1) the Wiretap Act claim should be dismissed because Defendants were a party to the relevant communication (i.e., the transmission of data from eufy products to Plaintiffs via the eufy Security app); (2) the BIPA claims should be dismissed as to non-Illinois resident Plaintiffs; and (3) the claims brought under the relevant consumer protection statutes should be dismissed only to the extent they were premised on certain of Defendants’ public-facing privacy statements.

Wiretap Act Claims

The Court first addressed Plaintiffs’ Wiretap Act claims, explaining that the statute “empowers a private citizen to bring a civil claim against someone who ‘intentionally intercepts [or] endeavors to intercept . . . any wire, oral, or electronic communication.’”  Id. at 8 (quoting 18 U.S.C. § 2511(1)(a)).

Defendants argued that Plaintiffs failed to state a claim under the Wiretap Act because the statute does not apply to a party to the relevant communication.  Specifically, the Wiretap Act exempts a person who intercepts an electronic communication “where such person is a party to the communication or where one of the parties to the communication has given prior consent to such interception.”  18 U.S.C. § 2511(2)(d).

The Court agreed with Defendants and thus dismissed Plaintiffs’ Wiretap Act claim.  The Court described the relevant “communication” as the transmission of data from eufy products to Plaintiffs’ devices and explained that the transmission “is not between the eufy product and Plaintiffs, but rather between the eufy product and the eufy Security app, which Defendants own and operate.  As such, the communication necessarily requires Defendants’ participation, even if Plaintiffs did not intend to share their information with Defendants.”  Id. at 8-9 (emphasis added).  The Court thus held that Defendants were parties to the communication, and Defendants also uploading the data to their own server (without Plaintiffs’ knowledge) did not change that conclusion.

BIPA Claims

Regarding Plaintiffs’ BIPA claims, Defendants argued that Plaintiffs failed to allege that the relevant data (which Defendants described as “thumbnail images”) qualifies for protection under the BIPA because photographs are not biometric data under the statute.  The Court rejected this argument since Plaintiffs alleged that Defendants uploaded thumbnail information and facial recognition data (namely, “scans of face geometry”) to their server.

The Court agreed with Defendants’ second argument, however, which asserted that Plaintiffs’ BIPA claim failed to the extent it was brought by or on behalf of Plaintiffs who are not Illinois residents.  The BIPA applies only where the underlying conduct occurs “primarily and substantially” in Illinois.  The Court determined that the relevant communications between Plaintiffs and Defendants “occurred primarily and substantially in the state of residency for each Plaintiff.”  Id. at 12-13.  And the End User License Agreement for eufy Camera Products and the Security App stating that the agreement is governed by Illinois law did not change the result that the BIPA claim brought by non-Illinois residents must be dismissed.

Statutory Consumer Protection Claims

Finally, the Court turned to Defendants’ contentions relative to the alleged violations of the four state consumer protection statutes.  In beginning its analysis, the Court explained that “[t]o state a claim for deceptive practices under any of the alleged state consumer fraud statutes, Plaintiffs must allege a deceptive statement or act that caused their harm.”  Id. at 14.  Moreover, “a statement is deceptive if it creates a likelihood of deception or has the capacity to deceive.”  Id. at 15 (citation omitted); see also id. (noting that “the allegedly deceptive act must be looked upon in light of the totality of the information made available to the plaintiff”) (citation omitted).  Defendants argued in their motion to dismiss that Plaintiffs did not allege cognizable deceptive statements because the statements at issue constitute either puffery or are not false.

The Court dismissed Plaintiffs’ statutory fraud claims in part.  Specifically, the Court held that Defendants’ advertising in the form of certain “statements relating to privacy” (e.g., “your privacy is something that we value as much as you do”) constituted nonactionable “puffery.”  Id. at 16.  The Court therefore dismissed Plaintiffs’ statutory fraud claims insofar as they were premised on the similarly vague “statements relating to privacy.”

However, the Court denied Defendants’ attempt to dismiss the claims premised on their more specific statements about (1) end-user data being stored only on a user’s local device, (2) the use of alleged facial recognition, and (3) end-user data being encrypted.  Defendants argued that these were “accurate statements” and thus could not serve as the basis for consumer fraud claims.  The Court disagreed, ruling that Plaintiffs sufficiently alleged that the storage, encryption, and facial recognition statements may have misled a reasonable consumer.  Accordingly, the Court granted in part and denied in part Defendants’ motion to dismiss.

Implications For Corporate Counsel

The most significant aspect of Sloan v. Anker Innovations Limited is the Court’s analysis of Plaintiffs’ Wiretap Act claims, given the rapidly emerging trend among the plaintiff class action bar of using traditional state and federal laws – including the Wiretap Act – to seek relief for alleged privacy violations.  In applying modern technologies to older laws like the Wiretap Act (passed in 1986), courts have grappled with issues such as the determination of who is a “party to the communication” such that an entity is exempt from the statute’s scope.  As data exchanges and data storage become more complex, the “party to the communication” determination reciprocally becomes more nebulous.

In Sloan, the “communication” was the eufy products transmitting data to Plaintiffs’ device and “contemporaneously intercept[ing] and sen[ding] [the data] to [Defendant’s] server.”  Id. at 8 (citation omitted).  Because Plaintiffs had to use the eufy Security app to access the data, and because Defendants owned and operated the app, the Court determined that Defendants necessarily participated in the communication.  But the result may have been different if, for instance, Plaintiffs could use a different app (one not owned by Defendants) to access the data, or if unbeknownst to Plaintiffs, the eufy Securty app was actually owned and operated by a third-party entity.  The upshot is that corporate counsel should keep these principles in mind with respect to any data-flow processes regarding end-user or employee data.

© 2009- Duane Morris LLP. Duane Morris is a registered service mark of Duane Morris LLP.

The opinions expressed on this blog are those of the author and are not to be construed as legal advice.

Proudly powered by WordPress