Gerald L. Maatman, Jr. – Page 2 – Class Action Defense

May 27, 2026May 27, 2026 by Gerald L. Maatman, Jr.

North Carolina Federal Court Highlights “Severe And Pervasive” Requirement Under Title VII In Denying Partial Motion To Dismiss A Pattern or Practice Claim Brought By The EEOC

By Gerald L. Maatman, Jr., Denis I. Yavorskiy, and Andrew P. Quay

Duane Morris Takeaways: On May 19, 2026, in EEOC v. Recovery Innovations, Inc. d/b/a RI Int’l, No. 25-CV-767, 2026 U.S. Dist. LEXIS 110782 (E.D.N.C. May 19, 2026), Judge Terrence W. Boyle of the U.S. District Court for the Eastern District of North Carolina denied a partial motion to dismiss a Title VII pattern or practice claims after finding that the EEOC’s complaint properly pled “severe or pervasive” harassment and sufficiently described a group of similarly aggrieved female employees. Id. at *4, 5. Judge Boyle held that alleged unwelcome conduct from a supervisor who supervised “at least some of the” allegedly injured workers was “sufficiently severe or pervasive” and that the universe of alleged victims was sufficiently described without identifying the alleged victims. Id.

The decision reinforces the importance of authoritative conduct and the leniency afforded to plaintiffs and the EEOC in bringing pattern or practice claims on behalf of alleged victims of discrimination.

Case Background

Defendant Recovery Innovations operates the Dix Crisis Intervention Center in Jacksonville, North Carolina. Id. at *1, 2. The Jacksonville center provides outpatient services for mental health disorders and substance abuse. Id. at *2. Recovery Innovations hired Chiara Munna as a “Peer Support Specialist” at the Jacksonville center. Id. Munna’s shift supervisor allegedly made “repeated sexual comments to the women under his supervision, touched them sexually, and sent at least two of them unwelcome sexual text messages and photos.” Id.

The EEOC filed suit on behalf of Munna and a group of similarly aggrieved female employees, asserting claims for: (1) sex harassment and hostile work environment under Title VII; (2) failure to accommodate under the ADA; (3) discriminatory discharge under the ADA; and (4) ADA record keeping violation under the ADA. Id. The Title VII claim is brought on behalf of Munna and “similarly aggrieved women.” Id. Recovery Innovations moved to dismiss the Title VII claims on behalf of the group of workers but not those brought on Munna’s behalf individually. Id.

The complaint alleges that Munna’s shift supervisor “engaged in unwelcome and offensive conduct ‘on nearly every occasion’ the [workers] encountered him,” including repeatedly insisting on “hugging them, elicit[ing] physical contact by impeding their paths or cornering and intimidating them, mak[ing] unwelcome sexual comments,” and sending sexually explicit photos of himself to at least two class members, among other misconduct. Id. at *4.

The Court’s Analysis

Recovery Innovations raised two arguments in its motion to dismiss. Its “chief argument” in support of dismissal was that the complaint failed to allege “severe and pervasive” harassment. Id. Recovery Innovations’ second argument was that the complaint “insufficiently describes” the group of allegedly injured workers, as it did not provide sufficient notice of “when the harassment occurred or precisely what unwelcome conduct each [worker] suffered.” Id. Judge Boyle rejected both of these arguments and denied Recovery Innovations’ partial motion to dismiss the Title VII pattern or practice claims.

First, as to Defendant’s “severe and pervasive” argument, Judge Boyle held that the alleged conduct was “sufficiently severe or pervasive to alter the class members’ conditions of employment” because “‘a supervisor’s power and authority invests his or her harassing conduct with a particularly threatening character.’” Id. at *4, 5 (quoting Boyer-Liberto v. Fontainebleau Corp., 786 F.3d 264, 278 (4th Cir. 2015)).

Second, as to Defendant’s argument that the complaint insufficiently describes the group of alleged victims, Judge Boyle found that “[a]n EEOC complaint brought on behalf of a [group of victims] is not . . . ‘deficient for failing to identify the numerous alleged victims of discrimination.’” Id. at *5 (quoting EEOC v. PBM Graphics Inc., 877 F. Supp. 2d 334, 347 (M.D.N.C. 2012)). In addition, because the complaint alleged that the alleged victims reported the supervisor’s conduct to the facility’s program supervisor, Recovery Innovations received “fair notice” of the “time frame and scope” of the workers at issue. Id.

Having found that the complaint adequately pled “severe or pervasive” harassment and sufficiently described the group of aggrieved female employees, Judge Boyle denied Recovery Innovations’ partial motion to dismiss. Id.

Implications For Employers

Recovery Innovations shines light on the “severe or pervasive” standard under Title VII when applied to a supervisor’s alleged conduct, as well as the pleading leniency surrounding claims that encompass alleged victims of discrimination. Corporate counsel should implement and update training for managerial employees regarding sexual misconduct to make every effort to avoid Title VII pattern or practice claims.

May 27, 2026May 27, 2026 by Gerald L. Maatman, Jr.

Pennsylvania Federal Court Delivers Misjoinder Blow To FedEx Drivers’ Wage And Hour Mass Actions

By Gerald L. Maatman, Jr., Elisabeth Bassani, and Olga A. Romadin

Duane Morris Takeaways: On May 18, 2026, Judge Robert J. Colville of the U.S. District Court for the Western District of Pennsylvania issued an order severing claims of over 14,000 plaintiffs who had alleged violations of the Fair Labor Standards Act (“FLSA”) and state laws in Brannon, et al. v. Federal Express Corp., No. CV 2:24-1128, 2026 WL 1382330 (W.D. Pa. May 18, 2026), Abner, et al. v. Federal Express Corp., No. 2:25-1129, 2026 WL 1382330 (W.D. Pa. May 18, 2026), and Smith, et al. v. Federal Express Corp., No. 2:25-1507, 2026 WL 1382330 (W.D. Pa. May 18, 2026). Following an order to show cause, plaintiffs in each of the three matters filed motions to sever and to transfer venue, which the Court granted, tolling the statute of limitations to permit individual plaintiffs to file individual claims.

Case Background

Three mass actions were filed following voluntary decertification and dismissal by plaintiffs in Claiborne, et al. v. FedEx Ground Package Systems, Inc., No. 2:18-CV-1698 (W.D. Pa.), a conditionally certified class and collective action consisting of over 30,000 opt-ins alleging FLSA overtime violations which had been pending in the Western District of Pennsylvania for almost seven years. Id. at *1. The Court subsequently granted a Motion on Misjoinder, Change of Venue, and Separate Trials, and severed the claims of all plaintiffs in Claiborne, and a related matter entitled Atwood, et al. v. FedEx Ground Package Systems, Inc., No. 2:24-CV-1127 (W.D. Pa.). Id. The Court also issued a Memorandum Order in which it opined that Brannon and Abner were also likely mis-joined, and ordered the plaintiffs in those matters to show cause. Id. In response, the plaintiffs motioned to sever and transfer their claims to appropriate forums, as the court had granted in Claiborne and Atwood, which FedEx opposed. Id.

The Court’s Decision

The Court, including the Smith matter in its opinion due to all three matters being represented by the same law firm, granted the plaintiffs’ motion to sever, and tolled the statute of limitations at 60 days, though it declined to transfer the claims of the thousands of individual plaintiffs to appropriate forums as requested because it determined that doing so would be overly burdensome for the Court and the Clerk’s Office. Id. at *3.

Noting the wide disparity in the numbers of putative plaintiffs in Claiborne and Atwood, which had twelve and two, respectively,and the hundreds and thousands of named plaintiffs in the three matters at issue here, the Court warned that the mass actions had the appearance of “a tactical maneuver around the standard or collective action procedures,” which the plaintiffs were unable to maintain, and the Court found to be improper. Id. at *2.

The Court found, as it had in its prior orders, that the plaintiffs here were mis-joined under Federal Rule of Civil Procedure 20. Id. at *3. Noting that the U.S. District Court for the District of Massachusetts echoed its conclusions on mis-joinder in related cases before it, the Court wrote that its prior conclusions regarding impracticality of litigating the claims in Claiborne and Atwood were equally applicable here in that holding a trial for 14,296 individual plaintiffs with individual issues predominating was “patently untenable.” Id. Further, the Court found that the claims did not arise out of the same transaction, occurrence, or series of transactions or occurrences, as required for joinder under Rule 20, and thus elected to sever the claims. Id.

Finally, the Court determined that the plaintiffs’ severed claims would be continuations of their current cases, and therefore permitted an extension of the tolling period to allow them 60 days to file individual actions in appropriate forums, but cautioned that any further efforts to bring additional mass claims would be “at their own peril.” Id. at *4.

Implications For Employers

For employers with a workforce that may fall under the FLSA, this decision offers practical insight into maintaining a compliant overtime program.

The Court’s decision additionally highlights the proliferation of creative procedural tactics, such as mass actions, undertaken by plaintiffs’ attorneys as a strategic loophole when class and collective actions are otherwise unsuccessful.

May 19, 2026May 19, 2026 by Gerald L. Maatman, Jr.

California Supreme Court Rules That A Smash-And-Grab Hardware Theft, With No Access To Sensitive Records, Does Not Automatically Result In Multi-Million Or Billion Dollar Liability Under California Privacy Laws

By Gerald L. Maatman, Jr., Jennifer A. Riley, Ryan T. Garippo, and Jamar D. Davis

Duane Morris Takeaways: On May 14, 2026, in J.M. v. Illuminate Education, Inc., No. S286699, 2026 Cal. LEXIS 2657 (May 14, 2026), the California Supreme Court held that the California Court of Appeal decision to deny a demurrer was improper for an incorrect application of privacy laws. This decision emphasizes why defendants should confirm whether a plaintiff sufficiently pled a cause of action that aligns with the remedies that he or she seeks to recover. Further, the opinion clarifies that injury under the Confidentiality of Medical Information Act, Cal. Civ. Code § 56, et seq. (“CMIA”) depends on whether the company subjects medical information to a substantial risk of unauthorized use or access, not whether the unauthorized user actually views sensitive data.

Case Background

Illuminate Education, Inc. (“Illuminate”) is a technology company that helps educators determine the academic progression of an individual student, as well as their areas of potential improvement. The company uses data from individual students, including medical data, to make these determinations. Illuminate provided its services to the Ventura County Office of Education, under which Plaintiff (a minor) was a student. Plaintiff provided his medical information to the Ventura County Office of Education, which then provided Plaintiff’s health data to Illuminate.

In 2022, Illuminate became aware of suspicious activity related to its systems. Illuminate promptly initiated an investigation. The investigation confirmed an unauthorized user gained access to Illuminate’s records, including students’ medical information. Illuminate sent a notice to the guardians of the affected students, including Plaintiff, informing them of the scope of the potential disclosure. The notice made it clear that Illuminate found no evidence that the unauthorized user (or users) was successful in actual or attempted misuse of the data.

After the breach, Plaintiff alleges that he received several mail solicitations at an address provided to only the Ventura County Office of Education. As a result, Plaintiff filed a class action lawsuit alleging that Illuminate, as health care provider, negligently managed the students’ medical records under the CMIA and failed to expediently disclose the data breach to those affected under the Customer Records Act, Cal. Civ. Code § 1798.80, et seq. (“CRA”).

The trial court sustained Illuminate’s demurrer, without leave to amend, after Plaintiff twice failed to cure deficiencies in his pleadings. The Court of Appeal reversed that decision, holding that the trial court abused its discretion by sustaining the demurrer, because Plaintiff may have been able to cure the defects in his complaint if a different legal analysis was applied.

Following that decision, the California Supreme Court set out to resolve the disagreement.

The California Supreme Court’s Decision

The California Supreme Court’s analysis hinges on its statutory interpretation, involving the plain reading of the statutes and their legislative histories. Generally, this analysis fell into three distinct categories.

First, Justice Goodwin Liu, writing for the California Supreme Court, reasoned that Plaintiff failed to establish a valid claim under CMIA because he could not allege that Illuminate was a “provider of health care” under California Civil Code section 56.06. Relying on the text of section 56.06, the Supreme Court explained there are two ways for a business to qualify as a “provider of health care”: (1) a covered business maintains medical records to make the information available to either an individual or a health care provider upon request of the individual or provider; or (2) a covered business makes medical information available for an individual or a health care provider upon request to allow an individual to manage their information, or to help diagnose or treat the individual.

The Supreme Court also confirmed this interpretation by relying on the legislative history of the statutes. The Supreme Court observed that the legislative history confirmed that the legislature was concerned with situations where diabetics used a data platform to record glucose levels, or where people with hypertension used platforms to track their blood pressure. Relying on the legislative history, the Supreme Court observed that Plaintiff never alleged that Illuminate created a repository of student records that allowed the students to create their own records, or to access and share those records at their discretion. Instead, Plaintiff asserted that Illuminate stored medical information to help educators monitor, evaluate, and address student needs. As a result, Illuminate was not a “provider of health care,” because it did not make medical records available upon request of the individual or provider.

The Supreme Court also quickly addressed Plaintiff’s inability to satisfy the alternative method for determining whether Illuminate is a “provider of health care” because Plaintiff never alleged that Illuminate “provides medical information to health care providers or individuals for diagnosis and treatment of an individual.” Illuminate Education, 2026 Cal. LEXIS 2657, at *12. As a result, and after quickly dispensing with a few other arguments, the Supreme Court concluded that Illuminate was not a “provider of health care” under the CMIA.

Second, in addition to analyzing whether Illuminate was a “provider of health care,” the Supreme Court also determined whether Plaintiff had alleged sufficient injury to state a claim under the CMIA. The Supreme Court disagreed with Illuminate’s argument that injury requires an unauthorized person to view medical data, and ruled that a plaintiff alleges injury by claiming that the medical information was exposed to “a significant risk of unauthorized access or use.” Id. at *29.

The CMIA requires covered entities to “preserve[] the confidentiality” of medical information. Cal. Civ. Code § 56.101(a). The Supreme Court stated that “confidentiality” requires “keeping information private or secret” and clarified that this obligation applies regardless of whether an unauthorized party actually views the data. Illuminate Education, 2026 Cal. LEXIS 2657, at *26. (“[W]e reject the rule that no breach of confidentiality has occurred until medical information is actually viewed by an unauthorized person.”). Instead, the determination of whether a covered entity failed to preserve the confidentiality of data depends on a factor-based analysis that considers the “form, duration, and extent of the data breach, as well as any mitigation efforts by the covered entity.” Id. at *30. Thus, a plaintiff need not allege that his or her data was “actually viewed” by a third party, because that person is “unlikely to know what an unauthorized party has done with their data unless they suffer actual damage” and instead “[a]ll relevant circumstances must be considered” when determining whether confidentiality was breached. Id.

Third, for the CRA claim, the Supreme Court ruled that Plaintiff did not state a cause of action against Illuminate because Plaintiff was not a customer within the meaning of the statute. To bring suit under the CRA, a plaintiff must establish that he or she is a “customer” within the meaning of the statute. Boorstein v. CBS Interactive, Inc., 222 Cal. App. 4th 456, 467 (2013). A customer is “an individual who provides personal information to a business for the purpose of purchasing or leasing a product or obtaining a service from the business.” Cal. Civ. Code § 1798.80(c). Here, the Supreme Court found that Plaintiff never alleged that he provided any personal information to Illuminate to purchase or lease a product, or obtain a service from Illuminate. The Supreme Court observed that the Ventura County Office of Education purchased Illuminate’s services and provided the student information, not Plaintiff. Moreover, the Supreme Court disregarded Plaintiff’s argument that he was the “ultimate” customer of Illuminate because the CRA “does not authorize suit by all consumers or beneficiaries; it authorizes a civil action for an injured ’customer.’” Id. at *32.

In the end, the Supreme Court reversed the judgment of the Court of Appeal and remanded the matter for further proceedings.

Implications For Companies

This decision emphasizes the importance of ensuring that a plaintiff has sufficiently pled all causes of action asserted. When the CMIA or CRA are involved, companies must consider whether they are, in fact, a covered entity in order to determine whether they are subject to the statutes’ reach.

Further, to assert injury under the CMIA for a data breach claim, the analysis hinges on the risk of unauthorized use, not what an unauthorized user is able to do with the data. Thus, it is imperative that companies take all reasonable steps to retain the confidentiality of sensitive records, making an extra effort to ensure that hardware is secure.

For CRA claims, companies need to pay special attention to which entities solicit or contract for their services as attention to these details can potentially thwart a potential CRA claim.

In short, organizations that use such medical data, and operate in California, should take note of this decision because it impacts their defenses both positively and negatively going forward.

May 19, 2026May 19, 2026 by Gerald L. Maatman, Jr.

Announcing The New Duane Morris Higher Education Class Action Review – 2026!

By Gerald L. Maatman, Jr. and Jennifer A. Riley

Duane Morris Takeaway: We are proud to announce the release of the first-ever Higher Education Class Action Review – 2026, a comprehensive examination of the rapidly evolving world of litigation involving colleges and universities.

Class action lawsuits against colleges and universities have multiplied in both frequency and complexity over the last several decades. What began as isolated disputes involving admissions practices or employment discrimination has evolved into a broad spectrum of high-stakes litigation touching nearly every aspect of institutional operations. Institutions now confront class claims involving tuition and fee refunds, antitrust allegations, Title IX compliance, financial aid practices, student privacy, labor and employment disputes, disability accommodations, consumer protection statutes, data breaches, and the use of emerging educational technologies.

The COVID-19 pandemic accelerated many of these trends, producing an unprecedented wave of litigation that tested the contractual, fiduciary, and ethical obligations universities owe to students, faculty, and employees alike. At the same time, plaintiffs’ attorneys increasingly recognized that educational institutions possess the precise characteristics that make them attractive targets for aggregate litigation: substantial assets, expansive data systems, and policies affecting large populations.

As a result, colleges and universities now operate in an environment where a single institutional decision can trigger nationwide claims involving thousands of individuals and expose institutions to extraordinary legal and reputational risk.

Yet higher education remains unlike any other industry. Universities occupy a unique legal and cultural space shaped by academic freedom, shared governance, nonprofit missions, constitutional obligations, and public trust. Courts are often tasked with balancing these longstanding traditions against modern doctrines of consumer protection, employment law, privacy regulation, and mass tort procedure.

The Higher Education Class Action Review – 2026 explores the procedural frameworks governing class certification, the substantive legal theories most frequently asserted against educational institutions, and the strategic considerations that shape litigation outcomes. Designed for attorneys, university counsel, administrators, policymakers, academics, and risk management professionals, the book provides a detailed roadmap for understanding the rapidly expanding role of class action litigation in education.

The Higher Education Class Action Review – 2026 offers readers a timely and authoritative guide to one of the most consequential developments in modern education law. Get your eBook copy today!

Stay tuned to the Class Action Weekly Wire for more news and information about the Higher Education Class Action Review – 2026.

May 15, 2026May 15, 2026 by Gerald L. Maatman, Jr.

Third Circuit Holds That Unauthorized Collection Of Credit Card Information Via Session Replay Code Confers Article III Standing, Creating Split Of Authority

By Gerald L. Maatman, Jr., Justin Donoho, and Hayley Ryan

Duane Morris Takeaways: On May 11, 2026, in In Re BPS Direct, LLC; Cabela’s, LLC Wiretapping Litigation, No. 23-3235, 2026 WL 1280969 (3d Cir. May 11, 2026), the U.S. Court of Appeals for the Third Circuit reversed a federal district court’s dismissal of a class action alleging that defendants’ use of session replay code, a form of website analytics technology, violated federal and state privacy laws. The Third Circuit held that two plaintiffs who made purchases on the defendants’ websites had standing to sue because the session replay code collected their credit card information without consent, an alleged injury the Third Circuit deemed analogous to the common law tort intrusion upon seclusion. Id. at *6-7.

This ruling is significant in that it shows that in class actions seeking millions (or billions) in dollars in statutory damages under federal and state data privacy laws for alleged use of session replay code, the Third Circuit has distinguished itself from California District Courts, which have held that there is no reasonable expectation of privacy in credit card information collected by session replay code. Companies operating in the Third Circuit should take note as the legal risk of session replay code has meaningfully shifted in that jurisdiction.

Background

Many companies embed their websites with session replay code and other similar software such as Google Analytics and the Meta Pixel in order to perform website analytics and/or targeted advertising. All of these various technologies capture users’ browsing behaviors and cryptographically transmit this data to algorithms residing on the software providers’ servers. Upon entry into the algorithm, this data is typically anonymized, aggregated, and not alleged to have been viewed or accessible by any human. In addition, session replay code (unlike other website analytics and advertising technologies) is typically alleged to record and store “videos” of “all mouse movements, clicks, scrolls, zooms, window resizes, keystrokes, [and] text entries,” so that the session replay provider can provide that information back to the company “in a format that [the company] can use for its business purposes.” Id. at *1, 5. Plaintiffs across the country have filed multitudes of class actions challenging these various website analytics and advertising practices under federal and state privacy laws, targeting companies in virtually every industry, including healthcare, retail, education, and consumer products. Some cases have resulted in multimillion-dollar settlements, others have been dismissed, and the vast majority remain undecided. In these session replay and other data privacy class actions, the central question is often whether the specific data captured is sufficiently sensitive or personally identifying to establish a cognizable legal injury.

In In re BPS Direct, LLC, eight named plaintiffs sued the defendant retailers, alleging that session replay code embedded on their websites captured users’ interactions, including “mouse clicks and movements, keystrokes, search terms, substantive information inputted …, pages and content viewed …, scroll movement[s], and copy and paste actions.” Id. at *2. Plaintiffs asserted claims under the federal Wiretap Act, 18 U.S.C. § 2510 et seq., and the Computer Fraud and Abuse Act, 18 U.S.C. § 1030 et seq., along with several state and common law causes of action. Id.

The plaintiffs fell into two groups. Two plaintiffs made purchases on the defendants’ websites and entered his or her “name, address, and payment and billing information” into text fields. Id. The remaining six plaintiffs browsed the websites without making purchases and did not enter any personally identifying information while browsing the websites. Id.

Defendants moved to dismiss for lack of Article III standing under Federal Rule of Civil Procedure 12(b)(1) and for failure to state a claim under Federal Rule of Civil Procedure 12(b)(6). The District Court granted the motion, dismissing the non-purchasing plaintiffs’ claims with prejudice, finding that, after two attempts, they could not establish concrete harm “because they did not make purchases on the Websites or engage in any activity prompting their browsers to send highly sensitive personal information such as medical diagnosis information or financial data from banks or credit cards.” 705 F. Supp. 3d 333, 367 (E.D. Pa. 2023). The claims of the two purchasing plaintiffs were dismissed without prejudice. Id. Rather than amend, those two plaintiffs filed a notice of intent to stand on their allegations, and all eight plaintiffs appealed. 2026 WL 1280969, at *2-3.

The Third Circuit’s Decision

The Third Circuit reversed the dismissal of the purchasing plaintiffs’ claims and modified the dismissal of the non-purchasing plaintiffs’ claims from with prejudice to without prejudice. Id. at *1.

The Third Circuit analyzed standing under two analogous common law torts: (1) public disclosure of private facts, and (2) intrusion upon seclusion. It held that none of the plaintiffs had standing under the first theory. As to the non-purchasing plaintiffs, their browsing data was neither sensitive nor personally identifiable. As to the purchasing plaintiffs, their information was not publicly disclosed. Id. at *4-5.

The Third Circuit held that only the two purchasing plaintiffs had standing under the intrusion upon seclusion theory. Id. at *3. Under that common law tort, “[o]ne who intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the intrusion would be highly offensive to a reasonable person.” Id. at *5 (citing Restatement (Second) of Torts § 652B (1977)). The Third Circuit concluded that the two purchasing plaintiffs had entered “personal or sensitive” information – specifically their “complete credit card or debit card numbers” – when making purchases on the defendants’ websites. Id. at *7. The Third Circuit reasoned that “[j]ust as media consumption is sensitive and historically private, so is a person’s complete credit card or debit card number.” Id.

Accordingly, the Third Circuit held that these two plaintiffs had standing based on their allegations that defendants embedded session replay code in their websites, allowing third-party adtech providers to “surreptitiously record their billing and payment information absent consent.” Id.

Implications For Companies

This ruling puts the Third Circuit at odds with California District Courts, which have reached the opposite conclusion in two session replay cases. See Thomas v. Papa Johns Int’l, Inc., 2024 WL 2060140, at *5 (S.D. Cal. May 8, 2024) (plaintiff’s “name, address, credit card number(s), and billing information” collected via session replay is “not information over which society is prepared to recognize a reasonable expectation of privacy”); Saleh v. Nike, Inc., 562 F. Supp. 3d 503, 525 (C.D. Cal. 2021) (collection via session replay of a website user’s “payment card information, including card number, expiration date, and CCV code” without consent was insufficient to constitute an invasion of privacy).

In the Third Circuit, session replay is no longer just an analytics tool – it carries significant legal risk for website operators. Companies facing session replay class actions in the Third Circuit should shift their litigation strategy accordingly and consider moving beyond standing arguments, including demonstrating that plaintiffs cannot meet their burden of proof on the elements of the claims asserted.

Given the volume of session replay and similar litigation pending nationwide and the significant statutory damages at stake, this decision warrants close attention from any company whose website uses session replay code or similar technologies.

May 13, 2026May 13, 2026 by Gerald L. Maatman, Jr.

Wisconsin Federal Court Remands Privacy Class Action Lawsuit Based On Lack Of No Injury From Google Analytics Data Tracking

By Gerald L. Maatman, Jr., Bernadette M. Coyle, and Andrew P. Quay

Duane Morris Takeaways: On May 1, 2026, in Brahm, et al. v. Hospital Sisters Health System, et al., No. 23-CV-444, 2026 U.S. Dist. LEXIS 96866 (W.D. Wis. May 1, 2026), Judge William M. Conley of the U.S. District Court for the Western District of Wisconsin remanded a putative class action to state court after finding that Plaintiffs lacked Article III standing to pursue claims that healthcare defendants’ use of Google Analytics on patient portals resulted in unauthorized disclosure of protected health information (“PHI”) to Google. Id. at *2-3. The Court held that Plaintiffs’ lack of evidence of actual harm, together with their theory of future harm, was insufficient to confer standing. Id. at *3. The decision reinforces the growing trend among federal courts requiring proof that disclosed data was actually used to identify individuals, not merely that such identification was theoretically possible.

Case Background

The Defendant healthcare companies operate public websites and authenticated MyChart patient portals as “MyHSHS” and “MyPrevea,” which allow patients to log in with a username and password to access their medical records, schedule appointments, and pay bills. Id. at *4. Between at least 2016 and 2023, Defendants deployed Google Analytics tracking technology on their public websites, within patient portals on their websites, and on MyPrevea’s login page and app. Id. at *6. Whenever a user visits Defendants’ websites or portals, Google Analytics gathers information about the user’s interactions and shares certain transmissions with Google. Id. at *7.

Plaintiffs asserted that Google Analytics routinely disclosed patients’ identities and protected health care information to third-party websites like Google without the patients’ knowledge or consent. Id. at *1. Plaintiffs alleged that they began seeing Facebook advertisements related to their specific medical conditions after visiting Defendants’ portals or websites. Id. at *5. However, Plaintiffs also searched about their medical conditions or treatment online and have had their personal information involuntarily exposed to third parties by entities unrelated to the litigation. Id. None of the Plaintiffs had ever tried or intended to sell their PHI, nor did they claim to have suffered any out-of-pocket expenses as a result of Defendants’ allegedly wrongful disclosures. Id. at *10. Nonetheless, they sought actual damages based on the alleged “diminished sales value of their PHI,” as well as statutory and nominal damages. Id.

Plaintiffs alleged claims for violation of federal and state wiretapping statutes, as well as Wisconsin common and statutory laws for breach of duty of confidentiality, breach of implied contract to protect privacy, public disclosure of private facts, and unjust enrichment. Id. at *3. Plaintiffs moved to certify four subclasses, while Defendants moved for summary judgment as to all claims. Id.

The Court’s Opinion

The Court addressed the “threshold question” of Article III standing on its own initiative, noting that Defendants’ summary judgment motion called Plaintiffs’ standing into question and standing “is jurisdictional and cannot be waived” and must be “secured at each stage of the litigation.” Id. at *12. While the Court had previously allowed the original named Plaintiff to proceed past the motion to dismiss stage because it found her allegations of injury sufficient at the pleading stage, the Court explained that with a full record at the summary judgment stage, Plaintiffs failed to present sufficient evidence of a concrete injury-in-fact on multiple grounds. Id.

First, as to Plaintiffs’ tort claims for invasion of privacy and breach of fiduciary duty, the Court found no evidence from which a reasonable jury could conclude that their patient identity or PHI was actually disclosed to Google, disclosed by Google, or used by Google inappropriately. Id. at *17. Plaintiffs’ evidence did not establish that any of the disclosed anonymous information was actually used by Google or another third party to identify them. Id.

Despite Plaintiffs’ expert opining that Google’s systems had the “technical capability and documented practice” of linking information to specific individuals, the Court determined that the capabilities of Google’s systems were insufficient to demonstrate what it actually did. Id. at *19. Further, Plaintiffs failed to proffer evidence showing that Defendants caused Plaintiffs’ PHI to be shared, as opposed to other third parties or Plaintiffs themselves through their own voluntary internet disclosures. Id. at *20.

Relying on the Seventh Circuit’s decision in Dinerstein v. Google, LLC, 73 F.4th 502 (7th Cir. 2023), the Court emphasized that Plaintiffs “must still present sufficient evidence that Google Analytics actually worked as allegedly intended, which they have failed to do in this case,” and therefore, Plaintiffs failed to show a concrete injury to support standing under Article III. 2026 U.S. Dist. LEXIS 96866, at *23. The risk of Google or other third parties identifying Plaintiffs at a later date by leveraging the data obtained from Defendants was “not sufficiently imminent to obtain relief in federal court.” Id.

Second, as to the breach of implied contract claim, the Court found that Plaintiffs lacked standing because their asserted pecuniary harm based on the diminished sales value of their PHI or nominal damages, without any actual harm, was an injury in law and not an injury-in-fact as required by Article III. Id. at *24-25.

Third, Plaintiffs alternatively asserted unjust enrichment, arguing that Defendants retained without compensation Plaintiffs’ PHI and then disclosed this information to third parties for Defendants’ own gain. Id. at *26. However, the Court found that without any evidence of improper disclosure, Plaintiffs’ alleged pecuniary injury was “simply speculative and insufficient to confer standing.” Id. at *27.

Fourth, the wiretapping claims likewise failed. Although Plaintiffs sought statutory damages, the Court held that a statutory violation on its own does not confer standing without an underlying concrete, particularized injury. Id. at *28 (citing TransUnion LLC v. Ramirez, 594 U.S. 413, 427 (2021)).

Having found that Plaintiffs lacked standing as to all claims, the Court remanded the case to Wisconsin state court for further proceedings. Id.

Implications For Companies

Brahm reinforces that plaintiffs challenging tracking technology must present actual evidence identifying what allegedly private information was disclosed and cannot rely on abstract and speculative alleged injuries to confer Article III standing. Asserting an Article III standing defense remains an effective defense that companies should consider throughout litigation, balanced against the prospect of the case continuing in state court.

May 12, 2026May 12, 2026 by Gerald L. Maatman, Jr.

Announcing The First Edition Of The Insurance Class Action Review – 2026!

By Gerald L. Maatman, Jr. and Jennifer A. Riley

Duane Morris Takeaway: The rise of class action litigation has fundamentally transformed the modern legal landscape, and we are proud to announce the publication of the Insurance Class Action Review – 2026, a comprehensive new resource examining the evolving risks, trends, and defense strategies shaping class action litigation across the insurance sector.

The class action mechanism is unparalleled among procedural rules in terms of its impact on the American legal system. Its ability to exponentially expand the potential damages associated with a single claim has elevated class litigation into one of the most consequential forces confronting corporate defendants. In many instances, the mere threat of class certification can alter litigation strategy, settlement dynamics, and business operations on a massive scale.

For insurers, these risks have become increasingly complex and far-reaching. Class action litigation now touches nearly every aspect of the insurance business, from premium calculations and claims handling practices to cybersecurity breaches, artificial intelligence underwriting models, and climate-related coverage disputes. As insurers continue to collect and process enormous volumes of consumer data while operating under overlapping contractual, statutory, and regulatory frameworks, they face unprecedented exposure to collective litigation. The Insurance Class Action Review – 2026 was developed to help legal and business leaders navigate this rapidly changing environment. The book also examines how broader societal and economic forces are reshaping litigation risk. Digital transformation has dramatically increased the amount of sensitive consumer information maintained by insurers, while catastrophic weather events, inflationary pressures, and shifting healthcare and labor markets have intensified scrutiny of claims practices and pricing models.

Looking ahead, the future of insurance class action litigation will likely be shaped by forces extending well beyond traditional coverage disputes. Artificial intelligence, digital surveillance technologies, climate risk, ESG initiatives, and expanding state consumer protection regimes are already redefining the contours of collective litigation. As these developments continue, class actions will remain a central mechanism through which courts, consumers, regulators, and the insurance industry negotiate questions of fairness, transparency, and economic responsibility.

Because the stakes in class litigation are often existential, corporate defendants must approach these cases from a broad vantage point with thoughtful, proactive, and multi-faceted defense strategies. We developed the Insurance Class Action Review – 2026 eBook as a one-of-a-kind resource to help insurers, corporate counsel, risk professionals, and litigators better understand the rapidly evolving class action landscape and prepare for the challenges ahead. Get your copy today!

May 5, 2026May 5, 2026 by Gerald L. Maatman, Jr.

Introducing The Energy, Oil, And Gas Class Action Review – 2026: A Guide To Litigation In A Transforming Industry

By Gerald L. Maatman, Jr. and Jennifer A. Riley

Duane Morris Takeaway: The global energy landscape in 2025 stands at a moment of profound transformation. Oil and gas companies—long the backbone of industrial development and economic growth—now operate under intensifying scrutiny from regulators, investors, and an increasingly litigious public. As markets evolve and the long-term consequences of decades of extraction become more visible, class action litigation has emerged as one of the most powerful mechanisms for accountability and redress.

It is against this backdrop that Duane Morris has published the Energy, Oil, And Gas Class Action Review – 2026. It arrives as a timely and essential resource for understanding the rapidly shifting legal terrain. This new publication examines the complex and fast-developing world of energy class action litigation, offering a comprehensive look at how both plaintiffs and defendants are adapting their strategies. The industry now operates within a landscape shaped by scientific uncertainty, geopolitical volatility, and the accelerating transition to alternative energy sources.

The Energy, Oil, And Gas Class Action Review – 2026 captures these developments in a structured, accessible format and offers practitioners, in-house counsel, and industry stakeholders a clear understanding of where litigation risk is heading.

Download your copy today and stay ahead of the curve in in this industry.

Stay tuned to the Class Action Weekly Wire for more information on the Energy, Oil, And Gas Class Action Review – 2026 coming soon!

May 4, 2026 by Gerald L. Maatman, Jr.

Seventh Circuit Holds That Refusing To Register An Arbitration Agreement With The AAA Is Not A “Refusal To Arbitrate” Under The FAA

By Gerald L. Maatman, Jr., Jennifer A. Riley, and Hayley Ryan

Duane Morris Takeaways: On May 1, 2026, in Bernal et al. v. Kohl’s Corporation et al., No. 24-2806, 2026 WL 1193991 (7th Cir. May 1, 2026), the U.S. Court of Appeals for the Seventh Circuit affirmed a federal district court’s denial of a petition to compel arbitration, holding that the defendant’s refusal to register its arbitration agreement with the American Arbitration Association (“AAA”), which caused the AAA to close the arbitration proceedings, did not constitute a “refusal to arbitrate” under the Federal Arbitration Act (“FAA”). The Seventh Circuit reasoned that because the parties had delegated that procedural question to the AAA, the district court had no authority to compel arbitration.

This decision is a significant win for businesses facing mass arbitration campaigns, particularly where arbitration agreements incorporate the AAA’s Consumer Arbitration Rules. The decision offers a concrete mechanism to avoid the steep filing fees such campaigns generate.

Background

Plaintiffs purchased products through Kohl’s website in 2020 and 2022 and agreed to arbitration provisions that required all disputes to be resolved through binding arbitration before the AAA under its rules, including the AAA’s Consumer Arbitration Rules. Id. at * 1. The arbitration agreement also delegated to the arbitrator exclusive authority “to resolve any dispute related to the interpretation, applicability, enforceability or formation of” the arbitration agreement. Id.

In December 2022, Plaintiffs’ counsel initiated the pre-arbitration process by serving Kohnl’s with approximately 10,000 notices of dispute, followed by an additional 44,656 notices in April 2023. These claims alleged that Kohl’s marketing practices violated California’s consumer protection laws. Id. at *2. This is a classic mass arbitration strategy in which plaintiffs’ firms file thousands of individual demands to exploit mandatory per-claim filing fees paid by corporate defendants.

On May 22, 2023, while settlement discussions were ongoing, Kohl’s modified its terms and conditions to designate the National Arbitration and Mediation tribunal (rather than the AAA) as the arbitration forum for all claims. That same day, Plaintiffs filed formal individual demands with the AAA and paid all applicable filing fees. Id. Under AAA Consumer Arbitration Rule R-12, however, a business must register its arbitration clause and pay administrative fees for the AAA to administer consumer arbitrations. Kohl’s declined to do so. As a result, the AAA exercised its discretion to decline administration, closed the cases, and refunded Plaintiffs’ filing fees. Id. at *3.

Plaintiffs then filed suit in the U.S. District Court for the Central District of California, which was later transferred to the U.S. District Court for the Eastern District of Wisconsin pursuant to the forum selection clause, petitioning the court to compel Kohl’s to register its arbitration agreement with the AAA, pay all necessary filing fees, and proceed to arbitration. Id.

The District Court’s Ruling

The U.S. District Court for the Eastern District of Wisconsin denied the petition. Relying on Wallrich v. Samsung Elecs. Am., Inc., 106 F.4th 609 (7th Cir. 2024), the district court found that the parties had bargained for the AAA to apply and interpret its own Consumer Arbitration Rules. Id. at *3. When the AAA exercised that discretion by closing Plaintiffs’ cases upon Kohl’s non-registration, the court concluded it lacked authority to override that decision. Id.

Plaintiffs filed an interlocutory appeal, arguing that Kohl’s refusal to register its agreement constitutes a refusal to arbitration in violation of the Federal Arbitration Act (“FAA”). Id.

The Seventh Circuit’s Decision

The Seventh Circuit affirmed. Id. at *7. It held that the AAA’s exercise of discretion in closing Plaintiffs’ cases “flowed directly from the parties’ agreement granting AAA that power, leaving nothing for the district court to compel under the Federal Arbitration Act.” Id.

Under the FAA, a party seeking to compel arbitration must establish: (1) an enforceable written arbitration agreement; (2) a dispute falling within the scope of the agreement; and (3) a refusal to arbitrate. Id. at *4 (citing Wallrich, Inc., 106 F.4th at 617-18). The Seventh Circuit’s analysis centered on the third element, i.e. whether Kohl’s non-registration constituted a refusal to arbitrate. Id.

The Seventh Circuit characterized the AAA’s registration requirement as a “forum-specific procedural gateway” matter – the kind of matter parties implicitly delegate to the arbitration provider when they agree to arbitrate under its rules. Id. at *6 (citing Howsam v. Dean Witter Reynolds, Inc., 537 U.S. 79, 85–86 (2002)). Citing Howsam, 537 U.S. at 85, the Seventh Circuit reasoned that, absent contrary language in the arbitration agreement, parties who agree to AAA arbitration intend to withhold registration disputes from judicial review. Id. Because the AAA exercised its own discretion (consistent with the parties’ agreement) in closing the cases, there was “nothing for the district court to compel” under the FAA. Id. at *7.

The Seventh Circuit also relied on its prior decision in Wallrich, which held that a defendant’s failure to pay AAA fees, which resulted in termination of the arbitration, did not constitute a refusal to arbitrate where the outcome flowed from the parties’ agreed-upon procedures.

The Dissent

Judge Joshua P. Kolar dissented. In his view, Kohl’s non-registration “was a conscious step to depart from its agreement to arbitrate,” not a procedural question delegated to the AAA. Id. at *8. Judge Kolar warned that the majority’s reasoning stretches Wallrich’s holding too far and effectively converts “any bilateral agreement to arbitrate under AAA’s Consumer Rules into something of a unilateral option-to-arbitrate for business.” Id. at *9. Judge Kolar would have compelled Kohl’s to register so that the AAA could initiate proceedings. Id.

Implications for Companies

Bernal has immediate practical significance for companies facing mass arbitration exposure under AAA arbitration agreements. By simply declining to register its arbitration agreement with the AAA, a company can cause the AAA to close the proceedings without judicial recourse, at least in the Seventh Circuit. Businesses with AAA arbitration clauses in their consumer-facing agreements should assess whether this strategy is available and appropriate given their specific contractual language and forum.

That said, the dissent’s warning deserves attention. If other circuits adopt Judge Kolar’s reasoning, or if the AAA amends its rules in response, the window this decision opens may narrow. Companies should monitor developments carefully and consult counsel before relying on non-registration as a mass arbitration defense.

May 4, 2026May 4, 2026 by Gerald L. Maatman, Jr.

The Disorganization Defense: North Carolina Federal Judge Finds That Litigation Practices Of Plaintiffs’ Counsel Are Sufficient Grounds To Deny Class And Collective Certification

By Gerald L. Maatman, Jr., Jennifer A. Riley, Betty Luu, and Ryan T. Garippo

Duane Morris Takeaways: On April 22, 2026, in Ayers, v. GKN Driveline North America, Inc., No. 23-CV-00581, 2026 U.S. Dist. LEXIS 89819 (M.D.N.C. Apr. 22, 2026), Chief Judge Catherine Eagles of the U.S. District Court for the Middle District of North Carolina denied several motions to certify various claims as class and collective actions under the Fair Labor Standards Act (the “FLSA”) and the North Carolina Wage And Hour Act (the “NCWHA”). This decision underscores the responsibility of plaintiffs’ counsel to manage a case and present the court with a viable plan to bring their clients’ claims through trial. Otherwise, plaintiffs’ counsel runs the risk that the court will not certify these claims at all.

Case Background

This decision emerges in the context of a series of seven-year-long lawsuits against GKN Driveline North America, Inc. (“GKN”), the supplier of all-wheel-drive and other automotive components, for several major automotive manufactures. Plaintiffs James Ayers, John Carson, and Tameka Ferges (collectively, “Plaintiffs”) brought three separate wage-and-hour lawsuits, asserting claims under the FLSA and the NCWHA. Plaintiffs alleged that GKN required them to perform work off the clock, including before and after shifts, and during unpaid meal breaks.

In 2018, Plaintiffs filed an earlier case against GKN. In that case, Plaintiffs alleged GKN had two policies that resulted in underpayment of their wages: (1) a “time rounding” policy; and (2) an “automatic deduction” policy for meal breaks. The Court originally conditionally certified an FLSA collective action and a Rule 23 class action under both of those theories. But the court ultimately decertified both the FLSA collective and the Rule 23 class, finding that “individual issues would swamp any attempt to resolve the claims on the class or collective basis.” Id. at *5

After that decision, Plaintiffs – represented by the same counsel – refiled three similar lawsuits, which split the claims based on GKN’s plant locations, but otherwise left the theories mostly intact. Plaintiffs then filed renewed motions for class and collective certification in each of the three actions and again asked the Court to allow them to proceed on a representative basis. The Court’s opinion, for all three cases, followed.

The Court’s Decision

In her 28-page opinion, Chief Judge Eagles of the U.S. District Court for the Middle District of North Carolina denied Plaintiffs’ motions based largely on manageability grounds.

Chief Judge Eagles explained that “manageability principles are explicit in the requirements for a proposed Rule 23(b)(3) class” and that “wider case management concerns remain relevant in the collective context.” Id. at 13. Thus, it is generally a plaintiff’s attorney’s responsibility to present the court with an “organized presentation of claims, organized discovery and motions practice, and organized submission of evidence.” Id. But here, Plaintiff’s counsel failed to present a manageable class or collective in at least four different ways.

First, and perhaps most fundamentally, Chief Judge Eagles found that “plaintiffs propose no efficient method of resolving class-wide liability and individual damages across three different subclasses.” Id. at *18. Although Plaintiffs’ theory was premised on the notion that GKN had a “de facto off-the-clock” policy, Plaintiffs did not explain how they planned to “efficiently prove that each and every nonexempt employee was subject to that de facto policy and, even more crucially, how each class member was injured by this policy.” Id. at *18-19. Chief Judge Eagles found this omission troubling given that “plaintiffs have had years to think about these problems” and could not present the court with a manageable solution. Id. at *19. But Chief Judge Eagles did not stop there.

Second, having dispensed with the omissions in Plaintiffs’ theory of case manageability, Chief Judge Eagles turned to Plaintiffs’ counsel who she reasoned has “not demonstrated the organization, diligence, and mindset required to prosecute a complex case.” Id. at *21. Chief Judge Eagles explained that because she often had to prompt Plaintiffs’ counsel to prosecute the case, via supplemental briefing and discovery, she had lost confidence in their ability to manage the docket. This problem was compounded by Plaintiffs’ counsel’s filing of “several ‘emergency’ motions and amended ‘emergency motions’” which underscored their inability to “handle ordinary litigation problems.” Id. at *21-22.

Third, Chief Judge Eagles characterized Plaintiffs’ counsel’s Rule 23 analysis as the product of an unreliable “narrator of the record.” Id. at *22-23. She described Plaintiffs’ counsel’s submissions as “inaccurate at best and misrepresentations at worst.” Id. at *23. Similarly, for the FLSA claims, Chief Judge Eagles held that the “factual representations about the evidence in the plaintiffs’ briefing on an FLSA collective do not always hold up to scrutiny.” Id. at *31-32. These inaccuracies did not give her confidence that Plaintiffs’ counsel would be able to present a manageable case through trial.

Fourth, as to the FLSA claims, Chief Judge Eagles concluded by finding that “the plaintiffs have not proposed any plan, much less a workable plan, for the aggregation of all these claims.” Id. at *31. For example, Chief Judge Eagles highlighted that plaintiffs “have not explained how they will manage presenting evidence on all the different work activities at issue and [across] three different plants.” Id. She noted that – although it is often possible for plaintiffs’ counsel to create such theories — “[i]f they are unable to make the required showing after over seven years of litigation, there is no reason to think they will be able to do so by the time these cases are called for trial.” Id. at *33.

In short, Chief Judge Eagles explained that she “has certified several dozen class actions over the past fifteen years and is familiar with how to deal with disagreements between parties about managing and trying common and individual issues.” Id. at *26. “The problem here is not that management might be hard” but rather “that the plaintiffs proffer no plan for management . . . [a]nd the Court has no confidence that counsel will devise a workable plan.” Id. Thus, the motions were denied in their entirety.

Implications For Employers

Ayers presents two key lessons for corporate counsel grappling with how to manage these complex cases.

The first lesson is that the value of class and collective claims often can hinge on the identity and competency of opposing counsel. Where plaintiffs’ counsel is savvy, competent, and organized, the value of otherwise weaker claims can go up. In these cases, competent plaintiffs’ counsel can often be the difference in whether a class is certified, which is often the difference between millions of dollars of potential of exposure and not. Thus, corporate counsel should weigh the competency of his or her adversaries when assessing the risk that a putative class or collective action poses.

The second lesson is that hiring experienced defense counsel and developing an aggressive litigation strategy are critical for success in such cases. In Ayers, Chief Judge Eagles observed defense counsel’s strategy and explained “it has been clear for years that GKN intended to hold the plaintiffs to their burden of proof at every stage on every issue, as is their right.” Id. at *22, n.13. As a result, any delay by GKN ultimately did not negate the deficiencies by Plaintiffs’ counsel. It takes experienced counsel to toe this line and keep the focus on a plaintiff’s conduct. Corporate counsel should consider such experience when deciding who is best to represent their organizations.