By Gerald L. Maatman, Jr., Shannon Noelle, and Ryan Garippo
Duane Morris Takeaways: In a recent opinion in Fischbein v. IQVIA Inc., Case No. 19-CV-5365 (E.D. Pa. June 5, 2025), Judge Nitza I. Quiñones of the U.S. District Court for the Eastern District of Pennsylvania denied class certification of a proposed class of healthcare professionals that allegedly received unsolicited fax advertisements in violation of the Telephone Consumer Protect Act (“TCPA”). The Court determined that the TCPA only prohibits receipt of unsolicited ads on a “a traditional stand-alone fax machine” (as opposed to modern online faxing) and plaintiffs did not demonstrate that common evidence existed showing all class members received the alleged ads at issue through a traditional fax machine as opposed to through an online transmission. As a result, the Court found that plaintiffs did not satisfy the required ascertainability and predominance elements of class certification.
Background
The proposed class in Fischbein v. IQVIA Inc. consisted of more than 25,000 healthcare providers that allegedly received unsolicited fax advertisements from Defendant IQVIA Inc., a company that provides advanced analytics, technology solutions, and clinical research services to the life sciences industry. The class complaint contended that certain faxes for surveys administered by IQVIA were allegedly sent in violation of the TCPA which makes it “unlawful for any person within the United States, or any person outside the United States if the recipient is within the United States . . . to use any telephone facsimile machine, computer, or other device to send, to a telephone or facsimile machine, an unsolicited advertisement.” Id. at 3.
The Court’s Decision
Parsing the plain language of the statute and interpretive case law in the Fourth Circuit, the District Court agreed with the Fourth Circuit finding that the statute was designed to only protect plaintiffs that received advertisements on stand-alone fax machines, rather than through online fax services. The statute states in relevant part that it is unlawful to “use any telephone facsimile machine, computer, or other device to send, to a telephone facsimile machine, an unsolicited advertisement.” See 47 U.S.C. § 227(b)(1)(C) (emphasis added). The statute further defines “telephone facsimile machine” as “equipment which has the capacity (A) to transcribe text or images, or both, from paper into an electronic signal and to transmit that signal over a regular telephone line, or (B) to transcribe text or images (or both) from an electronic signal received over a regular telephone line onto paper.” See ECF No. 119, at 8 (citing § 227(a)(3) (emphasis added)). Plaintiffs submitted the testimony of an expert who opined that the phrase “regular telephone line” would include transmissions made by online services so long as it was regulated by the North American Numbering Plan Administrator. Id. at 8-9. But the Court found that this interpretation would “render superfluous” the word “regular” used as a modifier of “telephone line” in the statute. Id. at 9. In fact, the expert’s testimony contradicted his expert opinion as he conceded that “regular telephone line” means an “analog telephone line.” Id. The Court also noted that plaintiffs presented no evidence nor did they make any arguments that an online fax service has the ability on its own to either transcribe text or images “from paper” or “onto paper” as stated in the statute, further undermining plaintiffs’ argument that the statute was meant to include online fax transmissions. Id. at 10. Indeed, Plaintiffs’ expert conceded that such online fax services have the “capacity” to do this type of transcription only when connected to other devices like scanners or printers. Id. at 10. The Court acknowledged that its statutory interpretation was also supported by the Federal Communications Commission’s (“FCC”) declaratory ruling in In the Matter of Amerifactors Fin. Grp., LLC, 34 F.C.C. Rcd. 11950 (2019).
Applying this statutory interpretation, the Court found that the proposed class was not adequately ascertainable as plaintiffs could not point to common evidence to show that proposed class members received unsolicited ads through a stand-alone fax machine as opposed to an online service provider. Plaintiffs suggested that they could submit declarations from class members to ascertain that they fell under the scope of the class of plaintiffs the statute was designed to protect, but the Court found that declarations from potential class members “standing alone, without records to identify class members or a method to weed out unreliable affidavits” would not constitute a reliable or feasible means of determining class membership. See ECF No. 119, at 15 (internal citation and quotations omitted).
For similar reasons, the Court also found that the predominance element of class certification was not met as individual questions of whether the faxes at issue were received on a stand-alone fax machine or by way of an online fax service would predominate over questions common to the proposed class.
On June 20, 2025, plaintiffs filed a motion for reconsideration of the order denying class certification or, in the alternative, to certify a more narrowly-defined class (i.e. asking the Court to narrow the class definition to exclude people who used online fax services). This motion is pending before the Court.
Implications for TCPA Defendants
The Fischbein decision provides important points of attack for the defense bar on ascertainability and predominance grounds for TCPA classes by underscoring the importance of parsing class definitions in the TCPA context to ensure the modality of transmission of the alleged unsolicited advertisement can be determined on a class-wide basis and is limited to traditional fax machine communications.
By Gerald L. Maatman, Jr., Ryan T. Garippo, and George J. Schaller
Duane Morris Takeaways: On August 5, 2025, in Richards, et al. v. Eli Lilly & Co., et al., No. 24-2574, 2025 U.S. App. LEXIS 19667 (7th Cir. Aug. 5, 2025), the Seventh Circuit issued an opinion that vacated and remanded a district court’s decision to conditionally certify a group of potential opt-in plaintiffs in an Age Discrimination in Employment Act (“ADEA”) collective action. The opinion breaks new ground on the contours of 29 U.S.C. Section 216(b), and as a result, also applies to conditional certification of wage & hour collective actions under the Fair Labor Standards Act (“FLSA”). The opinion elucidates the standards for notice in FLSA collective actions. While the opinion is undoubtedly a win for employers, only time will tell the scope of the win, as this opinion ultimately may create more questions than it answers.
Background
In 2022, Monica Richards (“Richards” or “Plaintiff”) sued Eli Lilly & Co and Lilly USA, LLC (collectively, “Eli Lilly”), the international pharmaceutical manufacturers and her one-time employer, alleging discrimination under the ADEA. The ADEA incorporates the FLSA’s “enforcement provision, permitting employees to band together in collective actions when suing an employer for age discrimination.” Id. at *3. Richards, as a result, alleged that Eli Lilly promoted younger employees in violation of the ADEA.
Shortly after she filed her lawsuit, Richards “moved to conditionally certify a collective action, asserting that the unfavorable treatment she experienced was part of a broader pattern of age discrimination against Eli Lilly’s older employees.” Id. at *9. “Conditional certification” of such claims has traditionally been thought of in two steps. At the first step, an employee moves for conditional certification, i.e., to send notice of the lawsuit, to all individuals that he or she contends are similarly situated to him or her. Drawing on a District Court of New Jersey opinion from 1987, Lusardi v. Xerox Corp., 118 F.R.D. 351 (D.N.J. 1987), many courts hold that the employee has a light burden at this stage, and thus rely solely on the plaintiff’s allegations, and do not consider competing evidence submitted by the employer.
If the employee’s motion is granted, as they are with exceedingly high rates, those individuals covered by the collective action definition receive notice of the lawsuit and then have the ability to opt-in as party plaintiffs to the case and participate in discovery. At the close of discovery, if the case has not settled, the employer can then move to decertify the conditionally certified collective action, and prove the employees are not similarly situated, which results in the opt-in plaintiffs’ claims being dismissed without prejudice if successful.
In this case, the fight over the applicability of Lusardi took center stage as it has in many other collective actions. In recent years, the Fifth and Sixth Circuit Courts of Appeal, have found that Lusardi’s two step approach is inconsistent with the text of the FLSA. Swales v. KLLM Transp. Servs., LLC, 985 F.3d 430 (5th Cir. 2021); Clark v. A&L Homecare & Training Ctr., LLC, 68 F.4th 1003 (6th Cir. 2023). In Swales, 985 F.3d at 443, the Fifth Circuit rejected Lusardi’s two-step approach outright, and required its district courts to “rigorously enforce” the FLSA’s similarity requirement at the outset of the litigation in a one-step approach. Similarly, in Clark, 68 F.4th at 1011, the Sixth Circuit adopted a comparable, but slightly more lenient standard, requiring the employee to show a “strong likelihood” that others are similarly situated to him or her before the district court can send notice.
In contrast, the Second, Ninth, Tenth, and Eleventh Circuits continue to either follow or allow the district court to adopt the two-step framework outlined in Lusardi. Harrington v. Cracker Barrel Old Country Store, Inc., 142 F.4th 678 (9th Cir. 2025); Thiessen v. Gen. Elec. Cap. Corp., 267 F.3d 1095 (10th Cir. 2001); Myers v. Hertz Corp., 624 F.3d 537 (2d Cir. 2010); Hipp v. Liberty Nat’l Life Ins. Co., 252 F.3d 1208 (11th Cir. 2001). This brewing circuit split gave rise to the dispute in Richards.
Against this backdrop, the district court in Richards ultimately followed Lusardi, and decided to send notice to the employees whom Richards contended were similarly situated to her. But Eli Lilly filed a motion for interlocutory appeal, which was subsequently granted, and the Seventh Circuit set out to opine on the circuit split for itself.
The Seventh Circuit’s Opinion
The Seventh Circuit, in an opinion written by Judge Thomas Kirsch, rejected the Lusardi framework but declined to go as far as Clark or Swales. The Seventh Circuit observed that the notice process should be facilitated by three guiding principles: (1) the timing and accuracy of notice; (2) judicial neutrality; and (3) the prevention of abuses of joinder. Richards, 2025 U.S. App. LEXIS 19667 at *14. It reasoned that the Lusardi standard threatened the latter two principles by “incentivizing defendants to settle early rather than attempt to ‘decertify’ at step two . . . transforming what should be a neutral case management tool into a vehicle for strongarming settlements and soliciting claims.” Id. at * 17. Thus, the Seventh Circuit rejected Lusardi, but what to do in the alternative was a more difficult question.
The Seventh Circuit decided that rather than endorse the rigid standards of Clark or Swales, its approach would be guided by “flexibility” and an analysis that is not an “all-or-nothing determination.” Id. at *19. Indeed, a plaintiff must now “make a threshold showing that there is a material factual dispute as to whether the proposed collective is similarly situated.” Id. at *21. Or, in other words, a plaintiff must “produce some evidence suggesting that they and the members of the proposed collective are victims of a common unlawful employment practice or policy.” Id, at *21-22. To counter a plaintiff’s evidence, an employer “must be permitted to submit rebuttal evidence and, in assessing whether a material dispute exists, courts must consider the extent to which plaintiffs engage with opposing evidence.” Id., at *22.It is not clear, however, the burden a plaintiff must satisfy to refute the defendant’s evidence to move forward.
In considering that threshold determination, the district court has the discretion to send notice or not.It also has the discretion to resolve some of the disputed issues, and narrow the scope of notice, or not. It also may authorize limited and expedited discovery to make the determination, or not. Id., at *24.It also has the discretion to allow a plaintiff to come forward with more evidence, or not. In essence, “[t]he watchword here is flexibility.” Id. And, with those principles in mind, the Seventh Circuit vacated and remanded for further proceedings consistent with the opinion.
Implications For Employers
The Seventh Circuit’s opinion is undoubtedly a win for employers, but the opinion introduces ambiguity into the equation with its focus on “flexibility.” See id. Plaintiffs in Illinois, Wisconsin, and Indiana can no longer rely on mere allegations to send notice and must wrestle with an employer’s evidence contradicting claims of a common unlawful policy or practice. This result is most certainly a win.
It is what comes next that is the problem. What is the level of scrutiny a district court must apply when deciding whether a plaintiff engaged with an employer’s evidence? Should a district court apply a one-step approach or two-step approach? Should it allow limited and expedited discovery? What is the standard to obtain such discovery? When should a court allow a plaintiff to come forward with more evidence? When should it not? All these questions go unanswered.
These unanswered questions continue to contribute to the procedural morass that employers must navigate in wage-and-hour collective actions under the FLSA. In addition to these questions, employers are also now navigating the 4-way circuit split on whether Lusardi applies at all and a separate circuit split, also discussed on our blog, regarding the applicability of Bristol Myers Squibb Co. v. Super. Ct. of Cal., 582 U.S. 255 (2017) to collective actions. With both issues ripe for consideration by the U.S. Supreme Court, corporate counsel facing a collective action should consider hiring experienced outside counsel to help navigate these complicated procedural issues and monitor this blog for further developments.
By Gerald L. Maatman, Jr., Justin Donoho, and Ryan Garippo
Duane Morris Takeaways: On July 9, 2025, in Gutierrez, et al. v. Converse, Inc., No. 24-4797, 2025 WL 1895315 (9th Cir. July 9, 2025), the Ninth Circuit affirmedthat a plaintiff had no evidence from which a reasonable jury could conclude that an online retailer’s use of third-party software to enable a chat feature on its website aided and abetted the third-party vendor in reading or attempting to read the contents of the plaintiff’s chat messages real-time in alleged violation of the California Invasion of Privacy Act (CIPA). In rejecting this theory, the ruling is significant because it shows that CIPA claims involving alleged disclosures of website activities to third-party software providers cannot survive unless the plaintiff can show that the website owner enabled the third party to read unencrypted, real-time communications.
Background
This case is one of a legion of class actions that plaintiffs have filed nationwide alleging that third-party software embedded in defendants’ websites secretly captured plaintiffs’ web-browsing activity and sent it to the third-party provider of the software. Third-party software is a common feature on many websites today and comes in many forms including website advertising technologies (“adtech”), customer relationship management (“CRM”) software, enterprise resource management (“ERP”) software, and, as in this case, communications platforms.
In Gutierrez, Plaintiff brought suit against an online retailer. According to Plaintiff, the retailer installed a chat feature on its public-facing website and thereby transmitted chat communications entered on the website to Salesforce, a third-party provider of the chat feature to the online retailer in the form of “software as a service” (“SaaS”). 2024 WL 3511648, at *2 (C.D. Cal. July 12, 2024).
As usual since the Snowden disclosures in 2013, all of these transmissions between the web user, website, and third-party software provider were “were encrypted while in transit.” Id. at *3. Moreover, as is true for all internet communications, the chats were transmitted “in different network packets.” Id. Thus, the uncontroverted expert evidence showed that “it is ‘virtually impossible’ to learn the contents of an internet communication while it is in transit.” Id.
The online retailer’s chat data, including chat transcripts, were stored on Salesforce’s servers. Id. However, this information was accessible in unencrypted format only through the retailer’s password-protected dashboard. Id. Plaintiff offered no evidence to show that Salesforce had access to the retailer’s dashboard or that the retailer ever provided Salesforce access to it. Id.
Based on these facts, Plaintiff argued that the retailer violated the CIPA by aiding and abetting Salesforce’s wiretapping or attempts to learn her chat communications on the retailer’s website.
The District Court granted the retailer’s motion for summary judgment for multiple reasons. First, the District Court found as a matter of law that Salesforce did not violate CIPA’s first clause prohibiting intentional wiretapping or making any unauthorized connection “with any telegraph or telephone wire, line, cable, or instrument” because “Courts have consistently interpreted this clause as applying only to communications over telephones and not through the internet.” Id. at *6-7.
Second, the District Court found no genuine dispute of material fact existed as to whether Salesforce had violated the second clause of CIPA, Section 631(a), “because Plaintiff has presented no evidence from which a reasonable jury could conclude Salesforce intercepts messages sent through [the retailer]’s chat feature ‘while … in transit’ or reads or attempts to read or learn the contents of such messages.” Id. at *7. As the District Court explained, “uncontroverted evidence establishes messages sent through [the retailer]’s chat feature are encrypted while in transit and, moreover, it is ‘virtually impossible’ to learn the contents of an internet communication while it is in transit because internet communications are transmitted ‘in different network packets[.]’” Further, the District Court stated that “the fact that a user is redirected to a Salesforce-owned URL upon opening the chat feature on [the retailer]’s website does not establish the user’s messages are sent to Salesforce or Salesforce reads or attempts to read or learn the contents of such messages. Rather, this fact simply establishes . . . the user’s messages are transmitted to [the retailer]’s Service Cloud application.” Id. In addition, the District Court explained that “the existence of UUID [Universally Unique Identifier] values attached to chat messages and the mere possibility Salesforce ‘can’ use these values to ‘connect the dots’ between data are insufficient to establish a genuine issue of material fact as to whether Salesforce reads or attempts to read users’ messages while they are in transit.” Id.
Finally, the District Court found that “because Plaintiff has not established an underlying violation of Section 631(a)’s first or second clause by Salesforce, [the retailer] cannot be liable for aiding and abetting Salesforce.”
The Ninth Circuit’s Opinion
The Ninth Circuit agreed with the retailer. It found that summary judgment for the retailer was warranted and affirmed the order below.
In a short opinion, the Ninth Circuit affirmed the District Court’s opinion by finding that “no evidence exists from which a reasonable jury could conclude” that Salesforce engaged in wiretapping or attempted to learn Plaintiff’s chat communications on the retailer’s website and, therefore, absent an underlying violation by Salesforce, no aiding and abetting liability by the retailer. Id., at *1.
Circuit Judge Jay Bybee agreed, filing a separate concurring opinion stating that the wiretapping claim should be affirmed because “the statute, as passed in 1967, focuses on the wiretapping of telegraph or telephone wires—it criminalizes, as relevant here, the wiretapping of a telephone call” and, thus, CIPA’s clause prohibiting wiretapping “does not apply to the internet.” Id. at *2-3. Further, Judge Bybee opined: “Until and unless the California appellate courts tell us otherwise, or the California legislature amends § 631(a), I refuse to apply § 631(a)’s first clause to the internet.” Id. at *3.
Implications For Companies
The District Court’s holding and Ninth Circuit’s affirmance in Gutierrez are a win for CIPA class action defendants and should be instructive for courts around the country. In the hundreds of CIPA class actions alleging a defendant’s disclosure of web-browsing activities to an adtech provider, for example, the plaintiff typically does not allege that the adtech provider has any ability to read any unencrypted version of the information disclosed. This is not surprising, since the largest adtech providers often alleged in CIPA adtech class actions typically encrypt, anonymize, aggregate, and otherwise prevent their own ability to access web users’ browsing activities in any unencrypted format.
Gutierrez shows that adtech plaintiffs will need to show, however, that the owner of the website they visited enabled the third party adtech provider to read unencrypted, real-time communications, in order to prove their CIPA claims.
By Gerald L. Maatman, Jr., George J. Schaller, and Ryan T. Garippo
Duane Morris Takeaways: On June 10, 2025,inClay v. Union Pac. R.R. Co, No. 24-CV-4194, 2025 U.S. Dist. LEXIS 108672 (N.D. Ill. June 10, 2025),Judge Georgia N. Alexakis of the U.S. District Court for the Northern District of Illinois certified for interlocutory appeal her decision denying Union Pacific’s motion for partial summary judgment after concluding the 2024 amendment to the Illinois Biometric Information Privacy Act (the “BIPA”) was not retroactive. In 10 days from entry of Judge Alexakis’ Order, Union Pacific may request the Seventh Circuit’s review of the certified question of whether the 2024 amendment to the BIPA applies retroactively. This would be a key issue of significant importance to all companies facing BIPA class actions.
Case Background
Plaintiff Reginald Clay is a truck driver that visited Union Pacific’s facilities. He alleges Union Pacific required him to register his fingerprint information and scan his fingerprints upon entering and exiting those facilities. Id. at *2-3. Clay also alleges Union Pacific did not “disclose what was done with his [fingerprint] information or how it would be stored.” Id. at *3. On April 16, 2024, Clay sued Union Pacific under the BIPA.
In August 2024, the Illinois legislature amended the BIPA to “clarify that when an entity subject to the [BIPA] ‘in more than one instance, collects, captures, purchases, receives through trade, or otherwise obtains the same biometric identifier or biometric information from the same person using the same method of collection,’ in violation of the [BIPA], the entity ‘has committed a single violation … for which the aggrieved person is entitled to, at most, one recovery.’” Id. (quoting 740 ILCS 14/20(b), (c), as amended by SB 2979, Public Act 103-0769.)
On November 4, 2024, Union Pacific moved for partial summary judgment and argued “under the 2024 BIPA amendment Clay was now entitled to recover for at most a single BIPA violation rather than the ‘per-scan’” violation under Cothron v. White Castle Sys., Inc., 2023 IL 128004, ¶ 24. Id. at *3-4. On April 10, 2025, the Court concluded that “the BIPA amendment was substantive rather than procedural” and therefore the BIPA amendment “was not retroactive under Illinois law, and thus did not apply to Clay’s claim.” Id. at *4.
Union Pacific requested certification of the Court’s order for interlocutory appeal. Clay opposed the request.
The Court’s Order
On June 10, 2025, the Court certified Union Pacific’s request for an interlocutory appeal of the order denying Union Pacific’s partial motion for summary judgment. Id. at *7.
The Court determined Union Pacific satisfied the four statutory criteria under 28 U.S.C. § 1292 (b)that: “there must be a question of law, it must be controlling, it must be contestable, and its resolution must promise to speed up the litigation.” Id. at *1-2. In addition, the Court found Union Pacific satisfied the Seventh Circuit’s fifth “non-statutory requirement: [that] the petition must be filed in the district court within a reasonable time after the order sought to be appealed.” Id. at *2.
The Court reasoned whether the 2024 amendment to the BIPA is retroactive is “undoubtedly ‘a question of the meaning of a statutory or constitutional provision,” the Amended BIPA “presents ‘an abstract issue of law . . . suitable for determination by an appellate court without a trial record,” and that the question of BIPA retroactivity “is quite likely to affect the further course of litigation.” Id. at *4. As Union Pacific argued, and as the District Court agreed, if the “Seventh Circuit were to conclude that Clay was entitled to only one recovery… [that] certainty about the retroactivity of the 2024 amendment would ‘materially advance the ultimate termination of the litigation.” Id. at *5.
The Court reasoned Union Pacific’s motion was timely because the Court “did not consider 28 days to be unreasonable in preparing a motion to certify for interlocutory appeal a novel question of state law, especially when Clay points to no prejudice he suffers as a result.” Id. at *6.
The Court also opined that while “the Court shares Clay’s view that its April 10 order was ‘correctly reasoned,’[], its confidence does not mean that BIPA retroactivity is not ‘contestable’ within the meaning of § 1292.” Id. In addition, the Court relied on the overwhelming decisions of judges within the Northern District of Illinois and Illinois state court finding the “BIPA amendment does not apply retroactively to pending cases, [], so no current dispute exists among the courts.” Id. at *6-7. But that the consensus of these decisions “does not mean there is ‘no substantial ground for difference of opinion’ about retroactivity.” Id. at *7.
The Court concluded that though its “confidence in its earlier decision” in Schwartz v. Supply, Inc., 23-CV-14319, (N.D. Ill. Nov. 22, 2024) (finding 2024 BIPA amendment not retroactive to pending cases) is not changed that it acknowledges “the novelty and complexity of the legal issue” of retroactivity. Accordingly, the Court found Union Pacific meet all four statutory requirements and the Seventh Circuits’ timeliness requirement and certified Union Pacific’s interlocutory appeal.
Implications For Companies
The ruling in Clay sparks newfound hope on the hotly contested issue of retroactivity of the 2024 amendment to the BIPA. Judge Alexakis’ well-reasoned decision allows Union Pacific 10 days from the Court’s order to request the Seventh Circuit’s interlocutory review of the certified question.
Should the Seventh Circuit grant Union Pacific’s pending request, then the BIPA’s “per-scan” damages for pre-amendment BIPA litigation will receive further consideration. However, even if the Seventh Circuit grants the request, there is always a possibility the Seventh Circuit certifies the question to the Illinois Supreme Court.
Until then, the deluge of decisions referenced in Clay denying retroactivity remain in effect. Companies met with BIPA litigation must monitor Clay as it progresses through interlocutory review.
By Gerald L. Maatman, Jr., Shannon Noelle, and Ryan T. Garippo
Duane Morris Takeaways: On April 3, 2025, in Salazar, et al. v. Paramount Global, d/b/a 247Sports, Case No. 23-5748, 2025 WL 1000139 (6th Cir. Apr. 3, 2025), the Sixth Circuit departed from two other federal circuits (i.e., the Second and Seventh Circuits) in its interpretation of “consumers” covered by the Video Privacy Protection Act (“VPPA”), and affirmed the district court’s dismissal of a putative class action on the basis that only consumers of audio-visual related materials are covered by the protections of the Act. The Sixth Circuit’s holding narrows the scope and reach of the statute and is a welcome reprieve for companies offering video content on their websites in connection with advertising technology (“adtech”).
Background
In September 2022, Michael Salazar brought a putative class action against Paramount Global (i.e., the owner of 247Sports.com), claiming that the media company violated the VPPA because it installed Meta Pixel on its website. Salazar alleged that Meta Pixel, a form of adtech, tracked his and putative class members’ video viewing history and disclosed it to Meta without his consent. He sought to represent a putative class of subscribers to 247Sports.com’s newsletter which contained links to articles (that could contain videos), photographs, and other content.
Salazar, however, did not allege that he was a subscriber of audio visual materials as contemplated by the statute. 18 U.S.C. § 2710(a)(1)-(4). To the contrary, he alleged that he was a subscriber of 247Sports.com’s newsletter, and that 247Sports.com separately provided audio visual materials to its customers. Salazar v. Paramount Global, 683 F.Supp. 3d 727, 744 (M.D. Tenn. 2023). But, the district court determined that Salazar’s interpretation of the VPPA was “unavailing.” Id. Indeed, “there [was] no allegation in the complaint that Plaintiff accessed audio visual content through the newsletter (or at all, for that matter). The newsletter [was] therefore not audio visual content, which necessarily means that Plaintiff [was] not a ‘subscriber’ under the VPPA.” Id.
Salazar is no stranger to this legal issue. Last year, in a virtually identical case, the U.S. District Court for the Southern District of New York, dismissed a putative VPPA class action brought by Salazar on the basis that “signing up for an online newsletter did not make Salazar a VPPA ‘subscriber.’” Salazar v. National Basketball Association, 118 F.4th 533, 536-37 (2d Cir. 2024). Salazar appealed that decision to the Second Circuit, which reversed the lower court, and held that the VPPA protects “consumers regardless of the particular goods or services rented, purchased, or subscribed to.” Id. at 549. If blog readers would like to learn more about the Second Circuit’s decision, a link to our post is included here.
Salazar appealed this case on the same grounds as his Second Circuit win and asked the Sixth Circuit to determine whether he was considered a “subscriber” and thus, a “consumer” under the VPPA.
The Sixth Circuit’s Decision
The Sixth Circuit affirmed the district court’s ruling and agreed that to be considered a “consumer” under the VPPA an individual must purchase goods or services of an audio-visual nature.
Judge John Nalbandian, writing for the Sixth Circuit, reasoned that the term “subscriber” must be viewed in its broader context, and in harmony with the other words in the statute such not to render associational words inconsistent or superfluous. Applying these canons, the Sixth Circuit explained that the words “goods and services” informed the meaning of the term “subscriber.” By using the terms together, the statute was intended to encompass only audio-visual goods or services provided by a video tape service provider, as opposed to any and all goods and services, provided by that company. In other words, if a video tape service provider makes “hammers” or a “Flintstones sweatshirt or a Scooby Doo coffee mug,” a consumer of such goods would not fall under the purview of the VPPA. Paramount Global, 2025 WL 100139, at *10.
In so holding, the Sixth Circuit departed from the Second and Seventh Circuits, including the near-identical lawsuit brought by Salazar himself, that found the phrase “goods or services” to encompass all goods and services that a provider places in the marketplace. Judge Rachel Bloomekatz, penning the dissent, reached the same conclusion. She opined that, under the majority’s interpretation, a provider could “stitch[] together” non-video transactions to provide information about audio-visual transactions that could reveal a consumer’s personal information. Id. At *12. The majority found such concerns unavailing and reasoned that the type of information available from the videos on Paramount Global’s website was not inherent to the newsletter and was “accessible to anyone, even those without a newsletter subscription.” Id. at *7.
As a result, the Sixth Circuit affirmed the district court’s decision to dismiss the complaint without leave to amend.
Implications For Companies
Circuit splits in the federal courts are increasingly rare. It is nearly unprecedented, however, to have a situation where one litigant has created a federal circuit split with himself. Salazar could file one lawsuit in New York and his claims would go forward. But, if the exact same lawsuit was filed in Tennessee, then dismissal would be the proper remedy.
This patchwork system may be difficult for corporate counsel, tasked with ensuring their companies’ adtech compliance, to follow. But, the Sixth Circuit’s decision in Paramount Global is better than the alternative and could pave the way for other circuits to similarly limit the scope of the VPPA in their relevant jurisdictions.
In the meantime, however, corporate counsel for companies based in Kentucky, Michigan, Ohio, and Tennessee can rest a little easier knowing that – they can offer newsletters without worrying that adtech, installed solely on their websites – will somehow subject them to draconian VPPA liability.
By Gerald L. Maatman, Jr., Justin Donoho, George J. Schaller, Ryan T. Garippo
Duane Morris Takeaways: In Mahoney, et al. v. The Allstate Corp, et al., 25-CV-01465 (N.D. Ill. Feb. 11, 2025), Plaintiffs Michael Mahoney and Scott Schultz (collectively, “Plaintiffs”) filed a putative class action lawsuit asserting Allstate, and its subsidiary Arity, illegally obtained personal driving data of 40 million policyholders through third-party mobile application software. The case is pending in the U.S. District Court for the Northern District of Illinois before Judge Steven C. Seeger.This is the third lawsuit in a series of lawsuits alleging class-wide allegations based on Allstate’s alleged data collection practices. See Sims et al. v. The Allstate Corp. et al., 1:25-CV-00407 (N.D. Ill. Jan. 14, 2025) (alleging data collection through third party application Sirius XM); see also Arellano et al. v. The Allstate Corp. et al., 1:25-CV-01256, (N.D. Ill. Feb. 5, 2025) (alleging data collection through third party applications Life360, GasBuddy, and Fuel Rewards).
Mahoney, Sims, and Arellano, represent a triumvirate of data privacy class actions centered on allegations of improper data collection through third-party applications. Companies will be well-served monitor these cases for their novel assertions in trending data privacy litigation.
Complaint Allegations
Michael Mahoney resides in San Francisco, California, and he downloaded the GasBuddy application in 2011 to “find competitive gas prices.” Mahoney, 25-CV-01465, ECF No. 1 § III ¶ 14 (N.D. Ill. Feb. 11, 2025). Scott Schultz resides in Highland Park, Illinois, and he downloaded the GasBuddy application in 2021 and used it “in his own and other people’s vehicles to find competitive gas prices.” Id. § III ¶ 15.
Plaintiffs collectively allege that Allstate and its subsidiary Arity (collectively, “Defendants”) “conspired to collect drivers’ geolocation data and movement data from mobile devices, in-car devices, and vehicles.” Id. § IV ¶ 7. Plaintiffs allege Defendants designed a software development kit that could be integrated into third-party mobile applications such as “Routely, Life360, GasBuddy, and Fuel Rewards.” Id. § IV ¶ 8. Plaintiffs further allege Defendant advertised that they “collect data ‘every 15 seconds or less’ from 40 million ‘active mobile connections’ and ‘derive[] unique insights that help insurers, developers, marketers, and communities understand and predict driving behavior at scale.” Id. § IV ¶ 24.
Plaintiffs contend Defendants’ software development kit was “designed to and does collect data” including “Geolocation data and ‘GPS Points,’” “cellphone accelerometer, magnetometer, and gyroscopic data,” “Trip attributes” data (including start and end locations, trip distances, trip duration), “Derived events” data (including acceleration, speeding, distracted driving, crash detection), and “Metadata.” Id. § IV ¶ 11 (A) – (E). Plaintiffs further assert that when using these third-party applications “Defendants could collect real-time data on their locations and movements and surreptitiously collect highly sensitive and valuable data directly from Plaintiffs’ mobile phones.” Id. § IV ¶ 16.
It is also important to note that Plaintiffs maintain that Defendants used their personal data to “develop, advertise, and sell several products and services to third parties, including insurance companies . . .” and used the purchased consumer data for “[Defendants’] own underwriting purposes.” Id. § IV ¶ 23. Plaintiffs, ultimately, assert that Defendants real purpose in using this data is for their “own financial and commercial benefit” and to obtain “substantial profit.” Id. § V ¶ 49. They ultimately assert via their nine-count Complaint that this technology amounts to a wiretapping of their personal information which entitles them, inter alia, to a sum of “$100 per day per violation or $10,000” per class member whichever is greater. Id. § V ¶ 51.
Implications For Companies
Although such data collection lawsuits are no longer a new phenomenon, their scope has become far more aggressive as the plaintiffs’ bar continues to look for ways to monetize lawsuits against corporations using such technologies.
Take for example the dilemma presented by Mahoney. In that case, it is likely that Defendants will have strong defenses to this action. For example, Plaintiffs admit that Defendants’ purpose in using this technology was to earn “substantial profit.” Id. § V ¶ 49. Based on similar allegations, many courts have found that these purposes are insufficient for a plaintiff to avail itself of such wiretapping statutes. See, e.g., Katz-Lacabe v. Oracle Am., Inc., 668 F. Supp. 3d 928, 945 (N.D. Cal. 2023) (dismissing wiretap claim because defendant’s “purpose has plainly not been to perpetuate torts on millions of Internet users, but to make money.”).
There are, however, enough court rulings that come out in the opposite direction to give a corporate defendant pause. See, e.g., R.S. v. Prime Healthcare Services, Inc., No. 24-CV-00330, 2025 WL 103488, at *6-7 (C.D. Cal. Jan. 13, 2025) (recognizing the split and siding with the plaintiffs). And, if Plaintiffs are correct that there are 40 million individuals in the class, and that each class member is entitled to $10,000 at a minimum, then this lawsuit alleges at least $400 billion dollars in liability. Even if there is a 1% chance of success on these claims, it would suggest that the completely unrealistic figure of $4 billion dollars is on the table.
Corporations in these types of class actions are faced with the difficult choice of settling the claims for an astronomical figure based on the use of technologies which are ubiquitous in nature (like software development kits for mobile applications) or defend a $400 billion lawsuit based on defenses in an area of the law which is not fully developed. It will be interesting to see how the Mahoney defendants balance these concerns as the case progresses, because many twists and turns lie ahead.
In the meantime, corporate counsel should take the opportunity to evaluate their companies’ data collection and privacy policies to make sure their companies are not easy targets. If the allegations in Mahoney are any example, the mere threat of one of these lawsuits should be enough to keep corporate counsel up at night. And, if their companies are ultimately sued in one of these lawsuits, they should ensure that an experienced defense team has its hands on the steering wheel.
Duane Morris Takeaway:This week’s episode of the Class Action Weekly Wire features Duane Morris partners Jerry Maatman and Jennifer Riley, special counsel Justin Donoho, and associate Ryan Garippo with their discussion of the key trends analyzed in the 2025 edition of the Duane Morris Data Breach Class Action Review, including the contributing factors in the exponential growth of data breach class action filings, the sophistication of the plaintiffs’ bar litigation theories, and the chart-topping settlements in this area.
Bookmark or download the Data Breach Class Action Review e-book here, which is fully searchable and accessible from any device.
Jerry Maatman: Welcome all our loyal listeners and blog readers. Thank you for being here on our weekly podcast, the Class Action Weekly Wire. I’m, Jerry Maatman of Duane Morris, and joining me today are my colleagues, Jen, Justin, and Ryan. Thanks so much for being on this particular podcast.
Jennifer Riley: Thank you, Jerry. Happy to be part of the podcast today.
Justin Donoho: Thanks, Jerry. Glad to be here.
Ryan Garippo: Thanks for having me, Jerry.
Jerry: Today in the podcast we’re discussing the publication of this year’s Duane Morris Data Breach Class Action Review and desk reference designed for our clients to give them the latest, greatest information on the cutting-edge issues in the world of data breach class action. Listeners can find the e-book publication on our blog, the Duane Morris Class Action Defense blog. Jen, can you share with our listeners a bit about this desk reference and publication?
Jennifer: Absolutely, Jerry. The volume of data breach class actions exploded in 2024. Data breach has emerged as one of the fastest growing areas of class action litigation. The Review contains an overview of these filing numbers as well as settlements as well as some of the key decisions in this area. So, in sum, courts continue to reach inconsistent outcomes on issues such as standing and uninjured class members, those issues that are uniquely challenging in the data breach space. The Review has dozens of contributors, and it reflects really the collective experience and expertise of our class action defense group.
Jerry: I think it used to be, people thought whenever there was a drop in the stock following a company announcement, as sure as the sun rises in the east and sets in the west every day, there’d be a securities fraud class action lawsuit being filed. That seems to be the case now, when there’s a data breach incident, a data breach class action follows in its wake. Justin, can you shed some light on why this particular cause of action in this particular space has been growing incrementally over the last 36 months?
Justin: Absolutely. I mean, the frequency of the data breaches have been increasing, which is a huge part, and of course, with that comes heightened attention from both consumers and the plaintiffs’ bar. High profile cases, such as that multidistrict litigation arising from the Marriott International breach that affected over 133 million people, for example. There’s the MOVEIt MDL, which is another big one that got going last year. These have all put companies on notice that failure to secure personal data can lead to costly litigation. Cost lawsuits are not just about the breach itself, it’s also about the aftermath. So, consumers are now more aware of the risks and more inclined to seek legal recourse when their data is compromised.
Jerry: I think this is a great area where the notion that the law is trailing behind technology and can’t keep up with it – may well explain some of the developments in this particular space from a cybersecurity perspective. How do you think the increasing frequency of these sorts of events, and the sophistication of cyber criminals, is playing out in the class action space?
Ryan: Well, the rise in cyberattacks is definitely a huge factor. We’re seeing more sophisticated tactics from cybercriminals. Ransomware is at least one prime example – hackers demand payments in exchange for not publishing or further exploiting stolen data. The issue is that paying the ransom doesn’t necessarily guarantee the safe return or the deletion of the data, which makes these incidents devastating for companies. Additionally, I think we’ve seen as there’s been a shift to remote work and cloud-based infrastructure, that more vulnerabilities are exposed which ultimately increases the frequency of breaches. As a result, I think we’re seeing more lawsuits following these incidents and plaintiffs’ attorneys are more eager to capitalize on the growing number of affected individuals.
Jerry: In the last two weeks, the U.S. Supreme Court has accepted a case for review on the issue of uninjured class members, and whether or not their presence is something that can be used by a defendant to stop class certification. And one of the things we’ve seen in the last few years in the data breach area is the lack of injury or no injury-in-fact, as the Supreme Court has articulated that in TransUnion v. Ramirez. Jen, what do you see in terms of what plaintiffs are doing to try and come up with theories, at least from a financial damage or injury standpoint, that companies are now facing in what I would call data breach litigation 2.0?
Jennifer: Well, Jerry, I think several factors are really contributing to the rise of the popularity of these lawsuits. First, I think the sheer volume of people affected by these breaches has ballooned. Especially with breaches impacting millions of consumers or employees. As the size of these cases increases, I think it naturally leads to higher settlement amounts which in turn are attracting more plaintiffs’ lawyers to this area. Additionally, I think the type of data being compromised is becoming more sensitive – financial and healthcare information, for example – are leading to additional claims and higher potential damages and are leading plaintiffs’ attorneys to become more creative in looking for ways to monetize, capitalize on these breaches in terms of converting them into settlement dollars.
Justin: Yes, absolutely. And some courts are also becoming more sympathetic to plaintiffs in these cases, and to the potential long-term consequences of data breaches to plaintiffs, even where immediate harm is not apparent. So, it’ll be interesting to see where that Supreme Court case plays out. And let’s not forget about the legal fees and the expert fees also contributing to some of these large settlement dollars. As these cases become more complex with issues like class certification and determining damages, and the reasonableness of the cybersecurity, the costs involved in litigating these lawsuits are skyrocketing.
Jerry: You mentioned class certification – certainly the plaintiffs’ bar their theory is file the case, certify the case, then monetize the case, and the statistical study within the desk reference talks about the rise in class certification to 40%. Still a low number, but significantly up from 16% in calendar year 2023. What do you attribute to the trend that’s showing an upward number and a more of a chance for the plaintiffs’ bar to certify their data breach class actions?
Ryan: Well, like we mentioned before, I think it’s reflective of the fact that plaintiffs’ counsel has gotten more sophisticated in this space, and courts are getting more sympathetic to the plaintiffs at issue. But that said, class certification is still a major hurdle in any class action. And it’s particularly challenging in data breach cases. The increased success rate for class certification in the data breach space is 40% in 2024, reflecting that evolving legal precedent. Courts are now more inclined to accept the argument that consumers have suffered harm, even if their data hasn’t been directly misused, and that the mere recognition of an indirect harm, such as the increased risk of identity, theft, or emotional dispute or emotional distress, is enough to allow plaintiffs to get into court and overcome this clear obstacle.
Jerry: Jen, what were some of the major data breach litigation markers in the federal courts this year, by your way of thinking?
Jennifer: Well, Jerry, great question. We discuss in the Review some of the largest ones. Certainly, one of the prime examples is the ongoing MOVEIt Customer Data Breach Litigation. That litigation that began back in 2023 continued throughout 2024, and is ongoing. In that one, the Judicial Panel on Multidistrict Litigation consolidated more than 200 class action lawsuits. Those lawsuits resulted from a Russian cybergang hacking the file transfer software MOVEIt. The Judicial Panel on Multidistrict Litigation transferred those proceedings after consolidating them to the U.S. District Court for the District of Massachusetts. The plaintiffs in that case, as I mentioned, alleged that this vulnerability in the Massachusetts-based company MOVEIt, a transfer file software, was exploited. That data breach is considered to be the largest hack of 2023. According to the Panel’s initial transfer order, it exposed personally identifiable information of more than 55 million people. So, as I mentioned, that proceeding is ongoing. In July 2024, the Transferee Court issued an order adopting a modified bellwether structure in which it ordered the plaintiffs to file up to six consolidated amended complaints, and it ordered the parties to meet confer on the defendants to be named in each of those. The plaintiffs are going to file their motions for class certification, according to the schedule at least, in the summer of 2025. So, lots to be done in those cases yet.
Jerry: Well, it seems to me that data breach litigation, especially in the class action arena, is a problem or a fear that keeps corporate counsel up at night, and some of the top settlements in this space in 2024 maybe fuel that fear. What were some of the key and highest class action settlements in the data breach case, despite the fact that certification hovered around 40%?
The largest data breach class action settlement in 2024 was $350 million in In Re Alphabet Inc. Securities Litigation, Case No. 18-CV-6245 (N.D. Cal. Sept. 30, 2024), in which the court granted final settlement approval in a class action alleging that a software glitch led to a data breach in which Google+ users’ personal data was exposed for three years.
Justin: Yes, Jerry. Plaintiffs did very well in securing high dollar settlements last year, with the top 10 settlements totaling $593.2 million dollars. This was a significant increase over 2023 when the top 10 totaled $515 million – so they keep going up, too.
Jerry: Well, my prognostication is the 2025 numbers are going to go up and even exceed those chart-toppers in the next 12 months. In terms of final parting thoughts for our loyal listeners, what are some of the takeaways and key points that our listeners and readers should keep in mind for data breach issues in 2025?
Ryan: Invest in strong cybersecurity measures – it’s essential to stay out of the game in this space and constantly involve your cybersecurity infrastructure against these emerging threats. But beyond that, companies should also have a well-designated incident response plan in place and make sure that it’s regularly tested. This helps ensure not only quicker recovery, but also a stronger defense in court if a breach ever occurs. This legal landscape is evolving, and data breaches are no longer niche; they’re becoming an expected part of the litigation landscape, and so, having a proactive and comprehensive approach can help mitigate the immediate and long-term costs, and help keep you out of those $500 million numbers that Jerry and Justin mentioned before.
Jerry: Well, thanks, Jen, Justin, and Ryan, for your thought leadership and your analysis of this particular area. Loyal listeners, please stop by our blog and website to download for free our e-book, Data Breach Class Action Review – 2025. Thanks so much everyone for lending your expertise today on our Class Action Weekly Wire podcast.
Ryan: Thanks, Jerry.
Justin: Thanks for having me and thank you, listeners.
Jennifer: Thanks so much, everyone. See you next week.
By Gerald L. Maatman, Jr., Gregory Tsonis, and Ryan T. Garippo
Duane Morris Takeaways: On January 15, 2025, in Carrera v. EMD Sales, Inc., No. 23-217, 2025 WL 96207 (S. Ct. Jan. 15, 2025), the U.S. Supreme Court unanimously reversed the U.S. Court of Appeals for the Fourth Circuit, holding that the burden of proof required to prove the applicability of exemptions to the Fair Labor Standards Act (the “FLSA”) is not the “clear and convincing evidence” standard applied in the Fourth Circuit. In so doing, the Supreme Court harmonized the law across the country and confirmed that such exemptions need only be proven by a preponderance of the evidence.
Background
E.M.D Sales, Inc. (“EMD”) is a company that distributes food products in the Washington D.C. area. It employs sales representatives who work with partner grocery stores to help manage EMD products. The sales representatives “spend most of their time outside of EMD’s main office servicing stores on their routes,” however, there was disagreement as to “whether [the] sales representatives’ primary duty is to make sales of EMD products.” Carrera v. EMD Sales, Inc., No. 17-CV-3066, 2021 WL 1060258, at *2 (D. Md. Mar. 19, 2021).
In 2017, several of these sales representatives sued EMD in federal court in Maryland, arguing that they were entitled to overtime pay under the FLSA. In response, EMD argued that the sales representatives were exempt from the FLSA’s requirements pursuant to the “outside salesman” exemption. 29 U.S.C. § 213(a)(1).
Following a bench trial on the issue, the district court held that the outside salesman exemption did not apply. In so doing, the district court relied on Fourth Circuit precedent holding that the employer has the burden of proving the applicability of any FLSA exemption by “clear and convincing evidence.” Carrera, 2021 WL 1060258, at *5. In federal courts outside of the Fourth Circuit, an employer is only required to prove these exemptions under a lower standard of proof called the preponderance-of-the-evidence standard, which is the typical standard in civil cases. Id. The district court held that the employer failed to meet the heightened burden of proof regarding the applicability of the exemption, and thus held that the EMD sales representatives were entitled to overtime pay.
On appeal, EMD argued that the heightened “clear and convincing evidence” standard, which had long been the applicable standard for federal courts within the Fourth Circuit, should be overturned so it conformed with the standard applied across the rest of the country. The Fourth Circuit declined to do so and explained that “the district court properly applied the law of this circuit in requiring the defendants to prove their entitlement to the outside sales exemption by clear and convincing evidence.” Carrera v. EMD Sales, Inc., 75 F.4th 345, 353 (4th Cir. 2023). EMD, thereafter, sought review from the U.S. Supreme Court, which granted certiorari to resolve the issue.
The Supreme Court’s Opinion
In a unanimous 9-0 opinion written by Justice Kavanaugh, the Supreme Court explained that the “Fourth Circuit stands alone in requiring employers to prove the applicability of Fair Labor Standards Act exemptions by clear and convincing evidence. Every other Court of Appeals to address the issue has held that the preponderance standard applies.” Carrera, 2025 WL 96207, at *3. In noting that the “preponderance of the evidence” standard is “the established default standard of proof in American civil litigation,” the Supreme Court explained that the default standard can only be abrogated by statute, constitutional requirement, or other uncommon situations where unusual coercive relief is sought (e.g., revocation of citizenship, etc.).
In analyzing whether any such circumstances existed, the Supreme Court first observed that the FLSA is silent on the applicable burden of proof, noting there is no language that suggests that Congress intended a heightened burden to apply. Second, because the FLSA does not implicate constitutional rights, the U.S. Constitution did not compel a different result. Third, because FLSA lawsuits are akin to other employment statutes that entitle certain employees to monetary relief, they are not unusually coercive.
Turning next to policy arguments in favor of a heightened standard, the Supreme Court noted that other important statutes, such as Title VII of the Civil Rights Act, apply a preponderance standard while seeking to achieve laudable policy goals, such as ending discrimination in the workplace. Id. at *4-5. Finding nothing particularly distinct about the FLSA, the Supreme Court ultimately rejected the policy arguments advanced by the sales representatives, explaining that “rather than choose sides in a policy debate, this Court must apply the statute as written and as informed by the longstanding default rule regarding the standard of proof.” Id. at *5.
As a result, the Supreme Court reversed the decision of the Fourth Circuit and held that an employer must prove the applicability of FLSA exemptions only by a preponderance of the evidence. The Supreme Court also remanded the case back to the district court for a determination as to whether EMD met the lower evidentiary burden.
Implications For Employers
The Supreme Court’s decision in Carrera is a welcome reprieve for employers sued in Maryland, Virginia, West Virginia, North Carolina, and South Carolina federal courts. These employers will no longer have to satisfy a heightened burden of proof that they would otherwise not have to satisfy if sued for the same claims in any other state. Accordingly, employers based in those states can rest a little easier knowing that the standard for proving FLSA exemptions if sued will be the default standard applied in other jurisdictions, and not the heightened “clear and convincing evidence” standard that has long applied.
