Class Action Weekly Wire – Class Action Defense

November 13, 2025November 13, 2025 by Class Action Defense

The Class Action Weekly Wire – Episode 126: California Federal Court Slashes $28 Million Attorneys’ Fee In $150 Million Securities Fraud Class Action Settlement

Duane Morris Takeaway: This week’s episode of the Class Action Weekly Wire features Duane Morris partners Jerry Maatman and Daniel Spencer with their analysis of a California federal judge’s decision to reject a $28 million attorney fee request as part of a $150 million securities fraud class action settlement.

Check out today’s episode and subscribe to our show from your preferred podcast platform: Spotify, Amazon Music, Apple Podcasts, Samsung Podcasts, Podcast Index, Tune In, Listen Notes, iHeartRadio, Deezer, and YouTube.

Episode Transcript

Jerry Maatman: Thank you, loyal blog listeners and readers, for being here again with us for the next episode of our weekly podcast, The Class Action Weekly Wire. I’m Jerry Maatman of Duane Morris, and joining us today is Daniel Spencer, my colleague and partner from Duane Morris’ Los Angeles office. Welcome, Daniel.

Daniel Spencer: Thanks, Jerry. Great to be here.

Jerry: Today we’re talking about a pretty seminal ruling of a settlement and an attorneys’ fee award in litigation entitled In Re Zoom Securities Litigation in the Northern District of California. This was a case where the court gave preliminary approval to a $150 million settlement, but then during the final approval hearing took a hard look at a very hefty attorneys’ fees request from class counsel, whereby they asked for $28 million, or roughly 18.75% of the settlement fund. This would have translated into a multiplier under pertinent case law of over 10 times the amount of time actually spent. The court called this problematic. What’s your take on this, Daniel, from your viewpoint in practicing law in California?

Daniel: I’ll tell you, Judge Donato did not mince words on this one. He described the hourly rate of roughly $7,900 an hour as an “eye-watering figure”, commenting that it had no place in a straightforward securities class action. Instead, he went with the lodestar method, applied a multiplier of four, which is still pretty generous, and awarded $10.4 million in fees, plus an additional $262,000 in costs.

Jerry: So, this was a securities fraud class action brought under Section 10(b) of the Exchange Act and Rule 10b-5 of the SEC about Zoom allegedly misleading investors about its security practices. But the judge emphasized when considering the fee petition, that as class actions go, this one settled fairly quickly with a minimum of risk and toil, and that discovery was limited and actually no depositions had been taken, no motion for class certification was filed, no expert reports were produced, and there was no summary judgment practice.

Daniel: Yeah, that’s exactly right. And class counsel had reported approximately 3,500 hours of work, which is not insignificant, but the judge compared it to other work wherein the same firm had invested over 43,000 hours handling complex motions, depositions, and trial prep, and still received a 2.5 multiplier on its lodestar. So, here they wanted four times that multiplier for a much lighter workload.

Jerry: The judge made a very important statement about a principle that I think is key to class action jurisprudence, and that is that the court, when reviewing a settlement or reviewing a petition for attorneys’ fees, has in essence a fiduciary obligation to the class to protect them, especially where a defendant makes no objection to the plaintiffs’ application for an award of attorneys’ fees. As the judge put it, there’s a “heightened duty to peer into the provision and scrutinize it closely.” Was this an aberrational ruling, or is this something front and center in class actions in California?

Daniel: It’s absolutely front and center, and I’ll tell you that the judge reminded everyone that the courts have a duty to guard against these type of windfall profits in these megafund cases or those with settlements exceeding $100 million. In doing so, he stressed that the 25% benchmark that they’re used to seeing is simply not appropriate for those types of situations. 18.75% of $150 million, he said, would produce exactly the kind of disproportionate result the Ninth Circuit had warned against in similar settlements.

Jerry: The judge also touched upon something known in the law as the percentage of recovery factors that analyzes the results achieved, the risks to the lawyers, the non-monetary benefits accorded to the class, and the contingency nature of the case. And the judge said while this was a solid outcome, it wasn’t exceptional. The case didn’t break new legal ground or face unusual challenges, and the benefit to the class was entirely monetary and the risks were fairly routine for this sort of case.

Daniel: And that’s exactly right. The judge also pointed out that plaintiffs’ counsel’s own billing showed barely five hours spent on the class certification and notice, which is pretty extraordinary for a securities case. His takeaway was that 18.75%, which was requested, was a formulaic application of the benchmark. In megafund settlements, the court’s got to guard against that mechanical percentage that yield windfalls. The judge used the lodestar method and applied a generous multiplier of four, set the fee at $10,419,000, and also directed that 75% or about $7.8 million could be paid immediately with the remaining 25% to be held pending the post-distribution accounting. So even with a multiplier of four, every timekeeper down the line was effectively being compensated at $2,900 per hour, which is more than a healthy rate by any measure.

Jerry: In this case, class counsel also sought a service award for the lead plaintiff of $48,750. Most of the class action settlements we see, the service awards are around $5,000 to $12,000. How did the court come out on the request for the service award here?

Daniel: Yeah, so in this one, he relied directly on the Private Securities Litigation Reform Act, which prohibits incentive awards for lead plaintiffs in securities cases. A lead plaintiff can only recover reasonable costs and expenses, including lost wages. The declaration that plaintiff filed in support of that said he spent about 75 hours on the case and valued that at about $650 an hour. The court found no evidence tying that number to any actual costs or outcome.

Jerry: So, Daniel, what’s the big picture here for corporate practitioners when they’re looking at class action settlements or at the mediation table negotiating a class action resolution?

Daniel: So, really two lessons that you can take away from this case. First, don’t treat the 25% benchmark as a given, especially in these megafund settlements. And second, expect the judges to go through a rigorous lodestar cross-check, even in cases that are resolved efficiently. Judges are going to expect to see a clear correlation between the hours worked, complexity handled, and the fees requested by plaintiffs’ counsel.

Jerry: Well said, and thank you for your take on this case, Daniel. And thanks to our listeners for being here today. We’ll be breaking down this settlement and others in our upcoming Duane Morris Class Action Review scheduled for publication in the first week of January of 2026. So, thank you, Daniel, and thanks for all our listeners being with us today on our podcast.

Daniel: Thanks, Jerry. It’s a pleasure to be here.

November 6, 2025November 6, 2025 by Class Action Defense

The Class Action Weekly Wire – Episode 125: California Federal Court Dismisses Adtech Class Action For “Vague” Invasion Of Privacy Claims

Duane Morris Takeaway: This week’s episode of the Class Action Weekly Wire features Duane Morris partner Jerry Maatman and senior associate Hayley Ryan with their analysis of a California federal court’s dismissal of an advertising technology (“adtech”) class action alleging violations of the federal Video Privacy Protection Act (“VPPA”), the California Invasion of Privacy Act (“CIPA”), and California’s Comprehensive Computer Data Access and Fraud Act (“CDAFA”).

Episode Transcript

Jerry Maatman: Thank you for being here again. My name is Jerry Maatman, and welcome to the next episode of our podcast series entitled The Class Action Weekly Wire. Joining me today is Hayley Ryan. Thanks so much for joining the podcast.

Hayley Ryan: Great to be here, Jerry. Thanks for having me.

Jerry: Today, we’re going to dive into a very interesting decision, the dismissal of claims in a case entitled DellaSalla v. Samba TV. Can you give our listeners an overview of what this case was about?

Hayley: Absolutely, Jerry. The case was decided on October 30, 2025, by Judge Jacqueline Scott Corley in the U.S. District Court for the Northern District of California. In short, the plaintiffs were a group of smart TV owners who alleged that Samba TV’s advertising technology invaded their privacy and violated a handful of statutes, including the federal Video Privacy Protection Act, or the VPPA, and two California laws: the California Invasion of Privacy Act, or CIPA, and the Comprehensive Computer Data Access and Fraud Act, or CDAFA.

Jerry: Well, those of us in the class action space know that this is the new so-called “tort of the day,” with what are known as adtech privacy class actions, being filed across the United States with hundreds, if not thousands, of these sorts of lawsuits. To you, and I know you follow this area closely, what stood out about this particular ruling?

Hayley: Sure, what’s significant here is the court’s clear message. Privacy class actions can’t just rely on broad or vague allegations. The plaintiffs have to spell out exactly what information was allegedly disclosed, and why that disclosure would be considered highly offensive. That’s particularly important for the common law invasion of privacy claims that often accompany statutory ones.

Jerry: So, as I understand it, the gravamen of the claim was that the TV was intercepting viewing data, what you watched, when you watched it, and then tying that to some sort of ad targeting? Is that what this case was all about?

Hayley: Exactly, Jerry. They claimed that this kind of real-time data collection violated those privacy statutes and amounted to a common law invasion of privacy. But Samba TV pushed back, arguing that none of the California laws applied because the plaintiffs lived in North Carolina and Oklahoma, that the VPPA did not apply because Samba was not a videotaped service provider, and that there was nothing highly offensive about what was allegedly collected.

Jerry: As I read the opinion here, the court endorsed the defense positions and threw out the plaintiffs’ claims. Could you elaborate on the reasoning behind the court’s theories here?

Hayley: Sure. So, the court dismissed all claims. First, on the California statutes, the CIPA and CDAFA, the judge found that they simply do not apply extraterritorially. Because the alleged conduct occurred in North Carolina and Oklahoma, where the plaintiffs reside, and not in California, those claims were dismissed.

Jerry: That seems to be a very helpful gloss on those statutes, because almost all these companies operate in California, even though they may be headquartered in other states, and yet are hauled into court and sued over and over again in these California-based class actions.

Hayley: Yeah, it’s certainly a helpful clarification for companies in California who operate nationwide. And then on the VPPA claim, the court took a close look at the definition of a videotape service provider, which applies to entities engaged in the rental, sale, or delivery of pre-recorded video materials. The plaintiffs tried to stretch that definition, saying Samba TV’s software was part of the TV ecosystem that delivers videos.

Jerry: In essence, the court thought that was stretching the law too far and the parameters of the case just out of control.

Hayley: Right, so Judge Corley said Samba TV was not delivering video content, but that it was analyzing usage data. So, the VPPA did not apply, because collecting data about video watching is not the same as delivering video content itself.

Jerry: That, you know, actually makes good sense to me. What about the common law invasion of privacy claim? How did the judge interpret that and rule on that particular cause of action?

Hayley: Yeah, so this was probably the most interesting part of the opinion. The court found that the plaintiffs’ allegations were too vague because they failed to identify any specific shows or videos they watched. They did not describe what was supposedly private about the data, and they did not explain how tying it to an anonymized identifier was highly offensive. So, the court found that the plaintiffs did not plausibly allege a violation of privacy.

Jerry: That seems to be a very common sense reading of the law, because these cases come down to ‘my viewing data or my keystrokes were viewed, and therefore my privacy was violated.’ What do you think is the big takeaway from this decision for companies?

Hayley: So, I think that there are three main takeaways. First, plaintiffs can’t use state privacy laws like the CIPA and the CDAFA if they’re outside of California. Second, the VPPA doesn’t apply to analytics or adtech companies that merely collect viewing data. They have to actually deliver or sell video content. And third, for common law invasion of privacy claims, vague allegations just won’t cut it, and plaintiffs need specificity and a plausible showing of offensiveness.

Jerry: Seems to me that defendants are going to be citing this ruling in many of their briefs in the coming months in privacy and adtech-related class actions for the notion that tracking doesn’t equate to invasion or a viable cause of action.

Well, thanks for breaking down this decision and explaining it to our listeners, and thanks for your thought leadership in this area. Great to have you with us.

Hayley: Thanks, Jerry, and thanks, listeners. It was a pleasure to be here.

October 30, 2025October 30, 2025 by Class Action Defense

The Class Action Weekly Wire – Episode 124: Illinois Federal Court Approves $12.1 Million BIPA Class Action Settlement

Duane Morris Takeaway: This week’s episode of the Class Action Weekly Wire features Duane Morris partner Jerry Maatman and senior associate Tyler Zmick with their analysis of a $12.1 million settlement resolving a BIPA class action following eight years of litigation.

Episode Transcript

Jerry Maatman: Thank you, loyal blog listeners and readers, for being here again for our next episode of the Class Action Weekly Wire. I’m Jerry Maatman, a partner at Duane Morris, and joining me today is my colleague, Tyler Zmick. Thanks so much for being on our podcast today.

Tyler Zmick: Great to be here, Jerry. Thank you for having me.

Jerry: Today, we’re diving into a recent class action settlement in Illinois under the Biometric Information Privacy Act, known as BIPA, and a case that centered around a dispute between 7,700 current and former employees of Speedway over biometric data collection. Last Wednesday, the court here in Chicago gave final approval to a class action settlement worth $12.1 million. Tyler, let’s break it down and give our listeners a quick overview of what this litigation was all about.

Tyler: Sure thing. So, this is actually one of the older BIPA class actions that was filed back in 2017 by a lead plaintiff named Christopher Howe. Mr. Howe alleged that Speedway, the convenience store and gas station, required its employees to scan their fingerprints to clock in and out of work without providing informed consent, which is required by the statute. And so, therefore, the lawsuit claimed that Speedway violated BIPA, and the statute, as we all know, requires companies to get written, informed consent from individuals before it collects their biometric data, including fingerprints or facial scans. And the plaintiff alleged that he never received any kind of explanation about the biometric collection, and did not provide any written consent.

Jerry: So, this is a classic BIPA case, kind of that got-you situation, where either you did or you didn’t provide informed consent to workers regarding the collection of their biometric data. But here, the settlement certainly is very significant from a monetary standpoint, and it follows on the heels of pretty extensive litigation, as you had mentioned, back to 2017. In your mind, what were some of the key turning points in the litigation that led to this settlement?

Tyler: Right, so, as you mentioned, getting to the settlement in this particular case was a very long journey. The case hit a major milestone last September of 2024, when the Northern District of Illinois denied Speedway’s motion for summary judgment and granted plaintiffs motion for class certification. In its summary judgment motion, Speedway had argued that the fingerprint scans used with the timekeeping system did not qualify as biometric data under BIPA, because they were just partial prints, not full fingerprints. The court rejected that argument, stating that partial fingerprints are still covered under the statute. And the court also dismissed Speedway’s argument that its potential damages, which ranged from $14.4 million to $72 million, were disproportionate to the harm, and therefore, a class could not be certified. The court basically said that, look, if a company’s misconduct is so extensive that the penalties may be high, that is still no excuse for a defendant to claim that its damages are so excessive just because it violated the statute that many times.

Jerry: Despite all that, Speedway, however, was able to settle the case for $12.1 million. What can you tell us from the public filings about the terms of the settlement?

Tyler: So, as you mentioned, Jerry, the settlement includes a $12.1 million settlement fund, which will be divided among the 7,700 class members who worked at Speedway gas stations in Illinois between 2012 and 2017. The class members will each receive an equal prorated share, minus administrative costs, attorneys’ fees, and incentive award for the class representative, and importantly—and this is somewhat noteworthy—the settlement includes an attorney fee award of $4.5 million for the plaintiffs’ counsel. The court approved that amount, saying that the amounts are reasonable given the complexity and length of the litigation.

Jerry: I know our listeners recognize your name for thought leadership in the BIPA area, probably knowing as much, if not more, about BIPA rulings and BIPA settlements than any attorney in the Chicago area. What is your take in terms of the value of the settlement, the amount of money that the plaintiffs were able to garner here, compared and benchmarked towards other BIPA-related settlements?

Tyler: In my opinion, this settlement is fairly typical of a large BIPA class action, especially one involving a fingerprint-based timekeeping system, which, is more straightforwardly biometric than maybe other fact patterns will present. But this is a typical settlement when you consider the risks and costs involved of continuing litigation and a potential appeal. As we’ve seen in this case, litigation can drag on for years, and there is a degree of unpredictability. So, in this case, for the plaintiff and class members, a $12.1 million settlement ensures that they get a large amount of compensation without any further risks, and without the expense of trial and potential appeal. And the fact that there were no objections to the settlement from class members is a strong indicator that the settlement was viewed as fair by those involved.

Jerry: Well, not unlike taxes, the cost of settlements and class action litigation keeps rising. What does this tell employers and companies dealing with BIPA-related litigation about the state of class action settlements in this area and what the plaintiffs’ bar is trying to do with BIPA-related settlements?

Tyler: Well, that’s a great question. BIPA class actions are not being filed to the extent that they have been filed in previous years. That being said, BIPA continues to be a major issue in Illinois, and we are still seeing many class actions come up under the statute. So, as always, companies that collect biometric data, or potentially biometric data, need to be very diligent about complying with the statute’s notice and consent requirements. And this case really highlights the significant financial risks that companies face if they fail to follow the law to the T, especially since damages for these older cases can be awarded per violation.

Jerry: In sum, what would you say are the key takeaways for companies doing business in Illinois from this settlement, and what are the takeaways and learning lessons that they ought to have about it?

Tyler: Employers, I would say the key takeaway is simple: make sure you’re getting informed written consent from employees before collecting any biometric data, ideally during onboarding, day one of an employee’s work with the company. That means explaining how the data will be used, stored, and deleted, and informing employees of any changes in company policies or procedures regarding biometric data.

Jerry: Well, thanks so much, Tyler. We’ll be watching this settlement and others, and in the upcoming Duane Morris Class Action Review to be published in the second week of January of 2026, you’ll be one of our featured authors with your analysis of the state of BIPA litigation and settlements throughout the year. So, thanks so much for joining us on the podcast, and for giving us your insights to this particular settlement.

Tyler: Thank you, Jerry. Thank you, listeners. It was a pleasure to be here.

October 16, 2025October 30, 2025 by Class Action Defense

The Class Action Weekly Wire – Episode 123: Delivery Drivers Seek Approval For $24.8 Million Misclassification Class Action Settlement

Duane Morris Takeaway: This week’s episode of the Class Action Weekly Wire features Duane Morris partners Jerry Maatman and Daniel Spencer with their analysis of a proposed $24.8 million settlement to resolve misclassification claims brought by delivery drivers in 2015.

Episode Transcript

Jerry Maatman: Thank you again for being here, our loyal blog readers and listeners, for our next episode of our weekly podcast series entitled The Class Action Weekly Wire. I’m Jerry Maatman, a partner at Duane Morris, and joining me today is my colleague, our newest partner, Daniel Spencer of our Los Angeles office. Welcome.

Daniel Spencer: Thanks, Jerry. Great to be here. I appreciate you having me.

Jerry: Today, we’re here to discuss a nearly 10-year settlement in the making in a case called Lawson v. Grubhub. Daniel, can you give us some background on the case and what the plaintiffs’ claims are all about?

Daniel: Absolutely. So, this case has been around for quite some time. It kicked off in late 2015 when a former Grubhub driver, Raef Lawson, filed a suit in California. He claimed Grubhub misclassified him and thousands of others in independent contractors when they were actually employees. Lawson brought his claims for unpaid overtime, failure to reimburse business expenses, and other violations of the California Labor Code. He also brought a representative claim under the California Private Attorneys General Act, and this set the stage for what turned into nearly 10 years of litigation.

Jerry: Let’s start with the first major ruling, a bench trial in 2017. What happened there?

Daniel: That’s correct. So, at the trial, the court ruled against Lawson, finding that he was an independent contractor and not an employee. The court concluded that Grubhub properly classified their drivers as independent contractors under the S.G. Borrello & Sons v. Department of Industrial Relations multi-factor test that was the law at the time. The original test evaluated how much control a potential employer had over the way a worker completed his assigned tasks. To determine whether a worker was classified as an employee or an independent contractor, there were multiple factors that an employer had to look to, such as whether the employee or worker provided the tools for the job, the duration of the working relationship. And Lawson appealed that decision to the Ninth Circuit.

Jerry: While things weren’t, complicated enough, in 2018, the California Supreme Court issued a ruling that replaced the Borrello test with what’s known as a stricter ABC test from the Dynamex v. Superior Court case. The ABC test was then later codified into law with passage of Assembly Bill 5 in 2019. What impact did those developments have on the pending appeal?

Daniel: So, while the AB5 bill was coming into law, Lawson’s appeal was stayed, and the California Supreme Court decided whether the Dynamex ruling would apply retroactively. In 2021, the Ninth Circuit vacated the earlier decision in favor of Grubhub and sent the case back to the district court. The district court was then instructed to determine whether the exemption under the ABC test applied, and if not, to apply the ABC test to the original case.

Jerry: So, we’re back in the lower federal court. What was the outcome? Was it any different than the original bench trial?

Daniel: It was, and the Ninth Circuit vacated the decision. The district court ruled that the plaintiff was actually an employee in 2023. Then, the district court determined that a Grubhub delivery driver is an employee and not an independent contractor for minimum wage and overtime claims under the ABC test.

Jerry: Can you explain to our listeners what the ABC test entails and measures?

Daniel: The ABC test is a three-part test that an employer must meet if they want to classify a worker as an independent contractor. The worker is only an independent contractor if they meet all three parts of the test. The first part is the worker has to be free from control and direction of the hirer in relation to the performance of the work, both under the contract and in fact. The worker also, under the second part, has to perform work that’s outside the usual course of the hirer’s business. And finally, the third factor is that the worker is customarily engaged in an independent, established trade or occupation or business of the same nature as the work performed by the hirer. Grubhub tried to show that an exemption to the ABC test applied, but the court disagreed, holding that Grubhub’s delivery drivers are necessary to Grubhub’s business, which makes sense. That made Lawson an employee. The court awarded Lawson minimal damage for his individual minimum wage claims but found that Grubhub was not liable for any overtime compensation because Lawson didn’t work any overtime hours.

Jerry: That’s quite a turn of events, but I understand Lawson wasn’t satisfied with the result, correct?

Daniel: No. And the parties ultimately agreed to settle the remaining claims under a deal that came together in April of 2024 Just before the remedies bench trial was set to begin, in August of this year, Lawson moved for preliminary approval of a $24.75 million settlement. That proposed class is about 60,000 drivers in California who use Grubhub for at least one delivery since December of 2014. Under the deal, each class member will get at least $25. The preliminary settlement includes a $100,000 service award for Lawson, $260,000 set aside for administration costs, and $2 million in PAGA penalties, most of which will go to the state.

Jerry: And I assume plaintiffs’ counsel is interested in garnering a third of that settlement of $24.75 million?

Daniel: Yes, approximately 33%, which is fairly standard in large class actions of this type, especially ones that drag on for nearly a decade, like this case. If the court grants preliminary approval, the deal will move forward into the notice phase, there will be an opportunity for people to object, and then there will be a final settlement and approval hearing.

Jerry: Well, that’s quite a journey. Dwight D. Eisenhower and the troops invaded Normandy on D-Day in lesser time than it took for this case to wind through the court system, but it’s certainly a cautionary tale for employers in general, and gig companies in particular, in terms of what sort of impact misclassification decisions can have in terms of the litigation setting.

Well, thanks, Daniel, for your debut appearance on the podcast, and for explaining this settlement and what it meant, both to the parties and to other employers. And thanks for our loyal blog listeners for being here. We’ll be watching this settlement closely in terms of the settlement approval process and bring you further PAGA and California-related class updates as they occur. So don’t forget to subscribe to our blog and to our weekly podcast series, and we’ll see you next time.

Daniel: Thanks, Jerry, it was a pleasure to be here.

October 9, 2025October 9, 2025 by Class Action Defense

The Class Action Weekly Wire – Episode 122: Data Breach Class Action Dismissed For Plaintiffs’ Failure To Allege Concrete Injury

Duane Morris Takeaway: This week’s episode of the Class Action Weekly Wire features Duane Morris partner Jerry Maatman and associates Ryan Garippo and Andrew Quay with their analysis of a North Carolina federal court decision dismissing a data breach class action.

Episode Transcript

Jerry Maatman: Thank you, loyal blog listeners and readers, for joining us for this week’s episode of the Class Action Weekly Wire. I’m Jerry Maatman, a partner at Duane Morris, and joining me today are my colleagues Ryan Garippo and Andrew Quay. Thanks for being here.

Ryan Garippo: Thanks for having me, Jerry. Glad to be here.

Andrew Quay: Glad to be here, Jerry, thanks.

Jerry: Today, we’re going to dive into a ruling that came down in September from the Western District of North Carolina. The court dismissed a data breach class action in a lawsuit captioned Dougherty v. Bojangles Restaurants, Inc. What was this case about?

Ryan: Well, Jerry, this case stems from a data breach that allegedly hit Bojangles, the fast-food chain, in February of 2024. The company notified potentially affected individuals later that year. And in response, nine former employees filed a putative class action claiming that Bojangles failed to implement proper cybersecurity protections.

Andrew: The plaintiffs brought, really, a mixed bag of claims, including state tort claims, a claim under the North Carolina Unfair and Deceptive Trade Practices Act, others as well. The core issue at hand was whether they had standing under Article III of the Constitution to bring the lawsuit in federal court.

Jerry: In terms of harm, what were the plaintiffs alleging in terms of their so-called injury in fact?

Ryan: Well, that’s the key, Jerry. Alleging is the key fact there. Eight out of the nine plaintiffs did not allege that there was any actual misuse of their data. They claimed that they were harmed due to the possibility of future risks, such as identity theft, sales of their information on the dark web, increased spam calls, emotional distress, the value of their personal data going down in the future, but nothing that was actually affecting them right now.

Andrew: And the ninth plaintiff claimed he noticed fraudulent charges on his debit card, but crucially, he didn’t allege that he ever gave that card number to Bojangles as part of his employment. The court thereby determined that even if this fraudulent charge established an injury, that injury was not traceable to the data breach at hand.

Jerry: In terms of the analysis of the court, I know it leaned heavily on the U.S. Supreme Court’s seminal ruling in 2021 in TransUnion v. Ramirez, and that encapsulated a standing analysis. How did TransUnion impact the court in North Carolina in terms of its decision to ultimately dismiss this lawsuit?

Andrew: Well, in TransUnion, the named plaintiff on behalf of a putative class alleged that TransUnion, which is a credit reporting agency, violated the Fair Credit Reporting Act by failing to use reasonable procedures for placing a misleading alert in his credit file that labeled him as actually a potential terrorist, among other comparable threats. The Supreme Court held that only class members whose credit reports had actually been provided to third-party businesses had suffered concrete injury, that the mere existence of misleading alerts in one’s own credit file did not cause such an injury. So, if your data is compromised, but never actually used, maybe never even seen, you do not have a concrete injury.

Ryan: Yeah, and that’s exactly what happened here. The court said that the plaintiffs’ claims fell into the might-be-a-problem category, as opposed to the is already-a-problem category. So, in other words, if there wasn’t any actual type of misuse, such as someone attempting to open a credit card or steal their identity tied to the data breach. The court determined that the harm was just too speculative and dismissed the claims alleging fraudulent debt credit card usage as well, because as to that specific component, there was no allegation that it was actually traceable to Bojangles. So, either the plaintiffs had suffered no harm at all, or there was no traceability and failed on that prong in the alternative.

Jerry: It’s a very interesting outcome. Since the court never reached the underlying legal claims in terms of fault for the data breach, what does this mean for plaintiffs overall across the country in asserting injuries purportedly suffered in a data breach situation?

Andrew: The court ruled that every class member must show concrete injury, even at the pleading stage. And that’s a major procedural signal for future data breach class actions. Plaintiffs must show real-world harm, and if they can’t show actual misuse of data, or link that alleged misuse back to the defendant, courts should shut these cases down early, just like here.

Ryan: Yeah, and importantly, it gives defense counsel an important strategic roadmap – you can attack Article III standing. Now, here it was just for the named plaintiffs, but there’s language which suggests that this should be applied to the entire putative class, and which sort of harkens back to the Supreme Court’s dissent from denial of certiorari in LabCorp v. Davis, which hints at bigger questions about whether classes with uninjured class members can even be certified at all. Now, that issue was left for a different day, but here we’re not even going to get to see it because the court knocked this class action out at the pleading stage.

Jerry: Seems to me the Bojangles ruling certainly is a reminder that standing is anything but a formality and can be a very powerful tool by defense counsel and a corporation facing data breach class action litigation, a way to knock the socks off the lawsuit before you even get to the class certification issue, and gives the defendant, in these circumstances, a very strong argument for dismissal.

Well, those are great insights, Andrew and Ryan, and thanks for being with us today and breaking down the ruling, and thank you to our listeners for tuning in to this week’s episode of the Class Action Weekly Wire. As always, subscribe to our blog and stay tuned in for the latest trends in class action law.

Andrew: Thanks for having me on the podcast, Jerry, and thank you to our listeners.

Ryan: Thank you, everyone.

October 2, 2025 by Class Action Defense

The Class Action Weekly Wire – Episode 121: You’re Invited! Our Year-End Review Of EEOC Litigation And Strategy

Duane Morris Takeaway: This week’s episode of the Class Action Weekly Wire features Duane Morris partners Jerry Maatman and Jennifer Riley discussing key highlights in our upcoming webinar: Year-End Review of EEOC Enforcement Litigation and Strategy.

Episode Transcript

Jerry Maatman: Thank you, loyal blog listeners and readers, for being here again to join us for the next episode of our regular podcast series, The Class Action Weekly Wire. I’m Jerry Maatman, a partner at Duane Morris, here with my partner, Jennifer Riley. Welcome.

Jennifer Riley: Great to be here. Thanks, Jerry. Thanks for having me.

Jerry: Today, we’re talking about a special webinar program coming up on Wednesday, October 22, from 11:00 to 11.30 a.m. Central Time. It’s a virtual program that we think our listeners shouldn’t miss. It’s our biannual EEOC developments briefing hosted by Duane Morris.

Jennifer: You’ll hear from me, Jerry, Alex Karasik, and Gregory Tsonis during this 30-minute segment. Heading into fiscal year 2026, we will talk about some significant changes implemented by the Trump administration. Employers’ compliance with federal workplace laws and agency guidance remains a corporate imperative.

Jerry: The theme of our webinar will be a scorecard. How is the EEOC doing? What does their enforcement program look like in terms of our tracking and analyzing all of the lawsuits that have been filed over fiscal year 2025, and what it teaches employers about the priorities of the EEOC’s Strategic Enforcement Program.

Jennifer: That’s right, Jerry. We will be covering a lot of ground in a very short time period, starting with the major shakeups at the EEOC, the EEOC’s new strategic priorities, lawsuit trends, as well as enforcement initiatives.

Jerry: We’ll also dig into the numbers on the scorecard to give our listeners an idea of what the EEOC has focused on in terms of their lawsuit filings around the country.

Jennifer: Whether you are a corporate counsel, an HR director, or a business leader, compliance with EEOC guidelines is essential, and this program will provide some strategies to stay compliant and avoid drawing scrutiny from the agency.

Jerry: So, the watchwords in this webinar will be how to be proactive rather than reactive. So please register for the event, save the date for, our analysis and practical insights on everything about the EEOC and what fiscal year 2026 has in store for companies.

Jennifer: Well, thanks for having me on the podcast today, Jerry, and thanks to the listeners for being here. As always, subscribe to stay updated on the latest trends in class action law, and register for the upcoming webinar on our blog.

September 25, 2025September 25, 2025 by Class Action Defense

The Class Action Weekly Wire – Episode 120: Florida Federal Court Approves $20 Million Settlement In Data Breach MDL

Duane Morris Takeaway: This week’s episode of the Class Action Weekly Wire features Duane Morris partner Jerry Maatman and associate Ryan Garippo and Andrew Quay with their discussion of a major settlement in the data breach class action space.

Episode Transcript

Jerry Maatman: Thank you, loyal blog readers, for being here again for our next episode of our podcast series entitled the Class Action Weekly Wire. I’m Jerry Maatman, a partner with Duane Morris, and joining me today are my colleagues Ryan Garippo and Andrew Quay. Thanks for being here.

Ryan Garippo: Thanks for having me, Jerry. Great to be here.

Andrew Quay: Glad to be here. Thanks, Jerry.

Jerry: Today, we’re going to dive into a ruling granting final settlement approval in litigation entitled In Re Fortra File Transfer Software Data Breach Security Litigation – certainly a mouthful. Ryan, can you give our podcast listeners some background on what this litigation was all about?

Ryan: Yeah, of course, Jerry. This case is one that stems from a massive data breach that occurred a couple years ago, back in January of 2023, linked to the Clop ransomware group, which is a Russian-based operation. They exploited a zero-day vulnerability in Fortra’s GoAnywhere MFT software, which a lot of health and financial institutions use to securely transfer files. As a result, the hackers allegedly used that vulnerability to access and steal the personal health information of at least 5 million people.

Jerry: Were there any organizations that were impacted, or strictly just individuals?

Andrew: There were. The breach also affected about 130 organizations, including big names like Aetna, Community Health Systems, and NationsBenefits, all of which ended up as defendants in the resulting lawsuits.

Jerry: So, for our listeners, this case ended up then in a multidistrict litigation proceeding venued in the U.S. District Court for the Southern District of Florida, is that right?

Ryan: Yeah, that’s right, Jerry. It’s common practice in these data breach cases where, several dozen lawsuits are filed across the country, at least here, two dozen were filed, and they ultimately get consolidated into a multidistrict litigation, which here was in February of 2024, before Judge Rodolfo Ruiz. Plaintiffs’ consolidated complaints allege that the defendants failed to adequately protect their private health information of the plaintiffs and the settlement class from the unauthorized access. They also assert multiple counts of common law and statutory violations, all of which seek relief coming from the same events.

Andrew: And to follow up with Ryan, after the parties settled the claims, Judge Ruiz just issued final approval of a $20 million global settlement, which followed a separate $7 million settlement that was reached earlier in the year with a subclass of plaintiffs who sued another big defendant, Brightline.

Jerry: Let’s talk a little bit about specifics and drill down. What was exactly encompassed within the $20 million settlement?

Ryan: Well, the settlement is a $20 million cash fund to cover class member benefits, attorneys’ fees, and administration costs. However, each member can choose between up to $5,000 in documented losses, or a flat $85 cash payment.

Jerry: What about non-monetary benefits? I understand that those can be determinative in data breach class action settlements.

Andrew: There’s the option for dark web monitoring, except for the Brightline subclass, as those class members had already elected credit monitoring under the earlier settlement. However, the settlement does not constitute any admission of fault or liability by the defendants. That’s standard language in these types of agreements, but it’s worth noting that the court also emphasized this was not a ruling on the validity of the claims or the defenses.

Jerry: What did the judge do with respect to the plaintiffs’ petition for an award of attorney’s fees and costs?

Ryan: Well, the plaintiffs’ attorneys, of course, needed their fees, and he awarded up to 33% of the $20 million, which comes out to $6.67 million for the class counsel. There was also $263,800 in litigation costs separately, so about $2.3 million in attorneys’ fees for the Brightline subclass counsel as well.

Andrew: And just to highlight this, following the settlement several defendants, including Fortra, NationsBenefits, Intellihartx, Imagine360, and Community Health Systems have provided attestations confirming they’ve enhanced their cybersecurity to prevent future breaches.

Jerry: We’ve seen several large and significant class action settlements in the data breach space so far in 2025, including a ruling granting preliminary settlement approval to a $177 million settlement in In Re AT&T Inc. Customer Data Security Breach Litigation. When you measure that against what occurred in Florida, what do you think with respect to the terms being fair, adequate, and reasonable to the settlement class here?

Ryan: Well, the court stated that “despite the risks involved with further litigation, the Settlement provides outstanding benefits, including Cash Payments, Dark Web Monitoring, injunctive relief, for all Settlement Class Members.” in which we just discussed. In light of those factors, the court found the settlement to be “fair, reasonable, and adequate,” and there were no objections filed, which, for a class of this size, is fairly significant. So, it usually means that the settlement terms were both well-structured and negotiated.

Jerry: So, at a 100,000-foot level, what would be the takeaways for corporate counsel with respect to this litigation?

Andrew: Well, it’s highly important for companies to monitor any vulnerabilities and proactively invest in cybersecurity. These attacks can happen fast and get more sophisticated by the day. And for companies holding sensitive data – particularly health data – regulators, plaintiffs’ attorneys, and courts are all watching, so make sure that you are in compliance and engaging in best practice cybersecurity measures.

Jerry: Well, thanks, Ryan and Andrew. These are great insights, and listeners, thanks for joining us today, and appreciate my colleagues breaking down this settlement and what it means for corporate counsel. So please, listeners, join us for future episodes of the Class Action Weekly Wire, and subscribe to stay updated to the latest trends in class action litigation.

Ryan: Thanks for having me on the podcast, Jerry, and as always, thanks to the listeners for joining us.

Andrew: Thanks, everyone.

September 18, 2025September 18, 2025 by Class Action Defense

The Class Action Weekly Wire – Episode 119: Landmark $1.5 Billion Class Action Settlement Addresses AI Copyright Claims

Duane Morris Takeaway: This week’s episode of the Class Action Weekly Wire features Duane Morris partner Jerry Maatman and special counsel Justin Donoho with their discussion of a historic settlement agreement in the intellectual property class action space that is paving the way for AI copyright infringement litigation.

Episode Transcript

Jerry Maatman: Thank you to our loyal blog readers for joining us for this week’s edition of the Class Action Weekly Wire. I’m Jerry Maatman, a partner at Duane Morris, and joining me today is special counsel Justin Donoho. Thanks so much for being on the podcast.

Justin Donoho: Great to be here, Jerry. Thanks for having me.

Jerry: Today we’re here to discuss a massive class action case involving Anthropic and what could be one of the largest copyright settlements in the history of American jurisprudence at a staggering $1.5 billion. Let’s start with the basics. What is the case about, Justin?

Justin: Jerry, this case has everything – artificial intelligence, copyright law, alleged piracy, and a $1.5 billion settlement hanging in the balance. The plaintiffs allege that Anthropic, a leading developer of AI large language models, or LLMs, used copyrighted content from their books to train Anthropic’s Claude LLMs without obtaining consent. Part of that training included Anthropic allegedly downloading over 7 million digital copies of works acquired from pirating websites. The plaintiffs claimed that Anthropic’s practices violated copyright law and sought damages as well as injunctive relief. Anthropic maintained that its alleged conduct fell within the bounds of fair use and was essential for the development of competitive AI technologies. Judge William Alsup of the U.S. District Court for the Northern District of California ruled in June that while it was fair use for Anthropic to use the non-pirated copyrighted material to train Claude, at least in this case, the use of pirated works for training, if plaintiffs could prove piracy at trial, could still be copyright infringement.

Jerry: After that ruling, which I believe was one of the most few significant rulings we have seen this year to weigh in on fair use for training AI, the parties ultimately came to a settlement. And the judge issued a ruling on the plaintiff’s motion for preliminary approval of a class action settlement this past week. What did Judge Alsup decide in that ruling?

Justin: Judge Alsup denied preliminary settlement approval and had what he called a list of grievances regarding the settlement. One of his key concerns was that while the parties said they had an agreement in principle, the only thing that they seemed to agree on was the $1.5 billion price tag. He questioned whether that number had asterisks attached to it, because while Anthropic allegedly retained 7 million pirated books, the settlement list only included about 465,000.

Jerry: That’s quite a large gap between the parties. What would it qualify to be a book on the list?

Justin: The settlement only covers works that had ISBNs or ASINs and were registered with the Copyright Office before or shortly after Anthropic downloaded them. The judge questioned whether the list was final, and if there would be more works added. He did not want to see new claims coming out of the woodwork once Anthropic pays up. He emphasized that if Anthropic was settling for $1.5 billion, the company deserves certainty and closure. The judge also worried about other hangers-on joining the case and the impact that it would have on the posture of pending AI copyright litigation across the country.

Jerry: So where does that leave the parties and leave the lawsuit, given his ruling?

Justin: Judge Alsup denied preliminary approval but gave the parties a chance to amend the proposed settlement agreement. He ordered the parties to submit an updated list of qualified works by the 15th, a reworked claims process by September 22nd, and a new hearing is scheduled for September 25th.

Jerry: Let’s talk about the broader impact of the ruling. What does this suggest for other class actions in the copyright space involving AI?

Justin: A couple of things. First, in the context of allegedly training on pirated works, the action in these types of cases is likely to be on whether the plaintiffs can meet their evidentiary burden to actually show any piracy. And then outside the context of piracy, there’s still a fundamental legal question out there – can you train your AI on otherwise legally obtained copyrighted works without permission? Courts this year have been drawing different conclusions and saying, “maybe,” and it really depends on how the material was sourced and used, how much, and other factors, like nature of the copyrighted work and the effect on the market. And AI just makes the stakes higher. With respect to class actions involving piracy, for example, this $1.5 billion settlement is an exponential increase from the Napster and Grokster settlements in the early 2000s for $26 million, $50 million, and those kinds of digital distribution cases since then have been relatively sparse over the years. Compared with today, we are seeing many of these AI training class actions filed. So, given this legal landscape, the Anthropic settlement is likely to push more content creators to register their works with the Copyright Office, which is a requirement to be eligible for statutory damages in these types of cases.

Jerry: So, the big takeaway, maybe, to quote Yogi Berra, is “it’s not over till it’s over,” and there’s a chance this could become the largest class action copyright AI-related settlement in the history of American jurisprudence, but the court wants more precision, more fairness, more transparency. And even if this deal goes through, it’s certainly not going to be the last word in AI copyright law.

Justin: Not by a long shot. There are dozens of pending AI copyright cases. The rate of new complaints we are seeing this year seems to be increasing. Courts are coming out different ways on the fair use doctrine when there’s no issue of whether piracy is involved. And eventually, we could see the Supreme Court weigh in on AI and fair use.

Jerry: Well, thank you, Justin, for your thought leadership in this area, and for breaking things down for our listeners. This is one of those legal stories that really shows how quickly the law is advancing and trying to keep up with technology and the intersection of the law, IP, and AI. And thanks to all our loyal blog listeners for being here today. We’ll be watching this case closely, and bring you updates when things develop. Don’t forget to subscribe to our channel, and we’ll see you next time.

Justin: Thanks, Jerry, always a pleasure.

September 11, 2025September 11, 2025 by Class Action Defense

The Class Action Weekly Wire – Episode 118: Washington Supreme Court Adopts Broad Definition Of “Job Applicant” For Pay Transparency Class Actions

Duane Morris Takeaway: This week’s episode of the Class Action Weekly Wire features Duane Morris partner Jerry Maatman, special counsel Eden Anderson, and associate Caitlin Capriotti with their discussion of a highly anticipated ruling from the Washington Supreme Court holding that job applicants are not required to prove they are a “bona fide” or a “good faith” applicant to obtain remedies under the Equal Pay and Opportunities Act (“EPOA”) in class action litigation.

Episode Transcript

Jerry Maatman: Thank you all for joining us for today’s Class Action Weekly Wire, our continuing podcast series. Joining me today are Eden Anderson and Caitlin Capriotti of our California offices. Welcome.

Eden Anderson: Great to be here, Jerry. Thanks for having me.

Caitlin Capriotti: Glad to be here, thanks for having me.

Jerry: Today, we wanted to dive into the recent decision of the Washington Supreme Court called Branson v. Washington Fine Wine and Spirits. Eden, could you give our listeners an overview of what was at issue in that ruling?

Eden: Absolutely. In 2022, the Washington legislature amended the state’s Equal Pay and Opportunities Act, the EPOA, to require employers to include wage or salary ranges in job postings. And if the employer did not comply, the statute – at least as it was then written, it’s since been amended – provided for $5,000 in statutory damages per applicant. That can add up to millions in exposure, depending on the volume of applicants to a job. So, of course, the plaintiffs’ bar seized on the new law and started filing class actions. Some of the lawsuits were filed by genuine job applicants. But many of the lawsuits were filed by what we call serial plaintiffs, people who had no interest in the job, and who were applying just to trigger a lawsuit and collect statutory damages and attorneys’ fees for their lawyers. The question presented in the Branson case was whether a plaintiff has to show that they applied to a position in good faith and are a “bona fide” job applicant.

Jerry: Thank you. Caitlin, who were the specific plaintiffs at issue in the decision before the Washington Supreme Court?

Caitlin: The lead plaintiffs were Lisa Branson and Cherie Burke. They both applied for retail positions at Washington Fine Wine & Spirits, but the job postings did not include the required pay range info. Branson even interviewed and discussed pay, however, she ultimately decided not to take the job. After the plaintiffs filed a class action, the federal court where the lawsuit was pending certified the question of what must a plaintiff prove to be deemed a job applicant under the EPOA to the Washington Supreme Court, and the Supreme Court accepted certification to resolve that question. It is a bit curious and possibly unfortunate for employers that this issue came up in this case, given that Branson herself was seemingly interested in the job she applied for.

Jerry: So, what did the Washington Supreme Court ultimately decide in its ruling?

Eden: The court held that job applicants do not have to prove they were “bona fide” or acting in good faith to recover the remedies that the EPOA provides. The court relied on the dictionary definition of applicant as essentially someone who applies to reach that conclusion.

Caitlin: They also noted that while the legislature used the phrase “bona fide” elsewhere in the EPOA, it didn’t use that term in reference to job applicants. That absence was important to the court’s reasoning. The court repeatedly noted in the decision that if the EPOA is to be limited to bona fide or good faith job applicants, the Washington Legislature will need to make that act and make this change.

Jerry: So, what would the takeaway be – you simply apply, and therefore you qualify as a plaintiff who is standing in a case like this?

Eden: Well, I guess yes and no, Jerry. Yes, in that you qualify for the remedies that are available under the statute. Even if an applicant never had any real interest in the job, they still can seek the remedies that are available under Branson. But I want to be clear in saying that the Branson opinion is limited to remedies available to applicants. Whether the EPOA confers a private right of action, the right to file a lawsuit on a job applicant, remains an open issue.

Jerry: Caitlin, I also understand there was a vigorous dissent in the ruling. What did the dissent have to say about these issues?

Caitlin: Yes, a dissent was issued by three of the nine justices. They argued that the EPOA was not meant to allow what they called “bounty seekers” to comb job boards just to file lawsuits. Their concern was that this decision opens the door to the abuse of the statute.

Jerry: Well, thanks for that. Is it fair to say, then, that there are remaining open issues that can be legitimately litigated by employers when it comes to liability under this statute?

Eden: That’s correct, Jerry. As I mentioned, the decision only holds that anyone applies for a job, irrespective of their motive in doing so, can seek to recover remedies available under the statute. There’s a footnote in the opinion that highlights that those remedies may only be available in administrative proceedings before Washington’s labor and industries. That’s a key legal issue that will soon, surely be addressed by the courts in these cases. And other issues left open by the decision include whether statutory damages under the EPOA are too severe and unconstitutional; whether a plaintiff has standing to pursue damages on behalf of job applicants who applied to other positions that the plaintiff never sought to fill; and whether the recent amendments to the EPOA, which create a new sliding scale of statutory damages of $100 up to $5,000, applies retroactively. It’s unfortunate that the Washington Supreme Court didn’t proactively resolve at least some of those issues and is leaving it to litigants and to the courts to figure this all out.

Jerry: Let’s pan out then and take a look from a 100,000-foot view. What are the big picture implications of the ruling for businesses that operate in Washington state?

Caitlin: So, the short version is that this decision was not what employers were hoping for. It means that serial plaintiffs have viable claims, although the form of those claims is an issue still to be addressed. And that creates real exposure, especially for companies with high-volume hiring.

Jerry: Well, thanks, Eden and Caitlin. This is a great analysis for our listeners with respect to compliance with Washington’s EPOA. It’s certainly more critical now than ever before to proactively manage these risks in terms of the amount of class action litigation ongoing in the Evergreen State. The bottom line is probably this is the first of many rulings that are going to emanate out of the state of Washington on the parameters of the statute, and this is probably chapter one of a long litigation book that will be written. So, we’ll be watching the lower courts as the next wave of EPOA litigation erupts and provide these developments on our blog and in our annual Duane Morris Class Action Review. So, thanks so much for joining us on this week’s podcast.

Eden: Thanks for having me on the podcast, Jerry, and thanks to the listeners for being here.

Caitlin: Yeah, thank you for everyone. Thank you for having me.

September 4, 2025September 4, 2025 by Class Action Defense

The Class Action Weekly Wire – Episode 117: Illinois Federal Courts Greenlight ECPA Claims In Adtech And Edtech Class Actions

Duane Morris Takeaway: This week’s episode of the Class Action Weekly Wire features Duane Morris partner Jerry Maatman and senior associate Hayley Ryan with their discussion of two major rulings issued by Illinois federal courts addressing privacy claims aimed at companies utilizing advertising technology (“adtech”) and education technology (“edtech”).

Episode Transcript

Jerry Maatman: Thank you, loyal blog readers and listeners, for being here again for our next episode of our weekly podcast series entitled The Class Action Weekly Wire. I’m Jerry Maatman, a partner with Duane Morris, and joining me today for the first time is our senior associate, Hayley Ryan. Thanks so much for being on the podcast today.

Hayley Ryan: Great to be here, Jerry. Thanks for having me.

Jerry: Today, we’re diving into two major decisions out of the Northern and Central Districts of Illinois that are making waves in the adtech or internet-based technology litigation space. Let’s start with the basics. The two decisions came down on August 20 – Hannant v. Sarah D. Culbertson Memorial Hospital and Q.J. v. Powerschool Holdings. What’s the big picture here?

Hayley: These are both part of a much broader wave of class actions we’ve seen across the country involving adtech and edtech – things like the Meta Pixel, Google Analytics, and Heap Autocapture. These tools track user interactions on websites. The central claim in both actions is that these tools intercept users’ communications without consent and transmit them to third parties like Meta or Heap in violation of the Electronic Communications Privacy Act, or ECPA.

Jerry: Right, and that ECPA claim carries some serious weight and is worth a considerable amount of money because the potential statutory damages are $10,000 per user per violation. That’s pretty significant when you add up what occurs in a class action.

Hayley: Exactly. When you’re talking about websites with hundreds of thousands of visitors, those numbers add up fast. And while most of these lawsuits have targeted healthcare providers, we’re now seeing claims against education platforms, retailers, and more.

Jerry: So, let’s break down the rulings, and let’s start with the Hannant case. What happened here?

Hayley: So, in Hannant, the plaintiff sued a hospital, claiming that by embedding the Meta Pixel on its site, the hospital sent Meta a duplicate of her web-browsing data without her consent. Judge Sara Darrow dismissed the ECPA claim, but importantly, she allowed the plaintiff to re-plead. The court said the plaintiff might be able to survive dismissal by adding details about how the alleged data sharing violated HIPAA, which would support a claim that the hospital acted with a criminal or tortious purpose, which is a key requirement under the ECPA exception.

Jerry: And what about the Powerschool decision in terms of the court going the other way?

Hayley: Yes. In that case, the plaintiff sued the Chicago school board and its edtech provider over their use of a third-party tool called Heap Autocapture. Judge Jorge Alonzo denied the motion to dismiss, finding that the plaintiff had plausibly alleged violations of ISSRA, which stands for the Illinois School Student Records Act, and FERPA, which is the Federal education privacy statute. Both decisions leaned on plaintiff-friendly precedent from the Northern District of Illinois, but in Hannant, the court wanted more detail to support the theory of a criminal or tortious purpose. In Q.J., the court was satisfied that the allegations, as pleaded, crossed the threshold.

Jerry: Let’s talk about the implications of these two opinions. These are just two of hundreds of similar claims, but what are these rulings signaling to corporate counsel?

Hayley: We’re seeing a clear trend. Illinois federal courts are becoming outliers, more willing to let these ECPA claims proceed than courts in other jurisdictions. In most other states, courts are dismissing ECPA claims at the pleading stage, finding either no true interception or no criminal/tortious purpose when the use was for advertising or analytics.

Jerry: So, for companies operating in Illinois, is the big picture that pixels and cookies aren’t just marketing tools anymore, but can constitute legal landmines?

Hayley: Absolutely, Jerry. These decisions are making Illinois a hotbed for ECPA class actions. And while the Seventh Circuit hasn’t ruled on these issues yet, defendants need to preserve arguments now for a potential appeal later.

Jerry: So, if you’re a corporate counsel, what’s the big picture here in terms of things you should be doing to mitigate your risks?

Hayley: So there’s three key steps. Review your arbitration clauses, as making them airtight can help deter class actions or mitigate the risk of mass arbitration. Update your website privacy policies, terms of use, and vendor agreements. Audit your use of adtech and edtech tools – know what data is being collected, where it’s going, and whether it’s encrypted, anonymized, or otherwise protected.

Jerry: And I suppose the other issue is you’re dealing with a patchwork quilt of rulings, decisions going one way in Illinois and other ways in other jurisdictions. So, what’s a corporate counsel to do in the greater scheme of things?

Hayley: In other jurisdictions, defendants are still winning on motions to dismiss by arguing there’s no interception, or that there’s no criminal or tortious intent, when the purpose is legitimate business analytics.

Jerry: Seems to me the big takeaway, then, is that companies operating in Illinois need to be vigilant in compliance with these laws. So, Hayley, thanks so much for your thought leadership and for joining us for your maiden voyage on our podcast. Appreciate your expertise and your views of these two significant rulings. And for our listeners, please subscribe to our blog posts and sites, and listen in on our weekly podcasts. Thanks so much for being here.

Hayley: Thanks for having me on the podcast, and thanks to the listeners for being here.