On June 3, 2025, the U.S. Court of Appeals for the Fourth Circuit issued a pivotal ruling in longstanding litigation against Marriott International, Inc., arising out of a 2018 data breach involving its Starwood Preferred Guest Program. In reversing the lower court’s grant of class certification, the Fourth Circuit determined that the customers’ contractual agreements […]
Litigation
Ninth Circuit Addresses Personal Jurisdiction Based on E-Commerce Data Collection in En Banc Decision
A recent decision by the Ninth Circuit Court of Appeals in Briskin v. Shopify, Inc., No. 22-15815, could impact the scope of personal jurisdiction over e-commerce and other entities that utilize cookies to collect personal information from visitors to the entities’ websites, particularly in California. Although the impact of the case remains to be seen, […]
State Regulators Form Privacy Law Implementation and Enforcement Group
Eight state regulators have established a coalition called the Consortium of Privacy Regulators to collaborate on the implementation and enforcement of their privacy laws. According to announcements from the California Privacy Protection Agency (“CPPA”) and California Attorney General Rob Bonta, the Consortium aims to coordinate enforcement efforts, share priorities, and discuss developments in privacy law. […]
California Attorney General Targets Location Data in New Investigative Sweep
This week California Attorney General Rob Bonta announced a new investigative sweep under the California Consumer Privacy Act (CCPA). We have anticipated this sweep for some time based on the focus and the direction of a number of inquiries, investigations, and enforcement proceedings initiated by Attorney General Bonta’s office over the past 12-24 months. The […]
Massachusetts Top Court Torpedoes Website Analytics Wiretapping Class Action
On October 24, 2024, in a long-awaited decision in Vita v. New England Baptist Hospital, Massachusetts’ highest court snuffed out an attempt to use the state’s 1968 Wiretap Act to impose liability on a hospital system for its use of third-party analytics technologies on its website. The case had been closely watched by the business […]