settlement

Subscribe to settlement via RSS

On August 5, 2021, a proposed class action settlement was reached in the closely-watched privacy action against fintech services company Plaid Inc. (“Plaid”).  The settlement features a $58 million settlement fund and certain injunctive relief that would make changes to Plaid’s methods of notice and consumer data collection, including provisions requiring the deletion of certain banking transaction data. (In re Plaid Inc. Privacy Litig., No. 20-3056 (N.D. Cal. Memorandum of Points for Proposed Settlement Aug. 5, 2021)). The settlement is still subject to court approval.

Plaid is a fintech services company that offers applications that provide account linking and verification services for various fintech apps that consumers use to send and receive money from their bank accounts.  The consolidated actions involve claims surrounding Plaid’s alleged collection and use of consumers’ banking login credentials and later processing and selling of such financial transaction data to third parties without adequate notice or consent.  Plaintiffs’ complaint also contended that at no time were users ever given conspicuous notice or meaningfully prompted to read through Plaid’s privacy policy indicating that Plaid receives and retains access to their financial institution account login credentials or uses their credentials to collect and sell their banking information.   As we wrote about back in May 2021, the California district court, in deciding Plaid’s motion to dismiss, trimmed various federal privacy-related claims, including the Computer Fraud and Abuse Act (CFAA) claim, but allowed other state law privacy claims to go forward.

This past week, the operator of the popular Weather Channel (“TWC”) mobile phone app entered into a Stipulation of Settlement with the Los Angeles City Attorney, Mike Feuer (“City Attorney”), closing the books on one of the first litigations to focus on the collection of locational data through mobile phones. (People v. TWC Product and Technology, LLC, No. 19STCV00605 (Cal. Super., L.A. Cty, Stipulation Aug. 14, 2020)). While the settlement appears to allow TWC to continue to use locational information for app-related services and to serve advertising (as long the app includes some agreed-upon notices and screen prompts to consumers), what is glaringly absent from the settlement is a discussion of sharing locational information with third parties for purposes other than serving advertising or performing services in the app. Because applicable law, industry practice and the policies of Apple and Google themselves have narrowed the ability to share locational information for such purposes, the allegations of the case were, in a sense, subsumed in the tsunami of attention that locational information sharing has attracted. While some are viewing this settlement as a roadmap for locational information collection and sharing, in fact the settlement is quite narrow.

In early July, Ticketmaster reached a favorable settlement in its action against a ticket broker that was alleged to have used automated bots to purchase tickets in bulk, thus ending a dispute that produced notable court decisions examining the potential liabilities for unwanted scraping and website access. (Ticketmaster L.L.C. v. Prestige Entertainment West Inc., No. 17-07232 (C.D. Cal. Final Judgment July 8, 2019)).

In the litigation, Ticketmaster alleged that the defendant-ticket broker, Prestige, used bots and dummy accounts to navigate Ticketmaster’s website and mobile app to purchase large quantities of tickets to popular events to resell for higher prices on the secondary market. Under the terms of the settlement, Prestige is permanently enjoined from using ticket bot software to search for, reserve or purchase tickets on Ticketmaster’s site or app (at rates faster than human users can do using standard web browsers or mobile apps) or circumventing any CAPTCHA or other access control measure on Ticketmaster’s sites that enforce ticket purchasing limits and purchasing order rules.  Prestige is also barred from violating Ticketmaster’s terms of use or conspiring with anyone else to violate the terms, or engage in any other prohibited activity.

Earlier this month, an Illinois state court approved a $1.5 million settlement in a class action against L.A. Tan Enterprises, Inc., operator (directly and through franchisees) of L.A. Tan tanning salons.  The settlement resolved allegations that L.A. Tan violated the Illinois Biometric Information Privacy Act (BIPA) by collecting Illinois members’ fingerprints for verification during check-in without complying with BIPA’s notice and consent requirements. (See Sekura v. L.A. Tan Enterprises, Inc., No. 2015-CH-16694 (Ill. Cir. Ct. Cook Cty. First Amended Class Complaint filed Apr. 8, 2016)).   Under the settlement, approximately 37,000 class members who had their fingerprints scanned at a L.A. Tan location in Illinois between a specified three-year period (Nov. 13, 2013 to August 11, 2016) will receive a pro rata share of the settlement. Moreover, L.A. Tan agreed to comply with BIPA in the future and ensure the compliance of its franchisees.