Litigation

Subscribe to Litigation via RSS

On March 20, 2026, the White House released its National Policy Framework for Artificial Intelligence (“Framework”), outlining legislative recommendations for Congress to establish a unified federal approach to AI regulation. The Framework builds on prior executive actions, including the December 2025 Executive Order (the “Executive Order”) and the Trump administration’s “America’s AI Action Plan,” and it proposes that Congress adopt legislation broadly preempting state AI laws deemed to impose “undue burdens.” This alert summarizes the Framework’s key provisions, analyzes their potential impact on state laws, and highlights considerations for healthcare and life sciences stakeholders navigating the evolving regulatory landscape. While the Framework does not itself change the current legal status of the Executive Order, it signals increased policy focus and may prompt further agency action.Continue Reading The White House Legislative Recommendations: National Policy Framework for Artificial Intelligence and Federal Preemption of State AI Laws

Last week, the U.S. Supreme Court agreed to hear a case that is expected to resolve a long-developing split among federal courts of appeals over the scope of the Video Privacy Protection Act of 1988 (“VPPA”), 18 U.S.C. § 2710. In granting certiorari in Salazar v. Paramount Global, the Court will address a question that has increasingly shaped VPPA class action litigation in recent years: who qualifies as a “consumer” protected by the statute.Continue Reading Supreme Court to Consider the Video Privacy Protection Act

Data breaches made headlines throughout 2024, affecting governments, health care groups, and telecoms. Follow-on litigation has kept pace. Nearly 4,000 class actions involving data privacy issues are estimated to be filed in federal courts by the end of this year.

Growth in litigation meant that 2024 saw legal developments in several areas including standing to sue and web video suits. Increased attention on cybersecurity and privacy incidents unsurprisingly corresponded with active SEC enforcement and derivative suits related to inadequate data security.Continue Reading Unwrapping 2024’s Key Trends in Data Privacy Litigation

Following up on announcements of sweeps from late January, last week California Attorney General Rob Bonta announced a settlement with the popular food delivery service DoorDash related to allegations that DoorDash breached the California Consumer Privacy Act (CCPA) and the California Online Privacy Protection Act (CalOPPA). The announcement doubles down on the Attorney General’s reiteration that privacy will continue to be priority for his office, while the new California Privacy Protection Agency (CPPA) is getting up to speed.Continue Reading DoorDash and California Attorney General Reach Settlement Over Privacy Allegations

Looking back on 2023, the trend of privacy-based class actions has only increased, and it doesn’t seem poised to halt or even slow down in the new year. Businesses are feeling acutely the threat of future litigation. At the end of 2022, the hundreds of cross-industry respondents to the Annual Litigation Trends Survey cited cybersecurity, data protection, and data privacy as the second-highest ranked area of future concern for class actions, and their concerns turned out to be justified. From peeved Pixel plaintiffs to data breach defendants, class actions abounded this year.Continue Reading Dashing Through 2023’s Privacy Litigation Trends

On this episode of the R&G Tech Studio, litigation & enforcement partner Ama Adams, who’s also the managing partner of Ropes & Gray’s Washington, D.C. office, sits down with data, privacy & cybersecurity partner Fran Faircloth to discuss how she helps clients bridge the gap between ongoing national security concerns and the rapidly evolving

Illinois continues to be a hotbed of privacy litigation, in large part due to Illinois’s landmark Biometric Information Privacy Act (BIPA), which was enacted in 2008. Despite the flood of cases in the wake of Rosenbach v. Six Flags Ent. Corp., 2019 IL 123186, 129 N.E.3d 1197 (Ill. 2019), this is only the first BIPA class action lawsuit to proceed to trial. On October 12, 2022, in Richard Rogers v. BNSF Railway Company (Case No. 19-C-3083, N.D. Ill.), a federal jury in Chicago found in favor of a class of more than 44,000 truck drivers who alleged that BNSF Railway Company (BNSF) violated BIPA by unlawfully scanning employee fingerprints for identity verification purposes without giving notice and obtaining their prior written permission. U.S. District Judge Kennelly entered a judgment against BNSF for $228M in damages. This case highlights many important considerations for organizations deploying biometric technologies in Illinois, including the potential for vicarious liability for a vendor’s actions, and provides valuable insight into how damages in BIPA cases are calculated. This decision from the Illinois court demonstrates that defendants can face significant civil liability in BIPA litigation, and companies using or collecting biometric information should be aware of these risks.Continue Reading First-Ever BIPA Trial – Jury Awards Staggering $228M in Damages

LEGAL_supreme court_SS_33353323_XL_rgb copy

On June 24, 2022, the U.S. Supreme Court issued its ruling in Dobbs v. Jackson Women’s Health Organization, overturning Roe v. Wade and holding that there is no constitutionally protected right to abortion. The significance of the decision cannot be overstated. Dobbs not only rolled back the Court’s prior protection of reproductive rights, it also raised still-unanswered questions about the privacy of digital data and could lead to the overturning of other previous Court opinions that are similarly grounded in privacy interests. In sparking such questions, Dobbs appears to have reinvigorated a national conversation regarding the protection of personal information and, more generally, the need for stronger data privacy safeguards in the United States.Continue Reading Four Months after Dobbs, Privacy Concerns Remain in the Spotlight

On October 5, 2022, Joe Sullivan, Uber’s former Chief Security Officer, was convicted of “obstruction of the proceedings of the Federal Trade Commission and misprision of felony in connection with the attempted cover-up of a 2016 hack at Uber.” He faces up to eight years in prison. The conviction marks the first time that an individual company executive has faced criminal charges related to an information security breach.Continue Reading Former Chief Security Officer of Uber Convicted for Mishandling 2016 Data Breach

GettyImages-698689964_--_edit

Delaware’s Court of Chancery recently dismissed a derivative claim brought by an alleged shareholder of SolarWinds, claiming that the Company’s current and former directors breached their fiduciary duties by failing to ensure that SolarWinds had minimal cybersecurity protections.  A cross-practice team of Ropes & Gray litigation and data privacy attorneys represented Kevin Thompson, SolarWinds’ former