Video game developer Ubisoft, Inc. came out on top earlier this month in the Northern District of California when a judge dismissed, with prejudice, a class action claiming that the company’s use of third-party website pixels violated privacy laws. The judge concluded that the “issue of consent defeat[ed] all of Plaintiffs’ claims.” Lakes v. Ubisoft

Kathryn Rattigan
Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.
Judge Rules “Tester” Plaintiffs Cannot Bring Wiretap Claims under California Invasion of Privacy Act
In a big win for businesses, a California federal court just held that a “tester” plaintiff—someone who visits websites to initiate litigation—cannot bring a claim under the California Invasion of Privacy Act (CIPA). Rodriguez v. Autotrader.com, Inc., No. 2:24-cv-08735, 2025 WL 65409 (C.D. Cal. 1.8.25). Tester plaintiffs have started to focus on consumer protection…
Yahoo ConnectID Faces Class Action Over Email Address Tracking as Alleged Wiretap Violation
Yahoo’s ConnectID is a cookieless identity solution that allows advertisers and publishers to personalize, measure, and perform ad campaigns by leveraging first-party data and 1-to-1 consumer relationships. ConnectID uses consumer email addresses (instead of third-party tracking cookies) to produce and monetize consumer data. A lawsuit filed in the U.S. District Court for the Southern District…
Stall on Automated Decision-Making Technology Rules from the California Privacy Protection Agency
This week, the California Privacy Protection Agency (CPPA) board held its April meeting to discuss the latest set of proposed regulations, including automated decision-making technology (ADMT) regulations. Instead of finalizing these rules, the board continued its debate and considered further amendments to the draft regulations. Notably, some members proposed changing the definition of ADMT and…
California Cryobank Hit with Lawsuit over Sperm Donor Databank Breach
California Cryobank, LLC, the largest sperm bank in the country, faces a lawsuit in the U.S. District Court for the Central District of California over an April 2024 data breach. Cryobank provides frozen donor sperm and specialized reproductive health care services, including egg and embryo storage.
Cryobank notified the affected individuals this month that it…
Pennsylvania Teacher’s Union Faces Class Action over Data Breach
The Pennsylvania State Education Association (PSEA) faces a class action resulting from a July 2024 data breach. The proposed class consists of current and former members of the union as well as PSEA employees and their family members. The lawsuit alleges that the union was negligent and breached its fiduciary duty when it suffered a…
CPPA Settles Alleged CCPA Violations with Honda
- Requiring
Utilities Petition FCC for Updates to TCPA Guidelines to Allow “Demand Response” Calls and Texts
Edison Electric Institute (EEI), an association that represents all U.S. investor-owned electric companies, petitioned the Federal Communications Commission (FCC) to permit calls and texts under the Telephone Consumer Protection Act (TCPA) without prior express consent for “demand response” communications. A prior FCC ruling clarified the FCC’s policies towards the types of calls and texts from…
Skin360 App Can’t Escape Scrutiny under Illinois Biometric Law
A federal district court has denied a motion by Johnson & Johnson Consumer Inc. (JJCI) to dismiss a second amended complaint alleging it violated the Illinois Biometric Information Privacy Act (BIPA) by collecting and storing biometric information through its Neutrogena Skin 360 beauty app without consumers’ informed consent or knowledge. The plaintiffs also allege that…
California Privacy Protection Agency Begins Investigative Sweep into Location Data Collection under CCPA
The California Privacy Protection Agency (CPPA) the agency responsible for implementing and enforcing the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) (collectively the CCPA), protecting consumer privacy, and ensuring compliance with data privacy regulations, has announced an investigate sweep into companies’ collection of sensitive location data. The CPPA has already…