Data Privacy

Cases

Advocating personal data protection and holding accountability after data breaches

Investigations

Explore ongoing investigations into claim magic of data breaches and misuse of privacy

Blog

Learn more from our expert data privacy attorneys

News

Stay in the loop of Lowey’s updates, current events, and landmark victories

Lowey’s privacy team holds companies accountable for data privacy failures.

Lowey’s privacy team has historic victories against Meta, Apple & Google in the digital age to hold big tech accountable for misuse of sensitive data.

Our team takes on unauthorized data collection, privacy invasions, and cybersecurity failures on behalf of individuals whose personal information has been misused or exposed.

Led by

Attorneys specializing in prosecuting entities for the misuse of consumers’ information

Christian Levis

Data Breach, Privacy

Christian Levis is a partner at Lowey Dannenberg, P.C., and Chair of the firm’s data breach and privacy practice group.

Amanda Fiorilla

Data Breach, Privacy

Amanda Fiorilla is a partner and Vice Chair of Lowey Dannenberg’s Data Breach & Privacy Practice.

Doe. v. Good Rx Holdings, Inc., No. 3:23-cv-00501-AMO (N.D. Cal.)

Lowey serves as interim co-lead class counsel on behalf of Plaintiffs and Class members alleging that advertisers Google, Meta, and Criteo unlawfully intercepted GoodRx users’ medical information.

Doe v. Favor, Inc., 3:23-00059 (N.D. Cal.).

Lowey Dannenberg represents a class of Favor (formerly Pill Club) website and app users alleging their personal data, including prescription information relating to birth control and Plan B, were unlawfully disclosed to and intercepted by Meta Platforms, Inc., TikTok, Inc., and FullStory Inc. using sophisticated tracking technology and Session Replay Software.

Doe v. Google LLC, 5:23-CV-02431 (N.D. Cal.)

Lowey serves as Co-Lead Class Counsel representing Plaintiffs and Class Members alleging that Google collected individuals’ health data through sophisticated tracking technology, including Google Analytics, incorporated on the websites of health care providers throughout the nation.

Google Assistant Privacy Litigation

Lowey serves as co-lead class counsel in this certified class action against Google, alleging that Google’s unlawfully and intentionally recorded Plaintiffs’ and Class Members’ confidential communications without their consent through its Google Assistant software. The case settled on the eve of the summary judgment argument.

Advocating for personal data protection and holding accountability after data breaches.

See Cases

Was My Data Exposed? How to Check & What to do Next (2026)

by James Spencer | January 20, 2026 | Blog, Data Breach and Privacy, Data Privacy | 0 Comments

Overview Data breaches are no longer rare or isolated events. From healthcare providers and financial institutions to employers and consumer brands, organizations across every industry are being targeted. If you recently received a breach notification…

What is a Class Action? What is a Mass Arbitration?

by James Spencer | November 25, 2025 | Blog, Data Privacy | 0 Comments

Key Takeaways Class actions are lawsuits where one or a few people represent a large group or a “class” in court. Mass arbitrations are lawsuits that include many hundreds or thousands of people filing individual arbitrations against the same company Class actions and…

Your Social Media Data May Be Fueling China’s Censorship Engine

by Yuanchen Lu | April 30, 2025 | Blog, Data Privacy | 0 Comments

On April 9, 2025, Ms. Sarah Wynn-Williams, a former Meta executive, testified before the Congress about how Meta colluded with the Chinese government over the years in order to re-entered the long-coveted Chinese market. Among the various support Meta provided, one…

Oracle Had a Data Breach (or Two). Here’s What We Know So Far

by Amanda Fiorilla | April 1, 2025 | Blog, Data Privacy | 0 Comments

In March 2025, two separate but equally alarming data breaches involving Oracle came to light. 1. Alleged Oracle Cloud Legacy Database Breach A hacker operating under the alias “rose87168” claimed to have compromised over six million records from more than 1,000…

23andMe Sold You Health Insights and Ancestry-Tracing—Why Deleting Your Data is Not Enough

by Amanda Fiorilla | March 28, 2025 | Blog, Data Privacy | 0 Comments

23andMe filed for bankruptcy after a major data breach. Learn what happens to your DNA data and what legal protections may apply. 23andMe was once all the rage. Everyone wanted to uncover their genetic makeup, health predispositions, and family history. It was a…

A U.S. Official Added a Journalist to a Secret Signal Chat. Here’s What It Teaches Us About Data Privacy.

by Amanda Fiorilla | March 28, 2025 | Blog, Data Privacy | 0 Comments

A simple mistake gave a journalist front-row access to U.S. military secrets. But the real scandal? This kind of breach happens all the time—just not usually by our government. Earlier this week, The Atlantic reported a surprising breach of protocol: a top-level U.S….

From historical victories holding Meta accountable in Frasco v. Flo Health, Inc., to $95 million settlement with Apple in Lopez v. Apple, Inc., our team provides strong results.

Frasco v. Flo Health, Inc., No. 21-cv-00757 (N.D. Cal.).

On Friday, August 1st2025, Lowey Dannenberg achieved a historic victory over Meta Platforms, Inc. (“Meta”) when a California jury found that Meta had violated the California Invasion of Privacy Act (“CIPA”) by recording individuals’ communications with Flo Health, a pregnancy and menstrual cycle tracking app. Lowey filed the first case, Frasco v. Flo Health, Inc., in 2021 and has been leading the prosecution of this action as co-lead counsel for the past four years.

Lowey partner Christian Levis, who leads the firm’s data privacy practice, served as trial counsel along with Carol Villegas and Mike Canty from Labaton Keller Sucharow. In addition to Mr. Levis, Lowey attorneys Amanda Fiorilla, Alexis Castillo, and Rachel Kesten were each part of the trial team and led the firm’s efforts to hold Meta accountable.

The verdict is the first of its kind and reflects the only time in history that Meta has been held responsible for the unauthorized recording of communications through its SDK.

Lopez v. Apple, Inc., No.19-cv-04577 (N.D. Cal.)

Lowey served as co-class counsel in this class action on behalf of Siri users alleging that Apple unlawfully (a) recorded private conversations through its voice assistant and (b) shared those recordings with third parties as part of a covert human review program to improve Apple’s speech recognition technology, in violation of the Wiretap Act, California Invasion of Privacy Act, and other state laws. The Court granted final approval to Plaintiffs’ $95 million settlement on behalf of the Class in October 2025.

Awards & Recognition

{

“Plaintiffs and Class Counsel have adequately represented the interests of all Settlement Class Members.”

– Hon. Leo T. Sorokin, U.S.D.J. in Barr, et al. v. Drizly, LLC, et al., No. 1:20-cv-11492 (D. Mass.)

Class counsel’s extensive class action and data breach litigation experience and their efforts during the action confirm their adequacy to serve on behalf of the class…

– Hon. Renée Marie Bumb, U.S.D.J. in Hozza v. PrimoHoagies Franchising, Inc., No. 1:20-cv-04966 (D.N.J.)

“The sound performance of plaintiffs’ counsel during this complex litigation demonstrates that they are up to the task of representing the class.”

– Frasco v. Flo Health, Inc., 349 F.R.D. 557 (2025)

Have a Case You Think We Can Help With?

Get Our Newsletter