Case Overview

| | |

|---|---|

| Article Type | Roundup |

| Vertical | Privacy, Data & TCPA |

| Published | February 2026 |

| Cases Covered | 3 |

Privacy & Data Law Roundup: IRS Taxpayer Sharing Ruling, Tempus AI Genetic Privacy Suit, and a TCPA Curveball for Dabella Exteriors

Three significant developments in privacy and data litigation emerged this week, spanning federal tax privacy law, Illinois genetic information protections, and the ever-evolving landscape of TCPA enforcement. Here is what consumers, legal observers, and affected individuals need to know.

1. IRS Found to Have Violated Federal Law in Sharing Taxpayer Data With DHS

Area of Law: Federal Tax Privacy / Government Data Sharing

Key Statute: Internal Revenue Code § 6103

Scope: Approximately 42,695 alleged violations

A federal judge has found that the Internal Revenue Service violated federal law in connection with sharing confidential taxpayer addresses with immigration enforcement officials. According to reporting on the ruling, U.S. District Judge Colleen Kollar-Kotelly determined that the IRS broke the law "approximately 42,695 times" through a data-sharing arrangement with the Department of Homeland Security.

The ruling came as part of ongoing litigation challenging the arrangement, which the court found to be inconsistent with Internal Revenue Code Section 6103 — a federal statute that generally prohibits the disclosure of confidential taxpayer information except in limited, defined circumstances. The judge's findings center on the disclosure of taxpayer addresses to DHS officials, which the court determined fell outside those permitted exceptions.

The case raises significant questions about the boundaries of inter-agency data sharing, particularly when the information at issue involves constitutionally sensitive categories of data. Legal observers have noted that a finding of 42,695 individual violations — rather than a single systemic violation — could carry substantial implications for how future government data-sharing arrangements are structured and challenged.

This case is ongoing. Individuals who may have had their tax information shared with immigration authorities without statutory authorization may wish to monitor developments closely.

2. Tempus AI Faces Class Action Over Alleged Genetic Information Privacy Violations

Area of Law: Illinois Genetic Information Privacy Act (GIPA)

Key Statute: 410 ILCS 513/1 et seq.

Filed: February 13, 2026

Court: U.S. District Court for the Northern District of Illinois

A putative class action filed earlier this month alleges that Tempus AI, Inc. — an artificial intelligence company operating in the medical and genomic data space — unlawfully obtained and disclosed genetic information belonging to individuals in violation of the Illinois Genetic Information Privacy Act.

According to the complaint, Tempus AI's alleged conduct runs afoul of GIPA, a state law that governs the collection, use, and disclosure of genetic data in Illinois. The plaintiffs claim the company's practices with genetic information crossed statutory lines, though the full scope of the alleged violations is still being litigated.

GIPA is one of a growing number of Illinois privacy statutes — alongside the better-known Biometric Information Privacy Act (BIPA) — that carry significant per-violation statutory damages. Under GIPA, violations can expose defendants to substantial liability, particularly in a class action context where thousands or millions of individuals' genetic records may be at issue.

Genetic information is considered among the most sensitive categories of personal data, as it can reveal health predispositions, family relationships, and other deeply personal characteristics that individuals may not wish to have disclosed to third parties. The case against Tempus AI reflects a broader trend of plaintiffs' attorneys applying Illinois's privacy statutes aggressively to companies in the health data and AI sectors.

The case is in its early stages. Individuals who provided genetic information to Tempus AI and believe their data may have been shared without authorization may want to consult with a privacy attorney to understand their potential options.

3. TCPA Case Against Dabella Exteriors Tests the Outer Limits of Class Action Standing

Area of Law: Telephone Consumer Protection Act (TCPA)

Key Development: Court denies dismissal despite novel standing and class membership questions

Case: Weingrad v. Dabella Exteriors

A recent TCPA ruling involving home improvement company Dabella Exteriors is drawing attention in legal circles for the unusual procedural posture it presents. According to case commentary, a court allowed a plaintiff's TCPA claim to proceed even though the plaintiff may not fall within the putative class definition — and the specific legal theory underlying the claim has been questioned as to whether it exists under current law.

The Telephone Consumer Protection Act generally prohibits companies from placing calls or sending text messages using autodialers or prerecorded voice messages without the recipient's prior express consent. Violations can carry statutory damages of $500 per call, with willful violations potentially tripling that amount to $1,500 per call.

What makes the Dabella case notable is not the underlying allegations of unwanted contact, but rather the court's apparent willingness to allow the case to proceed despite threshold challenges to both the plaintiff's standing within the class and the viability of the specific legal claim asserted. Legal commentators have noted the ruling as an example of the unpredictable terrain TCPA defendants — and their counsel — can face even when substantive defenses appear strong on paper.

For businesses that conduct outbound calling or text message marketing, the case serves as a reminder that TCPA exposure can arise through unexpected procedural pathways. For consumers who have received unsolicited calls or texts, the TCPA remains an active and heavily litigated avenue for potential relief.

Key Takeaways

• Government agencies are not immune from data privacy litigation. The IRS ruling illustrates that unauthorized disclosure of personal information — even by federal agencies — can result in findings of large-scale statutory violations.
• Illinois privacy law continues to expand beyond BIPA. The Tempus AI lawsuit shows that GIPA is emerging as a significant litigation tool for plaintiffs in the genetic data space, joining BIPA as a statute with teeth.
• TCPA litigation remains procedurally unpredictable. The Dabella ruling is a reminder that courts do not always resolve TCPA cases the way defendants expect, even when standing and substantive challenges appear well-founded.
• Genetic and health data are under increasing legal scrutiny. As AI companies collect and process sensitive medical information, plaintiffs and regulators are paying closer attention to how that data is handled and shared.

These cases are in various stages of litigation. Nothing in this article constitutes legal advice. Individuals who believe their privacy rights may have been violated should consult a qualified attorney.

Have you been affected by any of these developments? Share your experience in the comments below.