Amanda Fiorilla is a Partner and Vice Chair of Lowey Dannenberg’s Data Breach & Privacy Practice. As a founding member of Lowey’s Data Breach & Privacy Practice, Ms. Fiorilla is at the forefront of the ever-changing data privacy and breach landscape. She is a fierce litigator who has obtained landmark victories on behalf of clients through her advocacy.
Notable Cases:
Privacy Litigation:
Frasco v. Flo Health, Inc., 3:21-CV-00757-JD (N.D. Cal.). Ms. Fiorilla was a core member of Lowey’s Privacy Team responsible for litigating the Frasco action, including serving as a member of the trial team. The action resulted in a historic jury verdict holding Meta Platforms, Inc. liable for collecting Flo App users’ private health data.
In re: Adobe Data Tracking Litigation, No. 5:25-cv-03032-NW (N.D. Cal.). Ms. Fiorilla serves as co-lead counsel in this action alleging Adobe unlawfully intercepted consumers’ identifiable data from third-party websites and used this data to create identifiable user profiles that are made available to advertising clients. The action remains pending.
DellaSala v. Samba TV, Inc., 3:25-cv-03470 (N.D. Cal.). Ms. Fiorilla leads the prosecution of this action, alleging Samba TV, Inc. uses a combination of proprietary technology, including automatic content recognition (“ACR”) and software development kits (“SDKs”) to profile individual consumers and sell packaged profiles to third parties. Ms. Fiorilla successfully argued against the defendant’s motion to dismiss, and a majority of claims were sustained. The action remains pending.
In re Zeta Global Data Privacy Litig., No. 1:25-cv-05780 (S.D.N.Y.). Ms. Fiorilla is co-lead counsel in this case, which alleges Zeta unlawfully intercepted and monetized consumers’ online activities and communications through proprietary advertising and identity-resolution technologies, including the Zeta Marketing Platform and associated tracking tools, without users’ consent. The action remains pending.
Zeolla et al. v. Southern New Hampshire Univ., No. 1:25-cv-00541-TSM (D.N.H.). As co-lead counsel, Ms. Fiorilla is actively litigating this action against Southern New Hampshire University for disclosing current and prospective students’ private educational data to third-party analytics and advertising companies.
Doe v. GoodRx Holdings, Inc., No. 3:23-cv-00501-AMO (N.D. Cal.). Ms. Fiorilla serves as court-appointed co-lead counsel in this action against GoodRx Holdings, Inc., Criteo Corp., Meta Platforms, Inc., and Google LLC for disclosing and intercepting users’ prescription information and other health data through software development kits and web-based tracking technology incorporated in GoodRx-branded mobile applications and websites. The action is pending.
Doe v. Regents of the University of California, No. 3:23-cv-00598 (N.D. Cal.). Lowey’s Privacy Team filed this action against Regents of the University of California alleging it disclosed its patients’ medical information through its incorporation and use of the Meta Pixel in violation of the California Confidentiality of Medical Information Act, among other laws. Ms. Fiorilla successfully, through briefing and oral argument, defeated Regents of the University of California’s Motion to Dismiss. This action is pending.
Data Breach:
In re Wawa Data Sec. Litig., Case No. 19-cv-06019 (GEKP) (E.D. Pa.). Ms. Fiorilla was imperative to this class action on behalf of financial institutions impacted by the breach of convenience store and gas chain Wawa’s payment card system. Plaintiffs obtained over $28 million in settlement, which remains pending for court approval.
Barr v. Drizly, LLC, Case No. 1:20-cv-11492 (D. Mass.). Ms. Fiorilla played an integral role in obtaining over $7.1 million in a settlement to resolve claims against Drizly relating to a data breach, which Plaintiffs contended concerned personally identifiable information.
In re Rutter’s Inc. Data Security Breach Litig., No. 1:20-cv-00382 (M.D. Pa.) (the “Rutters Action”). In this action, ”), Ms. Fiorilla and other Lowey attorneys secured one of the first federal decisions in the Third Circuit to explicitly recognize a merchant’s independent duty at law to protect customer data. See 511 F. Supp. 3d 514, 529-30 (M.D. Pa. 2021) (“Defendant’s affirmative act of retaining credit and debit card information which created a risk of foreseeable harm from unscrupulous third parties is enough to recognize a legal duty here.”).
In re USAA Data Security Litig., No. 7:21-cv-05813, 2022 WL 3348527 (S.D.N.Y. Aug. 12, 2022). Ms. Fiorilla and her colleagues successfully sustained claims pursuant to the Driver’s Privacy Protection Act (“DPPA”) against an insurance company who configured its website to disclose individuals’ driver’s license numbers on its quote forms. Prior to this decision, few courts, if any, had applied the DPPA in this context.
Background:
Ms. Fiorilla earned her J.D., magna cum laude, from Pace Law School in January 2019. During law school, Ms. Fiorilla served as Editor-in-Chief of The Pace Law Review. She was also President of the Corporate & Commercial Law Society, a Research Assistant, and Dean’s Scholar in the subjects of Property and Civil Procedure.
Ms. Fiorilla also co-authored a publication on the history of public corruption statutes and the prosecution of public officials during law school and she served as a judicial extern to the Honorable Patty Shwartz of the U.S. Court of Appeals for the Third Circuit.
She received her undergraduate degree, cum laude, in Political Science from Ramapo College of New Jersey in 2015. She was President of the Philosophy Club and a member of Pi Sigma Alpha, the National Political Science Honor Society.
Publications & Speaking Engagements:
Panelist, CIPA/ECPA: Navigating the Surge in Website Tracking Litigation, HarrisMartin’s Data Breach Litigation Conference 2026
Panelist, Article III and Standing in Consumer and Data Privacy Class Actions, NASCAT Annual Meeting 2026
Panelist, Cyber Litigation Trends at Cyber Counsel Group – Fall Conference 2025
Christian Levis, Amanda Fiorilla & Luke Goveas, Data Breach Plaintiffs Still Face Circuit Conflict on Standing, Bloomberg Law (June 15, 2021, 4:00 AM), https://news.bloomberglaw.com/privacy-and-data-security/data-breach-plaintiffs-still-face-circuit-conflict-on-standing?context=search&index=2.
Christian Levis & Amanda Fiorilla, New Jersey & Pennsylvania Hot Spots Among Recent Data Breach Targets, Lowey Dannenberg, (May 15, 2020), https://lowey.com/blog/new-jersey-pennsylvania-hot-spots-among-recent-data-breach-targets/.
Christian Levis & Amanda Fiorilla, Some Credit Unions Have Received Settlements; Should You Take Your Situation to Court?, CU Management, (Mar. 10, 2020), https://www.cumanagement.com/articles/2020/03/recovering-card-losses-after-third-party-breaches.
Samantha Conway, David Diab, Amanda Fiorilla, & Eric Grossfeld, Primer, 38 Pace L. Rev. 688 (2018), https://digitalcommons.pace.edu/plr/vol38/iss3/2.
Acknowledgments:
Ms. Fiorilla has been repeatedly recognized by Super Lawyers as a New York “Rising Star” and by LawDragon as one of the few Lawdragon 500 X – The Next Generation, and Leading Global Cyber Lawyers.