Law, disrupted The Explosion in Novel Data Privacy Claims
In this episode of Law, disrupted, John is joined by Paul Schwartz, Professor at the UC Berkeley School of Law and Director of the Berkeley Center for Law and Technology, Viola Trebicka, partner in Quinn Emanuel’s Los Angeles office and the Co-Chair of the firm's Data Privacy and Security Practice, and Stephen Broome, partner in the firm’s Los Angeles and New York offices and the Co-Chair of the firm's Data Privacy and Security Practice. Together they discuss the explosion of data privacy claims on court dockets across the United States.
The conversation begins with John asking what developments the panel is seeing right now with data privacy claims. Stephen highlights how more cases are being filed daily, particularly under the Illinois Biometric Information Privacy Act (BIPA), as well federal and state wiretapping laws and new novel theories of recovery that were not previously plead in privacy cases.
Viola then explains the two categories of claims plaintiffs have been filing recently. The first category are common law invasion of privacy claims that are now being applied to modern data privacy issues. The second category consists of claims based on repurposing statutes that did not contemplate modern data gathering over the internet.
One example of these statutes is the Federal Wire Tap Act of 1968 which was intended to prohibit people from physically connecting to a landline telephone without permission. Today, on the internet, when someone goes to the website for a company, they know they are communicating with that company, but that company will often send the person’s data off to a third party which tracks ads or pages the person visits clicks on. Plaintiffs are now alleging that those third parties are eavesdroppers violating the Wire Tap Act.
Another statute plaintiffs increasingly use is the Video Privacy Protection Act which was passed in the late 1980s to prevent reporters from learning what videos a person rented at a video store. Now, many websites have embedded videos. Plaintiffs are now alleging that websites that share information about what embedded videos a person has watched, they have violated the VPPA.
John moves the conversation to why the US does not have comprehensive national legislation addressing data privacy. Paul explains that while Europe as well as states such as California, Nevada, and Virginia have passed statutes governing data privacy, the proposed federal statute, the American Data Privacy Protection Act (ADPPA) has not yet been brought to a vote in Congress.
The discussion then turns to how plaintiffs build large damage claims. Viola explains that plaintiffs focus on unjust enrichment and restitution theories. Unjust enrichment theories are usually asserted when the case centers on advertising data.
The panel then discusses how these theories when applied to classes that include tens of millions of plaintiffs can easily lead to total damages figures in the hundreds of millions or billions of dollars.
The discussion then turns to what companies can do to avoid these huge awards. Paul emphasizes that companies need to get ahead of these issues before they get sued by seeking privacy counseling, hiring Chief Privacy Officers, and mapping where their customers’ data is and what is happening to it.
Finally, the group discusses two notable issues that have come up in recent FTC enforcement actions. The first is the possibility of imposing personal liability on senior executives for data privacy violations. The second is that when it settles a case, the FTC will now spell out in extreme detail what it expects of companies who have had a cybers
Podcast Link: Law-disrupted.fm
Host: John B. Quinn
Producer: Alexis Hyde
Music and Editing by: Alexander Rossi