Don’t Get Shaken Down by a Privacy Lawsuit

With emerging data privacy and security laws, plaintiffs and class action law firms have been filing novel legal actions, including large class actions seeking statutory damages and fees. Virtually every business collects or uses “personal information” subject to various privacy and security requirements; and thus, it is important to get compliance advice at the outset to prevent legal issues. Further, if a government or private action does arise, experienced attorneys can assist.

As one example of new lawsuits and demand letters, plaintiffs’ counsel have been targeting companies with websites offering a “live chat” feature or “session replay” software, or where there is disclosure of data through targeted advertising practices, such as through Meta “pixels.” In particular, plaintiffs claim that disclosure of data to service providers or advertising platforms through these technologies constitutes “wiretapping” and “eavesdropping” under the Federal Wiretap Act, 18 U.S.C. §2510 et seq., and the California Invasion of Privacy Act (“CIPA”), Cal. Penal Code §631 et seq., among other laws. What this means is that a business trying to offer customer support through a live chat feature, or using relatively common tools to display more relevant marketing to consumers, can face a lawsuit seeking statutory damages for each impacted consumer in a class action lawsuit (e.g., $5,000 per violation under CIPA); there are also claims that these and other practices constitute unfair business practices.

Moreover, federal and state agencies have taken an interest in data privacy and security issues, issuing notices and demand letters and bringing enforcement actions for violations. For example, there has been noted activity by the California Attorney General and now California Privacy Protection Agency (“CPPA”), which is the new agency enforcing the California Consumer Protection Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”).

So, what can e-commerce and other businesses do? At the outset, legal counsel can assist with reviewing whether any of these new or proposed privacy or security laws apply and provide advice on how to comply. For instance, an attorney can help prepare strong terms of service and a privacy policy and ensure processes for website users and visitors to get notice of, and consent to, the same.

If a company receives a shakedown demand letter, an investigation inquiry or request, or notice of a filed lawsuit, experienced counsel can assist with a resolution, which may include a swift out-of-court settlement or aggressive defense, depending on the circumstances.

Kronenberger Rosenfeld regularly counsels clients on data privacy and cybersecurity issues, including proactive compliance reviews, drafting internal and external policies, updating contracts, and responding to government investigations and lawsuits as well as private demands and class actions. Please contact us if you have an inquiry about a new matter.