Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
DATA PRIVACY AFFECTS EVERYONE. In this digital age consumers are rapidly becoming more technologically savvy, with many coming to understand the value of their own information and the idea that if you’re not paying for a product, you are the product.
As the data economy rises, companies are finding immense value in collecting, sharing and using data. Companies such as Google, Facebook, and Amazon have all built their empires through the data economy. Since the 2020 pandemic saw people spending more time online, using data-driven products and services more often, the conversation about data privacy has grown.
Consumers have begun to demand more from businesses using their data — and obtaining proper consent to collect and use information is vital for companies wanting to build trust and accountability with customers who expect privacy.
In the last year, we’ve seen a number of high profile companies like Zoom and Facebook come under the spotlight for violating data privacy laws, both through media exposure and, increasingly, class action lawsuits.
Here’s what to expect from a company when you trust it with your data.
Existing Laws for Data Privacy Protection
THERE ARE BOTH FEDERAL AND STATE-LEVEL LAWS and regulations that protect consumers’ data privacy in the United States across different sectors.
At the federal level, there is The Federal Trade Commission Act (FTC). While the FTC does not explicitly regulate what information should be included in website privacy policies, it uses its authority to issue regulations, enforce privacy laws and take enforcement actions to protect consumers.
The FTC might take action against organizations that don’t maintain reasonable data security measures or follow a published privacy policy, transfer personal information in an undisclosed manner or make inaccurate privacy representations to consumers.
For example, Flo Health, the makers of the popular Flo Period & Ovulation Tracker app, reached a settlement with the Federal Trade Commission (FTC) last month over allegations it shared users’ health information with data analytic providers.
The agency took issue with the fact that Flo promised its users that it would protect their data and keep it private, yet did the exact opposite. Flo is also facing several class action lawsuits, including one claiming it shared the intimate information of its hundreds of millions of users to internet giants like Google and Facebook.
Federally, there is the Children’s Online Privacy Protection Act (COPPA), which governs the collection of information about minors, the Health Insurance Portability and Accounting Act (HIPAA), which governs the collection of health information, the Gramm Leach Bliley Act governing personal information collected by banks and financial institutions and the Fair Credit Reporting Act, which regulates the collection and use of credit information.
At the state level, California is generally heralded as having the most comprehensive data privacy laws in its 2020 California Consumer Privacy Act (CCPA), which gives people the right to sue a business directly when it exposes their data through a breach caused by failures to use reasonable security measures.
The CCPA also imposes substantial responsibilities on companies collecting personal information from California residents, including telling them when and how their data is collected and giving them the ability to access, correct and delete that information.
In November 2020, California passed the California Privacy Rights Act (CPRA), clarifying that people can opt out of both the sale and sharing of their personal information to third parties.
Several states are considering similar laws to California’s, and there appears to be an appetite among lawmakers to improve data security and privacy in other sectors.
Washington is predicted to be close to passing its own privacy act, and New York enacted the Stop Hacks and Improve Electronic Data Security (SHIELD) Act in 2019, creating more data security requirements for companies that collect information on New York residents.
Some have even suggested that a Federal Department of Cybersecurity could be set up to standardize these laws across the country, Varonis reports, but at the moment the situation remains a patchwork of different regulations.
Data Privacy Enforcement Trends, and the Industries Most Under the Spotlight
MANY COMPANIES NOW COLLECT CONSUMER DATA, from social media platforms, to publishers, retailers to period tracker apps. As a result, class actions lawsuits around data privacy violations are becoming more common; while social media and tech giants lead the headlines, no industry seems immune. Some may choose to sue under federal laws, while many are also taking companies to task under state rules and regulations.
Last week, attorneys filed a class action lawsuit in New York against U.S. Fertility, LLC — one of the nation’s largest data providers for fertility clinics — under the HIPAA, claiming it did not adequately protect the personal information of at least 1,000 people whose data was compromised after U.S. Fertility experienced a massive ransomware attack on Sept. 14, 2020.
In December last year, a Kentucky man sued Crain Communication under Michigan privacy laws in a class action lawsuit, claiming he and others had been subjected to a “barrage of unwanted junk mail” after the company allegedly sold personal information the group submitted to obtain an Autoweek magazine subscription.
Also in December, a former employee at the Ace Hotel Chicago filed a class action lawsuit under the Illinois Biometric Information Privacy Act (BIPA), over the hotel’s use of fingerprints for employees to clock in, saying she was never notified about the particulars of how the company stores, uses or will eventually destroy the sensitive private data when her employer took her fingerprints at onboarding.
Meanwhile, another class action targets ClassMates.com under California privacy laws, saying the website compiled hundreds of thousands of digital yearbooks and puts the information on its site without permission, violating consumers’ privacy rights.
Californians have strong protections under the CCPA and CPRA, which now allows residents to sue after data breaches where the personal information that was exposed includes a username and password.
In early February, Hanna Andersson and Salesforce agreed to pay $400,000 to resolve a class action lawsuit filed under California privacy and competition laws over a data breach that allegedly compromised the information of more than 200,000 Hanna Andersson customers.
However, some companies seem to be taking advantage of the patchwork of federal and state regulations and the burgeoning privacy data legal field.
Last week, Facebook’s WhatsApp said it was moving forward with controversial policies that widen the company’s data sharing abilities with its owner, despite pushback from users wanting to protect privacy.
How the Biden Presidency Might Affect Data Privacy Laws
PRIVACY EXPERTS PREDICT that the Biden presidency, coupled with Democratic control of the House, could lead to comprehensive federal privacy legislation being passed in 2021.
In December, Future of Privacy Forum Senior Fellow Peter Swire said Democrats and Republicans had narrowed their differences on privacy, in part due to Europe tightening its data privacy laws through its General Data Protection Regulation.
In the last year, Senator Roger Wicker, R-Miss., proposed the American Framework to Ensure Data Access, Transparency, and Accountability Act, while Maria Cantwell, D-Wash., proposed the Consumer Online Privacy Rights Act.
“Something like last year’s bills might have a chance because Republicans and Democrats have come to agreement on so many of the provisions,” Swire said at the forum. “This is a rare bipartisan opportunity and so we could really see comprehensive privacy legislation pass in the new Congress.”
Speaking with Ad Exchanger last month, Charles Farina, head of innovation at Google services partner Adswerve, agreed, saying there was bipartisan momentum to build data privacy legislation. Putting aside nuances, Senate Republicans are mainly fixated on getting rid of social platform immunity for third-party content under Section 230, while Democrats are more focused on data collection practices, he said.
Many in the Biden administration worked on data privacy legislation under Obama, and are likely to pick up where they left off, experts predict. Meanwhile Vice President Kamala Harris has a strong record of fighting for consumer privacy, both as California’s attorney general and in the Senate.
Experts predict the FTC might have “more teeth” under a Biden administration, too, with Democrats long supportive of strengthening the FTC’s enforcement powers.
The Biden administration inherits two federal antitrust lawsuits that have big tech in the crosshairs, one brought by the FTC against Facebook and another by the Department of Justice aimed at Google.
How Consumers Can Take Action if They Have Been Affected By Data Privacy Breaches
WHEN A COMPANY FAILS to exercise reasonable care in protecting its customers’ information, consumers may be able to unite and file a class action lawsuit against the company.
If you were the victim of a data breach, the compromised company should have notified you, but if it didn’t, and you learned about it through other means, you should contact the company immediately to find out how you are impacted.
If you feel your personal information was used without your proper knowledge or consent, or on-sold or used improperly, you may also have a case. You may want to contact a lawyer to look into your legal options.
A qualified attorney will determine — under the federal and state laws applicable to you — aspects such as whether the company failed to adopt safeguards that would have prevented a data breach from occurring and if the company notified customers as soon as possible after it learned of the data breach.
They will also be able to obtain a list of all individuals affected like you, as well as reviewing a company’s policies and customer agreements and comparing the company’s policies to industry standards.
A lawyer might also help determine the damages you incurred from the data privacy violation, and seek reimbursement for these losses.
Have you experienced violations of data privacy online? Share your story with us in the comment section below!
Read More Class Action Lawsuit & Settlement News:
47 thoughts onData Privacy Laws: What You Need to Know, and How to Take Action
Please add me on all your lawsuits I’ve been dealing with cyber Hackers and stalkers for almost 2 years now and they have vandalized my private property and they have sent me Death threats.
Please add me
Please add me constant robo calls
Credit cards charges and identity hacked.
Please Add me
Please add me
Please add me to the list also. I have so many robocalls, to IRS, social security frauds. It is so bad my phone will call block up to 100 numbers and when it is full, I just delete the list and start over.
Add me please