Data Privacy

Over the last several years, there has been a monumental shift in how regulators, companies and consumers think about data privacy and security. Companies face an untenable and growing number of state privacy, cybersecurity and data breach laws that offer significant enforcement authority to federal and state regulators while opening the door for opportunistic plaintiffs’ lawyers to seek large settlements, even when there is no apparent harmRead More...

State privacy laws impose different (and sometimes contradictory) standards, including what types of notice and consent are required for what types of information, and when and how victims of data breaches must notify their customers. Customers may also not be required to demonstrate monetary or property losses in order to seek damages for an alleged violation. Even a technical violation of certain laws could be grounds for a private action.

A standard federal data privacy law would provide much-needed certainty for businesses and protect them from abusive and overlapping enforcement. The Federal Trade Commission should be the sole authority of data privacy enforcement, and should work to prevent and punish behavior that actually harms consumers. Finally, a federally enforced privacy framework should not create a private right of action, which would only add to the tremendous lawsuit cost Americans already pay, while enriching lawyers and providing very little value for consumers.

Emerging technologies also suffer from outdated or poorly-conceived laws and regulations. This leaves the door open for plaintiffs’ lawyers attempting to create regulation through litigation, bogging down the economy with lawsuits. Instead, lawmakers and regulators should implement rational policy changes that strike the right balance between innovation and consumer protection, so that we have a legal environment that supports—not stifles—the creative potential of the American economy.


Suggested Resources

  • Ill-Suited: Private Rights of Action and Privacy Claims

    Ill-Suited: Private Rights of Action and Privacy Claims

    July 11, 2019

    Private rights of action (PRAs) are highly problematic: the plaintiffs' bar benefits significantly from America's lawsuit system, while consumers are left with little. PRAs are especially poor tools for addressing privacy issues, which are better left to regulators with relevant expertise and perspective to shape and balance penalties, deterrence, innovation, and consumer protection. Read More

  • Torts of the Future: Addressing the Liability and Regulatory Implications of Emerging Technologies

    Torts of the Future: Addressing the Liability and Regulatory Implications of Emerging Technologies

    March 29, 2017

    Torts of the Future examines the emerging technology sectors of autonomous vehicles, commercial drones, private space exploration, the "sharing economy," and the Internet of Things, and assesses the existing regulatory and litigation environments and future liability trends for each. The paper also draws from experience in each area to present guiding principles for addressing the liability and regulatory implications of emerging technologies. Read More

All Results for Data Privacy

  1. In the News Today - February 19, 2020

    February 19, 2020 | News

    "The Coming Wave of California Consumer Privacy Act Lawsuits"... Read More

  2. In the News Today - February 10, 2020

    February 10, 2020 | News

    Judge Who Blocked Calif. Arbitration Law Says it Conflicts With Federal Law; "Three Lessons From BIPA for Data Privacy Legislation"... Read More

  3. In the News Today - February 7, 2020

    February 07, 2020 | News

    Legislation Banning "Phantom Damages" Moving Through Florida Legislature; Lawsuit Over Salesforce Breach Could Set The Tone for CCPA... Read More

  4. BIPA Settlement Should Keep Companies Up At Night, Lawyer Says

    February 06, 2020 | News

    A data privacy class action defense attorney told Legal Newsline that a recent $500 million Illinois Biometric Information Privacy Act (BIPA) settlement "should be keeping [companies] up at night."... Read More

  5. BIPA "Bares Its Teeth" Through Massive Settlement

    January 31, 2020 | News

    Illinois' unique Biometric Information Privacy Act (BIPA), through which private lawyers can sue companies without having to prove actual harm, "bare[d] its teeth" through the massive $550 million Facebook settlement, Law360 said. ... Read More

  6. SCOTUS Won't Hear Biometric Privacy Case

    January 23, 2020 | News

    The U.S. Supreme Court declined to hear a challenge to Illinois' unique Biometric Privacy Information Act, Law360 reports.... Read More

  7. In the News Today - January 17, 2020

    January 17, 2020 | News

    "The New Class Action Frontier Under Illinois Privacy Law"... Read More

  8. In the News Today - January 6, 2020

    January 06, 2020 | News

    CCPA Compliance Costs Expected to Reach $55 Billion... Read More

  9. 2019 Winter | ILR Research Review | Volume 6, Issue 3

    December 19, 2019 | Research

    Our Winter 2019 Research Review looks at a number of legal trends that are creating increasingly complex litigation and compliance burdens for companies-leaving the door open for plaintiffs' lawyers to profit.... Read More

  10. Legal Group Joins Facebook In No-Harm Bid To SCOTUS

    December 16, 2019 | News

    The Washington Legal Foundation filed an amicus brief in support of Facebook's ask that the U.S. Supreme Court review a decision to certify a class action lawsuit that failed to prove concrete harm, Law360 reports.... Read More