A private right of action is essentially a license to sue. It’s usually a statutory grant of authority that gives private lawyers the green light to enforce privacy laws through litigation. But when plaintiffs' lawyers—not government agencies—are allowed to write and enforce the rules of the road, it can lead to mixed signals.
The Institute for Legal Reform (ILR) recently released a new study called Ill-Suited: Private Rights of Action and Privacy Claims that shows what happens when protecting consumer privacy is outsourced to plaintiffs’ lawyers through private rights of action: expensive litigation, inconsistent judicial rulings, companies afraid to innovate, and no real benefit to consumers.
One example of plaintiffs’ lawyers using a broad law to file multi-million dollar lawsuits without benefits to consumers: the Telephone Consumer Protection Act (TCPA). The study found that only four percent of eligible consumers file settlement claims, yet plaintiffs’ lawyers grab up to thirty percent of settlements as part of their fees.
In contrast, the study found that laws without a private right of action and gives enforcement power to agencies is a much better way to protect privacy. This is because agency enforcement is led by experts who understand the complexities of the law, leading to better outcomes for both consumers and companies.
In June, ILR released a podcast episode further highlighting the problems with private rights of actions featuring the report’s author, Mark Brennan and ILR’s Harold Kim. They discussed best standards for collecting, handling, and storing personal data, as well as what happens when those standards are ignored.