PRIVACY CLASS ACTIONS

CD: Could you provide an overview of the privacy class actions landscape in your jurisdiction? What key trends and developments would you highlight?

Lanstra: While some states have enacted legislation addressing the collection, disclosure and storage of data, most of them have not provided a private right of action for data breaches or statutory violations. Plaintiffs thus often pursue theories of liability under common law or other statutory schemes, such as laws against deceptive business practices. The collection and use of biometric data is under heightened scrutiny. The California Consumer Privacy Act (CCPA), which takes effect on 1 January 2020, is a significant development that will invite more class actions for unauthorised access and exfiltration, theft or disclosure of personal information. The California Legislature passed the Act fairly quickly to avoid a competing ballot measure that would have been very imposing, so the Act includes unintended ambiguities that will need to be resolved by regulation or case law. Short of any federal solution with pre-emptive force, I think companies that collect data from Californians can expect to see substantial CCPA-based litigation following any data breach. And separate securities class actions and shareholder derivative actions tend to follow tort actions.

Jan-Mar 2020 issue

Skadden, Arps, Slate, Meagher & Flom LLP

Join our free mailing list to read the full article