Class Actions in Privacy Law
eBook - ePub

Class Actions in Privacy Law

  1. 144 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Class Actions in Privacy Law

About this book

Class actions in privacy law are rapidly growing as a legal vehicle for citizens around the world to hold corporations liable for privacy violations. Current and future developments in these class actions stand to shift the corporate liability landscape for companies that interact with people's personal information.

Privacy class actions are at the intersection of civil litigation, privacy law, and data protection. Developments in privacy class actions raise complex issues of substantive law as well as challenges to the established procedures governing class action litigation. Their outcomes are integral to the evolution of privacy law and data protection law across jurisdictions. This book brings together established scholars in privacy law, data protection law, and collective litigation to offer a detailed perspective on the present and future of collective litigation for privacy claims.

Taking a comparative approach, this book incorporates considerations from consumer protection law, procedural law, cross-border litigation, tort law, and data protection law, which are key to understanding the development of privacy class actions. In doing so, it offers an analysis of the novel challenges they pose for courts, regulatory agencies, scholars, and litigators, together with their potential solutions.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Class Actions in Privacy Law by Ignacio N. Cofone in PDF and/or ePUB format, as well as other popular books in Law & Law Theory & Practice. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Routledge
Year
2020
eBook ISBN
9781000214192
Edition
1
Topic
Law
Subtopic
Law Theory & Practice
Index
Law

1
Introduction to privacy class actions

Ignacio N. Cofone

1 Introduction

Privacy class actions are a fast-growing phenomenon at the intersection of civil litigation, privacy, and data protection. Developments in privacy class actions are set to shift the corporate liability landscape for companies that interact with information technology and personal information and change how people seek redress for privacy violations. This book aims to fill a gap in the legal literature by being the first dedicated exclusively to the burgeoning phenomenon of class actions in privacy law.
Although privacy class actions are new, they are rapidly developing, with their numbers having surged since 2015.1 In the coming years, the role of privacy class actions as a legal vehicle for citizens around the world to hold corporations accountable for privacy breaches and violations is likely to continue to grow. With the ubiquitous use of networked technologies across industries, the collection of and access to citizens’ and consumers’ personal information have become commonplace. Breach notification legislation, along with recent developments in privacy tort law in the United States and Canada,2 have contributed to an explosion in privacy class actions. Public and private bodies are therefore increasingly at risk of liability for privacy breaches and violations, whether due to their business practices or external reasons such as hacking.
1 See Eloïse Gratton & Lauren Phizicky, “Privacy Class Actions: Uncertainties and lessons learned from data protection laws” (Chapter 3).
2 For a summary of recent developments in U.S. and Canadian privacy tort law, see generally Scott Skinner-Thomson, “Privacy’s Double Standard” (2018) 93:4 Wash L Rev 2051 (U.S.); Ignacio N Cofone & Adriana Z Robertson, “Privacy Harms” (2018) 69 Hastings LJ 1039 (U.S.); Justin Safayeni, “Invasions of Privacy: Civil and Regulatory Consequences” in Gerald Chan & Nader R Hasan, eds, Digital Privacy: Criminal, Civil and Regulatory Litigation (Toronto: LexisNexis, 2018) at 183 (Can.); Leon Trakman, Robert Walters & Bruno Zeller, “Tort and Data Protection Law: Are There Any Lessons to be Learnt?” (2019) 5:4 European Data Protection L Rev 500.
Developments in privacy class actions raise issues of both substantive and procedural law. They force us to challenge aspects of, for example, torts and consumer law, as well as the traditional procedures governing class action litigation. A study of privacy class actions such as this one therefore necessarily pulls together different branches of law, such as consumer protection, civil procedure, cross-border litigation, tort law, and data protection law. For that reason, this book brings together scholars from various fields to offer different perspectives on collective litigation for privacy claims.
The outcomes of ongoing and future cases stand to be integral to the evolution of privacy and data protection law across jurisdictions. Despite the increasing rate at which new privacy class actions are filed every year and their economic importance for consumers, public entities, and corporations, legal literature on the topic is scarce. This book aims to contribute to the development of this emerging area of the law.

2 The importance of class actions for people’s privacy

Private rights of action are a key legal tool for citizen and consumer data protection.3 As Mark Rotenberg and David Jacobs note:
3 See Janet Walker, “Douez v Facebook and Privacy Class Actions” (Chapter 4); Ignacio N Cofone, “Privacy Law Needs Privacy Harm” (August 30, 2019), online: The Hill < thehill.com/opinion/cybersecurity/459427-privacy-law-needs-privacy-harm >.
The enforcement of rights is a critical requirement of privacy law. Absent actual enforcement, there is little meaningful incentive for companies to comply with privacy requirements. Enforcement also helps to ensure that the individuals whose privacy is placed at risk are fairly compensated.4
4 Mark Rotenberg & David Jacobs, “Enforcing Privacy Rights: Class Action Litigation and the Challenge of cy pres” in David Wright & Paul De Hert, eds, Enforcing Privacy: Regulatory, Legal and Technological Approaches (Switzerland: Springer, 2016) 307 at 307.
Starting a claim under Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), for example, is a long and arduous process. Individuals must first report the privacy-violating practice to the Office of the Canada Privacy Commissioner (OPC) or, depending on the type of entity and violation, a provincial privacy commissioner, and wait for the commissioner to investigate and release a report of findings. Then, they may start a de novo application in court pursuant to section 14 of PIPEDA within a year after the OPC has published its report of findings stating that the company has breached PIPEDA. This means there rarely is a cost-effective option in Canada for individuals to bring consumer privacy claims that will grant them redress.
Private rights of action in privacy law, in turn, are of limited use if they cannot be part of a mechanism of collective redress because of their small expected awards coupled with the costs of litigation. For example, in Ontario, privacy claims under the intrusion upon seclusion tort created by the landmark case Jones v. Tsige would result in small awards because of the established maximum of $20,000 in damages.5 Many individual privacy claims involve much smaller amounts,6 are difficult to quantify,7 or go unrecognized.8 In most cases, plaintiffs obtain much less, meaning that most people simply will not commence these claims individually.9
5 Jones v. Tsige, 2012 ONCA 32 [Jones].
6 See Ignacio N Cofone & Thomas Kadri, “Cy Près Settlements in Privacy Class Actions” (Chapter 6).
7 Ignacio N Cofone, “The Dynamic Effect of Information Privacy Law” (2017) 18:2 Minn J L Sci & Tech 517; Ignacio N Cofone, “A Healthy Amount of Privacy: Quantifying Privacy Concerns in Medicine” (2017) 65:1 Clev St L Rev 1.
8 Ignacio N Cofone, “Nothing to Hide, But Something to Lose” (2019) 70:1 UTLJ 64.
9 See Cofone & Kadri, supra note 6.
Moreover, most of these individual claims would be litigated in small claims courts, many of which do not keep records of their decisions. For example, the Ontario Small Claims Court has jurisdiction for claims up to $35,000 so, under the Jones cap, it would receive most privacy claims, unless they are coupled with punitive damages or contractual breach damages.10 This impedes the development of privacy law.11
10 See “Privacy Law Update: Jones v. Tsige” (April 2, 2012), online: Nelligan Law < nelliganlaw.ca/article/insurance-defence/privacy-law-update-jones-v-tsige/ >; “Small Claims Court” (last modified March 28, 2020), online: Ministry of Attorney General < attorneygeneral.jus.gov.on.ca/english/courts/scc/ >
11 See John JA Lenz, “Privacy Class Actions’ Unfulfilled Promise” (Chapter 2).
The need for a cost-effective mechanism that provides redress for privacy violations has made privacy class actions highly relevant to judges, corporations, consumers, and citizens in general. Consequently, there has been a remarkable upward trend in the number of privacy class actions over time. Canada, for example, has seen more than 80 privacy class actions in the past 10 years distributed in logarithmic growth, compared to only 2 commenced before 2010.12 While the majority of them have been filed in Ontario using Jones as a catalyzer, they have spread across Canadian provinces widely.13
12 Christopher Naudie & Evan Thomas, “Privacy Class Actions, by the Numbers” (May 31, 2017), online (blog): Osler < osler.com/en/blogs/classactions/may-2017/privacy-class-actions-by-the-numbers >.
13 See Gratton & Phizicky, supra note 1.
What these class actions have in common is that they stem from privacy violations. Different types of privacy violations give rise to private rights of action that can lead to privacy class actions. Privacy law protects the collection, processing, and dissemination of personal information, and violations at any of these three stages can give rise to class actions when formal requirements are met. Common examples of violations include: security breaches, either as a cybersecurity breach or unauthorized access to devices that hold personal information;14 lack of notification when there’s a statutory notification requirement;15 unauthorized disclosure of personal information;16 unauthorized collection of personal information;17 and misuse of personal information.18
14 See e.g. Agnew-Americano v Equifax Canada Co, 2018 ONSC 275.
15 See e.g. Antman v Uber Technologies, Inc, 2018 WL 2151231 (ND Cal 2018). This claim alleged th...

Table of contents

  1. Cover
  2. Half Title
  3. Title Page
  4. Copyright Page
  5. Contents
  6. List of contributors
  7. Acknowledgements
  8. 1 Introduction to privacy class actions
  9. 2 Privacy class actions’ unfulfilled promise
  10. 3 Uncertainties and Lessons Learned from Data Protection Laws
  11. 4 Douez v Facebook and privacy class actions
  12. 5 Why class action suits for security breaches need to look beyond privacy concerns
  13. 6 Cy près settlements in privacy class actions
  14. Bibliography
  15. Index