In a digital age where personal data is increasingly valuable to businesses looking to understand their customers better, the unauthorized collection of information has become a pressing concern.
Unauthorized collection refers to the gathering of information without proper consent or legal authority. This can occur when personal data is collected without the knowledge or permission of the individuals involved, which can lead to privacy violations and potential legal issues.
As the ethical and legal implications of data collection continue to evolve, businesses need to navigate a complex environment, where transparency and responsible data handling are vital in preserving customer trust and upholding privacy rights. Many countries have strict regulations governing the collection and use of personal data, such as the General Data Protection Regulation (GDPR) in the European Union and the California Consumer Privacy Act (CCPA) in the United States. Violating these regulations can result in hefty fines and damage to the company's reputation.
The 色多多视频Cyber Claims team saw a noticeable increase in such claims arising out of statutes like California Information Privacy Act (CIPA), the Biometric Information Privacy Act (BIPA) and the Genetic Information Privacy Act (GIPA), as well as older statutes repurposed for current privacy conditions, like the Video Privacy Protection Act (VPPA), and various state wiretap statutes. VPPA was originally passed in 1988 to protect individual’s video rental records containing personally identifiable information. It has currently been repurposed to include streaming platforms and digital video services.
Careful collection
Companies collect data on consumers through various methods, including:
- Website cookies: When you visit a website, it may place cookies on your device to track your online behavior and preferences.
- Loyalty programs: Companies collect data when consumers sign up for loyalty programs and make purchases, allowing them to track shopping habits and preferences.
- Social media: Many companies monitor social media platforms to gather data on consumer opinions, interests, and behavior.
- Surveys and feedback forms: Companies often collect data through surveys, feedback forms, and questionnaires to understand consumer preferences and experiences.
- Purchase history: Retailers and online stores collect data on consumers' purchase history to analyze buying patterns and preferences.
- Mobile apps: Companies may gather data through mobile apps, tracking user activity and behavior within the app.
Businesses can take several steps to ensure that they are not collecting information without authorization. First and foremost, they should clearly communicate to their customers what information they are collecting and for what purpose. This includes obtaining explicit consent from individuals before collecting their personal information.
Additionally, businesses should regularly review their data collection practices ensuring that they follow relevant privacy laws and regulations. For one, businesses need to provide individuals with the option to access, correct, or delete their personal information as required by data protection regulations, such as the GDPR in Europe or the CCPA in California. They should also implement robust data security measures to protect the information they do collect from unauthorized access or misuse.
Businesses need to provide individuals with the option to access, correct, or delete their personal information as required by data protection regulations, such as the GDPR in Europe or the CCPA in California.
Costly repercussions
It's important to note that companies are required to handle consumer data responsibly and in accordance with data protection regulations. If not collected or handled properly, the repercussions can be costly.
Recently, Meta, the parent company of Facebook, Instagram, and WhatsApp, settled with the state of Texas for $1.4 billion over allegations of illegally collecting biometric data without consent. This marks one of the largest penalties imposed on the tech giant. The lawsuit accused Meta of violating Texas' Capture or Use of Biometric Identifier (CUBI) Act and the Deceptive Trade Practices Act.
This settlement comes after Illinois amended its Biometric Information Privacy Act, reducing companies' liability for collecting biometric data without permission. This change follows previous large fines imposed on companies like Meta, Google, TikTok, and Snapchat for similar violations. The case also highlights a 2023 court ruling that significantly increased potential penalties for biometric data collection violations. The ruling stemmed from claims against White Castle Systems for scanning employee fingerprints without consent, prompting the company to settle for $9.4 million.
Trending mass arbitration
More businesses are also contending with a growing trend toward mass arbitration. Mass arbitration refers to a situation where a large group of individuals bring arbitration claims against a company for similar issues. This can occur when a company includes an arbitration clause in its contracts, and many individuals believe they have been harmed by the company's actions. In mass arbitration, the claims are usually consolidated and handled together, which can result in more efficient resolution of the disputes, but the process also involves hefty fees that can total millions of dollars. Although alternative dispute resolution offers benefits such as a more efficient process, quicker resolutions, lower costs, and confidentiality, the filing of mass arbitration claims and the misuse of the process can sometimes undermine these advantages for both parties.
The potential for class actions suits has not disappeared either. The main difference between mass arbitration and class action suits lies in the legal process and the way claims are handled. In mass arbitration, each individual claim is arbitrated separately, but the claims are consolidated and handled together for efficiency. Each person's claim is considered on its own merits, but the process is streamlined by addressing common issues collectively. In a class action lawsuit, however, a group of people with similar claims collectively bring a legal action against the defendant. In this scenario, the claims are not handled individually but are treated as a single lawsuit on behalf of the entire class. The outcome of the lawsuit applies to all members of the class, whether they actively participated in the legal proceedings or not.
Pushing back
Some businesses have taken to fighting such claims. In one case, French skincare company by filing a fraud lawsuit against a plaintiffs’ law firm. The suit claims that the law firm was ‘manufacturing’ mass arbitration claims under CIPA by having people visit the company’s website, claiming their privacy was violated by third-party tracking software. In a recent decision, a judge ruled that the company was not subject to arbitration agreements with the consumers simply because they might have visited L'Occitane's website.
According to the judge, even if he agreed that an arbitration agreement could exist simply through the act of accessing a website, the law firm and its clients did not show any evidence they had visited L'Occitane pages. This ruling determined that the law does not apply to publicly available websites like L'Occitane's. We hope this decision serves as a warning to the plaintiffs’ bar that the courts will not tolerate frivolous lawsuits or mass arbitrations.
Cyber protection
Unauthorized data collection can create significant liability issues for organizations. That’s why cyber insurance can be essential protection, offering coverage for legal costs, damages, and managing public relations fallout resulting from unauthorized data collection. But it’s important to note that coverage for unauthorized collection is not a given. A base cyber insurance form typically excludes coverage for unauthorized collection, which may be amended by endorsement.
By being transparent about their data collection practices, adhering to regulations, and prioritizing data security, businesses can reduce the risk of collecting information without authorization that will help them avoid legal repercussions and maintain a positive relationship with their customers.
