Disappointed With Regulators, Private Citizens Take Data Privacy Violators Directly To Court

Companies violating global data privacy laws like General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) not only have to concern themselves with bureaucrats and regulators, as class action lawsuits and complaints by consumer groups and private individuals are quickly filling up court dockets around the globe.

Why Are So Many High Profile Private Cases Being Filed?

Oracle and Salesforce face legal complaints over privacy  related to cookie consent violations, and hotel chain Marriott is facing a  lawsuit alleging a large-scale privacy breach; the latter case is also being enforced by the UK’s regulatory body so Marriott is fighting a two-front battle. These private cases are a reflection of the growing disappointment regulators struggling to investigate GDPR violation allegations and enforce penalties commensurate with those violations.

For example, France’s regulator penalized Google with a €50 million fine in 2019 but payment has not yet been approved by the necessary parties to actually collect funds. Ireland’s Data Protection Commission, which is in charge of overseeing many Silicon Valley companies due to regional bases established in the country, has been particularly slow to enforce GDPR violations. A 2018 breach of  Twitter has dragged on for two years (all the while continuing to suffer security failures) and though a draft decision has been crafted, a  formal dispute between regulators is now delaying a final outcome by many more months. These delays have motivated private parties to turn to the court system for speedier resolution of their complaints. 

Why Are These Private Cases Important?

Regulators may not have the resources to investigate an individual complaint and take on a massive organization like Oracle or Salesforce, however private litigation provides three primary motivations:

1. A court case can provide a speedier resolution;
2. A financial incentive exists for private citizens and their attorneys as they can be compensated if they can prove the merits of the violations in court; and
3. Legal precedent can be set once a verdict is rendered.

The second reason above is quite the incentive, as regulatory fines do not provide compensation to individuals who had their data stolen. Additionally, if a private individual or group brings a lawsuit to court, they retain control over whether or not a settlement occurs rather than leave it up to a regulator’s discretion.

Is My Company Going To Be Sued?

Maybe, though the odds of that occurring go down if you’ve taken steps to be GDPR compliant, such as using a cookie consent tool (but not a cookie wall) and providing a mechanism for individuals to make a  data subject access request. Additionally, going directly to court opens up a new front in the fight against data protection abusers, but is not necessarily straightforward, as it is complex, expensive and uncertain.

How can Clym help with CCPA compliance?

Clym believes in striking a balance between digital compliance and your business needs, which is why we offer businesses the following:

• All-in-one platform: One interface combining Privacy and Accessibility compliance with global regulations, at an affordable price;
• Seamless integration into your website;
• Adaptability to your users’ location and applicable regulation;
• Customizable branding;
• ReadyCompliance: Covering 30+ data privacy regulations;
• Six preconfigured accessibility profiles, as well as 25+ display adjustments that allow visitors to customise their individual experience.

You can convince yourself and see Clym in action by booking a demo or reaching out to us to discuss your specific needs today.