Website Privacy and Data Policies
Lawsuits and Consulting
Every business owner with a website should be aware of the importance of protecting the data of the visitors to their websites. The laws surrounding privacy and data on websites are an ever evolving area of the law, and staying on top of the current regulations is the best practice to avoid a potential lawsuit.
What are Internet Privacy Laws?
Internet Privacy Laws are laws that govern how personal information is collected, used, stored, and protected online. These laws vary by country and region, but generally aim to protect individuals’ personal information from being collected, used, or shared without their consent.
Privacy, Trap and Trace, and California CIPA Lawsuits (Including California Penal Code 638 & 638.51)
A new type of lawsuit is being filed against business websites which capture user data. They are called “Privacy”, “Trap and Trace”, or “CIPA” violations. Most business websites capture user data, yet most website owners are unaware of this process. These lawsuits are growing at an extremely rapid pace and are filed as class action lawsuits, claiming that websites which store a user’s IP address and collect other user data and/or have “pixels” that pass on user information to third-party sites such as Google, Facebook, TikTok, and others, are violating California Penal Code sections 638.51, 638.50(c), and 637.2, 631, and 631(a). Currently these Trap and Trace, CIPA, and Privacy claims are being filed by Matthew Smith at Tauler Smith LLP, Scott Ferrell at Pacific Trial Attorneys, and Joshua Swigart at Swigart Law Group. Ironically, as mentioned, most website owners are unaware that their website is collecting a user’s data. Unfortunately, at least two federal courts have allowed these types of lawsuits to move forward, which has opened the floodgates for even more of these lawsuits to be filed.
If a business allows itself to become a victim of a Privacy/Trap and Trace/CIPA lawsuit, the costs can be significant. These law firms claim that the business is liable whether or not it is aware of the behind-the-scenes collection process. The lawsuits seek penalties up to $5,000 per “incident,” with every user of a website potentially considered an incident. If a court were to allow these cases to be certified as class actions, and if the plaintiff were to prevail, the result would be devastating. In our view, almost all of these cases have little merit and should never be allowed to be filed. However, the legal fees to defend these cases can be significant. A better strategy might be to make some modifications to the website now to lower the risk of becoming a target.
The Karlin Law Firm is at the forefront of developing strategies to mitigate these risks. Feel free to contact our office to set up a time to discuss your website and possible prevention strategies. If you find yourself a victim of one of these Trap and Trace, Privacy, or California Penal Code section 638.51 , 638.50(c), 637.2, or 631 claims call The Karlin Law Firm at (888) 698-8932. See sample Trap & Trace claim letters by Matthew Smith at Tauler Smith, by Joshua Swigart at Swigart Law, and by Scott Ferrell at Pacific Trial Attorneys.
United States Internet Privacy Laws
In the United States, internet privacy laws include the Children’s Online Privacy Protection Act (COPPA), which regulates the collection of personal information from children under the age of 13, and the Health Insurance Portability and Accountability Act (HIPAA), which regulates the collection, use, and sharing of personal health information. The Federal Trade Commission (FTC) also enforces privacy laws related to online advertising and data security.
Additionally, California’s internet privacy laws are generally considered to be among the strongest in the United States, and are considered to be a model for other states and countries. California has the California Consumer Privacy Act (CCPA), which was passed in 2018 and went into effect in 2020. It gives California residents the right to know what personal information businesses are collecting about them, the right to have their personal information deleted, and the right to opt out of the sale of their personal information. The CCPA applies to businesses that collect personal information from California residents and have annual gross revenues over $25 million, or that collect personal information on the behalf of 50,000 or more consumers or households, or that derive 50% or more of their annual revenues from selling consumers’ personal information.
In addition to the CCPA, California has also passed laws such as the Shine the Light Law, which gives consumers the right to request information about the sharing of their personal information with third parties for marketing purposes, and the California Electronic Communications Privacy Act (CalECPA), which regulates government access to electronic communications and data.
GDPR and EU Privacy Laws
In the European Union, the General Data Protection Regulation (GDPR) regulates the collection, use, and storage of personal data, and gives EU citizens the right to access, correct, and delete their personal data. In many countries, internet service providers (ISPs) are required to protect the privacy of their customers’ internet activity, such as browsing history and search queries, and are prohibited from collecting and sharing this information without the customer’s consent. This laws apply not only to businesses located in Europe and the United Kingdom, but also to any business that does business through their website with the EU and the UK.
Failure to comply with Internet Privacy Laws can lead to litigation. Many of these cases are brought by internet trolls looking for websites that merely fail to meet technical compliance standards. It is important to have an attorney well-versed in internet privacy issues review your website’s policies and procedures around user data collection and use. Contact the Karlin Law Firm LLP for drafting and review of your website’s privacy policies and procedures or any related litigation matters.