Consumers are increasingly filing lawsuits against companies with websites that use data tracking tools such as Meta Pixel, beacons, cookies, tags, scripts, other tracking software, or chat features. Many of these tools are capable of tracking information about a website user’s time and use of the site, logging information about pages visited, buttons clicked, and purchases made. These tools may also gather and save information about the user’s operating system, browser, IP address, geographic location, payment methods, and other user information.
Depending on the website, the data gathered by these tools is then shared with business marketing platforms like Meta, Google, TikTok, and LinkedIn and used by them for targeted marketing. It may also be shared with website software providers; and, it may even be accessible by other visitors to the site. The problem is particularly acute on health care, financial industry, and government websites where sensitive data is made available to the website owner.
This article discusses increasing cyber and security state law claims against companies with websites and identifies steps that may be taken to protect companies from expensive lawsuits, arbitrations, and enforcement actions.
State Laws
Consumers are increasingly using old plaintiff-friendly state laws like the California Invasion of Privacy Act (CIPA) (which was enacted in the 1960s) to sue companies with business websites on claims of invasion of privacy and wiretapping. In addition, California, Texas, Oregon, Illinois, and Pennsylvania, as well as other states, have enacted new consumer data privacy laws. These laws require companies to take specific steps to protect consumer data and information. As of the writing of this article, California is the only state with a new consumer data privacy law which gives consumers a private right of action and the ability to seek damages in privacy actions. In other states that have recently adopted similar consumer data privacy laws, law enforcement is charged with enforcing privacy laws. It is important to note that companies with websites may be exposed to claims in plaintiff-friendly states simply because their websites are accessible by consumers in those states.
What to do to Protect Your Company
There are steps that companies with websites can take to help minimize the risk of privacy and security claims being filed against them:
- Conduct a website audit to determine what data your business is collecting, why that data is being collected, how it is being used, and who has access to it.
- Consult with the company’s corporate attorney to ensure compliance with state privacy laws and to seek guidance on how to minimize exposure to state law claims.
- Be transparent with website visitors and let them know what data is being collected and why and identify who has access to that data. Consider using a privacy policy or statement that is easily found on the website and that is routinely updated anytime the website changes and/or the website begins tracking new or additional data. Identify the tools your company is using to track data by name, including Meta Pixel.
- Consider whether collecting consumer consent (through a cookie banner or otherwise) is necessary for using tracking cookies or similar data collection tools.
- Limit data collection through your website if your company is not actively using that data for business purposes.
Our Team
Our Corporate Group advises clients on compliance with privacy laws in the U.S., EU, and U.K. and represents them in a variety of privacy and security enforcement actions in federal and state courts.
This article is informational only. The information provided on this website does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general informational purposes only. Information on this website may not constitute the most up-to-date legal or other information. Readers of this website should contact their attorneys to obtain advice with respect to any particular legal matter. No reader, user, or browser of this site should act or refrain from acting based on information on this site without first seeking legal advice from counsel in the relevant jurisdiction. Only your individual attorney can provide assurances that the information contained herein—and your interpretation of it—is applicable or appropriate to your particular situation. All liability with respect to actions taken or not taken based on the contents of this site are hereby expressly disclaimed. The content on this posting is provided “as is;” no representations are made that the content is error-free.