Media Feature Kohne and Reed on Akin Gump’s 2020 CCPA Litigation Trends Report
Contact:
Natasha Kohne and Michelle Reed, co-heads of Akin Gump’s cybersecurity, privacy and data protection practice, have been quoted in the media regarding the firm’s “2020 CCPA Litigation Report: Trends and Developments,” which looks back at the first year since enactment of the California Consumer Privacy Act and previews what to expect throughout the remainder of 2021 and beyond.
The Law360 article “Calif. Privacy Suits Tested Novel Law’s Limits In 1st Year” highlights several aspects of the report, noting that plaintiffs have tried in the law’s first year to stretch its limited lawsuit mechanism through “creative pleading.” The article also reports that the CCPA creates a limited private right of action that allows plaintiffs to seek statutory damages up to $750 per violation for data breaches that allegedly result from a company’s failure to implement reasonable security procedures.
“The private right of action essentially covers California residents suing businesses for data breach violations, but the most surprising finding from the report was that in over half of the cases where a CCPA claim was asserted, the plaintiffs didn’t even allege a data breach at all,” said Kohne. “Plaintiffs are being creative and obviously experimenting and stretching the boundaries of the private right of action to see what they can argue that will stick.”
With the lawsuits still relatively new, the article reports that courts have yet to weigh in on whether complaints alleging that a company violated some other aspect of the CCPA can move forward. Reed, though, said those decisions will likely come soon, since the courts “will ultimately have to determine what claims will give rise to a private right of action and be meritorious under the CCPA.”
Continuing, Reed said, “If we get decisions that plaintiffs can’t sue unless there's been a data breach situation, we’d expect to see plaintiffs respond by narrowing what they plead and shift how they approach these cases. But if we get decisions out of the courts that somehow make it easier to bring these cases, which we’re not anticipating, then we’ll likely see an uptick [in these cases].”
In the Corporate Counsel article “Why Is This a Problem? Invalid Private Right of Action Claims Create Work for GCs,” Reed noted that viability in a lawsuit is not stopping people from filing them. Plaintiffs, she said, “are using the CCPA almost as an underlying standard of care that then gives rise to other actions.” She added that if a company fails to disclose what information it is collecting, she does not believe that should not result in a private lawsuit.
In the meantime, Kohne said she thinks case law around the regulation will eventually settle, though that does not mean that privacy-related suits in general are going anywhere.
“There were quite a few cases where plaintiffs just sort of voluntarily withdrew their CCPA claims or they amended their complaint and then the complaint did not include a CCPA claim. A lot of that reflected that they were trying to stretch the basis of this law, and ultimately decided that some of their other arguments were better,” Kohne observed.
