These days, companies are constantly being sued for data-related issues. Data breaches are insanely common in the modern era, and it often seems like hackers are always a few steps ahead of the rest of us. Data breaches can cause millions of dollars in losses – but companies that survive these issues may still face lawsuits from users and government agencies. Not only is it important to protect your data, but it is also important to work with a qualified technology lawyer who can guide you through any data-related issues you might face in the future. What data you collect, how you process that data, how long you retain that data, what personal data privacy rights apply, how long do you retain that data, do you share or sell that data and do you transfer that data outside the country. These legal professionals can make a real difference, and they can even save your company in some situations. But what are some of the most recent data-related lawsuits, and what can they teach us about tech law?

Facebook Accused of Misusing Data

 On March 15, a Dutch court ruled that Facebook (now known as Meta) had misused data. The class action lawsuit was filed by 190,000 plaintiffs – but any of the 10 million Dutch citizens who used Facebook can potentially join the lawsuit if it moves forward. Facebook has been harvesting data for many years for advertising purposes, but recent changes in EU law make many of these actions illegal. Many other companies, especially smaller tech businesses, may fall into the same trap if they are not careful. Even if you operate from headquarters based in the USA, you are still required to adhere to EU laws. Facebook is now expected to sit down with plaintiffs and offer a settlement. This is part of a trend, is the consent you collect sufficient for the type of processing you conduct? The way this issue is reviewed has shifted and that trend is continuing.

BetterHelp Faces New Canadian Lawsuit After Settling With Plaintiffs

 In March of 2023, the FTC ordered BetterHelp to pay $7.8 million for selling personal data that it had promised to keep private. This situation is especially serious because BetterHelp is an online mental health platform, implying that the data they sold involved extremely private information about mental health issues. BetterHelp apparently sold this information to companies like Facebook, Snapchat, and Pinterest to cash in on the advertising data. Even after this settlement, BetterHelp is not out of the woods – and the Canadian lawsuit could hit them with equally serious penalties. This not only highlights the risk associated with selling advertising data but also shows that tech companies can face multiple lawsuits from different nations because of the global nature of the internet.

PayPal Sued for Negligence After Data Breach

 In March, PayPal was sued for a data breach. The tech giant was accused of failing to adequately safeguard user data, causing issues related to identity theft. The data breach occurred in 2022 and involved 35,000 victims. Although PayPal insisted that they were not to blame for the passwords being stolen, plaintiffs now accuse them of failing to comply with FTC guidelines – including NIST Cybersecurity Frameworks. According to legal experts, however, these lawsuits have a relatively low chance of success.

Medical Organizations Sued for Data Breaches

 In March, the Lehigh Valley Health Network was sued for failing to protect patient data, despite allegedly being aware that their system was vulnerable. The medical organization made headlines when it refused to pay hackers ransom after its data had been stolen, prompting the hackers to post three photos and seven documents related to sensitive patient data. The lawsuit claims that the hospital put its own financial well-being above the data security of its own patients, causing serious issues for these victims. Some of these photos involved patients in the nude.

In March, Prisma Labs was sued for harvesting biometric data. The company had allegedly trained an AI to harvest this data from billions of photographs “scraped” from the internet. Back in February, Cedars-Sinai Hospital was sued after allegedly sharing patient data with Meta and Google. The lawsuit revolves around the hospital’s alleged use of Meta Pixel, a piece of code that can identify and track users. This apparently allowed Meta to target patients with marketing campaigns based on their health conditions – such as cancer diagnoses. Lawsuits involving medical data are incredibly common due to the sensitive nature of this information.

OnStar Sued for FAILING to Share Data

 Most data-related lawsuits involve companies willingly sharing information with third parties – often due to an alleged profit motive. But in some cases, companies can also be sued for failing to provide data. This was made clear in March 2023, when OnStar was sued for not providing location data during a woman’s kidnapping. The elderly woman was eventually killed, and family members now say that OnStar is partially to blame. At one point, OnStar managed to patch a call through to the woman’s vehicle. The victim then responded and stated that she had no idea where she was. OnStar then allegedly terminated the call. When family members requested that the company provide location data to law enforcement, they apparently refused.

TikTok Sued for Data Harvesting

 TikTok has faced a slew of lawsuits over the past few months and years. One of its most recent lawsuits involves data harvesting. The lawsuit alleges that the tech company secretly collected sensitive information by tracking users not on the TikTok app itself but on third-party websites. This implies that TikTok has the capability to track users even when they leave the platform. This lawsuit is, of course, wrapped up in tensions between China and the USA.

Where Can I Find a Qualified Technology Lawyer?

 What data you collect, how you store it, how long you retain it, how your privacy practices are presented to the world,  what practices you have in place to maintain the security of that data, how you respond to security incidents, how you prepare to share data internationally all require careful consideration. If you have been searching for an experienced technology lawyer, look no further than John P. O’Brien. We know how serious data breaches can be, and we can help you put legal protections in place that could save your company. Disclaimers and limitations of liability can prevent you from being sued in some cases – especially if breaches are completely out of your control. Speak with us today about the best way to deal with this situation – whether you are setting up an online company or you are already being sued for a data breach.