As anyone who watches recent news would know, TikTok, the Chinese-based entertainment app, has been under heavy scrutiny from the U.S Government and the cybersecurity private sector. The mobile device app has been criticized and scrutinized for collecting data of users and storing it in servers in and accessible to China. This data can range from personal information to movement tracking to even biometrics.
Lawsuits Begin to Abound For TikTok
As a result, not only is the U.S. considering a ban on the app, it has also created a multitude of class actions against TikTok and their associated companies. While TikTok considers its own lawsuits to fight back, most of the lawsuits against TikTok focus on violations of a myriad of privacy and computer fraud statutes and regulations at both the state and federal levels. However, one of the causes of action in a recent filing in U.S. Federal Court, Northern District of Illinois is based on the tort category known as Inclusion upon Seclusion.
One Standout Lawsuit Based on Inclusion Upon Seclusion Tort
The Restatement of The Law, Second, Torts, Sec 652 (which is a common law treatise on all torts) defines and comments as follows:
652B Intrusion Upon Seclusion: One who intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the intrusion would be highly offensive to a reasonable person.
- The form of invasion of privacy covered by this Section does not depend upon any publicity given to the person whose interest is invaded or to his affairs. It consists solely of an intentional interference with his interest in solitude or seclusion, either as to his person or as to his private affairs or concerns, of a kind that would be highly offensive to a reasonable man.
- The invasion may be by physical intrusion into a place in which the plaintiff has secluded himself, as when the defendant forces his way into the plaintiff’s room in a hotel or insists over the plaintiff’s objection in entering his home. It may also be by the use of the defendant’s senses, with or without mechanical aids, to oversee or overhear the plaintiff’s private affairs, as by looking into his upstairs windows with binoculars or tapping his telephone wires. It may be by some other form of investigation or examination into his private concerns, as by opening his private and personal mail, searching his safe or his wallet, examining his private bank account, or compelling him by a forged court order to permit an inspection of his personal documents. The intrusion itself makes the defendant subject to liability, even though there is no publication or other use of any kind of the photograph or information outlined.
Suing Hackers is Like Catching Vapors
This tort was developed in large part during the mid-20th century when such things as web apps, drones, and data analytics boosted by artificial intelligence were still in the science fiction realm. Many of the codified privacy laws in various states focus on the negligent release of or failure to personal data, which may or may not have been used by a malevolent party. Intrusion upon seclusion focuses on the intentional collection of private information. This tort on its face instead would be the perfect cause of action against a hacker who had both the means and intent to look into one’s records or the company that was intentionally collecting the data and passing it on to a government or nation-state actor.
Unfortunately, suing a hacker under this cause of action is often like trying to catch vapor with your hands, you rarely know who the individual is, where they are, and most importantly, what they are worth.
If Consent Isn’t Given, then TikTok Would Be Classified As Intruders
TikTok seems to be the defendant where Intrusion upon Seclusion fits. One of the specific allegations against the company’s application is that it collects user’s private draft videos that were never intended for publication…without consent. The videos according to the plaintiff class are then mined by Chinese engineers for biometric identifiers and information. The expectation of privacy in these instances may indeed meet the elements of the Intrusion Upon Seclusion cause of action. As previous case law notes, consent is a defense to Intrusion Upon Seclusion, but only as far as the consent given.
Lawsuit Results Could Open Up Pandora’s Box for More
It will be of great interest to the cyber law community how this case plays out. Intrusion upon Seclusion could be a cause of action that rapidly turns dynamic and relevant in the privacy realm, given the right facts and circumstances.