As the New Year approaches, it is always standard fare for legal nerds to look back at what took place the previous year in litigation and with a very unscientific crystal ball, anticipate what might happen the next year. Sometimes seeing what lies ahead is all about reviewing past trends and happenings.
Legal Trends in Cyber Litigation
I have divided my brief analysis into the mundane, the fascinating, and the “I told you so” variety of cases.
1. The Mundane
Class Action data breach lawsuits continue to rise. Just in the first nine days of December, no less than 14 data breach class action lawsuits were filed across the country. The defendants ranged from the health care industry to the financial sector to cloud storage. Cryptocurrency breach lawsuits have also increased, primarily due to decentralized control of protocols, which makes security issues harder to counter. In a related area not quite so mundane, the Third Circuit Court of Appeals ruled recently that plaintiffs who filed suit had “standing” to sue even though their data that had been breached had not been shown to lead to identity theft or fraud. The court based their ruling on the harm caused by the inconvenience to the plaintiff of mitigating her loss and the imminent threat caused by her data being available to others as a result of the hack were enough to satisfy standing. District courts in other circuits have ruled just the opposite, so this issue will be one to watch in the year to come.
The NSO “spyware” controversy is a case study in ethics vs. the law and how technology affects both simultaneously. The Israeli based company develops and sells a product dubbed Pegasus, a sophisticated spyware that can interact with a target just by the act of sending them a text on messaging applications without the victim opening a document or clicking a link. NSO has defended Pegasus from the outset, noting the product is genuinely a great intelligence-gathering tool for law enforcement and other legitimate government interests. Unfortunately, for them, Pegasus has created a line of people filing suit against NSO, to include Meta, Apple, journalists from all over the world, governments, and other private citizens. The United States seems to be somewhat ambiguous as to their position, on one hand denouncing it and blacklisting it but on the other, reportedly using it for some law enforcement purposes. The future of this issue is bordering on chaotic as other companies have developed multiple similar products (check out Predator and Graphite) which have generated cries for oversight from Congress and the international community,. This topic will be a lightning rod of activity in 2023 and one to most certainly keep an eye on.
The “I told you so”
Social Media, specifically Meta, has benefitted from laws that give them immunity on content moderation. On the other hand, they have still been held accountable for data tracking of users, reaching large class settlements this year for a case that was originally filed over ten years ago. Meta has changed many of their policies, making them more transparent as to data collection and usage over that time, which is a good thing. However, the targeted advertising algorithms that the company uses have spurred a new basis of litigation: influencing behavior in juvenile users, which leads to harm of themselves or others. While opting in as to protecting your privacy has become easier, changing the ad experience users are subjected to is not. Experts on addictive behavior have alleged for years that social media understands exactly what they are doing and deem their practices as unhealthy. It was predictable that it was just a matter of time before Meta and others were sued for the basis of their existence: to gain advertising dollars from as many sources as possible. I do not think these suits will end this year and I expect to see more in the future.