Law360 is predicting 2019 will be a “big year for privacy and cybersecurity litigation,” as reported in “Privacy & Cybersecurity Cases to Watch in 2019.”
For example, lawmakers may examine biometric privacy laws if the Illinois Supreme Court rules negatively on Rosenbach v. Six Flags Entertainment Corp., a case involving that state’s Biometric Information Privacy Act (BIPA), Shook’s Privacy & Data Security Group Chair Al Saikali told Law360.
“If the Rosenbach ruling is unfavorable to companies, I think you’ll see legislators take a look at the statute, because I don’t think it was intended to allow for this crippling level of damages to companies that are employing measures to prevent timekeeping fraud,” said Saikali.
Last year, the Court heard arguments on whether “proof of harm” is necessary to sue under BIPA, which requires companies to capture biometric information. The decision is due in 2019.
Saikali also talked about the U.S. Supreme Court’s unusual request to all parties in Frank v. Gaos to brief the issue of standing after the 2016 decision in Spokeo v. Robins.
“The fact that the court asked for this level of briefing indicated to me that, given its conservative leanings, it is going to take a serious look at what is the requisite type of harm necessary to have standing in these kinds of cases,” said Saikali.
Frank, a data breach case, involves questions of fairness of cy pres settlements in class actions where counsel and third parties receive most of the settlement funds and class members receive almost nothing. Since Spokeo, appeals courts have reached conflicting results on standing in data breach class actions, and observers think the Court chose Frank to clarify the issue.
Saikali added, “I would bet that they will say they don’t have standing, because you don’t raise that question unless you have real concerns.”
The cases are Rosenbach v. Six Flags Entm’t Corp.,No. 123186, (Ill.)and Frank v. Gaos, No. 17-961 (U.S.).