Ignacio Cofone (McGill University Faculty of Law) has posted “Privacy Class Actions” on SSRN. Here is the abstract:
Courts are increasingly being called upon to adjudicate privacy class actions arising from everything from a corporation’s business practices to external events such as hacking. But courts struggle with how to constitute and assess privacy injuries. This is problematic because courts must assess privacy harm throughout different stages in litigation – to determine standing, class certification, and compensation. It is problematic because the uncertainty with how to evaluate and identify privacy harm has produced a Circuit split on the requisite privacy injury sufficient for standing. Lastly, it is problematic because, as a consequence, despite the importance of these class actions for people’s access to justice and ensuring that companies comply with privacy law, their success as a vehicle to these means is hindered.
Privacy class actions are undertheorized. This Article provides a framework for distinguishing which class actions involve harm to people’s privacy interests and which do not, providing courts with the needed framework and proposing how to approach the Circuit split.
This framework’s approach to determining privacy harm has significant theoretical and practical benefits. From a theoretical standpoint, it sheds light on the relationship between privacy loss and actionable privacy harm. By proposing how privacy claims can be evaluated on a continuum, this Article’s proposal is well-suited for evaluating grey areas and, specifically, for class actions. From a practical standpoint, it has consequences for corporate liability and consumer redress for privacy breaches. Most importantly, it gives courts a tool to identify and navigate privacy harm, which continues to be an impediment to privacy class actions and which courts have manifested they are in need of.