Lawyers Ready to Pounce if Companies Forget IoT Privacy

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Joyce E. Cutler

Consumers increasingly tune out privacy risks from internet-connected devices, and companies that don’t take up the privacy torch may be creating liability, attorneys told Bloomberg BNA.

Companies offering connected devices, enabling software and applications and other services in the internet of things (IoT) world should take note that class action attorneys are paying attention to the rapidly evolving technology. If companies don’t proactively take on consumer privacy protection, class action attorneys and regulators stand ready to step into the void.

The increased attention from the plaintiffs’ bar means that companies, especially those with a consumer-facing front such as Apple Inc. and Alphabet Inc.'s Google, need to start paying more attention to consumer privacy issues, Dominique Shelton, a privacy partner at Alston & Bird’s in Los Angeles, told Bloomberg BNA.

Connected technologies such as GPS and mobile devices were the first privacy battle for the always-connected world, Jim Dempsey, executive director at the Berkeley Center for Law & Technology at University of California Berkeley School of Law, told Bloomberg BNA. This has led to an always-on world with increased class action and federal and state regulatory enforcement risks for privacy missteps and data security flaws, he said.

“We live in an always-on world, of ubiquitous data collection through a variety of services, the most powerful of which is a mobile phone,” Dempsey said. Consumers tend to ignore risks to gain perceived value of a new technology in a kind of “desensitization” of privacy and security risks that go along with IoT technology, he said. The “technology is so compelling, so convenient and so easy to use that most people can’t and don’t want and shouldn’t have to resist it,” he said.

Even when consumers tune out privacy risks associated with emerging technologies, attorneys, especially those in the class action arena, feel that they can help cure some of what ails the IoT community. They told Bloomberg BNA that when consumer and companies ignore important privacy and data security issues, the class action bar steps up.

The class action bar “is very much attuned to many things that happen in our world, in the technology world, and lawsuits get started the day after any breach is revealed,” Francoise Gilbert, a Greenberg Traurig LLP partner in East Palo Alto, Calif., told Bloomberg BNA. When consumers get “blasé about what is happening” the class action bar can be “very reactive.” Also, the plaintiffs’ bar is especially good at detecting consumer privacy issues, Gilbert said.

Class Action Landscape

Consumer privacy actions are on the rise. There have been more than 210 behavioral tracking class actions filed in the last 36 months, including 122 in California, Shelton said. The increasing trend of consumer privacy cases should be concerning to companies because it could cost them not just revenues but also their reputations.

If companies lag behind emerging and always-on technologies, don’t expect plaintiffs and their counsel to follow suit. Lawsuits and federal actions have evolved along with the technology, Shelton said.

Zombie cookies are one of those areas where consumer lawsuits have taken off. Cookies are small packets of computer code that websites place on user computers to streamline access to the site and potentially collect data on the user. The phrase zombie comes from the cookies ability to stay persistent even after a user tries to block the data.

One such case involved Google’s alleged practice of using third-party advertisers to evade internet browser security features. The long-running case ultimately settled, but not until Google had to shell out millions to end the consumer privacy claims.

Digital Love-Hate Relationship

One reason why consumers may overlook privacy harms associated with IoT devices is their “schizophrenic approach to technology,” Dempsey said. When consumers fall in love with a product “they’ll rush to adopt it and weave it into their personal lives,” while ignoring the sensitive data and other privacy protections they are giving away, he said.

A recent Pew study found a variety of circumstances under which many consumers would be willing to share personal information or permit surveillance in return for getting something of perceived value. For example, social media accounts and credit card swipes get a glimpse into a consumer life captured in data bases, Lee Rainie, director of internet, science and technology at the Pew Research Center in Washington, told Bloomberg BNA. Although these products are beneficial to consumers, “they’re worried they don’t know the totality of it, and they’re worried about how all the data are used,” he said.

But not all consumers are willing to risk their privacy rights to adopt an emerging IoT device. Some consumers have a “digital love-hate relationship” with technology, Rainie told Bloomberg BNA.

These consumer want to adopt new technologies but “are unsettled with what goes along with the package,” he said. “In some ways people have come to terms with these new realities, and in some ways they’re still unsettled by them.”

To contact the reporter on this story: Joyce E. Cutler in San Francisco at

To contact the editor responsible for this story: Donald G. Aplin at

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law Privacy and Data Security