How secure are data systems? Judging by the huge number of data breaches announced each year, it is safe to say online privacy and cybersecurity needs some improvement on several fronts. This has been an enormous issue, and beyond the security and theft of personal data lies another privacy violation concern–perhaps a more egregious offense: illegal data sharing and data misuse. 

Your digital security and confidentiality are our top priorities. Our experienced legal team is here to guide you through the intricacies of data privacy laws and regulations. With years of proven results and a commitment to your privacy, we’re dedicated to securing justice for individuals in this ever-evolving digital world.

What Damages Are Available in a Data Privacy Lawsuit?

Damages available in consumer data privacy lawsuits can vary depending on the specific circumstances, applicable laws, and the jurisdiction. If your information is being shared or sold without your knowledge, and companies are profiting from the practice, you may file a lawsuit and here are some common types of damages that may be available:

• Compensatory Damages: These are intended to compensate the plaintiff for the actual harm they suffered due to the data privacy violation. It can include monetary losses, such as identity theft-related expenses, and non-monetary losses, such as emotional distress.
• Statutory Damages: Some data privacy laws, like the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR), provide for statutory damages, which are predetermined amounts that can be awarded to plaintiffs without the need to prove actual harm.
• Punitive Damages: In cases where the defendant’s conduct is particularly egregious, punitive damages may be awarded to punish the wrongdoer and deter others from similar actions.
• Injunctive Relief: Courts may issue injunctions to prevent further data breaches or to compel the defendant to take specific actions to improve data security and protect consumer information.
• Equitable Remedies: Plaintiffs may seek equitable remedies, such as the destruction of wrongfully obtained data or the implementation of stronger data protection measures.

The availability and extent of damages will depend on the specific laws, facts of the case, and the jurisdiction where the lawsuit is filed. Consumers who believe their privacy rights have been violated should consult with an attorney experienced in data privacy and consumer protection law to understand their rights and potential remedies.

Data Sales & Data Sharing Whistleblowers

Our attorneys are representing whistleblowers and plaintiffs who come forward with knowledge of widespread corporate data misuse. It is no secret that data brokers are working behind the scenes to collect as much personal information as possible. Companies sell this data which is aggregated into large bundles and sold to third parties for profit. Such brazen acts may be illegal if the personal information in question is sold or shared without prior consent. 

Data Sharing Case Study

In 2024, the Federal Trade Commission (FTC) banned the data aggregator InMarket Media from selling or sharing any precise location data when they do not fully inform consumers and obtain their consent before collecting and using their location data for advertising and marketing.

In another recent incident involving location data, GM ended its business relationship with two data analysis firms, LexisNexis and Verisk, after they allegedly shared the private OnStar data of individual consumers without first obtaining the vehicle owners’ consent.

In 2021, Zoom agreed to a $85 million settlement after the company allegedly misrepresented its end-to-end encryption on video calls. According to complaints, the company shared user data with companies like Facebook and Google without users’ consent. The settlement follows a class action claim of data privacy violations.

Attorneys and plaintiffs claimed that Zoom willingly shared personally identifiable information (PII) with third parties without proper permission, which in turn made it possible for such third parties to identify and track users’ behavior. The official legal complaint also alleged that Zoom misrepresented its security features.

The court allowed claims of breach of contract, breach of implied contract, and quasi-contract to proceed. Under the proposed settlement, Zoom agreed to “major changes to its practices,” meant to better protect consumer data.

Of course Zoom is not the only company facing legal scrutiny about data sharing practices. The Lyon Firm is currently investigating a variety of data sharing and privacy violation cases on behalf of plaintiffs nationwide.

What is Data Tracking?

Companies have been known to track users’ location and online activity across web sites. Some instances of data tracking have even led to the filing of wiretapping complaints. California and other states have enacted strict laws that prohibit companies to track users in certain circumstances. Data tracking, however, is not easy to identify, and most consumers have no idea when a company has been illegally been tracking them. 

The misuse of data, collected by media conglomerates and other corporate entities, can pose a privacy concern to consumers and lead to class action lawsuits. In recent years, some landmark litigation and judgements handed down from the FTC have led to the strengthening of consumer data laws.

In most cases, if a company does not have your permission or written consent to track, collect and disseminate your personal information (location data, viewing history, demographics), they may be liable for violating privacy protection statutes and can be sued accordingly.

Joe Lyon is a class action data privacy lawyer representing plaintiffs in and nationwide in a variety of personal data tracking litigation.

Who Is Buying My Personal Data?

A whole host of marketers and companies vying for your business. Companies like retailers and Facebook and Google collect a vast amount of data and sell it to third parties for various consumer tracking and marketing purposes. If that data is leaked, then other bad actors can use that info in more damaging ways.

Data brokers largely operate in the shadows, and although it is still legal to collect and share personal data, there are limits on what is considered lawful and ethical. Data brokering remains a profitable enterprise for many online entities, though if they are found to be operating illegally, whistleblowers can come forward and file class action claims. 

There have been several reports of healthcare entities, including telehealth sites and pharmacies, sharing data with third parties. In 2024, The FTC handed down a $7 million fine after Cerebral, a telehealth company allegedly provided sensitive data to third parties. Cerebral chose to settle allegations that it disclosed personal health information for advertising purposes and misled customers about easy cancellation policies. The mental healthcare provider shared sensitive data of over 3 million consumers — including medical and prescription histories and pharmacy and health insurance information — to third parties through tracking technologies embedded on its website and apps. 

What Personal Data Can Be Collected and Sold?

• Consumer behavior
• Location data
• Home address
• Social security number
• Banking information
• Browsing history
• Video Viewing History
• Purchase history
• Telephone numbers & email
• Credit card information
• TV tracking data
• Genetic data & DNA test Results
• Biometric data—facial recognition, fingerprints, genetic information and retina scans