Skip to main content

Personal Data Privacy Lawsuits

The Lyon Firm is actively involved in Data Privacy & Data Misuse Class Action Lawsuits on behalf of consumers nationwide
Nationwide Success

Data Privacy Attorney

Investigating Unlawful Data Sharing & Data Misuse Claims

The Lyon Firm is currently filing cases against companies that sell data they obtain from first party customers without consent. You have the right to decide who collects and stores your data. When your information is shared or sold without your consent, you may file a lawsuit against the offending party to recover any damages.  

How secure are data systems? Judging by the huge number of data breaches announced each year, it is safe to say online privacy and cybersecurity needs some improvement on several fronts. This has been an enormous issue, and beyond the security and theft of personal data lies another privacy violation concern–perhaps a more egregious offense: illegal data sharing and data misuse. 

Your digital security and confidentiality are our top priorities. Our experienced legal team is here to guide you through the intricacies of data privacy laws and regulations. With years of proven results and a commitment to your privacy, we’re dedicated to securing justice for individuals in this ever-evolving digital world.

What Damages Are Available in a Data Privacy Lawsuit?

Damages available in consumer data privacy lawsuits can vary depending on the specific circumstances, applicable laws, and the jurisdiction. If your information is being shared or sold without your knowledge, and companies are profiting from the practice, you may file a lawsuit and here are some common types of damages that may be available:

  • Compensatory Damages: These are intended to compensate the plaintiff for the actual harm they suffered due to the data privacy violation. It can include monetary losses, such as identity theft-related expenses, and non-monetary losses, such as emotional distress.
  • Statutory Damages: Some data privacy laws, like the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR), provide for statutory damages, which are predetermined amounts that can be awarded to plaintiffs without the need to prove actual harm.
  • Punitive Damages: In cases where the defendant’s conduct is particularly egregious, punitive damages may be awarded to punish the wrongdoer and deter others from similar actions.
  • Injunctive Relief: Courts may issue injunctions to prevent further data breaches or to compel the defendant to take specific actions to improve data security and protect consumer information.
  • Equitable Remedies: Plaintiffs may seek equitable remedies, such as the destruction of wrongfully obtained data or the implementation of stronger data protection measures.

The availability and extent of damages will depend on the specific laws, facts of the case, and the jurisdiction where the lawsuit is filed. Consumers who believe their privacy rights have been violated should consult with an attorney experienced in data privacy and consumer protection law to understand their rights and potential remedies.

Data Sales & Data Sharing Whistleblowers

Our attorneys are representing whistleblowers and plaintiffs who come forward with knowledge of widespread corporate data misuse. It is no secret that data brokers are working behind the scenes to collect as much personal information as possible. Companies sell this data which is aggregated into large bundles and sold to third parties for profit. Such brazen acts may be illegal if the personal information in question is sold or shared without prior consent. 

Data Sharing Case Study

In 2024, the Federal Trade Commission (FTC) banned the data aggregator InMarket Media from selling or sharing any precise location data when they do not fully inform consumers and obtain their consent before collecting and using their location data for advertising and marketing.

In another recent incident involving location data, GM ended its business relationship with two data analysis firms, LexisNexis and Verisk, after they allegedly shared the private OnStar data of individual consumers without first obtaining the vehicle owners’ consent.

In 2021, Zoom agreed to a $85 million settlement after the company allegedly misrepresented its end-to-end encryption on video calls. According to complaints, the company shared user data with companies like Facebook and Google without users’ consent. The settlement follows a class action claim of data privacy violations.

Attorneys and plaintiffs claimed that Zoom willingly shared personally identifiable information (PII) with third parties without proper permission, which in turn made it possible for such third parties to identify and track users’ behavior. The official legal complaint also alleged that Zoom misrepresented its security features.

The court allowed claims of breach of contract, breach of implied contract, and quasi-contract to proceed. Under the proposed settlement, Zoom agreed to “major changes to its practices,” meant to better protect consumer data.

Of course Zoom is not the only company facing legal scrutiny about data sharing practices. The Lyon Firm is currently investigating a variety of data sharing and privacy violation cases on behalf of plaintiffs nationwide.

What is Data Tracking?

Companies have been known to track users’ location and online activity across web sites. Some instances of data tracking have even led to the filing of wiretapping complaints. California and other states have enacted strict laws that prohibit companies to track users in certain circumstances. Data tracking, however, is not easy to identify, and most consumers have no idea when a company has been illegally been tracking them. 

The misuse of data, collected by media conglomerates and other corporate entities, can pose a privacy concern to consumers and lead to class action lawsuits. In recent years, some landmark litigation and judgements handed down from the FTC have led to the strengthening of consumer data laws.

In most cases, if a company does not have your permission or written consent to track, collect and disseminate your personal information (location data, viewing history, demographics), they may be liable for violating privacy protection statutes and can be sued accordingly.

Joe Lyon is a class action data privacy lawyer representing plaintiffs in and nationwide in a variety of personal data tracking litigation.

Who Is Buying My Personal Data?

A whole host of marketers and companies vying for your business. Companies like retailers and Facebook and Google collect a vast amount of data and sell it to third parties for various consumer tracking and marketing purposes. If that data is leaked, then other bad actors can use that info in more damaging ways.

Data brokers largely operate in the shadows, and although it is still legal to collect and share personal data, there are limits on what is considered lawful and ethical. Data brokering remains a profitable enterprise for many online entities, though if they are found to be operating illegally, whistleblowers can come forward and file class action claims. 

There have been several reports of healthcare entities, including telehealth sites and pharmacies, sharing data with third parties. In 2024, The FTC handed down a $7 million fine after Cerebral, a telehealth company allegedly provided sensitive data to third parties. Cerebral chose to settle allegations that it disclosed personal health information for advertising purposes and misled customers about easy cancellation policies. The mental healthcare provider shared sensitive data of over 3 million consumers — including medical and prescription histories and pharmacy and health insurance information — to third parties through tracking technologies embedded on its website and apps. 

What Personal Data Can Be Collected and Sold?


Please complete the form below for a FREE consultation.

  • This field is for validation purposes and should be left unchanged.


Joseph Lyon has 17 years of experience representing individuals in complex litigation matters. He has represented individuals in every state against many of the largest companies in the world.

The Firm focuses on single-event civil cases and class actions involving corporate neglect & fraud, toxic exposure, product defects & recalls, medical malpractice, and invasion of privacy.


The Firm offers contingency fees, advancing all costs of the litigation, and accepting the full financial risk, allowing our clients full access to the legal system while reducing the financial stress while they focus on their healthcare and financial needs.

photo of data privacy attorney Joe Lyon

Reviewing Data Sharing & Data Misuse Claims

Why File a Data Privacy Lawsuit?

Despite the constant intrusion into our personal lives by large media companies, American consumers still have privacy rights. When companies choose to illegally collect, sell, share or misuse your information, they may be held accountable. In the past, the best way to change unsavory corporate behavior has been to hit companies in the pocket. When federal regulation fails to properly address your privacy concerns, a civil case may be considered, and companies may change due to the threat of expensive litigation. 


  • This field is for validation purposes and should be left unchanged.

Data Privacy Lawsuits FAQs

How can I prevent data misuse?

It’s not as easy as just alerting companies to stop collecting and selling your personal information, but you can take certain steps to protect yourself, including:

  • Opt out of data collection practices if possible
  • Review your credit report
  • Use strong and different passwords for all of your accounts
  • Do not offer your personal information unless necessary
  • Check bank accounts for suspicious activity
  • Limit how exposed you are on social media
  • Speak with a cybersecurity attorney
what is BIPA?

Lawmakers established the Illinois Biometric Information Privacy Act (BIPA) in 2008 in response to the growing use concern of biometric data misuse. The Act seeks to help regulate the “collection, use, safeguarding, handling, storage, retention, and destruction of biometric identifiers and information.”

According to the BIPA, biometric identifiers may include:

  • Retina or iris scan
  • Fingerprint
  • Voiceprint
  • Scan of hand
  • Face geometry

The BIPA addresses the retention, collection, disclosure, and destruction of personal biometric data. Private entities collecting biometric data must inform subjects of the data collection and provide the specific purpose and the length of the collection term. The subject must provide a written release.

Under the BIPA, any person harmed by a privacy violation has a right of legal action. Plaintiffs may recover damages of $1,000, and for intentional or reckless violations, up to $5,000 in liquidated damages or actual damages, whichever is greater.

When Should I contact The Lyon Firm?

We offer free and confidential consultations to data sharing whistleblowers and individuals concerned with the widespread misuse of their personal information. Large media corporations have had their way with our data for a long time, and the only way to fight back sometimes is to file a lawsuit. The Lyon Firm has filed numerous consumer class action complaints in the privacy practice area. We work tirelessly on your behalf to hold any negligent company accountable to compensate consumers for any invasion of personal privacy. 

Protecting sensitive personal information is getting more and more difficult, but that doesn’t mean it’s not possible. By forcing companies to become accountable for their lack of cybersecurity measures following data misuse and data breach incidents, consumers will have a more secure future.

Large companies control vast amounts of data, leaving nearly all Americans at risk when their personal data is compromised. If your financial, medical, or consumer information is misused, you may file a data privacy violation claim.

What are some examples of data privacy lawsuits?

The majority of BIPA lawsuits are filed against employers who utilize biometric timekeeping systems with fingerprint or facial recognition scans, and collect the employee biometric data.

Motorola, Clearview AI and Vigilant are facing legal action for allegedly collecting mugshots that were used by law enforcement. Microsoft, Amazon, Alphabet, and FaceFirst Inc. are alleged to have violated privacy laws by collecting photos for facial recognition data from the website, Flickr.

A proposed class action alleges Ring, LLC has failed to protect the privacy of its motion-activated cameras and the personal information of its customers. The complaint alleges Ring’s devices are rife with security vulnerabilities, which may compromise the personal data of existing and future customers.

Cyber criminals may have the potential to hack into Ring devices and home networks. The lawsuit aos brings to light the fact that Ring has shared users’ personal identifying information with third parties without first obtaining prior consent. The complaint says the devices are not well-equipped to deal with potential hacks.

Plaintiffs in the case want Ring to take additional security measures to protect the privacy of user accounts and installed devices, as well as stop sharing personal data without clear and informed consent.

Reports have surfaced that several user accounts and devices were hacked, and plaintiffs argue the company was late in addressing security issues.

Beyond the security issues, Ring permits third parties to track users, raising eyebrows from consumer safety and data privacy advocates.


Can I Sue a Company For sharing my data?

There are laws in place to protect consumers from illegal data sharing and unlawful data sales. The courts may deem a practice “data misuse” if personal information is regularly shared or sold without the consent of individuals. 

Why would I consent to sharing my data?

Many times consumers have no idea when a website or a company operating online has collected their data and is sharing it with third parties. If it is not very clear that your data is being sold or shared, this may constitute a privacy violation. 

Other times, however, companies will make it almost obligatory to consent to data sharing if you want to use their services. Some apps and websites almost bully consumers into consenting to data sharing if you expect to use the service. This may not be illegal, but it does put unfair and undue pressure on consumers to consent to a shady practice that they don’t necessarily agree with. 

Your Right to Justice