Skip to main content

Personal Data Privacy Lawsuits

The Lyon Firm is actively involved in Personal Data Misuse Class Action Lawsuits on behalf of consumers nationwide.
Nationwide Success

Data Privacy Attorney

INVESTIGATING Data Sharing & Data Misuse Claims

How secure are data systems? Judging by the huge number of data breaches announced each year, it is safe to say online privacy and cybersecurity needs some improvement on several fronts. Beyond the security and theft of personal data lies more concerns: data misuse and privacy violations.

Your digital security and confidentiality are our top priorities. Our experienced legal team is here to guide you through the intricacies of data privacy laws and regulations. With years of proven results and a commitment to your privacy, we’re dedicated to securing justice for individuals in this ever-evolving digital world.

What Damages Are Available in a Data Privacy Lawsuit?

Damages available in consumer data privacy lawsuits can vary depending on the specific circumstances, applicable laws, and the jurisdiction. Here are some common types of damages that may be available in such lawsuits:

  • Compensatory Damages: These are intended to compensate the plaintiff for the actual harm they suffered due to the data privacy breach. It can include monetary losses, such as identity theft-related expenses, and non-monetary losses, such as emotional distress.
  • Statutory Damages: Some data privacy laws, like the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR), provide for statutory damages, which are predetermined amounts that can be awarded to plaintiffs without the need to prove actual harm.
  • Punitive Damages: In cases where the defendant’s conduct is particularly egregious, punitive damages may be awarded to punish the wrongdoer and deter others from similar actions.
  • Injunctive Relief: Courts may issue injunctions to prevent further data breaches or to compel the defendant to take specific actions to improve data security and protect consumer information.
  • Equitable Remedies: Plaintiffs may seek equitable remedies, such as the destruction of wrongfully obtained data or the implementation of stronger data protection measures.

The availability and extent of damages will depend on the specific laws, facts of the case, and the jurisdiction where the lawsuit is filed. Consumers who believe their data privacy rights have been violated should consult with an attorney experienced in data privacy and consumer protection law to understand their rights and potential remedies.

What States Have Biometric Regulations?

Most states have no comprehensive biometric regulations. The following states are exceptions:

  • Texas has its own biometric privacy act which provides that a person cannot capture a biometric identifier without a prior consent, and may not sell biometric data without consent. A company or person must use reasonable care in storing it, and “shall destroy the biometric identifier within a reasonable time.” Violators may face a civil penalty of $25,000 for each violation,
  • Washington passed biometric privacy legislation in 2017. The law prohibits any company or individual from entering biometric data into a database for a commercial purpose without providing notice, obtaining consent, or providing a mechanism to prevent the subsequent use of a biometric identifier for a commercial purpose.
  • The California Consumer Privacy Act (CCPA) regulates biometric data by including it in the definition of “personal information.” Biometric data is defined in the CCPA to include physiological, biological or behavioral characteristics, including DNA, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings.
  • New York has passed the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, which broadens the definition of private information to include biometric information. The law applies specifically in the employment context and prohibits fingerprinting “as a condition of securing employment or of continuing employment.”
  • Arkansas amended existing laws and revised the definition of covered personal information to now include biometric data.

Other states have introduced biometric legislation but most laws have not yet been enacted.

Data Sharing Case Study

In 2021, Zoom agreed to a $85 million settlement after the company allegedly misrepresented its end-to-end encryption on video calls. According to complaints, the company shared user data with companies like Facebook and Google without users’ consent. The settlement follows a class action claim of data privacy violations.

Attorneys and plaintiffs claimed that Zoom willingly shared personally identifiable information (PII) with third parties without proper permission, which in turn made it possible for such third parties to identify and track users’ behavior. The official legal complaint also alleged that Zoom misrepresented its security features.

The court allowed claims of breach of contract, breach of implied contract, and quasi-contract to proceed. Under the proposed settlement, Zoom agreed to “major changes to its practices,” meant to better protect consumer data.

Of course Zoom is not the only company facing legal scrutiny about data sharing practices. The Lyon Firm is currently investigating a variety of data sharing and privacy violation cases on behalf of plaintiffs nationwide.

TV Data Tracking

The misuse of TV data, collected by media conglomerates and other corporate entities, can pose a privacy concern to consumers and lead to class action lawsuits. In recent years, some landmark litigation has led to the strengthening of consumer data laws.

In most cases, if a company does not have your permission or written consent to collect and disseminate your personal information (location data, viewing history, demographics), they may be liable for violating privacy protection statutes and can be sued accordingly.

Joe Lyon is a class action data privacy lawyer representing plaintiffs in and nationwide in a variety of personal data sharing litigation.

Biometric Data Misuse Litigation

Although some legislation protecting consumers from companies misusing their biometric data has been passed since 2008, class action lawsuits have not been filed until relatively recently. Companies have tried to shift away from potential legal trouble, but many are still toeing the line between legal marketing tactics and invasive schemes.

At the moment, only Illinois has passed biometrics legislation that provides for a private right of action, while Texas, Washington, California, New York, and Arkansas have passed biometric statutes only allow enforcement by the state attorneys general.

Who Is Buying My Personal Data?

A whole host of marketers and companies vying for your business. Companies like retailers and Facebook and Google collect a vast amount of data and sell it to third parties for various consumer tracking and marketing purposes. If that data is leaked, then other bad actors can use that info in more damaging ways.

What Personal Data Can Be Collected and Sold?


Please complete the form below for a FREE consultation.

  • This field is for validation purposes and should be left unchanged.


Joseph Lyon has 17 years of experience representing individuals in complex litigation matters. He has represented individuals in every state against many of the largest companies in the world.

The Firm focuses on single-event civil cases and class actions involving corporate neglect & fraud, toxic exposure, product defects & recalls, medical malpractice, and invasion of privacy.


The Firm offers contingency fees, advancing all costs of the litigation, and accepting the full financial risk, allowing our clients full access to the legal system while reducing the financial stress while they focus on their healthcare and financial needs.

photo of data privacy attorney Joe Lyon

Reviewing Data Sharing & Data Misuse Claims


  • This field is for validation purposes and should be left unchanged.

Data Privacy Lawsuits FAQs

How can I prevent data misuse?

It’s not as easy as just alerting companies to stop collecting and selling your personal information, but you can take certain steps to protect yourself, including:

  • Opt out of data collection practices if possible
  • Review your credit report
  • Use strong and different passwords for all of your accounts
  • Do not offer your personal information unless necessary
  • Check bank accounts for suspicious activity
  • Limit how exposed you are on social media
  • Speak with a cybersecurity attorney
what is BIPA?

Lawmakers established the Illinois Biometric Information Privacy Act (BIPA) in 2008 in response to the growing use concern of biometric data misuse. The Act seeks to help regulate the “collection, use, safeguarding, handling, storage, retention, and destruction of biometric identifiers and information.”

According to the BIPA, biometric identifiers may include:

  • Retina or iris scan
  • Fingerprint
  • Voiceprint
  • Scan of hand
  • Face geometry

The BIPA addresses the retention, collection, disclosure, and destruction of personal biometric data. Private entities collecting biometric data must inform subjects of the data collection and provide the specific purpose and the length of the collection term. The subject must provide a written release.

Under the BIPA, any person harmed by a privacy violation has a right of legal action. Plaintiffs may recover damages of $1,000, and for intentional or reckless violations, up to $5,000 in liquidated damages or actual damages, whichever is greater.

When Should I contact The Lyon Firm?

Protecting sensitive personal information is getting more and more difficult, but that doesn’t mean it’s not possible. By forcing companies to become accountable for their lack of cybersecurity measures following data misuse and data breach incidents, consumers will have a more secure future.

Large companies control vast amounts of data, leaving nearly all Americans at risk when their personal data is compromised. If your financial, medical, or consumer information is misused, you may file a data privacy violation claim.

What are some examples of data privacy lawsuits?

The majority of BIPA lawsuits are filed against employers who utilize biometric timekeeping systems with fingerprint or facial recognition scans, and collect the employee biometric data.

Motorola, Clearview AI and Vigilant are facing legal action for allegedly collecting mugshots that were used by law enforcement. Microsoft, Amazon, Alphabet, and FaceFirst Inc. are alleged to have violated privacy laws by collecting photos for facial recognition data from the website, Flickr.

A proposed class action alleges Ring, LLC has failed to protect the privacy of its motion-activated cameras and the personal information of its customers. The complaint alleges Ring’s devices are rife with security vulnerabilities, which may compromise the personal data of existing and future customers.

Cyber criminals may have the potential to hack into Ring devices and home networks. The lawsuit aos brings to light the fact that Ring has shared users’ personal identifying information with third parties without first obtaining prior consent. The complaint says the devices are not well-equipped to deal with potential hacks.

Plaintiffs in the case want Ring to take additional security measures to protect the privacy of user accounts and installed devices, as well as stop sharing personal data without clear and informed consent.

Reports have surfaced that several user accounts and devices were hacked, and plaintiffs argue the company was late in addressing security issues.

Beyond the security issues, Ring permits third parties to track users, raising eyebrows from consumer safety and data privacy advocates.


Your Right to Justice