Privacy Bounty Hunters, Part I: The Risks Are Real

separator

Privacy Bounty Hunters, Part I: The Risks Are Real


Privacy bounty hunters are after businesses of all sizes.

As I’ve written previously, if you sell anything online, it’s not a question of if—it’s when privacy bounty hunters will comes calling, accusing your company of violating anti-wiretapping or privacy laws. “The better part of valor is discretion,” as Shakespeare said, and now is the time to act. You can take proactive steps to reduce your risk, but make no mistake: danger is looming, and your business is in the crosshairs.

Who are the Privacy Bounty Hunters?

Privacy regulation in the United States is a tangled mess, and here’s one reason: as in other areas of the law, federal and state governments have handed the reins of enforcement to private lawyers. These laws, meant to protect privacy, have instead become a goldmine for bounty-hunting attorneys. Even a harmless, hyper-technical violation can trigger automatic penalties, often in the thousands of dollars. It’s a legal trap with no escape hatch, and to anyone with even a teaspoon of common sense, the absurdity—and danger—of this system is glaringly obvious.

Enter private lawyers from law firms of all sizes willing to go after any and every online retailer. And unlike government regulators, these privacy bounty hunters couldn’t care less about your good faith efforts to follow the law, the absence of any real harm, or the economic fallout of a rigid legal interpretation. They’re not here for fairness.

Here Come the Wacky Theories

What happened next is, sadly, quite predictable.

Lawyers love to invent novel liability theories—unproven, untested, and often absurd. When these theories survive a motion to dismiss (where courts must assume even speculative, false allegations are true), the floodgates open. From there, it’s a discovery nightmare: they demand everything—every email, text, calendar entry, note, phone record—related to your website’s technical operations, third-party negotiations, and data concerning every visit your website linked even remotely to a thin-as-gruel privacy theory. Ready to say ‘uncle’? Many companies are.

Take one of the wildest theories wreaking havoc: the claim that businesses using third-party website analytics are violating anti-wiretapping laws—enacted decades before e-commerce even existed. Courts in states like California, unsurprisingly, let these cases roll on, all in the name of ‘consumer privacy,’ despite the utter lack of harm. It feels like a page out of a dystopian novel: decide who’s guilty first, invent the crime later. Or as the White Queen said, ‘Verdict first, trial after.’

And how crazy is the website wiretapping theory? It’s so insane that the some of the privacy bounty hunters making these claims (and their so-called experts) have been caught committing the same “violations.” If this theory ultimately sticks, everyone is guilty—courts, prosecutors, legislatures, schools, even personal blogs—because this kind of web behavior has been going on for thirty years. If the inventors of this theory didn’t realize they were guilty of the same violations, how much notice do you think the public had about what actually counts as wiretapping? The answer: none. Sounds like a due process violation? You’re onto something.

Wacky or Not, the Risks are Real

In the legal world, some truths are eternal—chief among them is that nobody wants to be the test case defendant facing a death-penalty offense. Likewise, no one wants to be the guinea pig whose financial future is on the line, forced to find out if a bankrupting award of penalties can be slapped on them without any proof that someone was actually harmed. It’s a gamble no sane business owner wants to take, yet increasingly, companies are finding themselves in this very position, facing absurd claims where even a shred of harm doesn’t need to be shown.

Another timeless truth in the world of law: no client wants to fight a battle where the cost of their own legal team could outweigh what they’d pay to settle. Some companies have no choice but to fight, even when the threat is existential, because the very technology being targeted is vital to their business. But even the strongest companies can start to buckle under the crushing weight of prolonged, drawn-out litigation. When the stakes are high and the price is higher, the pressure to settle—even in the face of absurd claims—becomes harder to resist.

Arbitration Agreements Can Help, But Aren’t a Shield or a Cloaking Device To Protect You Fully From Privacy Bounty Hunters

Over the last two decades, companies have embraced arbitration agreements in consumer terms to fend off the risk of bankrupting class action lawsuits. While these agreements offer real benefits, plaintiffs’ lawyers have quickly adapted, realizing the lucrative potential of threatening one arbitration at a time. The math is simple: if a single arbitration is filed, you’re already down between $2,500 and $5,000 for arbitration costs—win or lose. Now, ask yourself: how much will you spend defending that case, especially when nothing stops the same lawyer, or hundreds of others, from filing identical claims on behalf of different consumers repeatedly? And if your arbitration agreement isn’t as well-crafted as it might be (and even if it is), you might attract a firm specializing in ‘mass arbitration,’ threatening to file thousands of claims against you simultaneously. It’s the perfect storm for legal chaos.”

Next week, I’ll begin a review of defensive measures you might wish to consider. As always, though, consult your own attorney about all the options that are available and which might suit your situation best.

Print Friendly, PDF & Email
separator