A California federal jury’s decision to hold Meta liable under the California Invasion of Privacy Act (CIPA) for the unauthorized receipt of sensitive health data gathered from Flo period-tracking app users, despite the tech giant’s push to overturn the verdict, marks a significant win for plaintiffs in modern wiretapping cases and strengthens website users’ position in similar disputes.
Gary Kibel, a partner in the Privacy, Technology + Data Security Practice Group at Davis+Gilbert, was quoted in Law360 discussing the decision and the broader shift it may trigger in how companies approach user consent and data collection practices.
“There have been other decisions that have been favorable to defendants, but this one is a notch in the belt of the plaintiffs,” said Gary.
The jury’s decision serves as a warning to the numerous companies that incorporate these tracking technologies into their websites and should prompt companies to revisit their data collection and sharing practices. While state data privacy laws such as the California Consumer Privacy Act largely provide a model where companies are allowed to gather and share data until a user asks to opt out, “CIPA litigation is forcing companies to switch to an opt-in model to avoid claims that they’re collecting and using personal information without permission,” Gary explained.
Read the full article below.