Bloomberg Law
Free Newsletter Sign Up
Bloomberg Law
Advanced Search Go
Free Newsletter Sign Up

Facebook’s High Court Privacy Fights Lead 2020 Lawsuits to Watch

Dec. 26, 2019, 11:01 AM

Privacy attorneys and academics say they’ll be watching Facebook Inc.'s battles to overturn court rulings on biometric privacy and robocalls in 2020, as the Supreme Court weighs whether to take the cases.

The social media giant is petitioning the justices to review a pair of U.S. Court of Appeals for the Ninth Circuit decisions that may impact how courts view the Telephone Consumer Protection Act and the Illinois Biometric Information Privacy Act. Each law carries high statutory fines.

Both cases give the high court an opportunity to clarify issues they’ve been “grappling with for some time,” Amanda Fitzsimmons, a privacy and litigation partner at DLA Piper in San Diego, said.

In the robocall case, the court could define how companies can make automated calls under the TCPA, resolving years of disputes over the definition of autodialer, attorneys said. Facebook was sued for sending a text message without consent, and the Ninth Circuit ruled the plaintiff could sue because he showed the social network used an autodialer.

A ruling in the biometric privacy battle, in which Facebook is challenging a decision that plaintiffs have standing to sue in California even while admitting they suffered no harm, could help explain when consumers can sue for privacy violations.

Facebook didn’t immediately respond to a request for comment.

Tech and Privacy

Several other cases with the potential to shape federal privacy and data breach standards for years to come also will play out next year, privacy attorneys and academics said.

Data-driven companies will track the decisions in challenges over federal standing in data breaches, biometric privacy lawsuits, and an emerging number of health data privacy cases, to see if they must change business practices or litigation strategies as a result, the attorneys said.

The new year “is expected to be a big year in federal privacy and data breach litigation,” Fitzsimmons said.

The Supreme Court hasn’t clarified privacy or data breach standing since its 2016 decision in Spokeo v. Robins, which said plaintiffs must raise a concrete injury traceable to alleged bad conduct before suing companies for alleged harms following data breaches or privacy intrusions. But U.S. circuit courts have split over what level of harm is needed, or what kind of injury must be shown, in order to sue.

The Supreme Court “may be more willing to intervene in the Facebook BIPA case because the case is set to go to trial with significant statutory damages ($1000 to $5000 per violation) on the line,” Fitzsimmons said in an email.

If the Supreme Court doesn’t intervene, tech companies that often face privacy or data breach suits may spend 2020 looking at how federal district and appeals courts rule on standing, privacy attorneys and academics said. A range of cases are pending in those lower courts, including disputes involving the Office of Personnel Management, Alphabet Inc.'s Google, and Facebook.

Companies may also try to move cases out of pro-consumer jurisdictions to limit the threat of costly trials. Businesses will look to drive litigation out of the Northern District of California, for instance, to create better odds of winning standing challenges, privacy attorneys and academics said.

Companies will want “to drive cases into other circuit courts of appeal with the hope of creating circuit splits with the Ninth Circuit"—giving the Supreme Court more reason to take up a privacy standing dispute, Peter Ormerod, an assistant professor of business law at Western Carolina University, said.

Biometric, Health Privacy

A steady stream of health data and biometric privacy lawsuits is expected to keep coming as consumer lawyers increasingly focus on violations involving sensitive data, lawyers and academics said.

Cases under the Illinois biometric privacy law have generally focused on employers collecting data in a timekeeping system. But there are likely to be more suits in 2020 over corporate uses of biometric identifiers outside of the employment context, such as Inc., Facebook or other big tech companies using consumers’ facial recognition data, the lawyers and academics said.

“The ability to identity people through facial recognition software or through voice analysis or fingerprints is the next big thing,” Jay Edelson, founder of plaintiff’s-side firm Edelson PC, said. Edelson said consumers will continue to bring BIPA lawsuits as more tech companies employ biometric technologies.

The emerging use of health data by big tech giants, such as in an ongoing case into a data-sharing deal between Google and the University of Chicago and data uses not covered by federal health privacy laws, are also will likely to draw litigation scrutiny in 2020, privacy attorneys and academics said.

Internet-connected wearables, mobile apps, and other direct-to-consumer offerings that collect individuals’ personal data and don’t involve a doctor or hospital may be targeted with litigation in 2020, Kirk Nahra, co-chair of Wilmer Cutler Pickering Hale and Dorr LLP’s cybersecurity and privacy practice, said.

To contact the reporter on this story: Daniel R. Stoller in Washington at

To contact the editors responsible for this story: Melissa B. Robinson at; Keith Perine at;