The landscape of privacy and private right of action claims has become increasingly dynamic. Moving beyond the traditional focus on data breaches, there’s a notable increase in claims tied to non-breach activities like pixel tracking. These claims, rooted in evolving privacy statutes, underscore the need for businesses to adopt comprehensive risk management strategies. In this blog, we will explore the rise of pixel tracking claims, the intricacies of cyber insurance coverage, the expanding legal framework, and the broader implications for data privacy in today’s digital age.
Pixel Tracking Claims: A Growing Concern
- What is a Pixel? A pixel is a code snippet, often invisible, that attaches when a user loads a webpage. This pixel then logs the user’s IP address along with information about what the user browsed, often resulting in targeted ads. Some pixels can track a user throughout the internet.
Pixel tracking claims have notably surged, frequently citing violations of statutes such as the California Consumer Privacy Act (CCPA) and the Video Privacy Protection Act (VPPA). These claims typically allege the unauthorized collection of personal information through pixel tracking technologies, with the Meta pixel being a particularly common target. Other types of unauthorized collection claims, such as those involving biometric information under the Biometric Information Privacy Act (BIPA), are also significant.
Businesses must prioritize robust opt-in and opt-out mechanisms to mitigate these risks. While the legitimacy of many of these claims remains a topic of legal debate, the reality is that many come in the form of mass arbitration or class action lawsuits, with settlements frequently reaching seven figures.
Navigating Privacy Coverage in Cyber Insurance
From an insurance perspective, the coverage landscape for these privacy claims can be complex. While some cyber policies provide coverage for private right of action or wrongful collection claims, others limit privacy coverage to breach-related incidents or actions initiated by governmental bodies. Furthermore, many policies explicitly exclude wrongful or unauthorized collection, creating a significant gap that businesses need to navigate carefully.
A common issue is the disconnect between the legal and marketing departments. Often, the marketing team activates pixel tracking without thorough legal review, triggering these claims. Pixel tracking itself is not inherently harmful and serves as a valuable tool for many businesses. However, a comprehensive risk assessment and the implementation of proper privacy measures are essential to manage this exposure effectively. We often recommend the guidance of outside privacy counsel for organizations utilizing any collection mechanisms.
The Shifting Legal Landscape
Plaintiff attorneys are continually exploring new avenues to bring forth claims related to wrongful or unauthorized data collection. This trend is intensified by the evolving pipeline of privacy regulations, with 20 states enforcing consumer data privacy laws and numerous others proposing legislation.
The area of data privacy is not static; it is a rapidly evolving domain that requires constant vigilance and adaptation. As new technologies and artificial intelligence (AI) solutions emerge, we anticipate a broader array of concerns surrounding data privacy. The news has already reported concerns from Elon Musk about Apple’s latest updates as well as about Microsoft CoPilot recall. Some cyber insurance carriers have proactively introduced AI endorsements to clarify coverage positions, while others have developed specific products for AI used internally and externally.
Anticipating Federal Privacy Regulations
At the federal level, the proposed American Privacy Rights Act of 2024, introduced with bipartisan support, aims to create a framework akin to the General Data Protection Regulation (GDPR) in the European Union. While its legislative fate remains uncertain, the act outlines several key provisions, including data minimization, privacy policy transparency, and consumer privacy rights, such as opt-in and opt-out mechanisms.
The Future of Data Privacy
Continuous advancements in tracking technologies and AI fuel ongoing discussions about data privacy in the digital age. The concept of intellectual privacy, which refers to the ability to explore one’s curiosities online without being surveilled, is often overlooked. Due to the trackability of internet activities and computer usage, intellectual privacy is frequently compromised, especially when marketing practices come into play. Moreover, as laws and technology evolve, plaintiff attorneys creatively leverage both new and existing privacy laws.
Staying Proactive and Informed
As privacy claims evolve, staying informed and proactive is essential. At Liberty, we are committed to leading these conversations, ensuring our clients are well-equipped to navigate the complexities of data privacy and cyber insurance.
Emerging technologies, evolving legal frameworks, and the ever-present risk of privacy claims necessitate a comprehensive and forward-thinking approach to cyber insurance. By staying ahead of these trends and fostering collaboration between legal and marketing teams, businesses can better manage their risks and safeguard their interests in this dynamic environment.
Interested in learning more and taking a deeper dive? Please reach out to Katie Pope, Esq., Vice President, Executive Lines, The Liberty Company Insurance Brokers