All the back and forth about a potential national privacy law is wasted motion, according to attorney Jay Barnes.
The federal consumer privacy protections that are already on the books would be more than enough – if, that is, they were enforced in “a straightforward fashion,” said Barnes, a partner at Simmons Hanly Conroy, a firm that specializes in class actions and mass tort litigation.
Take the Electronic Communications Privacy Act, which was passed in the long-ago year of 1986. (If you want to feel extra old, Dionne Warwick’s “That’s What Friends Are For” was Billboard’s No. 1 single.)
The law prohibits the unauthorized interception, monitoring or review of electronic or wire communications by third parties. “If the courts would just enforce the consent provisions of that law alone, a lot of the worst abuses would go away,” Barnes said.
The Health Insurance Portability and Accountability Act (HIPAA) is another good example of a federal law that class-action attorneys like Barnes use to kick the courts into action.
Barnes is one of the attorneys leading an ongoing class-action suit alleging that Meta’s tracking pixel is a violation of HIPPA because it’s able to collect sensitive protected health information without a patient’s knowledge and can transmit that data directly to Facebook and Instagram.
He was also part of the team that brought a similar – and successful – class-action suit against Mass General Brigham, the largest health care system in Massachusetts, for collecting information about site visitors without consent. That case was settled for $18.4 million roughly two years later.
Barnes spoke with AdExchanger.
AdExchanger: I know there’s only so much you can share about the current Meta pixel health care case because the litigation is ongoing. But what can you say?
JAY BARNES: I’ll put it like this: If your mother would not approve of what you’re doing, then maybe you shouldn’t be doing it, and this case fits squarely into that. Mom probably wouldn’t approve of collecting someone’s health communications without their knowledge or consent. She also wouldn’t want her own doctor telling Facebook about her medical interests.
What would justice look like in a case like this, from your perspective?
Two things: People getting paid for the value of their data and compensated for the intrusion into their privacy, and companies changing their business practices going forward – and backward, meaning the deletion of the data.
I’ve heard a lot of people in the online ad industry speak with derision about the plaintiffs’ bar and what they consider to be “nuisance lawsuits,” like the cases now being brought against streaming services under the Video Privacy Protection Act from 1988. What would your message be to them?
That they should remember these two main rules: Don’t lie or hide the truth from your consumers, and, again, would your mother be OK with it?
Some companies engage in practices your mother wouldn’t be OK with, but it doesn’t involve lying to consumers. And then there are cases where there clearly weren’t adequate disclosures, and no one consented.
I would hope that people who deride certain claims can distinguish one from the other.
You don’t believe the US needs federal legislation to protect consumer privacy. Why not?
There are a number of existing federal statutes and common law causes of action that can fix the harms without the danger of a new statute.
Intrusion upon seclusion and invasion of privacy claims for misrepresentation about how companies treat data are already fully actionable right now in 49 out of 50 states, and that provides an avenue for relief.
I think the members of Congress trying to pass a national law have the right intentions, but I subscribe to the Mark Twain school of thought, which is that the people are safest when the legislature and Congress are not in session.
I also highly doubt that any bill will be passed that doesn’t also pass muster with the surveillance companies. And if Facebook and Google are OK with whatever it says in a federal statute, then there’s probably something wrong with that statute.
With that in mind, what do you think about all the recently passed privacy laws in states across the US? Is it a good thing or a bad thing?
I do think it can be confusing, but as to whether they’re good or not, that depends on the statute. There are good and bad parts of each individual state statute.
But I will say that any legislator who votes to say that only an attorney general can bring an action to defend a consumer’s privacy rights is making a 100% un-American vote. People have the right to a jury trial lawyer of their own choosing and the ability to access the courts on their own without asking permission from a government official.
It’s typically Republican legislators who vote for these limits, and it’s about the least conservative and most un-American thing they could do as a legislator – and I say this as a former Republican legislator myself.
(Fun fact: Barnes spent eight years as a Republican lawmaker in the Missouri House of Representatives, from 2011 to 2019, before joining Simmons Hanly Conroy.)
This interview has been lightly edited and condensed.
🙏 Thanks for reading! And this feels like an excellent moment to resurface the Zoom Lawyer Cat, which might just be one of my Top 10 favorite videos on the internet. As always, feel free to drop me a line at [email protected] with any comments or feedback.
