Dressing old laws in class-action suits: The ECPA 'party exception'
Contributors:
William Simpson
AIGP, CIPP/US
Westin Fellow
IAPP
Editor's note: This is the final article in a three-part series that tracks class action litigation at the nexus of privacy, artificial intelligence, and other digital technology. The first article, "Dressing old laws in class-action suits: Applying anti-wiretapping laws to AI transcription services," looks at how decades-old anti-wiretapping laws have found new significance due to the emergence of automated technologies capable of eavesdropping. The second article, "Dressing old laws in class-action suits: Tracking technologies that disclose personal information," explores recent legal theories that have applied the California Invasion of Privacy Act and the Video Privacy Protection Act.
As discussed in the previous parts of this series, class-action suits have found success in retailoring old privacy laws in the context of new fact patterns, often involving technologies that were never imagined when the laws were originally enacted. The Electronic Communications Privacy Act, for example, remains a viable avenue for plaintiffs to combat non-consensual interception of data, especially as new limitations to its immunity provisions arise. Moreover, the Copyright Act has been implemented to target AI developers. Finally, taking a more modern perspective, the Illinois Biometric Information Privacy Act is also relevant.
A new exception to ECPA immunity: The Bulk Data Transfer Rule
As discussed in the first part of this series, the ECPA provides an exception to liability where one party consents to the interception. But the crime-tort exception to that party exception limits immunity. Violation of the new Bulk Data Transfer Rule is one such limiting crime.
Contributors:
William Simpson
AIGP, CIPP/US
Westin Fellow
IAPP