LITIGATION TRENDS 2025 | 31 T O C E M P E S G A N T I I P C A P R O W C S P O R T C O N T A C T I N T A P P P A T C C L S E C these tools are unlawfully collecting and transmitting data without user consent and violating privacy laws such as the federal Wiretap Act and its state counterparts, the California Consumer Privacy Act (“CCPA”), and the Video Privacy Protection Act (“VPPA”). Ad tech privacy lawsuits pose significant challenges for companies. Many companies lack full control over how these tools operate, which can result in inadvertent data sharing and noncompliance with privacy laws. Small and medium-sized companies, in particular, often may adopt off-the-shelf technologies without fully understanding their privacy implications. This lack of visibility, coupled with the failure to secure proper user consent and make adequate disclosures about data collection, can lead to significant exposure. Recent legal developments have also made it increasingly difficult for companies to avoid liability in ad tech privacy cases. These rulings have expanded the interpretation of privacy statutes, making it easier for consumers to successfully challenge companies under broad legal theories. Additionally, these lawsuits often involve fact-intensive questions that make early dismissal difficult. Moreover, courts frequently allow cases to proceed past the motion to dismiss stage because they require deeper analysis of how tracking technologies function, whether user consent was obtained, and whether the company’s data collection practices violate privacy laws. Statutory damages for violations can also quickly add up, as many laws impose per-violation penalties, meaning even small infractions against individual users can potentially lead to multimillion-dollar liabilities. To mitigate risks, companies should consider conducting regular privacy impact assessments to identify potential risks in their data collection and tracking practices. This includes internal audits of all tracking technologies in use, ensuring that third-party tools like Meta Pixel, Google Analytics, and session replay scripts comply with applicable privacy laws. Businesses must also ensure that their data-sharing agreements with vendors include strict contractual limitations on data usage to prevent unauthorized data transfers. Companies have found success investing in firstparty analytics tools that do not rely on external data sharing, and using anonymized data processing methods that strip personal identifiers before any tracking occurs. Additionally, companies should ensure they obtain explicit user consent, particularly when collecting sensitive data such as health or financial information. Companies should also ensure that opt-in mechanisms for tracking are readily apparent to the user, clearly communicate the tracking that may take place, and avoid pre-checked boxes or excessive steps to opt out of certain tracking. Finally, tracking technologies should be configured to limit data collection to only what is strictly necessary for business operations. By proactively incorporating these strategies, companies can reduce their exposure to legal risk while maintaining a competitive edge in an increasingly privacy-conscious marketplace. Toxic Ingredient Class Actions Many everyday consumer products contain chemicals that have come under increased scrutiny due to potential health risks. As awareness of these risks has grown, two main types of litigation have emerged – personal injury or mass tort suits based on an injury suffered directly from their use CROSS-PRACTICE FOCUS Class Actions THE AD TECH PRIVACY TRIPLE THREAT Expanded Judicial Interpretation of Privacy Statutes Challenging Pre-Trial Motion Practice Landscape High Exposure Tied to Statutory Per-Violation Penalties 30 | Weil, Gotshal & Manges LLP
RkJQdWJsaXNoZXIy MTI5NDgyMg==