PRIVACY AND CYBER
LOOKING AHEAD TO 2025
We’ll See a Skimpy Federal Privacy Law – and State-Led Litigation
2024 PREDICTIONS RECAP
With Republicans in control of Congress, and the Trump administration’s stated goal of reducing federal oversight, we’ll see a renewed push for a federal privacy law. But the aim of this legislation will be largely to supersede the patchwork of state laws on the books and reduce the perceived administrative burden of compliance (particularly for broad laws like California’s). It won’t touch on employment- related data and it won’t include a private right of action. We’ll then see blue states filing suit to maintain their own comprehensive laws in order to retain as much power as possible. State Laws Will Continue to Proliferate This federal privacy bill will not be one of the first matters addressed by the incoming administration and Congress, leaving a period of time in which state-specific consumer laws will continue to proliferate. Additionally, any federal privacy law will likely not replace laws relating to biometric privacy, facial recognition, geolocation tracking, employee monitoring, and other issues that are often the subject of state or locality-specific laws. We will continue to see new developments in these areas across the country. Plaintiffs Will Continue to Get Creative The ongoing trend of wiretapping and related claims filed against businesses that use third-party cookies, pixels, and other tracking technology will continue. While we hope to see more rulings like the recent court decision in Massachusetts that said third-party website tracking software does not violate the state’s wiretap act, it’s also possible that we will see more courts follow the lead set by the 9th Circuit in a May 2022 decision that originally opened the floodgates for decades-old wiretapping laws to apply to modern technology. Either way, we expect to see more decisions in 2025 addressing the issue of the application of state wiretapping laws to the use of tracking technologies. We’ll see those decisions concentrated in two-party consent states (such as Illinois and Pennsylvania), which have seen a spike in wiretapping litigation in recent years.
More States Passed Consumer Privacy Laws We predicted that 2024 would see a rise in the number of states that would pass consumer privacy laws. Sure enough, we saw a big jump from 13 to 20 states. This past year saw new laws take effect in Texas, Florida, Montana, and Oregon, while 2025 will see laws come online in Maryland, New Jersey, Delaware, Iowa, Minnesota, New Hampshire, Nebraska, and Tennessee – not to mention those taking effect in 2026 (Kentucky, Indiana, and Rhode Island). Congress Did Not Pass a Federal Privacy Law Even though a bipartisan group of federal lawmakers unveiled a sweeping proposal that would enact the nation’s first data privacy law in April, we predicted that no such law would come close to passing this year. And we were right. Disagreements over whether and to what extent state laws should be preempted and whether consumers should have a private right of action doomed the bill before it gained any serious traction. Cybersecurity Took Center Stage We predicted that ransomware and other cyberattacks would continue to plague businesses in 2024, with vendors becoming a favorite target. Sadly, we were right. The Snowflake attack became one of the largest data breaches of all time in May. A finance company lost more than $25 million to a deepfake scammer in January. And perhaps most troubling? A prominent cybersecurity training company got fooled itself when it hired a remote worker in July who turned out to be a North Korean cybercriminal who used AI deepfake tools to infiltrate the organization.
MORE OF 2024 IN REVIEW
Consumer Privacy Couldn’t Be Ignored No longer could businesses ignore the concept of consumer privacy. The new slate of consumer-friendly state laws, the expansion of such laws across state lines, and expanded data collection and transparency obligations meant that this needed to be front and center for all businesses in 2024. The last year also saw an astronomical increase in lawsuits filed against businesses that host third-party cookies, pixels, and other tracking technology on their websites, not to mention a $16.5M FTC fine against a company in June for unfairly collecting, storing, and selling consumers’ browsing information without adequate consent or notice.
HOW’D WE DO ON OUR PREDICTIONS?
We got the predictions RIGHT
INTRODUCING THE FP U.S. CONSUMER PRIVACY HUB The lack of a comprehensive federal privacy law has led to a diverse landscape of state privacy laws that often confuse the businesses trying to keep up. Each has their own set of requirements, definitions, protections, and enforcement mechanisms. The FP U.S. Privacy Hub provides businesses with an overview of the current state privacy laws, highlighting key similarities and differences while exploring their implications.
Usama Kahf, CIPP/US
Risa Boerner, CIPP/US, CIPM
BACK TO HOME
Irvine Partner and Co-Chair, Privacy and Cyber Group ukahf@fisherphillips.com
Philadelphia Partner and Co-Chair, Privacy and Cyber Group rboerner@fisherphillips.com
Made with FlippingBook Annual report maker