What is Privacy Class Action?
A lawsuit filed on behalf of a large group of people whose privacy was violated by the same company or practice — enabling individuals who suffered small individual losses to collectively hold corporations accountable for data breaches, illegal tracking, and privacy violations.
Also known as: Privacy Lawsuit, Data Breach Lawsuit, Data Privacy Class Action
When a company exposes your data or violates your privacy, the individual harm might seem small. But when millions of people are affected, class actions are the mechanism that makes corporations pay real consequences.
Major Privacy Class Action Settlements
| Case | Settlement | Year | Issue |
|---|---|---|---|
| Facebook (BIPA) | $650 million | 2021 | Facial recognition without consent |
| Equifax | $700 million | 2019 | 147 million records breached |
| Capital One | $190 million | 2022 | 100 million credit applications breached |
| Google (Incognito) | $5 billion (settled) | 2024 | Tracking users in "private" browsing mode |
| TikTok (BIPA) | $92 million | 2022 | Biometric data collection |
| Yahoo | $117 million | 2020 | 3 billion accounts breached |
| T-Mobile | $350 million | 2023 | 76 million records breached |
| Zoom | $85 million | 2021 | Privacy and security misrepresentations |
| Google (Location) | $391 million | 2022 | Tracking location after users disabled it |
How Privacy Class Actions Work
- Lead plaintiff files suit alleging a company violated privacy rights
- Class certification — court determines if the case affects a large, identifiable group
- Discovery — plaintiff's attorneys access company records
- Settlement or trial — most cases settle (trials are risky for both sides)
- Distribution — affected individuals receive compensation (often modest per person)
The Math Problem
While settlements sound large, individual payouts are often small:
- Equifax: $700 million ÷ 147 million people = ~$4.76 per person
- Facebook BIPA: $650 million ÷ millions of Illinois users = ~$200-$400 per person
Why They Still Matter
Deterrence
The threat of class actions changes corporate behavior. Companies invest in security and privacy to avoid the litigation risk, not because the fine is devastating.
Discovery
Lawsuits force companies to disclose internal documents that reveal the extent of privacy violations — information that drives public awareness and regulatory action.
The Only Recourse
In states without a private right of action in their privacy laws, class actions are often the only way individuals can hold companies accountable. Federal agencies lack resources to pursue every violation.
Related Terms
BIPA (Biometric Information Privacy Act)
Illinois' groundbreaking 2008 biometric privacy law that requires companies to obtain informed consent before collecting fingerprints, facial scans, or other biometric data — and allows individuals to sue for violations, resulting in billions of dollars in settlements.
CCPA
The California Consumer Privacy Act grants California residents rights over their personal information, including the right to know what data is collected, delete it, opt out of its sale, and not be discriminated against for exercising these rights.
Data Breach
A security incident where protected, sensitive, or confidential data is accessed, stolen, or exposed by unauthorized individuals. Data breaches can result from hacking, insider threats, lost devices, or misconfigured systems.
Equifax Data Breach
A 2017 data breach at credit bureau Equifax that exposed the personal and financial data of 147 million Americans — including Social Security numbers, birth dates, and addresses — making it one of the most damaging breaches in history.
GDPR Fines & Enforcement
The penalties imposed under the EU's General Data Protection Regulation, which can reach up to 4% of a company's global annual revenue — with over €4.5 billion in total fines issued since 2018, including record penalties against Meta, Amazon, and Google.
Have more questions?
Use our guided flow to get the right next privacy step for Privacy Class Action.
Open Guided Flow