| Group litigations of data privacy torts are one of the mass torts litigations,the parties involved are often large in number,geographically distributed,and complex in appeals.It is often tricky for the courts to deal with it,but compared to mass torts disputes in traditional areas,such as environment,medical care and product liability,it is more efficient to resolve disputes in data privacy torts,so long as the system can be well designed.It is well noted that the victims of data privacy torts usually are Internet users,they are sensitive to information and are often asked to provide their contact information while using Apps and webs,which means once torts are discovered,they can be informed by companies in a timely and comprehensive manner.Simultaneously,companies need to keep monitoring users' preferences and usage habits in order to provide user-friendly updates,which makes it necessary for users to share information and commnunicate with each other.These features enable the victims to be informed of torts as soon as possible,and make the victims become more organizational to ask for relief.Notwithstanding,the high-tech and elusive nature of torts in data privacy disputes,as well as the excessive collection of personal data,make victims overwhelmed by the burden of proof.Group litigation includes representative actions,class actions,group actions and test cases,considering group actions and test cases are so different from our representative actions,this paper focuses on comparing class actions and representive actions.This paper discusses the five important issues in group litigations of data privacy torts,based on common law legal practice and from the perspective of litigants.The first issue is about jury in fact.The US Supreme Court established the standard of jury in fact review in Spokeo v.Robins,requiring the jury proposed by the plaintiff to be real,instead of being speculative or hypothetical,which has led to debates among courts.This paper inclined to take different view with the US Supreme Court,considering victims' cost of time and money resulted from updating passwords and purchasing credit monitoring services.Also,this paper discusses two main risks in the context of data privacy group litigations:one is time wasting,which has been taken as non-property damage in Taiwan,China;the another one is about mental damage,which should be cautiously reviewed based on the type of leaked personal data.The second issue is about commonality.Ontario supreme court held in Kalplan v.Casino Rama that the class has collapsed in its entirety at the requirement of commonality,class members suffered different kind of personal data leaking,had different kind of damages,and enjoyed different duty of care from the defendant.In this case,Ontario supreme court believed that the court would be inundated with personal investigation if it certified this class action.This case provides a good insight for China to ameliorate its group litigation system.This paper believes that the prerequisites of representative actions are so easy to fulfill that it almost makes no difference between representative actions and ordinary joint litigations.It is essential for China to establish prior-to-litigation review procedures,where the issues of commonality should be taken into consideration.The third issue is about res judicata.As early as the Vivendi case in 2007,the United States court imposed a res judicata review on the non-resident plaintiff who participated in the class action.In order to prevent repeated litigation,the US court required the non-resident plaintiff to prove that the court's judgment may be recognized in his or her own country.However,the review of res judicata of the United States courts is more based on its special opt-out group litigation system.This system believes that victims who neither participate in nor expressly withdraw from the class action are also subject to the class action judgment,which is not accepted by every other country.Based on this,the German and Austrian plaintiffs in the Vivendi case were not allowed to participate in the class action.Due to the borderless nature of the Internet infringement,it is foreseeable that cross-border data privacy group litigations will be increasingly ubiquitous in the future.In that case,it is particularly important to prevent repeated litigations and reduce the defendant's litigation burden.Therefore,this paper believes that it is necessary to involve res judicata review into prior-to-litigation review procedures,that is,in a representative litigation involving an non-resident plaintiff,the plaintiff should be required to submit proof that the court in his or her own country or region is willing to recognize and enforce the judgment of the court in mainland China.Furthermore,the plaintiff can be required to make a promise not to prosecute the defendant repeatedly,in order to minimize the defendant's litigation burden.Market share theory is another issue which is applicable when the tort-feasor is unknown.Nowadays,with myriad situation asking for personal information,it's challenging for victims to identify the tort-feasor accurately.In Sindell v.Abbott Laboratories,the plantiff Sindell developed cancer as a result of a drug named DES,which was manufactured by the defendents,five drug companies together producing 90%of the drug.Although Sindell didn,t know her cancer caused by which manufacturer,the court held that five defendents were liable for the injury to the plantiff.Controversial as the case is,this paper believes market share theory is applicable in data privacy torts disputes,which would not only relieve victims' burden of proof,but also makes companies to realize that excessive collection of personal data refers to enormous duty of care.The last issue is about third-party infringement,which can be divided into related third-party infringements and unrelated third-party infringements.The former one focuses on the liability of companies after data breaches performed by companies'data receiver or their employees,the latter one talks about companies' liability under cyber attacks.This paper argues that data storage performed by companies is creating danger sources,which facilitate cyber attacks and related third-party infringement,so companies are supposed to take responsibility.In the meanwhile,this paper believes that Internet platforms,like hotels and shopping malls,are public place managers under Tort Law,so they also should be under the obligations of safeguard.This paper believes that the safeguard obligations of Internet companies should include the legal obligations stipulated by the relevant laws on personal information protection,the obligations to proactively construct network security systems and eliminate potential security risks,and special obligations for children and other special groups of people.Since third-party infringements damage both users and companies,thus this paper suggests involving users into risk defense system by encouraging users to file group litigations to supervise companies' data operations. |
PDF Full Text Request