Serial Litigants May Target Websites and “Trackers” As Alternative to TCPA

The small business loan brokerage had played it safe. Rather than robodial and take their chances in the minefield of TCPA compliance, they ran ads on Facebook and Instagram and had the merchants call them. Inbound leads were gold, they cheered, until one of those inquiries came through a little differently. It was a demand for damages for having been tracked on the internet.

The merchant alleged that they had only been served ads on social media by that company because they had been tracked from a prior website visit. They hadn’t wanted to be tracked and there was no option to opt out of tracking. As a result, they demanded to be compensated, heftily.

By now, most internet users have at least heard the term GDPR, the General Data Protection Regulation that became a never-ending source of controversy throughout Europe, but not all are aware that states and litigants in the US have tried to create a similar framework for privacy. For some in the small business finance industry, the vast complexity of compliance was not fully understood until the lawyers came calling.

“Pretty much every MCA company is potentially a victim because they’re all doing advertising,” said Richart Ruddie, CEO of Captain Compliance, a firm that specializes in safeguarding companies against these sorts of threats. “What we do is we protect against the rise and surge in privacy lawsuits and privacy litigation. So, anybody running TikTok ads, Facebook ads, Instagram ads, any sort of technology that does session-replay where it watches you move the cursor on the screen, if they’re running Google Analytics, all of these are cases that have been tried and are being litigated over.”

Ruddie said that companies within the small business finance industry, including a few within the segment of MCA, have been hit with claims, and they’re now actively working with them to make sure it doesn’t happen again.

“What our software does is provides the ability for users to have consent to opt-in or opt-out of any sort of ad targeting, tracking, session-replay technology,” Ruddie said. “And then we also provide software that constantly keeps businesses’s privacy notices and privacy policies up to date with their tracking and what they’re doing as well as their data handling practices.”

The larger issue is that for companies that might already be aware of the risks, the solutions they’re using may not actually be compliant with the laws.

“What’s happening now is there’s a handful of these cookie banner softwares but they don’t work and they’re creating bigger issues because they’re like ‘Hey, you told me I could opt out, and then I turned off the selling and sharing of my personal information and you still track me,'” Ruddie explained.

This is made all the more complex by the fact that there are nearly two dozen states with their own twists on compliance. And a growing cottage industry of serial litigants that know this complexity could make website operators easy targets to profit off of. For instance, some of them are going around and running automated website scans just to see who to target. Ruddie said that he’s seen claims reach into the tens of thousands or hundreds of thousands of dollars for alleged privacy violations.

Preventative measures are within reach, however. Ruddie says that for a brand new customer they can get a company compliant in one to three business days. It’s hard for companies to hide in the shadows if they’re online because it doesn’t take much to see what’s there and what isn’t.

“You can right-click and look at the code and then you can see all the different tech and what’s running on the website,” Ruddie said.

Sean Murray is the President and Chief Editor of deBanked and the founder of the Broker Fair Conference. Connect with me on LinkedIn or follow me on twitter. You can view all future deBanked events here.