A private right of action allows a private actor to bring a lawsuit based on a public statute, the Constitution, or federal common law. A class action is a lawsuit in which a group of actors are represented collectively by a member of the group. The conservative ideal is a nation with free exchange, rule of law, and small government. Brian Fitzpatrick’s “The Conservative Case for Class Actions” argues that class actions have a proper role to hold corporations accountable and that conservatives likely accept a basic set of rules to honor contracts, prevent fraud, and prevent price fixing. He posits that where individuals can pursue legal action, there should be smaller government, self-help, better incentives, better resources, less bias, and less centralization.

However, the US economy is not a conservative utopia. Exchange of goods and services is increasingly regulated, the federal budget takes an increasing share of the economy, and the overgrown administrative state violates essential freedoms enshrined in the Constitution. In 1981, A. E. Dick Howard was already describing the “litigation society” in which any dispute can turn into a lawsuit and courts resolve social questions rather than legislatures and conventions. The larger Total Justice movement — the notion that people are entitled to compensation for every conceivable inequality — has been underway for decades.

The question of whether and how to address disputes is not new. Ironically, the Interstate Commerce Commission (ICC) was established in 1881 in part to manage the glut of private right of action lawsuits between railroads and their users. Over the decades, shippers so abused the ICC to win favorable rates that American railroads fell woefully behind in technology. Almost a century after its founding, the ICC was disbanded because it was a bottleneck for the marketplace.

Unsurprisingly, rail technology, competition, and quality improved following deregulation. The same fate could befall America’s internet industry. The European Union’s General Data Protection Regulation (GDPR) has been a boon to the largest platform companies, which have seen their startup competitors shrink due to high GDPR compliance costs. The California Consumer Privacy Act (CCPA), which came into force on January 1, portends a worsening of the trend.

The CCPA contains 77 specific rules for enterprises, none of which were optimized or tested in a rational, evidence-based process. At best, these rules, which were pasted together and made law in a mere month, reflect the preferences of an elite group of privacy lawyers and advocates, not the diverse preferences of hundreds of millions of consumers, many of whom will find their freedom to enjoy online offers curtailed. Firms serving California will each expect to pay between $100,000 and $1 million to comply with the CCPA, with the vast majority of expenditures going to privacy attorneys, as noted by an assessment of the CCPA commissioned by the California attorney general’s office. It estimates that the CCPA will have an initial compliance cost of $55 billion — equivalent to 1.8 percent of California’s 2018 gross domestic product — with another $16 billion more in costs in the coming decade. Consumer benefits are pegged at just $5 billion, translating to costs exceeding benefits by a factor of 14.

Ostensibly, regulation is supposed to reduce litigation, but the opposite is happening. A group of sophisticated attorneys not only write the privacy laws with ambiguous language and complex requirements but they can also engineer the laws with triggers for litigation. The explosion of data breach litigation in the last five years alone, with cases multiplying into the hundreds every year, half of which are filed in California, is a glimpse of what to expect with the new data privacy law. Targets to date include credit rating agencies (e.g., Equifax); the restaurant industry (e.g., Sonic, Arby’s, and Chipotle) for its point of sale technology, transportation providers (e.g., Uber), and hotels for their reservation systems. It is telling that just four expert firms bring the majority of data breach class action lawsuits.

While we can agree that privacy protections are important, we should draw the line when regulation becomes the tool for rent seeking. Consumers gain little, if anything, from the litigation largesse that overwhelmingly rewards attorneys, not class actors. A recent report found that total costs and compensation in the system amounted to $429 billion in 2016, equivalent to 2.3 percent of US gross domestic product or $3,329 dollars per household in America.

Consider the case against Facebook’s Beacon ad program. The plaintiffs’ lawyers received $2.3 million. Facebook paid $6.5 million into the Digital Trust Foundation. The funds have been disbursed and the foundation closed. Class members received no monetary compensation.

Another worrying trend is the stretching of liability theories, such as “unjust enrichment,” to hold firms liable for being victims of cyberterrorism. Indeed, class actors need not even prove injury to seek compensation for privacy violations. We could imagine a world with unbridled rights to legal action on the one hand or a highly regulated one on the other. But today we have the worst of both. And sadly, this serves litigators, not consumers.

The post Regulation and litigation: The worst of both worlds appeared first on American Enterprise Institute – AEI.