Previously recognized as a creative response by New Jersey’s state legislature to a tragic incident, Daniel’s Law has suddenly emerged as a catalyst for privacy litigation. Since February, plaintiffs have initiated over a hundred civil lawsuits invoking Daniel’s Law, leveraging the law’s unique assignment provisions to allow a tech startup, Atlas Data Privacy, to file and litigate on behalf of individuals. Daniel’s Law litigation is part of a broader trend among the plaintiff’s bar of fashioning novel and often strained theories from privacy laws such as the California Invasion of Privacy Act (CIPA) and federal Video Privacy Protection Act (VPPA).
Daniel’s Law Explained
Daniel’s Law, N.J. Stat. § 56:8-166.1, seeks to protect members of the New Jersey law enforcement and judicial communities by providing them the right to request that their home address and unpublished home phone number be removed from databases of various companies that may maintain, publish and/or disclose that information. Under the law, if a covered individual makes such a request, the company has only ten days to remove the information—a period significantly shorter than the typical 45- and 90-day periods authorized by most consumer privacy laws, including New Jersey’s forthcoming privacy law.
If a company fails to comply with this requirement, Daniel’s Law allows covered persons and their immediate family members to bring suit against that company.
Notably, in 2023, the law was amended to permit covered persons to “assign” others to file lawsuits on their behalf, as well as making the $1,000-per-violation fine mandatory rather than discretionary.
Recent Wave of “Assignee” Litigation
The 2023 amendments have proven instrumental for the creation of Atlas Data Privacy, which quickly built an online platform and its own private email service to automate takedown requests with relatively little input by users. Shortly after purporting to have sent those requests en masse, Atlas Data and its lawyers have weaponized Daniel’s Law in the form of over a hundred, nearly identical lawsuits against a wide range of companies offering data analytics and other services.
As of the time of this writing, Atlas Data alleges that it is the assignee of nearly 20,000 covered persons.
Charting the Course Ahead: The Future of Daniel’s Law & Privacy Litigation
Federal and state courts in New Jersey and Pennsylvania are now faced with the significant challenge of coordinating Atlas’ simultaneous prosecution of over a hundred cases under a novel legal theory. In the first months of litigation, initial challenges to Daniel’s Law as unconstitutional on its face have emerged. In late April, a constitutional challenge by a journalist was rejected by the state appellate court. Further challenges by companies will soon be heard by a federal district court judge. Meanwhile, stakeholders are working to understand whether many of Atlas Data’s conclusory allegations are based in fact—including the nature of the alleged assignments and the scope of the alleged requests.
These lawsuits exist against a backdrop of increased scrutiny of third-party data sharing practices by lawmakers, regulators and private litigants. For example, in October 2023, the California legislature passed a massive expansion of its existing data broker registration law known as the “Delete Act,” which authorizes the California Privacy Protection Agency (CPPA) to establish a one-stop-shop deletion mechanism for centralized deletion requests. At the federal level, the Federal Trade Commission continues to pursue companies that allegedly monetize or otherwise share personal data outside of the expectations of the consumer.
Manatt will continue to monitor the Daniel’s Law litigation and provide additional updates as these lawsuits raise serious questions about the assignment of rights and the constitutionality of the law.