Privacy Daily is a service of Warren Communications News.
Subscriber Login
‘Every Company is Implicated’

Rise in Litigation and Enforcement Makes Data Privacy a Corporate Priority

May 22, 2025 by Kara Thompson|Top News

Since data-protection litigation and enforcement are on the rise, companies can't assume data practices instituted years ago will insulate them from compliance issues, said privacy experts during a webinar hosted Thursday by Privado, a privacy vendor. New regulations and older laws leveraged to cover evolving technologies have made overseeing data and privacy a corporate priority, they said.

Sign up for a free preview to unlock the rest of this article

Start My Free Preview

The rise in litigation and enforcement has occurred "particularly over the past half-decade,” said Ali Jessani, a privacy counsel at WilmerHale. “It's changing rapidly, even more so over the last couple of years." Driving the change are new laws and regulations at the state level, regulators' increased and more public focus on the issues and older laws being used to regulate new technologies, he said.

“A lot of companies … have had long-standing websites, and they weren't aware of what trackers and pixels their sites were using,” Jessani said. In some of these cases, he said marketing teams deployed sites without input from privacy personnel. Given the rise in website- and pixel-related litigation, "this is now a meaningful risk area for companies, especially if you're a company that processes what could be [viewed as] sensitive data, such as direct-to-consumer health data," said Jessani.

Data and privacy formerly were concerns for a few companies, he said, but national attention, regulation and enforcement have made “data issues ... relevant for every company in some capacity.” It's no longer true that companies can say, "‘We're not a data company, we don't process personal data, so we don't have to think about this.’”

Enforced rules now cover website operation, email and text message marketing, for example, "so every company is implicated by these rules in some capacity," Jessani said.

However, companies in a regulated space or that process sensitive data just have higher risks, he said. Accordingly, companies should involve the privacy team in any and all instances of data use, “so at the very least the team can properly understand what the risks are,” regardless of the sector they are in. Moreover, pixel and data-collection techniques are dynamic, necessitating constant involvement of privacy professionals, Jessani said.

Privado CEO Vaibhav Antil agreed. “If you have a pixel, [you] are always getting personal data [and] personal information," because that's the way they work, he said. “If they can't track you with an ID, then the whole point of the pixel goes away.”

Said Jessani, a key takeaway is that "privacy law is continuing to evolve ... and is intersecting with other areas of the law, including laws regulating AI, laws that are driven by national security concerns, such as the DOJ rule, and other concerns," such as health care.