On May 31, 2019, the District of Columbia Superior Court rejected Facebook’s request to dismiss data privacy litigation brought by the District of Columbia Office of the Attorney General based on its alleged role in the Cambridge Analytica scandal, concluding that the DC Superior Court had jurisdiction over the case and the complaint sufficiently alleged violations of the District of Columbia Consumer Protection Procedures Act (CPPA).

The order demonstrates that general state consumer protection statutes can serve as a viable weapon in the arsenal of State Attorneys General who wish to challenge the reasonableness of entities’ data privacy practices and disclosures. The order also demonstrates that Internet-based companies are not immune to jurisdiction in a foreign venue even when general personal jurisdiction does not exist.

This case should be carefully examined by entities that collect data for a number of reasons. Click here to read more.