Michigan publishers must be extra careful in complying with the state’s privacy law. That’s the import of a federal court decision involving Crain Communications.
Without ruling on the merits of the case, a U.S. District Court determined that an out-of-state resident had the standing to sue Crain under the Michigan Personal Privacy Protection Act (PPPA). The parties agreed to dismissal of the case in late March, according to court records.
Virginia subscriber Gary Lin filed a class action suit in 2019, alleging that Crain violated the PPPA by selling “his and other subscribers’ personal reading information to third parties without obtaining consent,” JDSupra writes in an analysis.
Crain had earlier sought to squash the lawsuit on the ground that Lin lacked standing to file suit as a non-state resident.
In January, the court concluded the PPPA “does not impose a residency requirement” for customers to have protections, thus allowing the Lin suit to go forward, JDSupra notes.
U.S. District Judge Victoria A. Roberts wrote: if “the Michigan legislature intended to limit the statute to Michigan residents, it could have done so explicitly,”
Other state statutes, including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and the Virginia Consumer Data Protection Act (VCDPA) do not cover non-state residents,” JDSupra explains.
“The privacy rights created by these statutes extend only to residents of California and Virginia, respectively,” JDSupra writes. Moreover, “unlike the PPPA, none of these statutes provide a private right of action for privacy-related violations,” it adds.
Lin had alleged that “Crain violated his protected privacy interest by disclosing PRI to data-mining companies and third-party database cooperatives.”