[lxe]

> if a data breach occurs, the law permits consumers to recover up to $750 per incident

This is great!

[kevin_b_er]

Simple, you just add this to clickwrap agreement:

The Parties mutually agree that any and all disputes arising from or relating to this Agreement, including the interpretation or application of this Agreement will be submitted exclusively to final and binding arbitration pursuant to the Federal Arbitration Act. The arbitration will be conducted the state of Delaware or such other location as the Parties may agree, by a single arbitrator in accordance with the substantive laws of the State of Delaware.

Boom. No more pesky California law.

[wahern]

Setting aside potential flaws in your thesis, theoretically the Federal Arbitration Act (FAA) can be circumvented by making the state the real party in interest but permitting a victim to sue and recover on behalf of the state. Because the state wouldn't be a party to any contract (and also because it's a state), the FAA wouldn't apply.

California does this for labor violations through it's Private Attorneys General Act (PAGA): https://www.dir.ca.gov/Private-Attorneys-General-Act/Private...

Glancing at the Wikipedia page for CCPA, it's possible that the CCPA is structured similarly--"Companies ... can be ordered in civil class action lawsuits ... subject to an option of the California Attorney General's Office to prosecute the company instead of allowing civil suits to be brought against it."

That said, I don't think California's PAGA has ever been tested vis-a-vis the FAA in the Supreme Court because it was only recently that they decided to strictly apply the FAA to employment contracts.

[neuland]

Section 1798.192 covers that:

    Any provision of a contract or agreement of any kind that purports to waive or limit in any way a consumer’s rights under this title, including, but not limited to, any right to a remedy or means of enforcement, shall be deemed contrary to public policy and shall be void and unenforceable

Edit: I suppose that I should say that I'm not a lawyer. This isn't legal advice. And it's completely possible that I have misunderstood this section of the law.

[carbocation]

I dislike how the minute someone mentions a legal hack, the responses are "oh, are you a lawyer?"

Why not consider this reply on its merits?

[jordigh]

Because it is super-risky to consider these things on their own merits if you are not the kind of person who regularly interacts with judges and juries. Laws are something that are applied within a particular kind of, ah, culture. You have to be familiar with the body of work of that culture and how they will likely interpret the law. Trying to interpret laws in ignorance of that culture is likely to lead to interpretations contrary to those with the power to enforce the laws, and land you in a lot of trouble.

In other words, laws aren't code or mathematics. They're not pure exercises of abstract thought to be considered in isolation. Trying to treat them that way is going to lead to trouble.

[carbocation]

Does everyone downvote all medical speculation in the numerous health threads on this site?

No.

It's fine for people to speculate about medical ideas, legal ideas, etc. Especially on a forum like this where there is no pretense that people are offering genuine legal advice.

[skybrian]

Or maybe we should express less confidence in our assertions about medicine?

After all, most of the time, people are writing about things they don't know all that much about.

[carbocation]

To be honest, one or the other should be the case.

Either wild speculation on medicine and law should be fine (this is my position).

Or, people should fear medical speculation as much as they do legal speculation (I think this is the more pathetic option).

[ChrisSD]

"Legal hacks" are rarely, if ever, as clever as their proponents think. Scepticism is natural and warranted.

Judges aren't complete morons and will take a dim view of "hacks". There could be loopholes somewhere but you'd need a lawyer to spot them.

[jordigh]

One of the most famous "legal hacks", Richard Stallman's copyleft, had to be rewritten by a lawyer. rms wrote GPLv1 by himself and you should never use it. GPLv2 is the version that was actually vetted by a lawyer.

A similar thing happened with Perl's Artistic License. Its version 2 is basically also a lawyer-approved rewrite.

In other words, hackers, don't try this at home. There are professionals who can do this for you.

[nickpeterson]

I find it somewhat sad that law is basically a guild where arcane language is used to gatekeep what should be a much more straightforward exercise.

[Karrot_Kream]

It's not. It's the equivalent of saying "I can do this better" and producing unreliably, buggy code. Sure you can, but a more experienced professional can point out all the corner cases you missed.

[jancsika]

I find it somewhat sad that programming is basically a guild where arcane language is used to gatekeep what should be a much more straightforward exercise.

[heavenlyblue]

I mean, if you pay attention to the names of the kernel API functions, you'd probably end up with the same conclusion.

[TeMPOraL]

Very relevant xkcd: https://xkcd.com/1494/.

[eridius]

Probably because anyone who isn't a lawyer has no hope of considering this reply "on its merits".

My gut feeling is this "legal hack" wouldn't work, because if it did someone would have used it by now against some other law that provides for damages, and someone else would have figured out how to neuter the hack. Which is to say, there's probably an existing law that prevents this hack from working. But you'd need a lawyer to be able to say whether that's true or not.

[ionised]

I'd love to see them try this in the EU.

[wilg]

Oh are you a lawyer?

[dbdjfjrjvebd]

OP needs to be not just a lawyer, but your lawyer. I.e. someone who is accountable to you if their advice is wrong.

[heavyset_go]

There shouldn't be a cap to liability, this reeks of tort reform-esque legislation.

If my identity gets stolen, there is much more than $750 at stake on my end.

[tzs]

It's up to $750 or actual damages if greater.

[b_tterc_p]

good time to make a bot that signs up for things

[jhanschoo]

Only if you don't value your PII. If you don't use PII in your bot then you can't claim.

[llukas]

"up to"

Are there any guidelines for determining actual compensation?

[Groxx]

The full sentence is this fwiw:

>Additionally, if a data breach occurs, the law permits consumers to recover up to $750 per incident (or actual damages, if greater).

So that might just be $750 as part of a punitive fee.

[tzs]

It sounds more like a statutory damages thing, although note I have not read the law.

The idea with statutory damages is that determining the actual damages can be difficult and uncertain, so some laws allow plaintiffs to elect to ask for damages from a standard range, and the court will decide where damages should fall in that range based. It's basically saying "just give me about what is typical for cases like this one".

[chmod775]

Presumably it's a scale from

"Leaked (e-mail) adresses"

to

"Leaked nude photographs".

[llukas]

I don't mind my nude photographs. I mind if somebody takes loan in my name and dumb bank would send it to collections.

[jusssi]

Someone else might mind your nudes. E.g. your employer, the school your kids go to, the parents of your kids' friends, etc.

At least in the US, rest of the world isn't that shocked of our natural form.

[flakss]

Presumambly the upper end of the scale would be closer to identity theft with total asset loss and fraudulent lines of debt, which is likely would occur if eg google got hacked.

[icoe]

It would be decided in a civil court, most likely.