We looked earlier this week at Google’s proposed $22.5 million data privacy settlement.  See post here.   As Hurricane Isaac pummeled our shores, and the Republicans held their convention in Tampa, yet another headline on data privacy appeared – when it rains, it pours.

District Court Judge Susan Illston granted Consumer Watchdog’s request to oppose the FTC-Google settlement as “not in the public interest” because it permits Google to deny that any violation occurred.  Consumer Watchdog’s motion also suggests that $22.5 million is insufficient.

Sound familiar?  That’s because it is.  For the same reason in the securities context, Judge Rakoff of the Southern District of New York rejected a proposed settlement between the SEC and Citigroup—though the opinion was practically eviscerated on appeal—and threw a kink in the gears of the SEC – Bank of America settlement, causing the parties to renegotiate a higher value agreement, which Judge Rakoff reluctantly accepted.

In a less widely reported case, the FTC is defending a proposed $11.5 million settlement which also includes a denial of facts and liability by the defendant, Circa Direct LLC.  FTC Commissioner Rosch vigorously opposed both the Circa Direct and Google settlement under these conditions.

Defendants seek these terms to avoid collateral estoppel which prevents a party from accepting facts or liability in one case (e.g., an FTC case) but denying it in another (e.g., a class action based on the same conduct).  Federal agencies use such language to encourage settlements and conserve resources.

It remains to be seen if the Court will reject the proposed settlement.  But add this to the enforcement priority, record fines, and attention by the plaintiffs’ bar, and we see it’s not just raining; it’s pouring exposure and costs for data privacy violations.  Get your umbrella ready, i.e., data privacy compliance program — more enforcement and more controversy is on the horizon!