A class action lawsuit, Seirafi et al v. Samsung Electronics America, Inc., Case 4:22-cv-05176-KAW, filed recently in the Northern District of California, alleges that Samsung’s unnecessary personal information collection, and failure to secure that information, violate the California Consumer Privacy Act (CCPA). This lawsuit was inspired by two recent data breaches that allegedly included personal data of American users. The plaintiffs go beyond the facts of the breaches, though, to allege that Samsung should never have collected that information in the first place.

The California Consumer Privacy Act provides: “A business’ collection, use, retention, and sharing of a consumer’s personal information shall be reasonably necessary and proportionate to achieve the purposes for which the personal information was collected or processed, or for another disclosed purpose that is compatible with the context in which the personal information was collected, and not further processed in a manner that is incompatible with those purposes.” According to the plaintiffs, Samsung acted unreasonably by requiring them to register accounts to use smart televisions and other devices. If this theory succeeds, tech companies could find that locking devices behind online registration is more risk than it’s worth.