Defamation & Reputation Management 2025 Comparisons

The legal grounds for protecting privacy and confidentiality in the USA are rooted in common law (including tort and contract), and state and federal privacy statutes. Much of the relevant law is a matter of state common law. Accordingly, the law across the 50 states varies.

Common Law Tort Protections

The common law in most states in the USA recognises four types of “invasion of privacy” torts, as set out here.

• Intrusion upon ceclusion – unauthorised intrusion into a person’s private affairs. The elements of this claim may include:
1. the defendant intentionally intruded, physically or otherwise, upon the plaintiff’s solitude or seclusion;
2. the intrusion was in a place or context where the plaintiff had a reasonable expectation of privacy; and
3. the intrusion would be considered highly offensive to a reasonable person.
• Public disclosure of private facts – publication of private information that is not of legitimate public concern and is highly offensive to a reasonable person. The elements of this claim may include:
1. the defendant publicly disclosed information about the plaintiff;
2. the information disclosed was private (ie, not already public knowledge);
3. the disclosure of these private facts would be highly offensive to a reasonable person; and
4. the subject matter disclosed is not newsworthy or of legitimate public interest.
• False light – publication of information that is misleading and highly offensive, placing an individual in a “false light”. The elements of this claim may include:
1. the defendant publicised information about the plaintiff;
2. the information is false or creates a misleading impression;
3. the portrayal would be highly offensive to a reasonable person; and
4. the defendant acted with the requisite degree of fault.
• Misappropriation (right of publicity) – unauthorised use of a person’s name or likeness for commercial advantage. The elements of this claim may include:
1. the defendant used the plaintiff’s name, image or likeness;
2. the use was for commercial or other exploitative purposes;
3. the use was without the plaintiff’s permission; and
4. the plaintiff suffered damages or harm (this may include mental distress and lost income).

Contract Protections

In the USA, contracts are often used to establish and enforce obligations related to privacy and confidentiality, including the following.

• Non-disclosure agreements (NDAs) and confidentiality agreements – NDAs and confidentiality agreements may prohibit parties from sharing information, but they are limited by state law. By way of example, there has been a trend towards limiting the use of NDAs related to sexual harassment and workplace discrimination.
• Non-disparagement agreements – non-disparagement agreements require a party to refrain from making disparaging statements about the other party. In many jurisdictions, these agreements are enforceable even if the disparaging statements are true.
• Data processing and sharing agreements – agreements between businesses and their clients may include provisions for confidentiality and data privacy.

In most jurisdictions, to establish a claim for breach of contract, the plaintiff must prove the following.

• Valid contract – a legally binding agreement, typically requiring:
1. offer (a clear proposal);
2. acceptance (unambiguous agreement to the terms);
3. consideration (something of value exchanged by both parties); and
4. mutual assent (a “meeting of the minds” on the essential terms).

• Plaintiff’s performance (or excuse for non-performance) – the plaintiff must show that it performed its obligations under the contract or was legally excused from doing so.
• Defendant’s breach – the defendant inexcusably failed to perform a contractual obligation.
• Damages (or harm) to the plaintiff – the plaintiff must demonstrate that it suffered a quantifiable loss or harm caused by the breach. Damages can include compensatory damages, consequential damages or other appropriate remedies depending on the circumstances.

Beyond damages, a plaintiff may pursue injunctive relief for a breach of contract, including temporary restraining orders, preliminary injunctions, and permanent injunctions to prevent a defendant from disclosing information in violation of the parties’ agreement. Notably, temporary restraining orders and preliminary injunctions are generally unavailable under the invasion of privacy torts (described above) because they are typically deemed to violate the protection of free speech in the First Amendment of the US Constitution.

Federal Statutes

There are many federal statutes that provide protections for privacy and data, particularly for individuals. These include the following.

• Health Insurance Portability and Accountability Act (HIPAA) – protects certain health-related information from disclosure by covered entities (health care providers, insurers, etc).
• Fair Credit Reporting Act (FCRA) – regulates how consumer credit information can be collected, disseminated, and used.
• Gramm-Leach-Bliley Act (GLBA) – governs financial institutions’ use and disclosure of consumers’ private financial information.
• Children’s Online Privacy Protection Act (COPPA) – imposes requirements on operators of websites or online services directed to children under 13.
• Family Educational Rights and Privacy Act (FERPA) – governs and protects the privacy of students’ education records, including establishing parental rights to such records.
• Electronic Communications Privacy Act (ECPA) and Stored Communications Act (SCA) – restrict interception, disclosure and use of electronic communications.

Some federal statutes allow for enforcement only by the government, whereas others allow individuals and companies to file civil lawsuits. For instance, the FCRA does allow a consumer to bring a lawsuit to recover damages, whereas HIPAA does not.

State Statutes

At least 20 states have statutes protecting privacy and confidentiality that mirror or go beyond federal statutes. For instance, California is generally notorious for additional regulations, including:

• California Consumer Privacy Act CCPA;
• California Privacy Rights Act;
• California Online Privacy Protection Act;
• Shine the Light Law;
• California Data Breach Notification Law;
• Confidentiality of Medical Information Act; and
• California Invasion of Privacy Act.

Many other states have proposed legislation to provide additional protection for consumer data.

Privacy remedies depend on the legal claim being pursued and the relevant jurisdiction. Two broad categories prevail: legal/monetary relief and injunctive relief.

Common Law Tort Remedies

Compensatory damages

• Compensatory damages are monetary awards to compensate the plaintiff for the harm caused by the defendant’s tortious conduct.
• They may include damages for the actual economic loss (eg, lost wages or reputation management services) and for emotional distress.
• Some states may allow for the recovery of attorney’s fees.

Punitive damages

• Punitive damages are usually based on particularly egregious misconduct (eg, recklessness or intentional misconduct).
• They are awarded to punish and deter future misconduct.
• Most jurisdictions require a higher standard of proof ‒ often “clear and convincing evidence”.

Range of damages awards

• Because damages awards are generally determined through the subjective assessments of jurors, it is not possible to estimate the normal range of such awards. Some states may place caps on compensatory damages and punitive damages awards. And there are US Constitutional limits on the amount of punitive damages that can be awarded.

Injunctive relief

• Permanent injunctive relief may be available, but a temporary restraining order or preliminary injunctive relief is extremely unlikely for tort claims.
• It is extremely unlikely that an injunction can be obtained before publication/broadcast if the basis of the claim is defamation. If, however, the misconduct is rooted in the disclosure of private information (eg, revenge porn), the chances of prepublication relief are greater.
• The issue lies in the First Amendment, which precludes prior restraints of speech in the absence of extraordinary circumstances.
• The First Amendment’s safeguards often preclude censoring speech until that speech has been finally determined to violate the law.

Contract Remedies

Compensatory damages

• Monetary awards are made to restore the plaintiff either to the position it would have occupied if the contract had been performed (expectation damages) or to reimburse it for expenses incurred in reliance on the contract (reliance damages).
• Most jurisdictions do not allow damages for emotional distress or reputational damages for breach of contract.
• Because contract damages may be difficult to determine, parties may agree to a liquidated damages clause for a predetermined amount of money if a breach occurs. These provisions must be carefully crafted lest they be deemed an unenforceable penalty.
• Many states allow for the recovery of attorney’s fees in breach of contract cases.

No punitive damages

• Punitive damages are generally not recoverable in contract cases but may be recoverable in certain contract-adjacent claims, such as bad faith claims against insurers.

Range of awards

• It is impossible to determine a range of awards because they depend on the specific facts of each case.

Injunctive relief

• Temporary, preliminary and permanent injunctive relief may be available, and can be specifically provided for in a contract.
• A contract may allow a plaintiff to obtain an injunction to prevent a publication/broadcast before it occurs, as a party may waive its First Amendment rights through contractual agreements. 
• Limitations of remedies – parties may also agree to stringent limitations on their ability to pursue remedies, including monetary and injunctive relief. Parties should thus take great care in crafting the provisions related to remedies.

Federal and State Statutory Remedies

• Remedies available under federal and state statutes related to privacy and confidentiality are more predictable than those available for tort and breach of contract. By way of example, the FCRA provides for compensatory statutory damages, between USD100 and USD1,000, and punitive damages and attorney’s fees may also be available.
• Federal statutory damages often pale in comparison to the amount of common law damages awarded by juries.
1. However, some federal and state statutes may support class actions, which can result in large damage awards assessed against the defendant, with significantly smaller recoveries for the many class members.
2. Some statutes may even provide criminal penalties – for example, serious HIPAA violations can result in ten years imprisonment.
3. Some statutes may allow for enforcement only by the government (eg, HIPAA).
• Injunctive relief may also be available, including to preclude dissemination of private information.

Statutes of Limitations

Statutes of limitations are deadlines for filing a lawsuit.

• They vary by state, claim and circumstance. For instance, the statute of limitations for slander in Tennessee can be as short as six months, whereas it is three years in New Mexico.
• They may be tolled or extended, including by agreement, for minors, for cases arising from criminal conduct, or when a defendant attempts to conceal its conduct.
• The above is jurisdiction dependent, thus plaintiffs should diligently ascertain potential claims, the relevant jurisdictions, and the potential deadlines.

Defences to Privacy Claims

• The patchwork of potential claims (and potential jurisdictions) in the various states defies a comprehensive summary of potential defences.
• There are five primary potential defences for claims based on the publication of speech, the first two of which apply in every jurisdiction because they are rooted in federal law.
1. The First Amendment may preclude liability for the following statements.
1. Statements of opinion based on true and complete disclosed facts, subjective assessments that are not provably true or false, and non-literal statements (eg, hyperbole).
2. Statements about a public figure unless the plaintiff proves by clear and convincing evidence that the defendant published the statements with “actual malice” ‒ ie, that the defendant published the statements with knowledge of falsity or reckless disregard for the truth.
3. When the defamatory statement is about an issue of public concern, this actual malice standard may also be required to recover presumed damages and punitive damages.
2. The Communications Decency Act (CDA), with few exceptions, shields online service providers (eg, Facebook) from liability for content posted by users.
1. For example, Facebook has no liability for an invasion of privacy claim for false light based on a user’s post, even if Facebook knows the post is false.
2. Online service providers may be liable for, eg, criminal conduct, IP infringement and sex trafficking.
3. Absolute privileges may protect a defendant from liability, even for knowingly false statements or intentional misconduct.
1. They are grounded in state law, and likely available in some form in every jurisdiction.
2. In most jurisdictions, the primary trigger for an absolute privilege is a statement made in the course of an official proceeding, which may include court proceedings, arbitrations, legislative proceedings or sessions, and administrative proceedings or sessions.
3. Notably, the boundaries of the “proceeding” may be broad and, by way of example, may include statements made in hearings, in filings, in depositions, and statements made prior to a lawsuit being filed.
4. Absolute privilege protection may be limited to statements that are material and pertinent to the proceeding.
4. Conditional/qualified privileges protect statements that are not marred by some form of wrongful misconduct, such as actual malice, bad faith or an intent to harm the plaintiff.
1. They are available in some form in most if not all states.
2. Statements that may trigger conditional/qualified privileges may include:
• fair and accurate reports of official proceedings or documents;
• statements to governmental entities, particularly those tasked with enforcement;
• statements in furtherance of a moral, public, or legal duty;
• statements made to protect one’s interest;
• statements by counsel regarding a legal proceeding; and
• statements by employers providing a reference or evaluation.
3. Plaintiffs may need to meet the higher “clear and convincing evidence” standard of proof to defeat the privilege.
4. Depending on the jurisdiction, they may operate like an absolute privilege – for example, in some jurisdictions, a fair and accurate report may be privileged even if the statement was made with actual malice.
5. Anti-SLAPP statutes – SLAPP is the acronym used for “strategic lawsuits against public participation” and anti-SLAPP statutes are designed to challenge such lawsuits and to provide heightened protection at the onset of litigation to certain defendants who are deemed to be engaging in “public participation”.
1. Approximately 32 states have anti-SLAPP statutes, and that number is growing. 
2. Anti-SLAPP statutes vary across the country, both in terms of what is considered a SLAPP and their mechanisms to challenge SLAPPs.
3. California’s anti-SLAPP statute is among the oldest ‒ and certainly the most litigated ‒ of the more robust versions of anti-SLAPP statutes, and it has become a model for other states.
• In California (and many states), the SLAPP statute is triggered by:
• (a) statements made in a government proceeding;
• (b) statements made in connection with issues under government consideration;
• (c) statements made in a public forum on a matter of public interest; and
• (d) statements made in furtherance of free speech on a matter of public concern.
• If the defendant shows its statement falls into one of these categories, the burden shifts to the plaintiff to demonstrate a probability of prevailing on the merits of its claim; otherwise, the claim is subject to dismissal.
• The prevailing defendant is entitled to recover its attorney’s fees and costs.
• If the court finds that an anti-SLAPP motion is frivolous or solely intended to cause unnecessary delay, the prevailing plaintiff may be entitled to recovery of attorney’s fees and costs.
4. Some states (eg, California) also allow a defendant who prevails on its anti-SLAPP motion to then file a lawsuit to recover additional damages against the plaintiff. This is known as a “SLAPPback” action.

Media Defences

In addition to the above-mentioned defences, additional defences available specifically to media defendants may include:

• the wire-service defence; and
• the neutral reportage privilege.

In some states, the “wire service defence” protects media outlets that republish content from reputable news services (eg, the Associated Press) if they had no reason to doubt the content’s accuracy and did not alter it significantly. Generally, this defence only protects negligent conduct.

The neutral reportage defence has not been widely adopted and bears little discussion.

Criminal Versus Civil Procedures

• Procedures and remedies for protecting one’s privacy and confidentiality may be both civil and criminal.
• Criminal prosecutions must be pursued by the government, and they may result in monetary fines and/or imprisonment. That being said, the filing of a report with law enforcement by private individuals/companies will often be the triggering event for the government choosing to pursue criminal proceedings.
• Civil proceedings may be pursued by private individuals/companies, the government, or both, depending on the law being enforced. Remedies include monetary and injunctive relief, as opposed to imprisonment.

Maintaining Confidentiality and Anonymity in Court

• With few exceptions, court proceedings are public, including the material filed in the proceeding.
• Courts commonly enter confidentiality protective orders that allow parties to shield sensitive and confidential material from public disclosure.
• For particularly sensitive cases – for example, cases involving minors and victims of sexual offences or revenge porn ‒ a plaintiff may be able to proceed anonymously. 

Jurisdiction

• When filing a lawsuit, consideration must be given to whether a particular court has power to enforce the particular law and authority over the parties.
• The central issue in this regard is whether the court has jurisdiction, in addition to issues such as the convenience of the forum.
• These issues often involve an interplay between the state in which the plaintiff, defendant and witnesses reside, where the allegedly wrongful conduct occurred, and where the allegedly wrongful conduct had the greatest impact.
• The other core issue is whether the lawsuit will take place in the federal or state court systems.
1. Generally, federal courts can exercise jurisdiction over:
1. any lawsuit arising from federal statutes (federal question jurisdiction), and
2. any lawsuit in which more than USD75,000 is in dispute and all of the plaintiffs are citizens of a different state than all of the defendants (diversity jurisdiction). 
2. For cases arising from federal statutes, a federal court may then exercise supplemental jurisdiction over claims based on state law.
3. State courts may also exercise jurisdiction over claims arising from federal law.

The general rule in the USA is that each party pays its own attorney’s fees and expenses regardless of who wins or loses. This is known as the “American rule”. However, this general rule has many exceptions.

• Generally, a prevailing plaintiff or defendant can recover costs but not attorney’s fees.
1. Costs are often comprised of relatively minor expenses, such as fees for filing the lawsuit, serving the complaint, and the cost of transcripts.
2. Costs often pale in comparison to the attorney’s fees.
• However, a losing party may sometimes be ordered to pay the opposing party’s attorney’s fees.
1. For example, in the state of Georgia, a party may be ordered to pay the opposing party’s attorney’s fees for a tort claim, including under any of the following circumstances in a claim for false light invasion of privacy:
1. if the defendant made the false statements in bad faith, and the plaintiff prevails; 
2. if the defendant or plaintiff asserted frivolous or false positions during the litigation;
3. if the defendant prevails on an anti-SLAPP motion to dismiss the plaintiff’s claims; and
4. if the plaintiff defeats a defendant’s anti-SLAPP motion that was frivolous or filed for the purpose of delay.
• Some federal and state privacy and data statutes may have provisions requiring a losing party to pay the opposing party’s attorney’s fees.
• The availability of such attorney’s fees shifting remedies will vary across the USA.

Compared to other countries, the most unusual aspect of the law in the USA is its incoherence because it varies among the 50 states and the 13 federal appellate “circuit courts”. There are many “circuit splits” in the USA, whereby the federal circuit courts disagree over the law, including whether particular state anti-SLAPP statutes are enforceable in federal courts. For instance, the Ninth Circuit enforces California’s anti-SLAPP statute, whereas the Second Circuit does not.

In the USA, a claim for defamation arises exclusively under state law and thus varies across the 50 states. That said, there are virtually universal components ‒ particularly the fundamental elements of a defamation, the existence of conditional and absolute privileges, and the US Constitutional First Amendment defences of opinion and actual malice.

Elements of Defamation

The basic elements of defamation are as follows.

False statement of fact

• The defendant’s statement must be false, which means that it must be a statement of fact that is capable of being proven false.
• Even harmful statements, such as accusations that a person is racist, might not be considered a statement of fact and thus may not support a claim for defamation. However, if the accusation of racism is coupled with a false statement of racist misconduct, the statement may support a claim for defamation.

Defamatory

• The statement must be defamatory, which often requires that it harms a person’s reputation by subjecting the person to public scorn, hatred, contempt or ridicule.
• The statement must generally be more than a mere insult.
• There are two primary categories of defamatory statements:
1. per se defamatory statements are inherently defamatory, and are often limited to accusations of (i) criminal conduct, (ii) professional wrongdoing or incompetence, or (ii) accusing someone of having a loathsome disease; and
2. per quod defamatory statements are not obviously defamatory on their face, but their defamatory meaning can be seen when considered in light of additional facts or context.
• The distinction between per se and per quod defamation plays an important role in damages:
1. for per se, damages are presumed ‒ ie, the plaintiff does not actually have to prove they suffered damages in order to win, and the jury may award some amount of money that it thinks is just; and
2. for per quod, the plaintiff must prove some actual injury, and often even a specific monetary injury, in order to win.

Publication to a third party

• The statement must be communicated to a person other than the plaintiff.

Of and concerning the plaintiff

• The statement must be reasonably understood to be about the plaintiff (ie, “of and concerning” the plaintiff).
• Statements about a small group may suffice if the plaintiff’s identity within the group is clear.
• Statements in fiction or satire can meet the requirement if a reasonable person would understand the fictional character to represent the plaintiff.

Fault

• The defendant must make the defamatory statement with some degree of fault.
• Negligence – “private figure” plaintiffs need only prove negligence for purely private claims that do not trigger privileges.
• Actual malice – in other instances, the plaintiff may need to prove that the defendant published the false and defamatory statement with “actual malice” (ie, with a reckless disregard for the truth or with knowledge of falsity). The primary circumstances triggering the actual malice standard are the following.
1. The plaintiff is an “all-purpose public figure”/someone who is widely known and famous ‒ eg, a household name, such as movie stars, superstar athletes and prominent politicians. 
2. The plaintiff is a “limited-purpose public figure” – ie, someone who is not famous, but who has voluntarily thrust themselves into a particular public controversy to influence its outcome, and has then achieved some notoriety. For example, a local community activist who has become well known for their advocacy on the First Amendment may be considered a limited-purpose public figure who must prove actual malice if the defamation lawsuit relates to their First Amendment advocacy work.

Causation and damages

• Almost every tort claim requires proving the defendant’s misconduct proximately caused the plaintiff to suffer damages.
• For defamation per se claims, however, the damages may be presumed ‒ relieving the plaintiff of the burden to prove this element.
• In practice, the majority of all defamation claims filed in the USA are for defamation per se.
• If the claim is for defamation per quod, then the plaintiff must prove this element of causation and damages.

For a discussion of common law tort remedies and potential damages, see sections 1.2 Privacy Remedies and 2.1 Defamation Grounds.

For a general discussion of deadlines and defences applicable to defamation claims, see section 1.3 Privacy Deadlines and Defences.

The law regarding statutes of limitations is highly dependent on the state in which the lawsuit is filed, and the law must be carefully reviewed given the draconian repercussions for missing the deadline.

Statutes of limitations for defamation claims in the USA are among the shortest of any tort claim. Depending on the jurisdiction and whether the statement is written or oral, the deadlines may range from six months to three years ‒ with one year being the most common.

Statutes of limitation generally run from the date the defamatory statement was first made ‒ even if the plaintiff was unaware of the statement before the statute of limitation expired.

In most jurisdictions ‒ if not all ‒ the fact that a defamatory statement remains posted online does not extend the deadline – ie, it will still be calculated from the date that the statement was originally posted online.

The same can be said for a statement that remains in circulation in a book, magazine, newspaper, film or show.

However, if a new edition of a book is published, the statute of limitations would likely run from the date of the new edition.

Defamation claims in the USA are almost universally civil, as opposed to criminal.

Approximately 14 states have potentially enforceable criminal defamation statutes, but their enforcement is extremely rare. Attempts at enforcement have often failed because a given state’s statute violates the US Constitution. However, New Hampshire’s criminal defamation statute was recently upheld, and the US Supreme Court declined to review the case.

States with enforceable or potentially enforceable criminal defamation statutes include:

• Florida;
• Idaho;
• Illinois;
• Kansas;
• Kentucky;
• Massachusetts;
• Michigan;
• New Hampshire;
• North Carolina;
• North Dakota;
• Oklahoma;
• Texas;
• Virginia; and
• Wisconsin.

Criminal statutes vary greatly – they may apply to run-of-the-mill defamatory statements, or only to limited statements that impugn the financial condition of a financial institution, to name a few.

Defamation is generally considered only a misdemeanour punishable by a maximum of one year in prison, with fines up to several thousand dollars. Penalties in some states may be more serious – for example, Texas may provide for ten years imprisonment and a USD10,000 fine for certain defamatory statements about credit unions.

For further discussion of the availability of criminal remedies versus civil remedies and appropriate jurisdiction for such claims, see section 1.4 Privacy Proceedings Forum Choice.

See section 1.5 Privacy Costs. 

See section 1.6 Other Features of Privacy Actions. 

Federal and state laws may protect victims of harassment and stalking, including cyberstalking.

• Federal laws in this area are criminal and may target physical and electronic stalking.
• State laws may allow for both criminal and civil actions for harassment, including civil actions for invasion of privacy discussed in 1.1 Privacy Grounds and claims for intentional infliction of emotional distress.

Federal and state laws generally define stalking and harassment as an unwanted course of conduct that makes the victim fear for their physical safety or, in some instances, which causes severe emotional distress.

Though some states’ laws may not have been updated to reflect the digital age, even those statutes are commonly construed broadly enough to cover electronic harassment, whereas others explicitly do so.

Course of Conduct

While single instances of severe misconduct may be sufficient, laws and courts often look for a “course of conduct” (eg, ongoing or pervasive misconduct).

True Threats

Laws may require speech that objectively subjects individuals to fear of violence and therefore has no, or at most slight, First Amendment value.

Name-calling, discriminatory speech, and insults (even extremely vulgar ones) are generally insufficient.

Mens Rea for Criminal Laws

To warrant criminal sanctions, the defendant must generally recognise the wrongful nature and likely result of their misconduct.

The US Supreme Court recently held that the First Amendment permits punishment where a person acts at least “recklessly”.

Contact

Laws may require that the defendant directed the harassing activity at the victim, as opposed to conduct directing it towards a general audience ‒ eg, a direct message to the victim, as opposed to a Facebook post to the public at large that does not tag the victim. 

See 1.2 Privacy Remedies for remedies, particularly for civil remedies.

Most criminal state laws focus on restraining and/or protective orders to end the harassment.

Temporary restraining orders that last less than one month are often obtained in ex parte proceedings – ie, without notice and/or participation of the defendant.

Depending upon the severity of the misconduct, lengthy or even permanent protective orders may be available.

Criminal statues may also provide for fines and imprisonment, ranging from one-year misdemeanour sentences to decades-long sentences ‒ particularly if physical violence was involved.

Victims may also pursue civil actions to obtain protective orders to stop harassment, rather than depending on government prosecutors.

Statutes of Limitations

See sections 1.3 Privacy Deadlines and Defences and 2.3 Defamation Deadlines and Defences, including the explanation regarding the variability of statutes of limitations because of the patchwork of jurisdictions and laws.

Victims should seek relief ‒ whether criminal or civil ‒ swiftly and while the conduct is ongoing, as courts are less likely to issue protective orders if months have passed without harassment.

Defences

See 1.3 Privacy Deadlines and Defences and 2.3 Defamation Deadlines and Defences.

The First Amendment applies to harassment claims, particularly those based on speech ‒ eg, defendants may argue the speech served a legitimate public purpose or was a mere expression of opinion, rather than a true threat.

Anti-SLAPP statutes may also apply, as discussed at 1.3 Privacy Deadlines and Defences and 1.6 Other Features of Privacy Actions.

Defendants may challenge the elements of the claim ‒ for example, arguing the conduct would not reasonably be expected to place the victim in fear or to cause severe emotional distress.

Defendants may argue the victim consented to the conduct.

See 1.4 Privacy Proceedings Forum Choice, which applies to harassment proceedings.

See 1.5 Privacy Costs. Additionally, many statutes explicitly authorise a prevailing victim to recover their reasonable attorney’s fees and costs for pursuing, for example, a temporary restraining order or protective order.

Trust in traditional media in the USA is at a record low. Whether this lack of faith is well deserved can be debated. But one thing is clear, the current media market is not conducive to fostering respect for privacy, accuracy and journalistic ethics.

The traditional media is beset by pressures to create content in a 24-hour media market, while facing polarised audiences, tightening budgets, fierce competition from non-traditional media, short attention spans, plummeting viewership and dwindling profits. Many outlets are pursuing infotainment (particularly for cable outlets) and “clickbait”, where opinion is often packaged as “news” and accuracy suffers. Perceptions about existing law may also incentivise the media to prioritise attention-grabbing content over accuracy, as some members of the media perceive that their First Amendment protections and anti-SLAPP statutes make it exceedingly difficult to challenge defamatory statements. Ultimately, these factors may lead to compromises that decrease the respect for privacy and increase the transmission of false information.

Whether the traditional media can right the ship is an open question. In recent years, several traditional media defendants have settled high-profile defamation cases rather than face a jury, but it remains to be seen whether these cautionary tales will translate into greater precautions. For instance, Dominion Voting Systems obtained a USD787 million settlement against Fox News in connection with false statements regarding 2020 election fraud. And ABC paid Donald Trump USD15 million for misrepresenting the nature of the civil claims made in a defamation lawsuit against him. Ultimately, the challenges for traditional media will likely increase, and so too will the journalistic compromises.

The most influential news providers in the USA are The New York Times, the Associated Press, CNN, MSNBC and Fox News. The New York Times has traditionally been considered the “newspaper of record” ‒ ie, the authoritative source of news in the USA. This is changing, including because of the challenges cited earlier. The latter three are rooted in cable television and have more obvious political leanings that drive editorial decisions and opinion-based content, which may result in journalistic compromises.

Regulatory Framework for Defamation and Invasion of Privacy Torts

The common law legal system ‒ including claims for defamation and invasion of privacy ‒ is the primary check on the media for issues regarding reputation and for redressing personal harms to privacy. Thus, the controls are largely a function of the state civil laws discussed in 1.1 Privacy Grounds and 2.1 Defamation Grounds,which may then be enforced when a private party pursues legal remedies in a court.

This may be ineffective, as it too often depends on private parties either paying costly hourly attorney’s fees or obtaining counsel on a contingency fee basis (ie, paying the lawyer using only funds recovered in the lawsuit, if any). This results in many torts related to reputation and privacy never being remedied.

It is challenging to obtain contingency fee counsel for defamation and privacy torts because the law provides extensive protections to the media, which disincentivise plaintiffs’ lawyers from focusing on this complex area of law.

Regulatory Framework for Privacy

For privacy issues, as discussed in 1.1 Privacy Grounds, media companies are governed by both federal and state statutes that are often subject to administrative regulatory frameworks, including through the Federal Communications Commission, the Federal Trade Commission, and state regulatory agencies.

The laws and rules generally are not focused specifically on the media, but instead apply more broadly to the handling of private information and data by companies, or apply to other sectors – for example, HIPAA covers personal medical information held by the healthcare industry. Nevertheless, social media will increasingly become the subject of specific regulations.

Regulators in the USA are moderately effective, but certainly less so than in the EU, which is subject to its comprehensive General Data Protection Regulation (GDPR), including the “right to be forgotten” (whereby individuals can have their personal online data removed) and meaningful fines.

Because of the incoherent federal framework in the USA, some states are filling the gap with comprehensive data privacy laws, such as California (the CCPA), Colorado (the Colorado Privacy Act), and Virginia (the Virginia Consumer Data Protection Act), or laws to protect children (eg, the New York Child Data Protection Act).

The regulatory framework is evolving and should be closely monitored for recent changes.

Complaint Process for Defamation and Invasion of Privacy Torts

The complaint process for defamation and invasion of privacy torts is to file a lawsuit in a court of law. The sanctions range from monetary damages to injunctive relief.

Complaint Process for Privacy Regulators

Because the USA lacks a coherent regulatory framework for privacy, it lacks a coherent process for filing a complaint with a regulator (as opposed to a court) – for example, the complaint process for a person whose data is compromised in California will be far different than for a person in North Dakota.

Available sanctions vary by statute and by state. Administrative agencies that administer data privacy laws may have authority to impose civil penalties, including the imposition of fines and limiting a company’s ability to operate ‒ a process that may involve administrative proceedings. But the imposition of criminal penalties requires a criminal prosecution in a court of law, often handled by the US Department of Justice or a state’s analogous department.

In the USA, the primary legal protections for websites that host user-generated information are Section 230 of the CDA, and the Digital Millennium Copyright Act (DMCA).

CDA

Section 230 of the CDA immunises online platforms from liability for content created and posted by their users, as opposed to the content generated by the platform itself – for example, Facebook cannot be held liable for a user’s false and defamatory posts, even if Facebook is on notice of the unlawful nature of the post.

• Online platforms are not treated as publishers of their user-generated content.
• Online platforms may moderate or remove content they deem objectionable in good faith without losing this liability protection.
• The protections, however, have their limits. They do not apply to federal criminal law violations, intellectual property infringements, or certain state laws. For instance, the notorious website Backpage.com ‒ which facilitated illegal sex trafficking by its users ‒ was not protected from liability under the CDA.

DMCA

The DMCA protects online platforms from liability for some copyright infringement by its users under certain conditions, including when a platform does the following to satisfy the DMCA’s “safe harbour”:

• registering with the US Copyright Office and appointing a designated agent;
• renewing its DMCA designation every three years;
• implementing a policy for terminating the accounts of users who are repeat infringers;
• removing infringing content upon receiving a valid Take Down Notice from a copyright holder;
• avoiding directly profiting from infringing content;
• having no knowledge of hosting infringing content; and
• avoiding direct participation in user-generated content.

See 1.3 Privacy Deadlines and Defences.

The enforceability of foreign judgments in the USA is largely a function of state law, although the USA has enacted a federal law that specifically addresses defamation judgments: the Securing the Protection of our Enduring and Established Constitutional Heritage (SPEECH) Act.

SPEECH Act

The SPEECH Act allows US citizens, lawful residents and businesses to challenge defamation judgments obtained in foreign jurisdictions, including by filing a lawsuit in a federal court to have the foreign judgment declared unenforceable. A judgment is unenforceable if:

• the foreign proceeding did not provide the same free speech protections afforded by the First Amendment and by the constitution and laws of the state where the US action is being decided;
• even if the foreign protections fall short, the party opposing the foreign judgment would have been found liable under the First Amendment and under the constitution and laws of the state where the US action is being decided;
• the exercise of jurisdiction by the foreign court did not comport with the due process requirements that are imposed on domestic courts by the US Constitution; or
• the judgment is inconsistent with the CDA if the information that is the subject of such judgment had been provided in the USA.

State Law for Recognising Foreign Judgments

Approximately 37 states have adopted versions of two “uniform” acts that strive to bring consistency to this area – namely, the 1962 Uniform Foreign Money Judgments Recognition Act and its successor, the 2005 Uniform Foreign-Country Money Judgments Recognition Act. The other states follow a common law approach from which many of the components of the uniform acts were derived.

The uniform acts are analogous, and the various state statutes adopting them may include the following components.

• Grounds for recognition of foreign judgments are:
1. the judgment is monetary, other than fines, penalties and taxes; and
2. the judgment is final and enforceable in the foreign jurisdiction.
• Grounds for non-recognition of foreign judgments are as follows.
1. Mandatory grounds:
1. the foreign judicial system fails to provide impartial tribunals or procedures compatible with due process of law;
2. the foreign court lacked personal jurisdiction over the defendant; or
3. the foreign court lacked subject-matter jurisdiction.
2. Discretionary grounds:
1. notice – the defendant did not receive timely notice of the foreign proceeding sufficient to defend itself;
2. fraud – the foreign judgment was obtained by fraud that deprived the defendant of an adequate opportunity to defend itself; 
3. public policy – the foreign judgment arose from a claim that is repugnant to public policy;
4. conflicting judgments – the foreign judgment conflicts with another final judgment that was subsequently entered;
5. conflicts with the parties’ chosen forum – the parties had agreed to the exclusive jurisdiction of a particular forum, and the foreign judgment was then obtained in a different forum;
6. inconvenient forum – in cases in which jurisdiction is based on personal service, “the foreign court was seriously inconvenient forum for the trial of the action”;
7. suspect court (2005 Act) – the circumstances giving rise to the foreign judgment raise substantial doubt about the integrity of the court; and
8. court lacked due process (2005 Act) – the procedures of the court rendering the foreign judgment were incompatible with due process requirements.

Arbitration Awards

The USA has entered into international conventions to recognise foreign arbitration awards (eg, the New York Convention and the Panama Convention). These conventions provide streamlined procedures compared to the enforcement of court judgments.

In the USA, data rights are primarily protected through various federal statutes, which regulate the securing and sharing of individual personal data. The primary federal statutes are described and discussed in 1.1 Privacy Grounds and include HIPAA, the FCRA, the GLBA, COPPA, FERPA, the ECPA and the SCA.

The federal statutes generally apply by sector to specific types of data – for example, HIPAA applies to health care information, whereas the FCRA applies to data collected by consumer credit reporting agencies. Each statute establishes different requirements for the various types of data being protected.

Additionally, at least 20 states have enacted comprehensive laws establishing protections for data rights that exceed the protections afforded by federal statutes, and all states have at least basic laws governing security breaches relating to individual consumer data. These statutes vary greatly among the states.

Data protection statutes require entities to provide notification, either to individuals, the government or both, following a breach of personal consumer data. Certain statutes also provide requirements for minimising the impact of such breaches, such as notifying credit agencies.

Remedies available for violations of data privacy laws differ depending on which statute is being enforced and whether the statute is a federal or a state law. The civil penalties generally involve compensatory damages, fines or injunctions, with many statutes establishing specific fines for violations. Criminal penalties may involve fines or imprisonment. These remedies are discussed in more detail in 1.2 Privacy Remedies and the regulatory procedures are addressed in more detail in 4.2 Regulatory Framework.

The deadlines for filing actions under data privacy laws vary depending on the law being enforced and whether the action is civil or criminal. For government enforcement actions seeking civil penalties, the general federal statute of limitations is five years from the date of the violation. Under many state data privacy laws, the deadline for filing such a claim may be extended so that it begins to run only when the data breach is actually discovered.

There are a number of possible defences to a claim for violation of data privacy laws, including:

• the data is not protected because it was anonymised and cannot be traced back to individuals;
• the defendant had in place reasonable security measures but suffered a breach due to factors beyond its control;
• the defendant had consent for the particular use of the personal data;
• the defendant took appropriate steps to minimise the effects of a data breach; and
• the data collection was necessary to operate the defendant’s business effectively.

For a discussion of criminal versus civil procedures and jurisdictional requirements for data privacy claims, see 1.4 Privacy Proceedings Forum Choice.

For a discussion of the US rule and the possibility of fee-shifting in data privacy cases, see 1.5 Privacy Costs.