Privacy policy alert! Does this trouble anyone else out there?
The U.S. 9th Circuit Court of Appeals just issued a surprising decision (to me, at least). It found California personal jursdiction over an Estonian company … because that company’s, “website had a Privacy Policy page which included a section on California Privacy Rights.”
So efforts to comply with a state’s laws – which the state wants – can lead to jurisdiction there – which foreign companies generally don’t want. In other words, the court created an incentive NOT to comply with state privacy law.
It’s not as simple as all that. Two other factors favored California jurisdiction:
- Contracts with California businesses
- Knowledge of user locations
So maybe a state-specific privacy policy won’t do it alone.
And even re the privacy policy, the court held: “That 3Commas did not disclose or even mention any other jurisdiction’s legal requirements indicates that 3Commas intentionally directed its activities toward California consumers.” That could narrow the decision’s impact.
Still, this seems troubling to me.
The case is Freeman, et al. v. 3Commas Technologies OÜ, No. 24-6158 (9th Cir. 2026) (Memorandum Opinion, not for publication, nor precedent, except as provided by Ninth Circuit Rule 36-3.)
We at Tech Contracts Academy train contracting professionals grappling with information technology contracts – including about data terms. You can check out our courses, available on your schedule (and offering California CLE) here: https://courses.techcontracts.com/p/on-demand