Brooklyn Law Review


For years, big businesses have been collecting and selling users’ personal information without permission. In attempts at preventing this practice, users have brought civil actions under the Computer Fraud and Abuse Act (CFAA), alleging a loss of personal privacy. As currently enacted, “personal privacy” is not included in the statutory definition of loss. Further, courts have been reluctant to interpret the CFAA broadly to cover loss of personal privacy claims. This note proposes that an amendment to the CFAA is necessary to close this gap in the statute’s coverage and better protect users’ right to privacy.