California’s Unfair Competition Law has been the primary vehicle for litigating harms to personal data for the past fifteen years, yet it remains ill‑suited and inconsistently applied to injuries arising from data use, and recent reforms only partially close that gap. Tracing Northern District of California decisions from In re Facebook Privacy Litigation through Brown v. Google shows a shift from rejecting personal information as “property” to recognizing privacy harms and data value as cognizable “economic injury,” a change likely driven by heightened pleading standards, legislative developments, and evolving views of personal data’s intrinsic worth.
The California Consumer Privacy Act and its amendments attempt to address the UCL’s shortcomings by broadly defining personal information, but they rely on discretionary, agency‑centered enforcement that lacks robust remedies and meaningful bite, leaving consumers under‑protected. In the face of AI‑driven data demands and expansive surveillance, this Comment proposes a need to strengthen California’s privacy framework through (1) a rebuttable presumption that misuse of personal data constitutes injury in fact for UCL standing, shifting the burden of disproving harm to better‑informed corporate defendants, and/or (2) a private right of action under the CCPA sounding in tort, enabling individuals to pursue damages and equitable relief directly.
