Thursday, December 01, 2011

User Failed to Allege Injury from LinkedIn’s Disclosure of Information, Browsing Histories

This posting was written by Thomas A. Long, Editor of CCH Privacy Law in Marketing.

An individual lacked standing to pursue privacy-related claims against online social networking website operator LinkedIn for disclosing his personal information, including personally identifiable browsing histories, to third-party advertising and marketing companies through the use of cookies and web beacons, the federal district court in San Jose has decided.

The individual asserted that LinkedIn’s conduct violated the federal Stored Communications Act and California’s Constitution, Unfair Competition Law, False Advertising Law, Consumer Legal Remedies Act, and common law.

Tracking of Browsing Habits

LinkedIn allegedly assigned each registered user a unique user identification number. Then, LinkedIn’s website linked and transmitted the user ID number to third-party tracking cookies, allowing third parties to track users’ online activity and to aggregate data on their browsing habits. The individual asserted that LinkedIn added social information, such as the name of each user and the other LinkedIn profiles they viewed and interacted with; which enabled the third parties to determine the personal identity of the user.

Emotional Harm

The individual failed to allege that he sustained an injury that would confer Article III standing to sue. He alleged that he suffered embarrassment and humiliation, but it was unclear from the face of the complaint what information was disclosed that would cause the individual emotional harm, the court said. He did not allege that his browsing history was actually linked to his identity by LinkedIn and transmitted to any third parties. The allegation that his sensitive information might be transmitted in the future was too theoretical for purposes of establishing standing.

Economic Harm

The individual asserted that he was economically harmed by LinkedIn’s practices because his browsing history was personal property with market value, and LinkedIn took that property from him without compensating him. This purported injury was too abstract and hypothetical to support Article III standing, in the court’s view.

The individual relied on allegations that the data collection industry generally considered consumer information valuable and that he was not compensated for use of his information, but he did not describe how he was foreclosed from capitalizing on the value of his personal data or how he was deprived of the data’s economic value simply because his unspecified personal information was collected by third parties.

He did not allege that his credit card number, address, or Social Security number were stolen and published or that he was a likely target of identity theft as a result of LinkedIn’s practices, the court noted. Nor did he allege that his personal information was exposed to the public. The complaint was dismissed with leave to amend.

The decision is Low v. LinkedIn Corp., CCH Privacy Law in Marketing ¶60,695.

No comments: