This posting was written by William Zale, Editor of CCH Advertising Law Guide.
Although it was very likely that Amazon’s “Conditions of Use and Privacy Notice” disclosed sufficient information to negate computer users’ Washington Consumer Protection Act (CPA) claims, limited discovery would be appropriate on the issue of whether Amazon accessed the users’ computers without authorization, the federal district court in Seattle has ruled. The computer users’ Computer Fraud and Abuse Act (CFAA) claim was dismissed with prejudice.
The computer users challenged Amazon.com’s alleged use of standard browser cookies and Adobe Flash cookies to gather personally identifiable information about the users’ Internet habits and browsing history. To support a CPA claim, injury need not be great, or even quantifiable, but it must be an injury to “business or property.”
Computer Access Authorization
The users would satisfy the injury element only if they could demonstrate that Amazon accessed their computers or their information without authorization, the court observed. The issue of authorization was “quite complicated.” Amazon’s Conditions of Use and Privacy Notice appeared to notify visitors that it would take the very actions complained of: place browser and Flash cookies on their computers and use those cookies to monitor and collect information about their navigation and shopping habits.
Amazon’s motion to dismiss, to the extent that it relied on exhibits including Amazon’s Conditions of Use and Privacy Notice, was construed as a motion for summary judgment, and the computer users would be provided a reasonable opportunity to present all pertinent material. Limited discovery concerning Amazon’s conditions and notice, their location on the website, and each plaintiff’s use of the site would likely be both beneficial and appropriate, according to the court.
Computer Fraud and Abuse Act
The users failed to plausibly allege a loss during a one-year period aggregating at least $5,000 in value under the CFAA from Amazon.com’s alleged gathering of personally identifiable information about the users’ Internet habits and browsing history, the court determined. The CFAA defined “loss” as “any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service.”
Non-monetary detriments could not constitute loss, contrary to the computer users’ contention, and they alleged nothing from which a calculable loss could be inferred, the court concluded.
The June 1 opinion in Del Vecchio v. Amazon.com, Inc. will be reported at CCH Advertising Law Guide ¶64,728.