Friday, May 27, 2011

Facebook Users’ Privacy Claims Dismissed

This posting was written by Cheryl Beise, Editor of CCH Guide to Computer Law.

The federal district court in San Jose has dismissed claims filed by a putative class of Facebook users who alleged that the social networking website unlawfully transmitted their personal information to third-party advertisers without their consent.

The users’ California Legal Remedies Act (CLRA), Unfair Competition Law (UCL), and unjust enrichment claims were dismissed with prejudice, but the users were granted leave to amend claims alleging that Facebook violated its privacy policy, the federal Wiretap Act and Stored Communications Act (SCA), and the California computer crimes and civil fraud statutes.

The users alleged that, during a four or five month period in early 2010, a redesign of Facebook’s website caused it to transmit to a “referral header” to third-party advertisers when a user clicked on a banner advertisement. The referral header allegedly reported the user ID or username of the user who clicked on an advertisement, as well as information identifying the webpage the user was viewing prior to clicking on the ad.

Federal Wiretap and SCA Claims

The Wiretap Act prohibits electronic communication services providers from divulging the contents of a communication to any person or entity “other than an addressee or intended recipient of such communication.” The SCA provides that an electronic communication service provider “shall not knowingly divulge to any person or entity the contents of a communication while in electronic storage by that service.”

Under both statutes, an electronic communication service provider may divulge the contents of a communication to an addressee or intended recipient of such communication.

The court discerned that the users’ allegations were subject to two interpretations. Under the first view, when a Facebook user clicked on a banner advertisement, that click constituted an electronic communication from the user to Facebook. The contents of the communication were a request for Facebook to send the electronic communication to the advertiser. Under the second interpretation, clicking on an advertisement constituted an electronic communication from the user directly to the advertiser.

According to this interpretation, Facebook served merely as a conduit for transmitting the communication to its intended recipient, the advertiser. Neither scenario would support a violation of the SCA or the Wiretap Act, according to the court.

California Computer Crimes Law

The court also held that the Facebook users failed to state a claim under California’s computer crimes statue. To state a violation under most subsections of Cal. Penal Code §502, a plaintiff must show that the defendant’s actions were taken “without permission.” A defendant may only be subjected to liability for acting “without permission” under §502 if the plaintiff can prove that the defendant “circumvented…technical barriers” that had been put in place to block the defendant’s access to the plaintiff’s website.

The users did not allege that Facebook circumvented technical barriers to gain access to a computer, computer network, or website. To the contrary, they alleged that Facebook caused “nonconsensual transmissions” of their personal information as a consequence of Facebook’s “re-design” of its website.

Facebook could not have acted “without permission” as there were no technical barriers blocking access to its own website. To the extent the users’ §502(c) claims alleged that Facebook acted “without permission,” they were dismissed with prejudice.

The court noted that Cal. Penal Code §502(c)(8) created liability for any person who “knowingly introduces any computer contaminant into any computer, computer system, or computer network.” Unlike the other sections of Cal. Penal Code §502(c), subsection (8) does not require that a defendant act “without permission.” Although the users failed to state a claim under §502(c)(8), they were granted leave to amend their claim.

California CLRA, UCL Claims

To assert an unfair competition claim under the California UCL, a private plaintiff must have “suffered injury in fact and . . . lost money or property as a result of the unfair competition.” A violation of the CLRA can only be alleged by an individual consumer who “purchases or leases any goods or services for personal, family, or household purposes.”

The users did not allege that they lost money as a result of Facebook’s conduct. Nor did they allege that they paid fees for Facebook’s services. The users only alleged that Facebook unlawfully shared their “personally identifiable information” with third-party advertisers.

An alleged loss of personal information did not constitute a loss of “property” that could form the basis for a UCL claim, the court held. With regard to their CLRA claim, the users failed to provide any legal support for their assertion that their personal information constituted a form of “payment” to Facebook for its services.

Breach of Contract Claim

To maintain an action for breach of contract under California law, an aggrieved party is required to show “appreciable and actual damage.” Allegations of nominal damages and speculative harm did not amount to legally cognizable damages. The users’ unsupported conclusory statement that they “suffered injury” as a result of Facebook’s breach of its privacy policy was insufficient.

The court advised the users to allege “specific facts showing appreciable and actual damages in support of their claim.” Because the users alleged the existence of a valid contract with Facebook, they could not maintain a claim for unjust enrichment.

The decision is In re Facebook Privacy Litigation., CCH Guide to Computer Law ¶50,183.

Further information about CCH Guide to Computer Law is available here.

No comments: