Thursday, May 05, 2011





Web Users Fail to Allege Injury in Fact from Installation of “Flash Cookies”

This posting was written by Thomas A. Long, Editor of CCH Privacy Law in Marketing.

A purported class of web users bringing claims against online third-party advertising network Specific Media for installing “Flash cookies” on their computers without their knowledge or consent failed to allege an “injury in fact” resulting from Specific Media’s conduct, the federal district court in Los Angeles has ruled.

The users brought claims under the federal Computer Fraud and Abuse Act and California’s Computer Crimes law, invasion of privacy statute, Unfair Competition Law, and Consumer Legal Remedies Act.

The term “Flash cookies” refers to data called “local shared objects,” which are stored on a user’s computer and used by Adobe Flash Player media software. Such data files allegedly circumvent the privacy and security controls of users who had set their web browsers to block or to periodically delete conventional cookie files.

Economic Loss?

The complaining users asserted that Specific Media’s placement of Flash cookies on their computers caused them to sustain economic loss, in that their personal information had “discernible value.”

However, the users did not allege that Specific Media actually tracked their online activity, the court said. They asserted only that they believed the Flash cookies could be used as substitutes for previously deleted standard cookies and to “re-spawn” previously deleted cookies. Therefore, the users did not allege that they were specifically injured by Specific Media’s practices.

Even if they could allege that they were affected by Specific Media’s installation of Flash cookies, the users made only conclusory allegations of harm, according to the court. The argument that Specific Media’s practices caused the users to sustain damage to the economic value of their personal information was potentially valid in the abstract. However, the users would have to provide particularized details of the harm suffered.

For example, the users would have to explain how Specific Media’s conduct deprived them of the opportunity to engage in a “value-for-value exchange” for their information and how that deprivation caused the economic value of the information to be diminished.

Harm to Computers

To the extent that the users alleged that the Flash cookies caused harm to their computers, such harm would be de minimis and insufficient to confer Article III standing, the court said.

The court also expressed skepticism that the users could allege an injury involving the requisite $5,000 minimum in economic damages to support a Computer Fraud and Abuse Act claim, even in the aggregate.

Specific Media’s motion to dismiss the complaint was granted, with leave to amend.

The April 28 decision in La Court v. Specific Media Inc. will appear in CCH Privacy Law in Marketing.

No comments: