Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends
Posted in Consumer Privacy

Is There a Breach in the Dam Holding Back Damage Actions for Alleged Privacy Breaches?

Two recent federal cases alleging privacy violations in the mobile context have been allowed to proceed based on novel damages allegations.  While neither cases recognized a property interest in personal information per se, the courts allowed cases involving mobile devices and alleged privacy violations to proceed, finding allegations sufficient that  (a) the plaintiffs paid more for their devices than they would have paid had they known their personal information would be misused, and (b) that the battery and data usage costs arising from unwanted collection and sharing of personal information constitutes actionable damages.  Thus, these cases may open the door for more novel indirect financial injury claims arising from the allegedly improper collection and use of personal information.  The long-standing presumption that mere exposure of personal data is insufficient for standing and damage actions may become irrelevant if plaintiffs are able to link the exposure to increased costs of device usage.

Earlier this month, U.S. District Judge Lucy Koh in the Northern District of California issued a written opinion memorializing a ruling made in May that owners of Apple devices — iPhone, iPad and iPod Touch — may pursue damage claims against Apple under two California consumer protection laws.  The ruling came in consolidated class actions where it is claimed that that Apple devices allowed mobile advertising companies to collect users’ personal data through downloaded apps, contrary to alleged promises Apple made about protecting personal information.  Plaintiffs allege that the apps gathered  addresses, genders, ages and other personally identifiable information and they claim that the apps were tracking locations. 

In the consolidated cases, previously dismissed with leave to replead damages, Judge Koh followed established law and rejected federal Stored Communications Act, Wiretap Act and Computer Fraud and Abuse Act claims, as well as a claim under the California Constitution’s Right to Privacy, but she allowed certain state law causes of action to proceed, finding facial merit in the claims that because Apple failed to make clear how the apps were using personal information, consumers overpaid for their devices. 

In that regard, the Complaint states:

Plaintiffs allege that as a result of Apple’s failure to disclose its practices with respect to the allegedly “free apps,” Plaintiffs overpaid for their iDevices. In other words “[h]ad Apple disclosed the true cost of the purportedly free Apps . . . the value of the iPhones would have been materially less than what Plaintiffs paid.”

The court also allowed claims that the transmission of  data through the improper collection of personal information consumed battery power, storage and bandwidth, and thus caused economic harm.

Notably, the Judge did not allow damage claims for the unwanted disclosure of personal information:

[T]he weight of authority holds that a plaintiff’s “personal information” does not constitute property. (citations omitted)  Plaintiffs have also failed to establish that the broad category of information referred to as “personal information” is an interest capable of precise definition. “Personal information” includes such things as a user’s location, zip code, device identifier, and other data. Moreover, it is difficult to see how this broad category of information is capable of exclusive possession or control.

In a case pending in the United States District Court for the Western District of Washington, Goodman v. HTC America, a case in which the plainitffs are represented by the same counsel are the plaintiffs in the Apple litigation, Judge Marsha Pechman ruled earlier this week along the same lines, that claims of overpayment for a device and unwanted and excessive battery usage were sufficient for state claims to proceed in a case involving unwanted tracking by Apps.

The diminution in value of their phones due to lost battery utility and lifespan also describes an injury in fact.

The lawsuit alleges defective phones because they allowed transmission of precise location data without encryption, and that AccuWeather used the location data to identify users and create a profile for them based on the activities on their phone that was shared with third parties for advertising purposes.