Cross-posted at WLF’s Forbes.com contributor page
In their never-ending search for the next big thing, class action plaintiffs’ lawyers had high hopes for suits alleging various violations of Internet users’ “privacy.” All of the prerequisites for a big award seem to be present: (1) lots of class members; (2) easy-to-understand facts; (3) large, profit-seeking corporations; (4) sympathetic media coverage; and (5) an enforcement void (or the impression of one) left by state and federal regulators who talk more about protecting privacy than actually regulating.
But as two federal district court rulings in the waning days of 2012 reflect, online privacy class actions have generally been missing one other key element for success: actual harm. As we have addressed here several times in the past (here and here), thanks to that annoying constitutional “case or controversy” requirement, plaintiffs who don’t suffer a concrete loss or injury don’t have standing to be in federal court in the first place. Judges have thankfully been quite demanding when applying this concept in an area like online privacy litigation, where the concept of “privacy” can be very subjective and slippery.
In another late 2012 ruling, Pirozzi v. Apple, a federal trial court similarly dismissed plaintiffs’ privacy-related claims for lack of standing. According to the complaint, Apple allegedly violated federal, state, and common laws by failing to prevent third-party applications sold on its App Store from uploading user information from mobile devices. The alleged injury here? First, Apple “misled” the plaintiffs into buying Apple mobile devices by falsely claiming their devices were “safe and secure.” As a result, plaintiffs’ information is at greater risk of being misappropriated.
On the first claim, the court agreed that bearing such a financial cost would constitute an injury, but only if the plaintiffs could show which particular statements of device safety they relied upon. Their complaint provided no such information. On the second claim, the court cited to the growing list of precedents which relate that mere “fear” of misappropriation of personal information is insufficient to establish standing to sue.
It’s unlikely we’ve heard the last of these cases, however, since both judges allowed the plaintiffs to amend and refile their complaints. No doubt the lawyers will continue the “throw lots of spaghetti against the wall” approach common to class actions, and hope some allegations stick. Such tactics waste precious judicial resources and divert companies’ attention and money from pro-consumer innovation and growth.
What’s worse, as Santa Clara University law professor Eric Goldman argued in a superb Working Paper last year, online privacy advocates should abhor class action litigation, as they utilize the same tactics those advocates despise. As he argues, class actions: (1) are typically opt-out, rather than opt-in; (2) provide plaintiffs with little meaningful notice or control; and (3) are gamed by lawyers who maximize their own financial interests over the interests of the class.
While litigating these suits is certainly a poor use of company resources, we hope that privacy class action defendants keep pushing back against the spaghetti-throwing lawyers, rather than settling for nuisance value. Court decisions such as In re Google and Pirozzi should help encourage them to do so.