Lawsuits alleging harm from either a business’s failure to protect personal information from a data breach or from its allegedly unauthorized sharing of data with third parties were supposed to be the “next big thing” for the Litigation Industry. But, as we’ve noted on previously (here and here, for instance), few of these suits have made it past the motion-to-dismiss stage. Plaintiffs consistently fail to demonstrate that they suffered an injury-in-fact, which is a constitutional prerequisite known as “standing.”
Lawyers who work in the Litigation Industry are nothing if not persistent, as former Washington Attorney General Rob McKenna and his Orrick, Herrington & Sutcliffe LLP colleague Scott Laidlaw explained in a February WLF Legal Backgrounder, “Targeting Harm From A Breach: Plaintiffs’ Lawyers Get Creative In Data Privacy Suits.” For example, some class action attorneys sue under federal statutes, such as the Wiretap Act and the Stored Communications Act. Those laws purport to provide “statutory standing” to private individuals and thus relieve them of the need to establish constitutional standing.
But as the U.S. Court of Appeals for the Ninth Circuit reminded a class of plaintiffs last week, litigants with standing to sue still must prove they have a claim. On May 9, the Ninth Circuit affirmed a district court’s dismissal of two separate class actions filed under the Wiretap and Stored Communications Acts against Facebook and Zynga Game Network.
In re: Zynga Privacy Litigation involved claims that Facebook and Zynga unlawfully disclosed the information contained in “referer headers” to third parties such as advertisers. Referer headers, the court explained, display “the user’s Facebook ID and the address of the Facebook webpage the user was viewing.”
The Ninth Circuit had to determine whether the record information contained in the referer header constituted the “contents” of a communication under the two federal laws. The court examined the plain language and design of the statutes and concluded that “the term ‘contents’ refers to the intended message conveyed by the communication, and does not include record information regarding the characteristics of the message that is generated.” That conclusion is consistent with the reasoning in similar cases from the First and Third Circuits. The plaintiffs argued that third parties could utilize information from a referer header and determine a person’s specific identity and access his or her Facebook content. The court responded that neither the Wiretap Act nor the Stored Communications Act “preclude[s] the disclosure of personally identifiable information; indeed they expressly allow it.” Continue reading “Ninth Circuit “Unfriends” Privacy Class Action Despite Finding Statutory Standing”