Gone are the days where privacy breaches would go unnoticed. At least, that is what is likely to happen as a result of Harris v. ComScore, a privacy case which allowed for a class action suit to be maintained.
Harris v. ComScore is a significant decision because class actions come with the threat of massive liability and tend to encourage companies in the industry (here internet and advertising businesses) to renew and extend their compliance efforts.
Without class actions, individually suing a company was uneconomical because the money damages for such suits were insignificant, in terms of dollars and cents. And even when such suits were brought, they were too few and far between to encourage companies to set forth robust privacy compliance program.
But now that the ComScore class action has been green-lighted, expect an explosion of privacy suits. Whereas in the past, privacy breach could go unnoticed, they are now much more likely to be the basis of lawsuits. This is especially so since major privacy scandals (a.k.a. Spygate) have erupted, thereby putting privacy issues in the spotlight.
Digital Castle Intrusion & Passwords Collections are big No-Nos.
“collect[…] a variety of information about a consumer’s computer, including the names of every file on the computer, information entered into a web browser, including passwords and other confidential information, and the contents of PDF files.”
After that, ComScore would sell the data to advertisers.
The ComScore case should be a slam-dunk for the plaintiffs because:
Regarding (1), ComScore reached into the users’ digital castle – inside their computers’ hard-drive – which has a trespass flavor to it, in contrast to collecting voluntarily disclosed information online, on social networking sites, for example.
Even in a digital world where the legal boundaries are uncertain, there is a world of difference between consumer interactions on the online public spheres and the passwords, credit card information, and family pictures retrieved on your home computers.
ComScore’s policy used vague language. It represented that it would collect “basic demographic information, certain hardware, software, computer configuration and application usage” but in fact went far beyond that. This is how you get in trouble.
ComScore should be an easy privacy breach case, but will remain an interesting case to watch mainly because of the class action ramifications (i.e. explosions of privacy lawsuits) and because it remains to be seen how the broadly and awkwardly-worded federal statutes are to apply to modern privacy issues, in practice.
Guest author Steven Buchwald is a law clerk on Tim’s internet law team at Handal & Morofsky. Steven is currently a law student at the Benjamin N. Cardozo School of Law and will graduate in June 2014 with concentrations in intellectual property law and litigation.
Enter your email to get started.