Date: Aug 26, 2011
On August 17, 2011, the U.S. District Court for the Southern District of New York dismissed a class action lawsuit against four advertisers- McDonald's, CBS, Mazda, and Microsoft- and narrowed the claims against the advertising network Interclick. In that case, Sonal Bose v. Interclick, Inc., et. al., No. 10-cv-09183-DAB, the Plaintiff sued each Defendant in December 2010 alleging that the placement of "flash cookies" and use of "history sniffing" code on websites to target advertising violated the Computer Fraud and Abuse Act ("CFAA"), New York General Business Law, and New York State common law. The cases were consolidated, and the Defendants moved to dismiss the claims in April 2011.
Computer Fraud and Abuse Act Claims
The CFAA prohibits accessing and obtaining information from a computer without authorization, and permits any person who suffers damage or loss to institute an action for compensatory damages and injunctive or other equitable relief. Notably, any damage or loss must be greater than or equal to $5,000 per person. Bose claimed damages due to the impairment of her computer, loss due to the collection of her personal information, and loss due to interruption of Internet service.
The Court relied on the decision in LaCourt v. Specific Media, Inc., 10-cv-01256-GW-JCG (C.D. Cal. 2011), and found that Bose failed to allege economic injury sufficient to meet the $5,000 threshold. In Specific Media, the court determined that the plaintiffs failed to allege economic injury from the installation of flash cookies sufficient for a CFAA claim because nothing indicated that the plaintiffs ascribed economic value to their personal information and the plaintiffs failed to explain how they were deprived of the economic value of their personal information. The Interclick Court also relied on In re DoubleClick Inc. Privacy Litig., 154 F. Supp. 2d 497 (S.D.N.Y. 2001), to conclude that Bose's claims that Interclick placed cookies on multiple computers could not be aggregated to reach the $5,000 threshold.
State Law Claims
Bose also alleged violations of New York General Business Law Section 349 governing deceptive business acts or practices, and of the common law by trespass to chattels, breach of implied contract, and tortious interference with contract. The Court denied Interclick's Motion to Dismiss the Section 349 and trespass to chattels claims, but granted the other Defendants' Motions to Dismiss the claims. The Section 349 claim alleged that the use of flash cookies and browser history sniffing code circumvented users' privacy and security settings and harmed consumers. According to the Court, it was sufficient that Interclick engaged in a deceptive practice likely to mislead consumers, and the Court found that Bose alleged sufficient injury, despite that she did not suffer pecuniary injury. The basis for the trespass to chattels claim was that the Defendants impaired the value of her computer by installing flash cookies and browser history sniffing code. The court found the claim that Plaintiffs had been dispossessed of the value of their personal information to be dubious.
The Court also granted all Defendants' Motions to Dismiss the breach of implied contract and tortious interference with contract claims. According to the Court, Bose was not denied the benefit for which she bargained, namely, receiving goods and services through the websites to which she supplied personal information, and Bose failed to specify any specific contracts that were breached (she merely alleged that the Defendants' activities violated the privacy policies for the websites on which Interclick operated).
Significance of the Order
For more information on privacy and data security enforcement and litigation, contact Sheila A. Millar at 202-434-4143 or via e-mail at email@example.com, Douglas J. Behr at 202-434-4213 or via e-mail at firstname.lastname@example.org, Tracy P. Marshall at 202-434-4234 or via e-mail at email@example.com, or Art S. Garrett at 202-434-4248 or via e-mail at firstname.lastname@example.org.