California Federal Court Dismisses Bulk of Privacy Suit Against Facebook
In late 2010, David Gould and Mike Robertson filed a class action lawsuit against Facebook for disclosing users’ personal information to third-party advertisers without users’ consent. The Plaintiffs asserted eight causes of action against Facebook, including violations of the Electronic Communications Privacy Act (“ECPA”) and California’s Unfair Competition Law (“UCL”). Expressing skepticism about the actual harm alleged by the Plaintiffs, the United States District Court for the Northern District of California dismissed the claims against Facebook on May 12, 2011.
According to the complaint, when a user clicks on one of Facebook’s third-party advertisements, Facebook sends a “Referrer Header” to the corresponding advertiser. This header contains the specific webpage address that the user was viewing before clicking on the advertisement, and reveals personally identifiable information to the advertiser such as the user’s name, gender, and picture. The Plaintiffs brought this class action suit on behalf of themselves and all Facebook users in the United States who clicked on a third-party advertisement displayed on Facebook after May 28, 2006.
ECPA Claims
The Plaintiffs alleged violations of the Wiretap Act (which applies to communications in transmission) and the Stored Communications Act (which applies to communications in storage). Both prohibit electronic communication services such as Facebook from divulging the contents of communications to parties other than the “addressee or intended recipient.” According to the complaint, when a Facebook user clicks on a third-party advertisement, the user asks Facebook to send an electronic communication – the Referrer Header - to the advertiser. The Plaintiffs claimed that users do not expect and do not consent to Facebook’s disclosure of all of the contents of those communications (e.g. their personal information) to the advertisers.
The court interpreted these allegations in two ways. Under the first interpretation, a user’s click on an advertisement constitutes a communication from the user to Facebook - the content of the user’s communication to Facebook is a request that Facebook send a subsequent communication to the advertiser. As the communication is sent from the user to Facebook in this scenario, Facebook is the intended recipient of the communication and therefore not liable under ECPA for disclosing the communication to advertisers. Under the second interpretation, a user’s click on an advertisement constitutes a communication from the user to the advertiser; by clicking on an advertisement, a user asks Facebook to pass the communication along to the advertiser. In this scenario, Facebook cannot be liable under ECPA for divulging the communication to the advertiser because the advertiser is the addressee or intended recipient. As such, the court held as a matter of law that the Plaintiffs failed to state a claim for violations of ECPA under either interpretation.
California Consumer Protection - Personal Information is Not Property
The Plaintiffs also sought damages under the UCL. To assert a UCL claim, a plaintiff needs to have “suffered injury in fact and . . . lost money or property as a result of the unfair competition.” The Plaintiffs claimed they lost property – their personally identifiable information – as a result of Facebook’s conduct. The court dismissed the claim, expressly holding that personal information does not constitute property for purposes of the UCL. In addition, the court limited the scope of its prior ruling in Doe 1 v. AOL, LLC , which considered claims under the UCL after AOL inadvertently disclosed sensitive personal information of its users to the public. In contrast to that alleged by the Plaintiffs, AOL’s disclosure of personal information was not something users’ bargained for when they “signed up and paid fees for” AOL’s services. According to the court “a plaintiff who is a consumer of certain services (i.e. who ‘paid fees’ for those services) may state a claim under certain California consumer protection statutes when a company, in violation of its own policies, discloses personal information about its consumers to the public.” Because the Plaintiffs did not pay to use Facebook, the court dismissed the UCL claim with prejudice.
What is Left?
While dim, there is some light at the end of the tunnel for the Plaintiffs in this case. The court rejected Facebook’s argument that the Plaintiffs lacked standing, holding that the Plaintiffs alleged sufficient injury-in-fact to continue the case in federal court. Additionally, the court permitted the Plaintiffs to re-file five of the eight dismissed claims. Yet even with the chance to re-file, actual harm in the privacy litigation context remains a difficult concept for plaintiffs to prove - just recently another privacy-related lawsuit involving flash cookies was dismissed for lack of actual harm. This decision once again demonstrates that plaintiffs attempting to recover damages for privacy violations face an uphill battle. We will keep you updated if and when this case progresses.
European Court Hands Google a Keyword Victory but Warns Online Advertisers
The European Court of Justice ruled this week in cases brought against Google France by Louis Vuitton Malletier and Viaticum that Google is not liable for selling advertising keywords (Google AdWords) based on brand names to the competitors of the brand owners. However, the court noted that advertisers themselves may violate trademark and unfair competition laws if they create confusion as to the source of advertised products, and a search provider may be liable if it does not act promptly to remove abusive advertising once it becomes aware of it.
Google and other search engine providers allow advertisers to purchase advertising keywords corresponding to trademarks – potentially including those owned by their competitors. Thus, a user typing in a brand name may be presented with “sponsored links” above or to the side of the search engine results, directing the user to websites operated by companies offering directly competing products.
National courts in Europe have reached differing conclusions about the fairness of this practice. Trademark and fair trading practices laws are national, but the EU Electronic Commerce Directive (Directive 2000/31/EC) limits the liability of “intermediary service providers.” (US laws such as the Communications Decency Act and the Digital Millennium Copyright Act include some similar provisions.) The French Cour de Cassation (the highest judicial court in France) referred the question of Google’s potential liability to the Court of Justice of the European Union (commonly known as the European Court of Justice or “ECJ”), which issued an opinion this week holding that reference search providers are generally not liable for infringement because of automated keyword advertising. The court observes that the advertiser itself may violate a competitor’s trademark rights, however, if the nature of the advertising does not clearly distinguish the source of the goods or services.
The key to immunity under Article 14 of the Electronic Commerce Directive is whether the service provider’s role is “merely technical, automatic and passive.” The ECJ directed the French court to examine Google’s service in that light to determine if Google has “played an active role of such a kind as to give it knowledge of, or control over, the data stored.”
If it has not played such a role, that service provider cannot be held liable for the data which it has stored at the request of an advertiser, unless, having obtained knowledge of the unlawful nature of those data or of that advertiser’s activities, it failed to act expeditiously to remove or to disable access to the data concerned.” (para. 120)
Google claims this ruling as a victory, because its AdWords program is automated and user-controlled, and Google has procedures in place to handle complaints concerning trademark violations and advertisements for counterfeit goods. Without such conditions, an online service provider selling advertising could still be exposed to liability for direct or contributory trademark infringement.
As for the advertisers who buy and use keywords based on brand names, this practice, in the ECJ’s view, does not necessarily impair the advertising value of a trademark:
[W]hen internet users enter the name of a trade mark as a search term, the home and advertising page of the proprietor of that mark will appear in the list of the natural results, usually in one of the highest positions on that list. That display, which is, moreover, free of charge, means that the visibility to internet users of the goods or services of the proprietor of the trade mark is guaranteed, irrespective of whether or not that proprietor is successful in also securing the display, in one of the highest positions, of an ad under the heading ‘sponsored links’. (para. 97)
However, the content of the ad and the website linked from the ad may violate trademark or fair trading laws if it creates confusion as to the source of goods or affiliation with the brand owner, even if this is not expressly misstated:
In the case where the ad, while not suggesting the existence of an economic link, is vague to such an extent on the origin of the goods or services at issue that normally informed and reasonably attentive internet users are unable to determine, on the basis of the advertising link and the commercial message attached thereto, whether the advertiser is a third party . . . the conclusion must also be that there is an adverse effect on that function of the trade mark. (para. 90)
Thus, the Google opinion, while helpful for search providers with automated keyword bidding programs, does not change the legal landscape for companies that advertise online. An advertiser – whether it is a reseller or a competitor – must refer to a third-party brand in a way that avoids confusion as to who the advertiser is and what it is selling. Otherwise, a court may conclude that the advertiser is unfairly trading on the reputation of another party and misleading consumers.
Similar issues arise, of course, in the use of competitors’ brand names in website metatags and in domain names. Under trademark law in the United States and other major trading nations, domain name owners and website operators must be careful not to give a false impression that they are affiliated with the brand owner or acting under its authority. It is perilous to use a third-party’s brand in a domain name or metatag, where there is little opportunity to differentiate the source and avoid “initial interest confusion.” But it should be easier to avoid such confusion in the context of keyword advertising, with a little legal attention to the content of the advertising headers and text and the linked website.
