Friday, May 9, 2014
Court Rejects Federal Privacy Claims Against Facebook and Zynga
By KENNETH OFGANG, Staff Writer
Facebook and Zynga—an independent online game company that designs, develops, and provides social gaming applications that are accessible to users of Facebook—did not violate federal privacy laws by disclosing user information to advertisers, the Ninth U.S. Circuit Court of Appeals ruled yesterday.
Because information contained in “referer headers” does not meet the Electronic Communications Privacy Act’s definition of “contents,” Judge Sandra Ikuta explained, the websites cannot be held liable under the ECPA. In an unpublished memorandum, however, the court said Facebook may be sued for breach of contract under state law, based on allegations it violated its own privacy policies.
Users of Facebook and Zynga filed separate class action complaints against the companies in 2010; the cases were consolidated on appeal. The plaintiffs claimed that when they clicked on a Zynga game or a Facebook ad, advertisers and other third parties received their Facebook IDs and Facebook page addresses.
Ikuta, however, agreed with U.S. District Judge James Ware of the Northern District of California—since retired—that any such delivery would not violate either the Wiretap Act or the Stored Communications Act, which are parts of the ECPA.
The judge explained:
“During the period at issue in this case, when a user clicked on an ad or icon that appeared on a Facebook webpage, the web browser sent an HTTP request to access the resource identified by the link. The HTTP request included a referer header that provided both the user’s Facebook ID and the address of the Facebook webpage the user was viewing when the user clicked the link. Accordingly, if the Facebook user clicked on an ad, the web browser would send the referer header information to the third party advertiser.”
To recover damages for violation of the Wiretap Act or the Stored Communications Act, the judge noted, a plaintiff must show that the “contents of any communication” by that person have been disclosed by the defendant. “Contents” are defined as “any information concerning the substance, purport, or meaning of a communication.”
“The referer header information that Facebook and Zynga transmitted to third parties included the user’s Facebook ID and the address of the webpage from which the user’s HTTP request to view another webpage was sent. This information does not meet the definition of ‘contents,’ because these pieces of information are not the ‘substance, purport, or meaning’ of a ‘communication.’”
Congress, she noted, specifically excluded a user’s “name,” “subscriber number or identity,” or “address,” from the definition of “contents.”
The judge acknowledged that, as plaintiffs argued, “an enterprising advertiser could uncover the user’s profile page and any personal information made available to the public on that page.” But Congress did not choose to ban all disclosure of personal information by online businesses, she explained, and specifically allowed disclosure of various types of subscriber information, even credit card and bank account numbers under certain circumstances.
The case is In re Zynga Privacy Litigation, 11-18044.
Copyright 2014, Metropolitan News Company