A group of consumers are asking a federal appeals court to revive a class-action privacy lawsuit against Google, Vibrant Media and WPP's Media Innovation Group, all of which allegedly circumvented Safari's privacy settings.
“Defendants intentionally and secretly hacked past privacy settings of millions of users to collect personal information for commercial uses,” the consumers say in their appellate papers, filed on Wednesday. They are asking the 3rd Circuit Court of Appeals to reverse a 2013 decision by U.S. District Court Judge Sue Robinson, who threw out the case on the grounds that the consumers hadn't shown they suffered any tangible harm.
The consumers contend that they “suffered concrete injury the moment the defendants intruded upon their protected right to be left alone.” They add that being deprived of privacy is in itself sufficient harm to warrant a lawsuit. “What plaintiffs intended to keep private is no longer so,” they say in their appellate brief.
Robinson also ruled that even if the companies circumvented Safari's default settings, doing so didn't violate the federal wiretap law -- which applies when companies intercept the “content” of a communication. She ruled that any interceptions were of URLs, or Web site addresses, which are not in themselves “content.”
“While URLs may provide a description of the contents of a document, e.g., www.helpfordrunks.com, a URL is a location identifier and does not 'concern the substance, purport, or meaning' of an electronic communication,” she wrote, quoting from the wiretap statute.
But the Web users say that contents has a broad definition, which includes any information about the meaning of a communication. “A URL such as www.oprah.com/health/Stop-Drinking-How-to-Get-on-the-Path-to-Sobriety conveys loads of such information, telling much about the substance, purport and meaning,” they argue. “Here, a user is seeking information about how to stop drinking and get sober.”
The lawsuit, which alleges violations of the federal wiretap law, as well as a handful of other statutes, stemmed from a report issued in 2012 by Stanford grad student Jonathan Mayer. He said that the four companies were circumventing Safari's no-tracking settings. As a result, the companies were able to set tracking cookies and serve ads to Web users based on their Internet activity.
Google, Vibrant Media and PointRoll confirmed Mayer's report when it came out in February, adding that they had stopped tracking Safari users or would soon do so. WPP has never confirmed the report. None of the companies were accused of linking cookie-based data to users' names or other personally identifiable information.
In July, PointRoll agreed to settle the allegations by deleting any cookies it collected from Safari users. Robinson granted that deal preliminary approval shortly before dismissing the case against the other three companies.
Google agreed to a $22.5 million settlement with the Federal Trade Commission for circumventing Safari users' privacy settings. Last November, the company also agreed to pay an additional $17 million to 36 states and the District of Columbia.