A federal judge has
dismissed a privacy lawsuit against six Internet service providers who worked with defunct behavioral targeting company NebuAd.
U.S. District Court Judge Thelton Henderson in the northern
district of California ruled that it would be unfair to force the ISPs -- Bresnan, CenturyTel, Embarq, Knology, WOW, and Cable One -- to defend themselves in California when they had no contact with
the state except for their contract with the Redwood City-based NebuAd.
"The six ISP Defendants have sustained their burden of demonstrating that haling them to court in California is
unreasonable under these circumstances," Henderson wrote. "Exercising jurisdiction over them would not comport with notions of fair play and substantial justice."
Last year, 15 Web users sued NebuAd and six ISPs for violating their privacy by deploying a behavioral targeting platform that used
deep-packet inspection technology to monitor users' Web activity. They alleged that the platform violated federal wiretap laws and other statutes.
The ISPs sought to dismiss the case for several
reasons. They argued that they should not have to defend a lawsuit in California when they were not based in the state and none of the subscribers who sued were residents of the state. They also made a more substantive argument that NebuAd alone was responsible for any privacy violations.
While
Henderson agreed that California was the wrong locale for the lawsuit, he rejected the ISPs' contention that they were not responsible for any unlawful activity. "Defendants claim they did nothing
more than allow NebuAd's devices to be installed. However, adopting that position -- and ignoring the consequences (and profits) that flowed from the installation of NebuAd's devices -- is precisely
the kind of 'rigid and formalistic' analysis that this Court must avoid," Henderson wrote.
The consumers' lawyer says he intends to refile complaints against the ISPs in other states. "The
decision should not be an impediment to the plaintiffs ultimately obtaining their day in court and the recovery they deserve," says Scott Kamber, a partner in the law firm KamberEdelson.
NebuAd
has shuttered and is liquidating its assets, but the plaintiffs still might be able to collect damages from
NebuAd's insurance company.
But even if NebuAd has insurance, the carrier might balk at paying, says Seattle-based Internet law expert Venkat Balasubramani. "There might be a battle around
whether this type of incident was covered under insurance," says Balasubramani. "Insurance companies typically leave exclusions for willful misconduct."
NebuAd consistently denied infringing on
users' privacy. The company said that all data collected was anonymous because the company didn't know users' names or phone numbers or keep copies of the IP addresses associated with users. NebuAd
also said that it did not collect sensitive data, and that users could opt out of the platform.
But the platform was controversial because of the scope of information available to NebuAd. Unlike
older behavioral targeting companies that only collected data from a network of publishers, Internet service providers have access to all Web activity -- including users' searches and their visits to
non-commercial sites. The company's emergence spurred congressional hearings, following which NebuAd suspended plans for further tests.