• by Wendy Davis  @wendyndavis, April 28, 2014

Google, Vibrant Media and WPP's Media Innovation Group acted “contrary to industry practice and contrary to their own privacy policies” when they circumvented Safari users' privacy controls, a group of consumers assert in their latest attempt to convince the Third Circuit Court of Appeals to revive their privacy lawsuit against the company.

“Plaintiffs are not challenging consensual use of tracking cookies,” the consumers assert in court papers filed last week. “Plaintiffs allege ... that the defendants’ tracking was nonconsensual.” The consumers add that the companies “secretly disabled the default privacy protections of millions of Safari browsers, allowing the illegal interception of billions of electronic communications.”

The consumers are appealing U.S. District Court Judge Sue Robinson's decision dismissing the lawsuit, which alleged violations of the federal wiretap law and state privacy laws. The consumers alleged that all three companies thwarted Safari's no-tracking default settings, and were then able to determine which Web sites users visited.

Robinson ruled that the consumers didn't have “standing” to proceed in court, because they weren't harmed by any cookies that were set. She also said that even if the companies tracked users with cookies, doing so didn't violate the federal wiretap law -- which applies when companies intercept the “content” of a communication. She ruled that any interceptions were of URLs, or Web site addresses, and not “content.”

Google, Vibrant Media and WPP recently urged the 3rd Circuit to uphold Robinson's order. The companies say they didn't collect personal information or engage in other activity that could have harmed the consumers.

Google argued in its court papers that tracking cookies are “a standard feature of the modern Internet used for a host of legitimate purposes.”

Vibrant Media and WPP similarly said that tracking consumers with cookies is “routine commercial behavior.”

But the consumers counter that circumventing privacy settings is not routine behavior online. “In early January 2012 The Wall Street Journal broke the “Safari-gate” story. The hacking immediately stopped,” the consumers argue in their latest papers. “The hacking had not been implicitly or explicitly consensual, as its technical complexity and secrecy show.”

The consumers also argue that they should be able to proceed in court regardless of whether they can show that the alleged tracking cost them any money. Among other arguments, the consumers say they lost “the ability to monetize the type of data stolen.”

The Safari users also argue that Web site addresses are themselves “content,” and that intercepting those addresses violates the wiretap act. The consumers write that Web site addresses can include “search terms that reflect the substance of human thought, sometimes the most intimate of such thoughts.”

The litigation was sparked by a 2012 report by Stanford grad student Jonathan Mayer, who said the four companies were circumventing Safari's no-tracking settings. As a result, the companies were able to set tracking cookies and serve ads to Web users based on their Internet activity.

Google, Vibrant Media and PointRoll confirmed Mayer's report, adding that they had stopped tracking Safari users or would soon do so. WPP has never confirmed the report. None of the companies were accused of linking cookie-based data to users' names or other personally identifiable information.

PointRoll recently settled the allegations by promising to delete any cookies it collected from Safari users. The company also said it will issue a public statement that its data-collection from Safari users was “not consistent with best industry practices.”

Google agreed to a $22.5 million settlement with the Federal Trade Commission for circumventing Safari users' privacy settings. Last year, the company also agreed to pay an additional $17 million to 36 states and the District of Columbia.