• by Wendy Davis  @wendyndavis, July 16, 2018

A federal judge has dismissed a class-action complaint accusing data broker and marketer Navistone, and three online retailers -- mattress startup Casper, men's outdoor apparel company Moosejaw and clothing retailer Tyrwhitt -- of violating people's privacy by using "de-anonymization" technology that allegedly identified otherwise unknown web users.

The suit stemmed from a report last year that retailers were embedding code from NaviStone on their sites. That code allegedly captured a host of information from visitors to online commerce sites -- including their keystrokes, IP addresses, and other data -- and then determined the identities of at least some visitors. For instance, if web users typed in their email or snail mail addresses, the technology's keystroke-logging capabilities would record the addresses, even if the users never hit the "enter" button, Gizmodo reported last year.

The news prompted several lawsuits against Navistone and companies that allegedly use the technology. The complaint against Caspar, Moosejaw and Tyrwhitt were brought by New York City resident Brady Cohen. He alleged that the companies' use of the de-anonymization technology violated the federal wiretap law and New York's consumer protection laws.

"Although Mr. Cohen never purchased anything from defendants and never consented to any interception, disclosure or use of his electronic communications, Mr. Cohen’s keystrokes, mouse clicks1 and other electronic communications were intercepted in real time and were disclosed to NaviStone through Casper’s use of NaviStone’s wiretaps," he alleged in the complaint against the mattress company. "Mr. Cohen was unaware at the time that his keystrokes, mouse clicks and other electronic communications were being intercepted and disclosed to a third party."

The complaints contained similar allegations against Moosejaw and Tyrwhitt.

Cohen also alleged that Caspar's privacy policy was deceptive because it said that the company doesn't share users' personal information with third parties. That statement was "false and/or misleading because Casper does in fact share visitor's personal information with NaviStone for NaviStone's marketing purposes," the lawsuit alleges.

U.S. District Court Judge William Pauley in New York dismissed the matter late last week. He ruled that the alleged tracking doesn't amount to a violation of the federal wiretap law, which prohibits companies from intercepting electronic communications without the consent of at least one party. In this situation, the retailers consented to any interceptions, Pauley wrote.

"It is clear that the retailers were parties to the communications and NaviStone had their consent," he said in an 18-page ruling.

He also said Cohen couldn't proceed with claims that the companies violated New York's consumer protection laws, ruling that Cohen didn't allege any financial injury.

"Cohen’s inability to identify a cognizable injury is fatal," the judge wrote. "Here, the only alleged injury is a general invasion of privacy 'through the exposure of personal and private information.'"

Other judges have come to different conclusions in privacy lawsuits. In 2011, U.S. District Court Judge Deborah Batts in New York allowed a consumer to proceed with a complaint alleging that ad network Interclick violated a New York consumer protection law by using "history-sniffing" technology to discover which Web sites users previously visited.

But two years ago, U.S. District Court Judge Naomi Reice Buchwald in New York dismissed a lawsuit accusing PulsePoint of circumventing Safari's no-tracking default settings. Buchwald said in her ruling that the consumers hadn't alleged that they suffered an injury as a result of the tracking.

NaviStone and Quicken Loans are still facing a privacy lawsuit in federal court in Newark, N.J.<