Sell Personal Information to Marketers; Buy a Lawsuit

By Jillian Raines


Who doesn’t love their Pandora or Dictionary.com App? Or doesn’t think that playing PaperToss is a great way to spend their morning commute? What about the WeatherChannelApp? I know—so much easier than opening your computer and going to weatherchannel.com to see what you should wear on any given day.

What if you found out that the companies behind these Apps, and a bunch of others, were selling your personal information—like your age, location, gender, income, ethnicity, sexual orientation, political views, and your phone’s “uniquedeviceidentifier (UDID) — to marketers? And even worse, that Apple was allowing this to happen?

That is precisely what multiple California residents are claiming in three separate, nearlyidentical lawsuitsfiledagainstAppleandseveralAppmakers. Though the legal claims vary slightly, the factual allegations are virtually the same; it will not be surprising, in fact, if all of these suits are soon joined.

It is not clear who will win but regardless of outcome, these suits will surely have significant implications for both consumerprivacyadvocates and companies likeAppleandGoogle.

The complaints all allege that Apple, as well as the makers of many Apps, have violated two federal statutes (the Electronic Communications Privacy Act (ECPA) and the Computer Fraud and Abuse Act), as well as Californiastatelawsonunfaircompetition, unjust enrichment, breach of contract, and the CaliforniaConsumerLegalRemediesAct. There are also claims for violation of the right of privacy under ArticleISectionIoftheCaliforniaStateConstitution.

The plaintiffs allege that the App makers are giving their personal data to marketers and ad networks, often in the form of each user’s UDID (a unique serial number connected to each particular iPhone or iPad) and that their private information is being used to track “what they download, how frequently they use the Apps, and for how long.” In addition, the plaintiffs claim some of these Apps share users’ “location, age, gender, income, ethnicity, sexual orientation and political views.”

Ironically, this case may be an example of the media not only covering a legal dispute, but also having a part in instigating it. The complaints were filed after an indepthpiecetitled, “Your Apps are Watching You” appeared in the Wall Street Journal. The piece explained how iPhone App makers were sharing users’ personal data with different marketers and advertisers.

From the plaintiffs’ perspective, media attention will only help their cause: tech companies’ lack of transparency is at the core of the plaintiffs’ frustrations. After the Journal article was published and these suits were filed, this dispute garnered the attention of many consumer privacy advocates who since the dawn of the Internet age have been calling for clearerprivacypolicies.

The debate between these consumer privacy advocates on one hand, and the tech companies and advertising agencies on the other has been one of the defining battles of the still nascent Internet era. On the one side are consumer privacy advocates who believe an advance in technology should not mean a complete sacrifice of consumer privacy. Organizations like the ElectronicPrivacyInformationCenter (EPIC), theCenterforDigitalDemocracy, ConsumerFederationofAmerica and ConsumerWatchdog advocate for greater protections from unauthorized invasions of privacy by big companies who are capable of using and abusing technology to the detriment of the unknowing consumer.

From lobbying for the recently proposed DoNotTrackMeOnlineAct,” to encouraging consumer awareness about how to secure user data on the web, these advocacy groups want to make sure consumers are not unwittingly “consenting” their personal privacy away simply because it is far easier to click “OK” when an iPhone presents a lengthy (and probably confusing) user agreement than to parse the agreement and consider its consequences. Most of all, these groups want to ensure that companies like Apple and Google are held accountable, even if that means taking them to court.

On the other side you have companies like Apple and Google who recognize that working with advertisers and marketers is a lucrative way of doing business. In today’s Internet marketplace, advertising is the main way to monetize the web — whether consumers are accessing it through computers, cell phones, or the iPad. And for big tech companies, users’ personal information cannot only be used to offer great services; it can also be sold at a premium price. Giving ad networks the tools to tailor ads specifically to consumer tastes is something for which ad networks are willing to pay top dollar. This economic reality can be clearly seen on Apple and Google’s balance sheets. In the third quarter of the 2010 calendar year, advertisingrevenueincreasedby 310% forApple. And in 2009, Google generated 97% of its revenue through advertisements.

The stakes are high. And all of the claims turn on the issue of users’ consent.

Ultimately, if a court finds the plaintiffs consented to the conduct of Apple and the App makers by agreeing to the terms of service and the various privacy policies, Apple and the App makers have done nothing unlawful. Alternatively, if a court finds these terms-of-service agreements and privacy policies were unfair or unclear, or that Apple and the App makers’ conduct was outside the scope of the consent granted, the plaintiffs will have a chance to make their case.

On the consent issue, the plaintiffs will make a few different arguments. To start, they will point to the language in Apple’s Terms of Service that says Apple and its licensees (the App makers) will not sell personal information to third parties for marketing purposes. Next, plaintiffs will argue that while Apple’s Terms of Service say that certain user information is collected anonymously—like users’ UDID— that information can easily be re-identified and linked from the iPhone or iPad to the actual individual using the device. Further, plaintiffs will argue that Apple’s policy specifies that only App makers who offer “location-based services” will collect UDIDs, and most of the App makers who have been sued do not fit in that category. The plaintiffs will claim these factors (and surely others) indicate that they did not consent to how Apple and the App makers shared their information.

If the plaintiffs prevail in court, the consequences will likely be detrimental to Apple’s bottom line. But perhaps Google should be even more concerned. While Apple could lose an important source of revenue, Apple’s core business still resides in hardware design. But Google’s main source of revenue is advertising, and a decision confirming privacy violations in a company’s use of data mayforceasignificant changeinGoogle’s businessmodel. Big tech companies, tech consumers, and privacy advocates alike should all be paying close attention.


1 Comment »

One Response

  1. Jason says:

    Selling consumer personal information is unfortunately the new gold rush and it’s worth billions. Every company is doing it now and lying to you about keeping your information confidential. Just look in the news and you will see how they use vague scenarios that don’t have to be proven like being hacked as a means to unload their brimming collection of information to the highest bidder. Sometimes the corrupt companies simply change the small print in their privacy policy without notice and count on the consumer not paying attention which they don’t in most cases . There are currently no laws preventing these companies from exploiting your personal information. They’re allowed to share your information with affiliates (information buyer) even if you say no. The Graham-Leach-Bliley Act passed in 1999 allows banks, credit card companies and insurance companies or whoever to share consumer information with so-called affiliates. There is no limit on the number of affiliates they can have. Should there not be some means of regulating these unethical monsters before they further erode our nation and capsize the future of consumer trust?