Judge dismisses privacy lawsuit against LinkedIn

Lawsuit accused social media company of illegally sharing browsing histories with third parties

A federal judge in California dismissed a privacy class-action lawsuit against LinkedIn that alleged the social media network violated provisions of the Stored Communications Act (SCA) when it disclosed the IDs and browsing histories of LinkedIn users to advertising companies.

In a 27-page decision, District Judge Lucy Koh, of the U.S. District Court for the Northern District of California, ruled that LinkedIn cannot be sued under the SCA because the company is neither a remote computing service (RCS) nor an electronic communication service (ECS).

"The SCA only creates liability for a provider that is an RCS or an ECS," Koh said in her ruling. LinkedIn is neither and therefore did not violate the SCA, she noted.

News of the ruling in the case was first reported by legal blog Fourthamendment.com.

LinkedIn user Kevin Low filed the lawsuit in March 2011 on behalf of all users of the professional social networking service. Low alleged that LinkedIn violated his privacy rights under the SCA when the company illegally transmitted his personally identifiable browsing history to advertisers, Internet marketing companies, data brokers and web tracking companies.

Low claimed that LinkedIn's user tracking was different from the mostly anonymous tracking done by other Internet companies. "LinkedIn associates its users' unique identifiers with the cookies and beacons that are the keys to their browsing history," Low alleged in his complaint. "LinkedIn thus puts a name to browsing histories that would otherwise be anonymous, thereby exploiting its users' personal information for commercial profit."

Low claimed that LinkedIn's tracking abilities allowed the company to build highly detailed profiles of its users containing private and potentially embarrassing information gathered from their browsing histories. LinkedIn users who visit websites to discreetly seek information on medical conditions, personal problems or marital issues could have those details attached to their personally identifiable profiles, Low claimed.

Low's complaint provided details on what he claimed were the methods used by LinkedIn to conduct intrusive user tracking.

Koh, however, rejected the arguments, saying that even if Low's claims were true, the SCA did not apply to LinkedIn. She dismissed Low's argument that LinkedIn is a remote computing service as defined under the SCA.

Under the statute, an RCS is a company that processes or stores data belonging to others. "In defining RCS, 'Congress appeared to view 'storage' as a virtual filing cabinet,' " Koh said, citing from another case.

"LinkedIn was not acting "as a virtual filing cabinet," or as an off-site processor of data with respect to the user IDs it created," Koh wrote. The URL addresses of viewed pages were not sent to LinkedIn for storage or processing purposes, she said in dismissing the complaint.

Attorneys for Low could not be reached for comment at deadline.

The SCA is a frequently used statute in privacy lawsuits involving social media companies. Earlier this month, prosecutors used the provisions of the SCA to seek information from Twitter on an Occupy Wall Street protester who was being investigated for disorderly conduct.

In that case, the court ruled that the SCA did apply to Twitter and ordered the social media network to hand over the requested information despite its protests.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His email address is jvijayan@computerworld.com.

See more by Jaikumar Vijayan on Computerworld.com.

Copyright © 2012 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon