Judge dismisses privacy lawsuit against LinkedIn

Lawsuit accused social media company of illegally sharing browsing histories with third-parties

A federal judge in California dismissed a privacy class-action lawsuit against LinkedIn that alleged the social media network violated provisions of the Stored Communications Act (SCA) when it disclosed the IDs and browsing histories of LinkedIn users to advertising companies.

In a 27-page decision, District Judge Lucy Koh, of the U.S. District Court for the Northern District of California, ruled that LinkedIn cannot be sued under the SCA because the company is neither a remote computing service (RCS) nor an electronic communication service (ECS).

"The SCA only creates liability for a provider that is an RCS or an ECS," Koh said in her ruling. LinkedIn is neither and therefore did not violate the SCA, she noted.

News of the ruling in the case was first reported by legal blog Fourthamendment.com

LinkedIn user Kevin Low filed the lawsuit in March 2011 on behalf of all users of the professional social networking service. Low alleged that LinkedIn violated his privacy rights under the SCA when the company illegally transmitted his personally identifiable browsing history to advertisers, Internet marketing companies, data brokers and web tracking companies.

Low claimed that LinkedIn's user tracking was different from the mostly anonymous tracking done by other Internet companies. "LinkedIn associates its users unique identifiers with the cookies and beacons that are the keys to their browsing history," Low alleged in his complaint. "LinkedIn thus puts a name to browsing histories that would otherwise be anonymous, thereby exploiting its users' personal information for commercial profit."

Low claimed that LinkedIn's tracking abilities allowed the company to build highly detailed profiles of its users containing private and potentially embarrassing information gathered from their browsing histories. LinkedIn users who visit websites to discreetly seek information on medical conditions, personal problems or marital issues could have those details attached to their personally identifiable profiles, Low claimed.

Low's complaint provided details on what he claimed were the methods used by LinkedIn to conduct intrusive user tracking.

Koh, however, rejected the arguments saying that even if Low's claims were true, the SCA did not apply to LinkedIn. She dismissed Low's argument that LinkedIn is a remote computing service as defined under the SCA.

Under the statute, an RCS is a company that processes or stores data belonging to others. "In defining RCS, 'Congress appeared to view ' storage' as a virtual filing cabinet'," Koh said, citing from another case.

"LinkedIn was not acting "as a virtual filing cabinet," or as an offsite processor of data with respect to the user IDs it created," Koh wrote. The URL addresses of viewed pages were not sent to LinkedIn for storage or processing purposes, she said in dismissing the complaint.

Attorneys for Low could not be reached for comment at deadline.

The SCA is a frequently used statute in privacy lawsuits involving social media companies. Earlier this month, prosecutors used the provisions of the SCA to seek information from Twitter on an Occupy Wall Street protester who was being investigated for disorderly conduct.

In that case, the court ruled that the SCA did apply to Twitter and ordered the social media network to hand over the requested information despite its protests.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is jvijayan@computerworld.com.

See more by Jaikumar Vijayan on Computerworld.com.

Read more about privacy in Computerworld's Privacy Topic Center.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place