June 16, 2004 4:00 AM PDT

Judge tosses online privacy case

The dismissal of lawsuits brought against Northwest Airlines has online privacy advocates renewing calls for federal privacy legislation.

In a decision dated June 6, U.S. District Court Judge Paul Magnuson ruled that seven consolidated class action lawsuits against Northwest had no merit--in part because the privacy policy posted on the airline's Web site was unenforceable unless plaintiffs claimed to have read it. The plaintiffs had contended that the airline, in giving passenger information to the government in the wake of the Sept. 11, 2001, terrorist attacks, violated laws and its own privacy policy.

"Although Northwest had a privacy policy for information included on the Web site, plaintiffs do not contend that they actually read the privacy policy prior to providing Northwest with their personal information," Magnuson noted. "Thus, plaintiffs' expectation of privacy was low."

Privacy advocates assailed that part of the decision, saying it rendered Web site privacy policies all but unenforceable.

"I don't think it's relevant whether or not they actually read the privacy policy first," said Lee Tien, senior staff attorney for the Electronic Frontier Foundation (EFF) in San Francisco. "Think of all the 'fine print' we run into every day--warranties and the like. Rather than focus on what the plaintiffs actually read, we should focus on what Northwest said it would do."

"The rationale the court uses calls into question the assurances of any policy posted on any Web site," said David Sobel, general counsel for the Electronic Privacy Information Center (EPIC) in Washington, D.C.

Northwest shared passenger information with the National Aeronautical and Space Administration (NASA) for its research into improving airline security following the terrorist attacks of Sept. 11, 2001.

According to the plaintiffs, Northwest violated its privacy policy, the Electronic Communications Privacy Act, the Fair Credit Reporting Act and Minnesota's Deceptive Trade Practices Act by giving NASA passenger name records, which include not only passengers' name but also their flight numbers, credit card information, hotel and car rental reservations, and names of traveling companions.

The EFF's Tien and other privacy advocates said the decision illustrated the inadequacy of U.S. privacy law.

"This decision is precisely why so many advocates call for consumers to be given a right to sue for privacy breaches," said Ray Everett-Church, chief privacy officer for the ePrivacy Group. "This decision tells companies that promises they make in privacy policies can be ignored because the people who are harmed have little legal basis for complaining."

EPIC's Sobel agreed, saying the decision undermined marketers' claims that industry is capable of regulating itself when it comes to consumers' privacy.

"The online industry has always made the argument that there's no need for legislation protecting online privacy, that through privacy policies and self-regulation they're able to give people the protections they need," Sobel said. "This decision really underscores the fact that there appears to be no enforceable protection in place."

Church said the decision would not prevent the Federal Trade Commission from acting against the airline or a Web site vendor that violated its posted privacy policy. Last week, the FTC promised that at least one such action was coming down the pike.

Attorneys for the plaintiffs, asked whether they planned to appeal, did not return calls.

1 comment

Join the conversation!
Add your comment
Does this cut both ways?
Does this mean that If I did not read you EULA that I can copy it at will, and the vendor can have no rights to stop me? If I buy a ticket online, and they can't prove I actually read it (That seems to be the crux of the dismissal, was that the policy was not enforcable unless the plaintant READ it and can prove it). So the restrictionss on tickets can now be challenged, and the airlines should loose.

Maybe this was not such a bad decision after all. Maybe this will force all the Fine Print merchants to make their disclaimers more robust.
Posted by (4 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.