American Bar Association
Media Alerts
Media Alerts - In re: Google Inc. Cookie Placement Consumer Privacy Litigation - Third Circuit
Decrease font size
Increase font size
November 11, 2015
  In re: Google Inc. Cookie Placement Consumer Privacy Litigation - Third Circuit
Headline: Tracking Cookies Placed on Browsers Even After Internet Users Employ Cookie Blockers Do Not Violate Federal Surveillance Law

Area of Law: Wiretap Act, Cyberspace

Issue Presented: Do tracking cookies placed on users' web browsers by internet advertising businesses violate federal law when the businesses placed the cookies on the browsers in contravention of the browsers' cookie blockers and the businesses' own public statements?

Brief Summary: Defendants placed tracking cookies on Plaintiffs' web browsers by exploiting loopholes in the cookie blockers on Plaintiffs' browsers while publicly assuring that the cookie blockers were blocking their tracking cookies. Plaintiffs brought three federal claims against Defendants pursuant to the Wiretap Act, Stored Communications Act, and Computer Fraud and Abuse Act. Plaintiffs' claim that Defendants violated the Wiretap Act failed because Defendants were parties to the communication. Plaintiffs' claim that Defendants violated the Stored Communications Act failed because the Act did not apply to private computing devices. Plaintiffs' claim that Defendants violated the Computer Fraud and Abuse Act also failed because Plaintiffs failed to allege that they suffered a loss. Plaintiffs also brought several claims under the California Constitution and California tort law.

Extended Summary: Plaintiffs brought a class action against Defendants, who run internet advertising businesses, alleging that Defendants placed tracking cookies on Plaintiffs' web browsers by exploiting loopholes in the cookie blockers on Plaintiffs' browsers. Defendants exploited loopholes in Plaintiffs' cookie blockers while publicly assuring that the cookie blockers were blocking the very third-party tracking cookies the Defendants placed on Plaintiffs' browsers.

When a user, such as one of the Plaintiffs, types a Universal Resource Locator ("URL") into a web browser, the server for that webpage instructs the browser to request advertisements from the third party internet advertiser responsible for serving the advertisements, such as one of the Defendants, for the particular requested webpage. Defendants deliver their advertisements directly to users from their own servers and serve different advertisements to different visitors. Internet advertisers are able to tailor advertisements to their audience by placing third party cookies on user's computing devices. These cookies keep track of and monitor an individual user's web activity over every website on which the internet advertisers inject ads. The internet advertiser then uses the internet histories of users to create detailed profiles on individuals.

Some web browsers, including Safari and Internet Explorer, designed built-in features called cookie blockers to prevent third party internet advertisers from installing cookies on a user's browser. The Defendants knew about the existence, functionality, and purpose of these cookie blockers. Defendant Google assured users that the cookie blockers were in place, making specific assurances about the existence, functionality, and purpose of the Safari browser cookie blocker. However, Defendant Google and other Defendants discovered loopholes in the cookie blockers and placed cookies on browsers with activated blockers, including those of Plaintiffs.

Plaintiffs brought three federal claims against Defendants pursuant to the Wiretap Act, Stored Communications Act, and Computer Fraud and Abuse Act. Beginning with the Federal Wiretap Act, Plaintiffs demonstrated that the contents of an electronic communication were intentionally intercepted by Defendants' servers. While URLs may function as location identifiers that route information and, as such, may be permissible under Federal surveillance law, URLs may also be part of or contain the substantive information conveyed to a recipient. Interception of content is impermissible under Federal surveillance law.

Congress contemplated the overlap of information that serves a routing function and content function. URLs can contain both content and routing information because they often produce the words of a search engine query or identify the website that a user views. Whether a URL involves content depends on how much information would be revealed by disclosure of the URL. However, consistent with cases holding that numbers dialed from a telephone after a call has already been set-up constitute content even where the original dialed numbers do not, post-domain name portions of the URL were designed to communicate to the visited website which webpage content to send to the user.

However, Defendants did not violate the Wiretap Act because section 2511(2)(d)'s exception applied. Section 2511(2)(d) provides that no cause of action will lie against a private person where such person is a party to the communication unless such communication is intercepted to commit a criminal or tortious act. Plaintiffs' browsers directly communicated with Defendants about the webpages they sought to visit. The Defendants placed tracking cookies on web browsers in the process of injecting their advertisements, which were served directly from Defendants as third party internet advertisers. Defendants' cookies would not be able to associate a browser's web activity with a unique person as Plaintiffs alleged unless Defendants directly received advertisement requests for webpages that Plaintiffs visited. Thus, Defendants were parties to the communication because they acquired Plaintiffs' internet history information when Plaintiffs' browsers sent that information directly to Defendants in the course of requesting webpage advertising content. Plaintiffs failed to point to any criminal or tortious acts that were secondary to Defendants' acquisition of the communication and involved tortious or criminal use of the interception's fruits.

Next, Plaintiffs' claim under the Stored Communications Act failed. The Act requires Defendants to have intentionally accessed a facility through which an electronic communication service is provided without authorization. Alternatively, the Act requires Defendants to have intentionally exceeded authorization to access that facility thereby obtaining, altering, or preventing authorized access to an electronic communication while in electronic storage. However, Defendants accessed Plaintiffs' personal computing device, and an individual's personal computing device is not protected by this Act. Congress meant for the Act to protect information held by centralized communication providers; home computers were already protected by the Fourth Amendment. Thus, the Act did not apply to Plaintiffs' personal computing devices.

Plaintiffs' final federal claim that Defendants violated the Computer Fraud and Abuse Act also failed. The Act applies where persons suffered damage or loss because a third party intentionally accessed a computer without authorization or exceeded authorized access and obtained information from a protected computer. However, Plaintiffs failed to allege that they suffered a loss because they failed to show that they would have made economic use of the information collected by Defendants themselves or Defendants prevented them from capturing the full value of their internet usage. Furthermore, they did not show that they incurred costs, lost opportunities to sell their information, or lost the value of the data that was collected by others.

Plaintiffs stated several claims under the California Constitution and California tort law. Plaintiffs adequately plead their freestanding privacy claims against Google, but their claims against Google under the California Invasion of Privacy Act, California Unfair Competition Law, and California Consumers Legal Remedies Act failed.

To read the full opinion, please visit http://www2.ca3.uscourts.gov/opinarch/134300p.pdf

Panel (if known): Fuentes, Fisher, and Krause, Circuit Judges

Date of Argument: December 11, 2014

Date of Issued Opinion: November 10, 2015

Docket Number: No. 13-4300

Decided: Dismissal of the three federal law claims brought against all Defendants is affirmed, dismissal of the freestanding privacy claims against Google under the California Constitution and California tort law vacated, and dismissal of other California state law claims affirmed

Case Alert Author: Sarah Adams

Counsel: Jason O. Barnes, Esq., James P. Frickleton, Esq., Edward D. Robertson, Jr., Esq., Brain R. Strange, Esq., counsel for Appellants; Colleen Bal, Esq., Michael H. Rubin, Esq., Anthony J. Weibell, Esq., counsel for Appellee Google Inc.; Edward P. Boyle, Esq., David N. Cinotti, Esq., Travis S. Hunter, Esq., Rudolf Koch, Esq., counsel for Appellee Vibrant Media Inc.; Lisa M. Coyle, Esq., Douglas H. Meal, Esq., counsel for Appellees Media Innovation Group LLC and WPP PLC.

Author of Opinion: Judge Fuentes

Circuit: Third Circuit

Case Alert Supervisor: Professor Susan L. DeJarnatt

    Posted By: Susan DeJarnatt @ 11/11/2015 01:09 PM     3rd Circuit  

FuseTalk Enterprise Edition - © 1999-2018 FuseTalk Inc. All rights reserved.

Discussion Board Usage Agreement

Back to Top