LinkedIn Wins Dismissal of Privacy Lawsuit in California

Posted on by Dissent

Joel Rosenblatt reports:

LinkedIn Corp. (LNKD), the biggest online professional-networking service, won dismissal of a lawsuit claiming it failed to follow industry standards and its own promises in encrypting user password information.

The lawsuit, filed last year in federal court in San Jose, California, followed the company’s website being hacked and 6.5 million member passwords being posted on an unrelated website. In June, LinkedIn confirmed its site was hacked. The suit was based on alleged violations of California consumer protection statutes, breach of contract and negligence claims.

In dismissing the case, U.S. District Judge Edward J. Davila said the plaintiffs didn’t read LinkedIn’s allegedly misrepresented privacy policy, which is necessary to support their claims.

Read more on Bloomberg.  I’ve uploaded the order to dismiss here.  Here’s part of it:

First, the FAC fails to sufficiently allege that Plaintiffs actually provided consideration for the security services which they claim were not provided. Plaintiffs contend that in exchange for the fees they paid for the premium membership account, LinkedIn promised, among other things, to provide them with a particular level of security to protect their data. However, the User Agreement and Privacy Policy are the same for the premium membership as they are for the non-paying basic membership. Any alleged promise LinkedIn made to paying premium account holders regarding security protocols was also made to non-paying members. Thus, when a member purchases a premium account upgrade, the bargain is not for a particular level of security, but actually for the advanced networking tools and capabilities to facilitate enhanced usage of LinkedIn’s services. The FAC does not sufficiently demonstrate that included in Plaintiffs’ bargain for premium membership was the promise of a particular (or greater) level of security that was not part of the free membership.

And that’s apart from the fact that the plaintiffs didn’t allege that they had ever read the privacy policy, so they can’t claim they were misled on the basis of that policy, can they?

Article III strikes again….

Category: Breach IncidentsBusiness SectorHackU.S.