Cookies, Promises, and California: Why the 3rd Circuit Revived Privacy Claims Against Google

Last week, the U.S. Court of Appeals for the Third Circuit revived several privacy claims against Google pertaining to the Internet company’s practice of side-stepping cookie blockers” on Microsoft’s Internet Explorer and Apple’s Safari browsers.

The Third Circuit found that Google intentionally circumvented cookie blockers” on Internet browsers by exploiting loopholes found in the cookie blockers and that Google was actually tracking users’ browsing habits without these users’ knowledge. Meanwhile, Google’s privacy policy as well as a number of other public statements indicated that the company was abiding by the browsers’ cookie-blocking settings.

Cookie blockers” are features built in to web browsers that allow a user to prevent the installation of cookies by third-party servers. Internet users have grown wary of Internet cookies” because cookies can track visits to webpages and clicks throughout the site. Information collected from cookies is often sold to third-party advertisers or marketers.

The case, In re: Google Cookie Placement Consumer Privacy Litigation, consists of 24 consolidated suits alleging violations of California state law and federal statutes, specifically, the Computer Fraud and Abuse Act (CFAA), the Stored Communications Act (SCA) and the Wiretap Act. While the Third Circuit decision affirmed the dismissal of claims pertaining to the CFAA, SCA and the Wiretap Act, the Court vacated the trial court’s dismissal of claims under California tort law and the state’s constitutional right to privacy, reviving the suit.

The Third Circuit noted that Google’s actions amounted to deceit and disregard” as the Company not only contravened the cookie blockers – it held itself out as respecting the cookie blockers.” The Court concluded that a reasonable jury could find that Google’s conduct was highly offensive” or an egregious breach of social norms” as the Company’s actions touched millions of unsuspecting internet users over an indeterminable amount of time. Accordingly, the Third Circuit vacated the trial court’s dismissal of the plaintiffs’ claims under the California constitution and California tort law.

While Google’s cookie blocking” practices sparked both the instant lawsuits and settlements with the FTC and 38 state attorneys general, Google isn’t the only company to come under fire for the use of cookie-blocking technology. Earlier this week, MoPub Inc., a mobile ad server owned by Twitter, was sued in California court for using super cookies” to track and store the Internet browsing history of anyone accessing the web through their Verizon smartphone. The suit alleges that MoPub then used this information to build a personal profile which it then used to send targeted advertising, without subscribers’ knowledge or consent. Similar to the Google litigation, MoPub is accused of misleading subscribers who believed that their browser’s opt-out” mechanism would stop MoPub’s tracking.

Companies that use tracking cookies or similar technologies should pay close attention to Google’s current litigation. Companies should also be aware of their own privacy practices, specifically, what data is being collected, how that data is used, and with whom the company may be sharing that data. When it comes to privacy policies, companies should clearly communicate their practices to users and then live up to those commitments.