In re DoubleClick Inc. Privacy Litigation

Raj PagariyaCase Summary

Class action suit against a leading online advertising service provider for unauthorised collection of personal information of users

In re DoubleClick Inc. Privacy Litigation
154 F.Supp.2d 497
In the United States District Court for the Southern District of New York
Case Number 00 CIV 0641 NDB
Before District Judge Buchwald
Decided on March 28, 2001

Relevancy of the Case: Class action suit against a leading online advertising service provider for unauthorised collection of personal information of users

Relevant Statutes and Provisions

  • The Federal Rules of Civil Procedure (Rule 12(b)(6))
  • The Computer Fraud and Abuse Act, 18 U.S.C. § 1030
  • The Federal Wiretap Act, 18 U.S.C. § 2510
  • The New York General Business Law

Relevant Facts of the Case

  • This is a class action suit against the defendant wherein the plaintiffs bring three claims under federal laws and four claims under state laws.
  • DoubleClick, a Delaware corporation, is the world’s largest provider of internet advertising products and services. It has a network of over 11,000 publishers, making it a market leader in the delivery of online advertising.
  • DoubleClick uses cookies along with its proprietary technologies to deliver targeted advertisements. The defendant acts as a bridge between the websites seeking to sell their spaces for banner advertisements and those looking to advertise their products and services on other advertisements.
  • The plaintiffs allege that the defendant’s cookies collect personal and private information that users would not ordinarily expect advertisers to be able to collect. The defendant’s database contains use profiles of more than 100 million users.
  • In June 1999, DoubleClick purchased Abacus Direct Corp for over $1 billion. Abacus maintained a database of personal details on approx. 90% of American households. It used to sell this information to direct marketing companies.
  • With this acquisition, the defendant announced its plan to combine its database with Abacus’ database of offline customer profiles. Accordingly, the company changed its privacy policy and removed the assurance that information gathered from users would not be associated with their personally identifiable information.
  • FTC investigated this acquisition and whether DoubleClick’s compilation of data will result in unfair trade practices. However, the then-CEO announced that he made a mistake by planning to merge the two databases. FTC subsequently concluded its investigation without finding that the company engaged in unfair or deceptive trade practices.

Prominent Argument by the Counsels

  • The plaintiff’s counsel argued that the defendant’s placement of cookies on users’ hard drives constitutes unauthorised access. The natural reading of the word user would include the class members who have an internet connection and access the internet instead of websites and web servers.
  • The defendant’s counsel submitted that its conduct falls under the exception given under Section 2701. For the CFAA claim, the counsel argued that the plaintiff’s allegations do not satisfy the statutory damage requirements given in the statute.

Opinion of the Bench

  • The Electronic Communication Privacy Act of 1986 (ECPA) defines a user as any person or entity who uses an electronic communication service and is duly authorised by the provider of such service to engage in such use. Considering the internet’s architecture, human users do not in any sense connect to a passive acceptable and obtain information. In a practical sense, websites are among the most active users of internet access. As a matter of law, DoubleClick-affiliated websites are users of internet access under ECPA.
  • The very reason clients hire DoubleClick is to target advertisements based on users’ demographic profiles. It is safe to conclude that the DoubleClick-affiliated websites consented to DoubleClick’s access to plaintiffs’ communications to them.
  • Cookies reside on plaintiffs’ hard drives; hence, they do not fall within the definition of electronic storage. If this were the case, websites would commit felony every time they accessed cookies on users’ hard drives.
  • In their wiretapping claim, the plaintiffs allege that the defendant has committed several torts; however, they have failed to mention that its primary motivation was to injure the plaintiffs tortiously.
  • For the CFAA claim, the plaintiffs have failed to allege facts that could support the interference that the damages and losses incurred by them from the defendant’s access to any particular computer over one year could meet the damage threshold under Section 1030(e)(8)(A).

Final Decision

  • The court dismissed the plaintiffs’ federal claims and declined to exercise its supplemental jurisdiction over their state law claims.