Recent Class Action Highlights Risk of Using Mobile Tracking “Cookies”
A class action lawsuit was filed on September 16, 2010, alleging that the lead defendant, Ringleader Digital, Inc., and several website operators utilizing Ringleader Digital’s technology have violated the plaintiffs’ privacy rights by illegally tracking individual’s mobile internet activity without their permission. This appears to be the first class action lawsuit involving tracking of mobile devices’ internet activity and is very similar to the series of class action lawsuits filed over the last few months focusing on “Flash cookies" (including Valdez v. Quantcast Corp., White v. Clearspring Technologies, Inc. and La Court v. Specific Media, Inc.), as covered by the Wall Street Journal and the New York Times. (The Flash cookie cases were also covered in the Privacy and Information Security Committee’s July-August and September Updates, materials for which are available to committee members here)
A main point of contention is Ringleader Digital’s use of HTML5. HTML5 is a next-generation open standard currently under development by the World Wide Web Consortium, but it has already been adopted by companies such as Apple instead of Adobe Flash on its iPhone, iPod and iPad products. The HTML5 standard provides website operators the ability to locally store information on a user’s computer or mobile device. The local storage feature provides benefits, such as allowing users to use website features offline, but also allows a website operator to implement “cookie” functionality because large amounts of data regarding a user’s internet history can be stored.
The complaint alleges that Ringleader Digital developed technology, known as Media Stamp™, utilizing HTML5 local storage databases to create the mobile equivalent of a third-party online cookie. The complaint also alleges that the Media Stamp technology assigns users a unique identifying number and allows Ringleader Digital, advertisers, ad agencies and website publishers to create a local HTML5 database to track a mobile device’s internet activities over multiple websites.
The lawsuit relies on similar legal bases as the Flash cookie lawsuits. The main thrust of all claims is that Ringleader Digital and the other defendants violated privacy laws by tracking a mobile device’s internet activity with no disclosure that it was doing so and without authorization. The plaintiffs also allege that the tracking databases created by the defendants would be recreated even after the plaintiffs deliberately tried to remove them, which is similar to the “re-spawning” or “zombie” aspect of Flash cookies.
The claims asserted include violations of the federal Computer Fraud and Abuse Act (18 U.S.C. § 1030) and the following California laws: Computer Crime Law (Cal. Penal Code § 502), Consumer Legal Remedies Act (Cal. Civil Code § 1750), Unfair Competition Law (Cal. Bus. & Prof. Code §17200), Invasion of Privacy Act (Cal. Penal Code § 630), common law trespass to personal property, and unjust enrichment.
A copy of the complaint is available here.