A federal court judge allowed a class action lawsuit against professional networking website LinkedIn to proceed, on the plaintiffs’ third attempt to establish claims that a hacker attack in 2012 that resulted in the theft of 6.5 million passwords harmed them.
Following the cyber attack, LinkedIn upgraded its password encryption procedures and alerted all members to the new, more secure system.
LinkedIn has two tiers of memberships, free and paid. The lead plaintiff, Khalilah Wright, who purchased a subscription, argued that “had LinkedIn disclosed its lax security practices, she would have viewed the premium subscription as less valuable and would either have attempted to purchase a premium subscription at a lower price or not at all.”
The plaintiff attempted to find standing for the claims of harm under both California’s Unfair Competition Law (UCL) and Article III of the Constitution, arguing that she had been injured by not receiving the benefit of her LinkedIn agreement and that she faced a higher risk of harm in the future because of the hacking incident. The United States District Court for Northern California rejected both of those claims, and the plaintiff shifted to a claim based on LinkedIn’s alleged misrepresentation. She relied on cases where courts found standing for claims for plaintiffs who bought “deceptively labeled or advertised products in reliance on the misinformation contained in the labels or advertisements.”
According to LinkedIn, this claim should fail because the firm’s privacy policy is not in a label or advertisement and it applies to both paying and non-paying members.
“Thus, LinkedIn argues, “[u]nder no plausible theory can this single sentence in the Privacy Policy that applies to all LinkedIn members be considered an ‘inducement’ to the purchase of a premium subscription, the ‘advertisement’ of premium services, or an ‘effective marketing technique’ for premium service,” the court stated.
LinkedIn cited cases in which courts have required plaintiffs to prove they have done “something more” than “overpaying for a defective product.” The court disagreed, finding that the plaintiff had a reasonable claim in stating that she had paid for something she would not otherwise have bought.
“Like those examples, the statement in LinkedIn’s Privacy Policy might be significant only to a small segment of consumers and many consumers may not even care to read it before making their purchase. Yet the California Supreme Court and the Ninth Circuit Court of Appeals have indicated that when those representations are false, a consumer who is induced by them to purchase a product that she otherwise would not have purchased has standing to bring an action under the UCL in federal court,” the court stated.
Erin is the managing editor of Advisen’s Front Page News. She has been covering property-casualty insurance since 2000. Previously, Erin served as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at [email protected].
