Apple and Apps Still on Hook for Data Mining


     SAN FRANCISCO (CN) – Apple and 14 app developers – including giants like Yelp, Twitter, Instagram and “Angry Birds” maker Rovio – must face the majority of a class’ claims that they swiped and shared data from iPhones and iPads without users’ knowledge or consent, a federal judge ruled this week.
     The ruling comes three years into a consolidated class action initially against social networking app Path Inc. IPhone user Oscar Hernandez claimed in 2012 federal class action that Path gleaned sensitive data about the location and contact information of its users, minor children included, and stored such information so insecurely that it could be accessed by “even an unsophisticated hacker.”
     A federal judge in San Francisco gutted large portions of that action for lack of evidence that Path had intercepted users’ communications, a requisite for the Federal Wiretap Act. After the U.S. government found that Path had violated Federal Trade Commission rules by mining and storing data from minors, however, the parties settled with promises from Path to delete collected data and beef up its privacy policy.
     But after reports surfaced that other app developers – including Twitter, Yelp, Instagram, Rovio and Electronic Arts – deploy a “friend-finder” function to rifle through users’ iPhones and iPads, looking to make connections, disgruntled users filed a massive consolidated complaint in Texas.
     The case eventually made its way to U.S. District Judge Jon Tigar’s courtroom in California. This past May, Tigar dismissed the bulk of the case by finding that the plaintiffs’ complaint lacked detail as to when, where and how they’d been duped by Apple’s allegedly false promises of its iDevices’ safety and security.
     But he also found that although plaintiffs had voluntarily installed and used the offending apps, they had an expectation of privacy regarding their address books and that a jury should decide whether their acceptance of the apps’ terms of use constituted valid consent to rifle through their contacts.
     The class filed an amended complaint, alleging conversion and invasion of privacy (intrusion upon seclusion) against all defendants. They also claim Apple violated California’s false advertising, consumer and unfair business practices laws – and demand that Apple stop its illegal practices.
     In a 34-page ruling issued Monday, Tigar struck down the conversion claim, finding again that the class hadn’t shown any actual injury since address books have no inherent commercial value to them.
     He also found an injunction against Apple pointless, since plaintiffs hadn’t shown any incidents of unwarranted intrusions of their iDevices in the last two years – after the company remedied alleged gaps in its privacy protection.
     But the tech giant will have to face up to the fact that its long-touted promises of safety and security may have duped consumers into buying iPhones and iPads in the first place, Tigar said.
     “The court finds that plaintiffs have adequately alleged that the individual named plaintiffs saw or heard Apple’s advertising campaign. Each set of allegations specific to individual plaintiffs alleges, among other things, that he or she viewed, heard, or read Apple’s advertisements, or statements in news reports, articles, blogs, and/or statements by Apple’s former CEO, Stephen Jobs; attended Apple conferences, presentations or product-release events; and/or received emails or other communications from Apple touting its devices’ security and/or its respect for its customers’ privacy,” Tigar wrote.
     “These allegations significantly improve upon the single and bare allegation that plaintiffs ‘viewed Apple’s website, saw in-store advertisements, and/or were aware of Apple’s representations regarding the safety and security of the iDevices prior to purchasing their own iDevices,'” he continued, citing the second amended complaint. “The pleading stage is not summary judgment; to the extent that allegations regarding individual plaintiffs’ exposure to Apple’s advertising campaign are sparse, they can be tested after discovery allows the parties further factual development.”
     Tigar also found that – at this point – the class also adequately alleged that Apple knew its products had “an inherent defect that permitted apps to access users’ address book data” and may have hidden at least some of the facts from consumers.
     The app developers didn’t get off unscathed, either. Although Tigar dismissed the conversion claim, he found once again that users had an expectation of privacy with regard to their address books – even if they had actively used the friend-finder function.
     “The court does not find it implausible that, while app users were aware that ‘Find Friends’-type features would scan the address book information stored on their iDevices for the sole purpose of finding friends, they were not aware that those features and the apps with which they were associated used their address book information in other, unauthorized ways,” he wrote.
     He added: “To the extent that apps used plaintiffs’ information for something other than purely ‘Finding Friends,’ plaintiffs retained a reasonable expectation of privacy in that information.”
     Defendants have 14 days to answer the amended complaint, with pretrial discovery following.
     The class is represented by the firm Phillips, Erlewine, Given & Carlin in San Francisco.

%d bloggers like this: