(CN) - Facebook and Zynga users trying to revive privacy claims struggled to show the 9th Circuit that either the social networking giant or the game company had violated any laws.
Forced to appear together before the appeals court in a consolidated hearing, attorneys for the two companies were pressed for time but relieved to find a three-judge panel that seemed reluctant to reinstate the claims.
Mike Robertson's 2010 class action claimed that, whenever a user clicked third-party posts on a Facebook page, Facebook sent those advertisers a "referrer header" containing the user's personally identifiable information.
Though Facebook has since stripped the headers of such private data, headers at the time of the lawsuit's filing could include a user's name, gender and age. Robertson said this violated the federal Electronic Communications Privacy and Stored Communications Acts and California consumer and computer fraud statutes, as well as breaching the user agreement with Facebook.
U.S. District Judge James Ware dismissed part of Robertson's lawsuit in 2011, however, finding that users like Robertson were not consumers for the purposes of California's unfair competition or consumer protection laws because Facebook provided its services for free.
He also said California's computer fraud statute did not apply since Facebook did not circumvent technical barriers in sending the headers. The breach of contract claim meanwhile failed because Robertson had failed to show "appreciable and actual damage."
In dismissing the claims under the federal Wiretap Act or the Stored Communications Act, Ware said Robertson did not make the necessary showing that the information Facebook allegedly disclosed "was not part of a communication from plaintiffs to an addressee or intended recipient of that communication."
Robertson in turn argued in an amended complaint that Facebook was liable under the Stored Communications Act because it was acting as a "remote computing service provider," and thus cannot rely on the "intended recipient" exception to liability.
Unswayed, Ware dismissed the whole complaint in late 2011. The judge said that Facebook was not acting as a "remote computing service provider" because it was acting as an intermediary for user requests to advertisers, and because it did not provide "processing or storage" of users' "data."
The action also failed to meet California's definition of computer fraud because the "alleged transmission of personally identifiable information is caused by a 'standard web browser function,' rather than by a 'contaminant' introduced to plaintiffs' computers by defendant to 'usurp' the 'normal operations' of those computers," according to the ruling.
Ware also found no "actual and appreciable damages" to support a contract claim. Robertson's attorney started his argument on this point before the 9th Circuit on Jan. 17.
Kassra Nassiri argued that Facebook's privacy policy promised Robertson's identity would not be shared with advertisers. When it broke that promise, "it deprived appellant Robertson of the benefit of that bargain," she said. "That constitutes actual and appreciable harm."
The Nassiri & Jung lawyer said California law provides "disgorgement and nominal damages" to plaintiffs who suffered harm but not monetary damages.
Turning to the Stored Communications Act claims, Judge Sandra Ikuta asked how the user ID and URL contained in the disputed headers "constitute the contents of a communication rather than just record information."