Path App Dodges Several Class Privacy Claims

     SAN FRANCISCO (CN) – A federal judge gutted large portions of a class action that claims a social-networking app spied on customers and stored sensitive data insecurely.
     Oscar Hernandez, of Texas, claims that Path Inc.’s mobile app accesses user’s cellphones without authorization to swipe address book and contact data. Path describes its program in the Mac App Store as “the smart journal that helps you share life with the ones you love – your thoughts, the music you’re listening to, where you are, who you’re with, when you wake and when you sleep,” and allows users to interact on public networks such Twitter, Foursquare and Facebook.
     According to the class action, Path’s app design “is a simple but quite effective way to provide the mechanisms required for substantial user data collection, precise tracking of the user, and an ability to ‘turn on’ the device for data collection and monitoring without the user’s involvement. Path’s ability to have continuous network access to the users’ device is marketed to the public as a service to notify users’ friends if the user is asleep or awake by the use/non-use of the mobile device.”
     Hernandez and the class accuse Path of conversion, trespass and violations of federal and California electronic privacy laws, as well as California’s unfair competition and consumer laws.
     While U.S. District Judge Yvonne Gonzalez Rogers found that the plaintiffs sufficiently alleged an economic injury – the cost of removing Path’s tracking devices – she found the argument that Path intercepts communication lacking under the Federal Wiretap Act.
     “Although Path allegedly transmitted the class members’ contact address books from the class members’ mobile devices to Path’s servers, Path did not ‘intercept’ a ‘communication’ to do so,” Rogers wrote. “Likewise, plaintiff fails to allege facts to support an inference that Path ‘intercepted’ a ‘communication’ on a third-party social network site [sic] contemporaneous with, and not after, the communication was posted on the social networking website.”
     The judge found similar problems with Hernandez’s action relating to the Stored Communications Act, but said it is too early to dismiss California Computer Crime Law claims.
     “Based on the current limited briefing, the court cannot conclude as a matter of law whether Path’s alleged conduct  i.e., downloading the Path App, which plaintiff voluntarily installed on his mobile device, contained undisclosed software code that surreptitiously transferred data stored on Plaintiff’s mobile device to Path’s servers  falls outside the scope of the California Computer Crime Law,” Rogers wrote.
     Hernandez managed to sufficiently allege unfair business practices, but not that Path’s storing of contact information on its servers constitutes a “public” disclosure under California’s common law privacy torts, the decision states. Similarly, his conversion action fails because he alleged only that Path copied his personal information without the requisite disposition of that information, Rogers said.
     The judge called for further examination of the claim that Path negligently violated its duty to users to protect their information and store it securely.
     “Defendant argues that plaintiff has not provided any legal basis for the alleged duty,” Rogers wrote. “The case on which defendant relies, In re iPhone Application Litig., does not support its position. There, Judge Koh found that the ‘plaintiffs ha[d] not yet adequately pled or identified a legal duty on the part of Apple to protect users’ personal information from third-party app developers.’ No such duty to protect plaintiff from third parties is alleged here – Path is a third-party app developer and plaintiff alleges that Path had a duty not to take plaintiff’s personal information. Path has not offered any legal authority to support its position that it does not owe plaintiff such a duty. Based upon the facts alleged in the [first amended complaint], and the arguments advanced by Path, the court cannot rule as a matter of law that Path did not owe plaintiff a duty not to take his personal information.” (Italics in original, citations omitted.)
     Hernandez has until Nov. 9 to file a second amended complaint or attempt to proceed with what’s left of his original.

%d bloggers like this: