Yelp Says Users Knew About Contact Mining

SAN FRANCISCO (CN) — Yelp on Tuesday became the latest app developer to try to swat down claims that it invaded users’ privacy by harvesting their personal data without consent.
The San Francisco-based company that crowd-sources business reviews is one of 14 app developers accused of using a “find friends” feature to swipe users’ contact list data without permission.
Lead plaintiff Marc Opperman sued Apple, Yelp and other app developers in 2012 for allegedly uploading and storing their sensitive data so insecurely that even an “unsophisticated hacker” could access it.
On Tuesday, Yelp asked U.S. District Judge Jon Tigar to toss claims that it violated users’ privacy by uploading their contacts. Its attorney Michael Page said each user gave the company permission to use their contact lists to identify other Yelp users.
“Yelp did exactly what it said it was going to do,” Page told the judge.
Class attorney Michael von Loewenfeldt countered that users only gave Yelp permission to look at their contacts, not to upload the data to its server.
“They did not ask for permission to upload, didn’t reference the upload, even though they were supposed to and now do,” von Loewenfeldt said.
Page argued that even the plaintiffs’ expert acknowledged that it would be impossible for Yelp to identify users from contact lists without first moving the data to its servers for analysis.
Nevertheless, Yelp should have informed users of its plans to take possession of the data or at least encrypted the email addresses and other sensitive information before transferring it in an unsecure manner, von Lowenfeldt replied.
Page said users don’t have to understand exactly how the process works in order to give consent.
“If you take your car in for a brake job, you can’t sue the mechanic saying, ‘I didn’t know you were going to take the wheels off,'” Page said.
The Yelp attorney further argued that the plaintiffs offer no evidence that Yelp in any way “misused” or “misappropriated’ the contact list data. Any claims that Yelp injured the plaintiffs merely by copying their contacts is preempted by the Copyright Act, he said, because that information cannot be copyrighted.
But von Lowenfeldt said that allowing Yelp to use the Copyright Act to crush plaintiffs’ claims would set a dangerous precedent.
“If copyright protection applied here, then there’s no limit to what apps could do in taking people’s data and moving it around,” the class attorney said.
Tigar said von Lowenfeldt presented a compelling “public policy” argument on the copyright issue, but stayed mum on the legal merits of his argument.
The judge ended the hearing after about 30 minutes of debate, saying he plans to issue a ruling soon.
After the hearing, Tigar said he is leaning toward holding a trial at the earliest possible date between a newly certified class of plaintiffs and two defendants — Apple and the social network app Path.
Last month, Tigar certified a class of 480,000 Apple device users whose contact list data was uploaded by Path over three months in 2011 and 2012.
Apple awaits a decision from the Ninth Circuit on its Aug. 4 petition seeking permission to appeal the class certification ruling. Its attorney Robert Hawk said his client would prefer to hold one trial with all the defendants, instead of trying them separately.
“I don’t see how trying the Path claim will shed a lot of light beyond what’s already been shed,” Hawk told the judge.
Class attorney David Given said he is poised to submit an omnibus class certification motion against five of the remaining defendants soon.
Other app developers accused of swiping users’ contact list data without permission include Twitter, Instagram and “Angry Birds” maker Rovio.
The parties plan to further discuss how to move forward with the case when Twitter argues its motion for summary judgment at hearing scheduled for Sept. 22.

%d bloggers like this: