Breach of Privacy in the Cloud (U.S.)

more+
less-

In 2012, LinkedIn made headlines as a result of a significant data breach. The passwords and email addresses of over 6 million LinkedIn users were hacked and posted online. Encryption and security was improved by LinkedIn in the wake of this breach. A class action lawsuit was commenced in the United States based on claims by LinkedIn “premium” users (who paid a monthly or yearly fee for upgraded services). The claim relied on an alleged breach of the terms of LinkedIn’s privacy policy which included fairly standard language about protection of personal information “with industry standard protocols and technology.” In the decision In re LinkedIn User Privacy Litigation , 2013 WL 844291 (N.D. Cal. Mar. 5, 2013), a US court has shut down the claim, deciding the plaintiffs lack standing. The claims were based on a “benefit of the bargain” concept - an argument that the claimants were allegedly entitled to security as paying customers and LinkedIn breached this promise.

The court rejected the claims since there was no indication that the extra service paid for by premium users included enhanced security or encryption, since “paid” users and “free” users received the same level of security. It is clear that claims based on breach of privacy will face a uphill battle in the US, and this decision together with the decision in last year’s iPhone class action claim demonstrate the complexities and difficulties of this class of claims.