That leaves the field wide open for legal battles. An aggressive Internet privacy plaintiffs’ bar has arisen, focused on class actions and the bountiful rewards they promise. In federal courts, these cases face substantial hurdles, says Morrison & Foerster partner Rebekah Kaufman, who chairs the firm’s Consumer Class Action Litigation Group. The plaintiffs have to show they suffered actual damage as a result of the purported privacy invasion. Courts have routinely held that no such damage can be shown in these cases, she notes, and only a few cases survived early motions to dismiss—though that trend is changing.
So the ever-creative plaintiffs’ bar is seeking out more hospitable jurisdictions in states where it might be easier to satisfy the standards of harm or aggregate large numbers for filing class actions. Nine major retailers are now fending off class actions in Rolla, Missouri, hereto-fore not known for hearing litigation with potential national significance.
Plaintiffs are hoping that un-tested local statutes—essentially state versions of the federal laws on computer fraud or abuse and wiretapping—will make better vehicles for claiming harm, says David McDowell, a Morrison & Foerster partner who is helping to represent several of the companies. In the case against Target, plaintiff Christiane Dalton alleges that within the first minute of visiting the company web-site, 24 cookies were deposited on her computer from approximately 10 third-party companies. All but two persisted after the browsing session ended, with expiration dates ranging from a day to 68 years later.
This may seem intrusive and even a “psychological affront,” McDowell concedes, but it doesn’t rise to the level of an actual harm. That’s why plaintiffs are throwing a mix of other legal theories into their complaints, everything from “unjust enrichment” to the antiquated tort known as “trespass to chattels”— from a time when neighbors sued over cows trampling their yards— which rests on the contention that plaintiffs’ computers were damaged by cookies attached to them.
Still, privacy advocates have powerful allies, including the U.S. government. Such was the case in August when the Federal Trade Commission imposed a record-setting $22.5 million fine on Google for allegedly circumventing privacy settings on Apple’s Safari browser. The FTC determined that Google had misrepresented how much control users actually had.