Recent Google and LinkedIn Lawsuits Provide Lessons for Web and Mobile App Developers

September 30, 2013 by Sanjay Nangia 1 Comment

Recent lawsuits against Google and LinkedIn remind website and mobile application developers to be fully transparent when crafting user agreements and interacting with users.

In the Google suit, Google’s Gmail service is accused of scanning users email in order to create user profiles and provide targeted advertising.  In an attempt to dismiss the case, Google unsuccessfully argued that the Wiretap Act, which authorizes email providers to intercept messages in order to facilitate message delivery (or other incidental functions), protected its practices.  More significantly, however, was how the court treated Google’s assertion that Gmail users had consented to the scanning under its end-user agreement.  The court held that the agreement did not adequately spell out Gmail’s practices.  Nor did it explain how Google would use the information it was scanning.  Additionally, the court found that non-Gmail users, whose emails to Gmail users would also be scanned, did not consent to the user agreement.  This ruling suggests that developers should continually be transparent about their practices, including the purpose of the information they are collecting.  And developers should be mindful about non-users who may interact with their platform, and whether such users’ consent raises privacy concerns.

In a separate suit, LinkedIn is accused of improperly accessing a user’s contacts through the user’s email account.  Upon logging in, LinkedIn asks for permission to access a user’s email account to discover the user’s contacts.  And once these contacts’ addresses are imported, LinkedIn asks for permission to invite them to connect.  Rather than asking the user to opt in, however, LinkedIn preselects all of the contacts it wishes to invite on the users behalf, and requires the user to uncheck contacts that should not be invited.  Under the procedure, a user may unwittingly send out hundreds of invitations to contacts in his/her address book. The lawsuit alleges that LinkedIn will email these contacts two reminder emails, and there is no way to unsend the invitations.  Finally, plaintiffs criticize LinkedIn’s notification of its terms of use policy because it does not require the user to actually view it or click through the policy.  Though the court has not ruled on the legality of LinkedIn’s practices, prudent developers will affirmatively require users to select contacts to invite to a service and generally disclose the implications of the users’ actions.  Additionally, developers should remember to require users to actually click through the terms of use (as opposed to simply requiring users to check a box).

The lawsuits are In re: Google Inc. Gmail Litigation, 13-MD-02430-LHK, and Perkins et al. v. LinkedIn Corporation, Case No. 13-cv-04303-HRL.

Categories: Uncategorized | Tags: privacy mobile applications apps website media "terms of use" "user agreement" "privacy agreement" "end-user agreement | Permalink.