The Secure Times

An online forum of the ABA Section of Antitrust Law's Privacy and Information Security Committee

Leave a comment

Failure to Plead Loss Causation in Class Action Suit Against Amazon Leads to Dismissal

Judge Robert S. Lasnik from the Washington Western District Court granted last week Amazon’s motion to dismiss in the class action suit Del Vecchio et al v., Inc. Plaintiffs may now file an amended complaint within 30 days.

Plaintiffs alleged that Amazon, the famous online retailer, placed browser cookies on their computers against their wishes, by “exploiting” a shortcoming in Microsoft’s Internet Explorer browser s cookie filtering function, and that Defendant intentionally published a “gibberish” website policy to deceive Plaintiff’s browser into accepting Defendant’s cookies despite their filter settings.

Plaintiff also alleged that Amazon retooled flash cookies so that they would behave as traditional browser cookies in order to be accepted by Plaintiff’s browser, and that the online retailer used the personal information thus gathered and also shared it with third parties, despite the terms of its Privacy Notice.

Plaintiffs claimed being injured by Amazon’s misappropriation of their personal information, in which they have economic and property interests, and also damage to and consumption of their Computer Assets, leading to economic harms, including “devaluation of personal information, [and] loss of the economic value of the information as an asset” and diminution of the performance and value of their computer resources.

However, Judge Lasnik granted Amazon’s motion to dismiss as Plaintiffs failled to plead plausible losses.

Diminished Performance of Plaintiff’s Computer

Plaintiffs alleged that, by transferring cookies to Plaintiff’s computers, it thus diminished their  performance and constituted an interruption in service, but Judge Lasnik considered it merely “naked assertions.”

Monetary Value of Personal Information

The Computer Fraud and Abuse Act (“CFAA”) punishes unauthorized access to a protected computer, and provides for a civil remedy ”unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period.” Therefore, the issue of the value of the loss (more or less than $5,000) was one of the questions presented to the court.

According to Judge Lasnik’s order, the facts of the case cannot allow the Court “to reasonably infer that those losses plausibly occurred in this case, let alone that they totaled $5,000.” Plaintiffs argued, for example, that by acquiring their personal information, they were thus deprived ‘”of the opportunity to exchange their valuable information,” but such deprivation is “entirely speculative” according to Judge Lasnik.  However, Judge Lasnik did not shun entirely the idea that personal data may have value, as he adds: “[w]hile it may be theoretically possible that Plaintiffs’ information could lose value as a result of its collection and use by Defendant, Plaintiffs do not plead any facts from which the Court can reasonably infer that such devaluation occurred in this case.”

The issue of proving the value of personal dat is quite interesting…  How could one measure the value of one’s personal information? Is the personal information of a gold or platinum card member more valuable than those of a basic member?  Should sites like Klout, which uses algorithms to grade one’s reputation on several social media sites, be introduced as evidence? It will be interesting to read Plaintiff’s amended complaint in the next weeks.