“Rather than being consensual, these cookies were designed by the defendants to hack their way around the privacy settings of plaintiffs’ chosen browsers that were specifically marketed and designed to block tracking cookies,” the consumers say in papers filed on Tuesday with the 3rd Circuit Court of Appeals.
The consumers are seeking to revive their privacy lawsuit against the companies, all of which allegedly “hacked” Safari’s default privacy settings in order to track users with cookies.
The users filed suit two years ago, shortly after a Stanford grad student reported in 2012 that Google, Vibrant Media, WPP and PointRoll had circumvented Safari’s no-tracking settings. As a result, they were able to set tracking cookies and serve ads to Web users based on their Internet activity.
Google, Vibrant Media and PointRoll confirmed Mayer’s report when it came out, and said they had stopped tracking Safari users or would soon do so. WPP has never confirmed the report. None of the companies were accused of linking cookie-based data to users’ names or other personally identifiable information.
U.S. District Court Judge Sue Robinson in Delaware dismissed the lawsuit last year, ruling that the consumers didn’t have “standing” to proceed in court because they weren’t harmed. She also said that even if the companies tracked users, doing so didn’t violate the federal wiretap law — which applies when companies intercept the “content” of a communication. Robinson said in the decision that any interceptions were of URLs, or Web site addresses, as opposed to “content.”
Earlier this year, the consumers asked the 3rd Circuit to reverse Robinson’s ruling. They argue that they experienced a “concrete injury the moment the defendants intruded upon their protected right to be left alone.”
Google, Vibrant Media and WPP’s Media Innovation Group opposed that bid, arguing that the appellate court should uphold Robinson’s ruling. Google said in its papers that cookies “are a standard feature of the modern Internet used for a host of legitimate purposes.” Vibrant Media and WPP added that the accusations against them center on “routine commercial behavior.”
The consumers now say in their reply papers that they suffered a concrete injury as a result of the tracking cookies. “Plaintiffs allege that defendants violated their privacy (invading a ‘fundamental human right’), secretly disabled their privacy protections (impairing their browsers), and misappropriated their personally identifiable information (which has monetary value and which the defendants unjustly profited from).”
The users also point to a recent Supreme Court decision requiring the police to obtain a warrant before searching cell phones. The consumers say that decision supports the view that a URL can be “content.”
The Supreme Court said in that case that Internet search and browsing history “could reveal an individual’s private interests and concerns.”
This lawsuit isn’t the only fallout from Mayer’s original report about the Safari-hack. Google agreed to a $22.5 million settlement with the Federal Trade Commission for circumventing Safari users’ privacy settings. The company also agreed to pay an additional $17 million to 36 states and the District of Columbia.
PointRoll settled the allegations by promising to delete any cookies it collected from Safari users. The company also said it will issue a public statement that its data-collection from Safari users was “not consistent with best industry practices.”