Court: Retailers Not Bound To Online Promises. Their Shoppers AreWritten by Mark Rasch
Attorney Mark D. Rasch is the former head of the U.S. Justice Department’s computer crime unit and today serves as Director of Cybersecurity and Privacy Consulting at CSC in Virginia.
A recent dismissal of a class-action lawsuit against the LinkedIn (NYSE:LNKD) social network raises the question of whether anyone is bound to keep the promises they make on their website at all. If taken at face value, the court’s dismissal means that companies are not bound to meet their own promised obligations but their customers are bound to comply with the Terms and Conditions of the website, whether they read them or not.
LinkedIn told its customers: “Of course, maintaining your trust is our top concern, so we adhere to the following principles to protect your privacy: ‘All information that you provide will be protected with industry standard protocols and technology.'”
The class-action plaintiffs argued that by failing to use what is called salted encryption (which randomizes the keys to encrypt data), LinkedIn did not—as it promised—use “state of the art” security. This failure, according to the plaintiffs, caused them harm and damage, and breached the contract.
Not so fast, said the federal district court judge.
On March 5, Judge Edward Davilia in San Jose dismissed the class-action lawsuit. Remember that “promise” of security? It’s not binding. Not because it was too vague or because “state of the art” doesn’t mean much. No, that would be understandable. The court held that the online promise wasn’t supported by “consideration.” That is, premium subscribers were not paying LinkedIn for security; they were paying for premium services such as InMail (the ability to send E-mail to other LinkedIn subscribers), among others. Because the subscriber wasn’t paying for security, there was no binding “contract” to provide security. Lack of consideration.