Apps Can Collect and Use Personal Information

The collection and use of an app user’s personal information, including the user’s location, without his or her consent does not violate the user’s right to privacy under the California Constitution, the Stored Communications Act, the Federal Wiretap Act, or the Computer Fraud and Abuse Act.  However, the use may violate California’s unfair competition law, a California federal court ruled.

The ruling issued in a consolidated case where various users of iPhones, iPads, and iPod Touches filed a class action against Apple, Inc., and various app developers who created apps that allowed the collection of personal information.  The information collected included the plaintiff’s address, the physical location of the device, the unique device identifier (UDID), and the user’s gender, age, zip code, and time zone.

The court dismissed all of the app developers from the case, but it found that Apple may have breached its representations to the plaintiffs that it would not track their whereabouts if the users turned off the geo-tracking feature.  The plaintiffs alleged that even when the feature was turned off, Apple continued to track them.  “Plaintiffs have adequately alleged that they relied upon Apple’s representations regarding the ability to opt-out of geolocation tracking in making their purchase decisions,” the court found.

The court stated that the use of geolocational information without the Plaintiffs’ knowledge or consent “does not constitute an egregious breach of social norms” so as to be a violation of the California Constitution.  “Plaintiffs have failed to establish that Defendants’ conduct ‘amounts to a serious invasion’ of the protected privacy interest,” the court wrote.

As to the Stored Communications Act (SCA), the court found that the iPhone, iPad, and iPod Touch do not fit the statutory definition of a “facility through which an electronic communication service is provided.”  In addition, the court found that the information could be stored in the devices for up to a year, so the information is not in “temporary, intermediate storage . . . incidental to the electronic transmission” of electronic communications as required by the SCA.

The court ruled that the Wiretap Act only protects persons from interception of the actual content of communications.  The court found that geolocational data “is generated automatically, rather than through the intent of the user, and therefore does not constitute ‘content’ susceptible to interception.”

Because the court had previously granted Plaintiffs the right to amend their complaint and because the court found that they cannot cure the deficiencies, it denied the Plaintiffs the right to file another amended complaint on the counts that were dismissed.

In Re iPhone Applications Litigation, U.S. Dist. Ct., N.D. Calif. No. 11-MD-02250, filed June 12, 2012.