Facebook and Zynga Privacy Litigation Dismissed With Prejudice [Catch up Post]

[Post by Venkat Balasubramani]

In re Facebook Privacy Litigation, 10-02389 (N.D. Cal.; Nov. 22, 2011)

In re Zynga Privacy Litigation, 10-04680 (N.D. Cal.; Nov. 22, 2011)

These decisions are several months old, but they remain worth mentioning despite the fact they are well past their “blog-by” date. The court recently rejected plaintiffs’ motion to amend the judgment as to Facebook, so the cases are still active.

Facebook and Zynga scored an initial win last May against putative class action claims arising out of alleged data leakage from Facebook to its advertisers. The court expressed some skepticism about plaintiffs’ claims but gave plaintiffs a chance to amend their complaint. My blog post on the court’s earlier ruling: “Facebook Scores Initial Win Against Privacy Plaintiffs Over Data Leakage Claims — In re Facebook Privacy Litigation.” This time around the court grants Facebook’s and Zynga’s motions to dismiss with prejudice. Plaintiffs appealed the ruling in the Zynga case to the Ninth Circuit. (See the link to the Justia page.) With respect to the Facebook dismissal, plaintiffs requested the correct to amend or alter the judgment, but the court refused this request.

Claims Against Facebook

Stored Communications Act

On the Stored Communications Act claim, the court says that the complaint contains inconsistent allegations regarding whether the communications in question were requests to connect to specific advertisements or whether Facebook acted as a “remote computing service” provider under the SCA:

On the one hand, Plaintiffs allege that the communications at issue in this case were requests to be connected to specific advertisements; that the requests were addressed to advertisers; and that Defendant merely acted as the “intermediary” for those communications…. On the other hand, Plaintiffs contend that Defendant acted as [a remote computing service (“RCS”)] provider for purposes of Plaintiffs’ claim under the SCA….

Analyzing claims under this statute leaves my head spinning, but the court ruling looks similar to its earlier conclusion (and reminds me of the court’s analysis in the DoubleClick case). Suffice it to say that the court was not excited about plaintiffs’ claims either the first or the second (or third) time around. Plaintiffs sought to further detail their claims in their request to amend the court’s judgment, but the court says no to this. Whatever the merits of the plaintiffs’ SCA claims, their pleadings were not apparently a model of clarity.

California Penal Code sec. 502

This statute creates a cause of action against someone who introduces a “computer contaminant” into the plaintiff’s computer or computer system. Plaintiffs’ own allegations admitted that the “referrer header” (which plaintiffs allege Facebook improperly disclosed to advertisers) is a “standard web browser function provided by web browsers since . . . 1996.” The court says that this admission dooms plaintiffs’ claims under section 502 since any allegedly improper transmission occurred as a result of the browser’s “normal operation” rather than any contaminant allegedly introduced by Facebook. (See also Amazon v. Del Vecchio.) Section 502 was the same section Facebook relied on when it sued Power.com, although Facebook relied on a different part of the statute. It did not come to pass in this case, among other reasons because Facebook relied on a different part of the statute, but this made me think of Eric’s frequent admonition about considering blowback from overzealous enforcement efforts.

Breach of Contract and Fraud

Plaintiffs sought to rely on the “personal information as property” theory to support their breach of contract claim. The court squarely rejects this argument. The court also rejects the fraud claim for lack of damages.

Claims Against Zynga

The court resolved the Stored Communications Act against Zynga on the same basis as against Facebook. Plaintiffs’ breach of contract claim against Zynga also suffered the same fate as the breach of contract claim against Facebook. With respect to Zynga, plaintiffs alleged that they were paying customers, but the court finds that any payments by plaintiffs were in exchange for virtual currency, and plaintiffs failed to allege that they did not receive the virtual currency which they paid for. Thus, the fact that plaintiffs were paying customers does not change the analysis. Plaintiffs also brought a breach of good faith claim against Zynga, but the court finds that these were merely re-packaged breach of contract claims and suffered from the same deficiencies.


It’s worth distinguishing data leakage claims from claims where Facebook is allegedly using likenesses or photographs of end users to promote itself or products or services. (See Eric’s discussion of Fraley v. Facebook: Facebook “Sponsored Stories” Publicity Rights Lawsuit Survives Motion to Dismiss–Fraley v. Facebook.) These claims have a much greater chance of proceeding, even if they do not succeed on the merits.

Unlike publicity rights claims, data leakage claims have routinely been kicked out of court, whether on the basis of standing or on the merits. Even appeal courts have been unfriendly towards these claims. I thought that the latest wave of privacy lawsuits could end up being salvaged or revived by a friendly appeals court decision, but I’m starting to think the chances of this are slim.

You have to give Facebook credit for staving off the numerous privacy lawsuits. Other than the Beacon lawsuit (the settlement approval of which is still on appeal to the 9th Circuit) and the publicity rights lawsuit which Eric blogged about in December, there have not been any other privacy plaintiff wins against Facebook. Maybe people should consider taking Facebook to small claims court? On the other hand, if they have been unable to get traction in different courts with different versions of their claims, this is a strong indicator that there’s no “there” there. It seems like Facebook is fast and loose with its privacy practices, but it’s another matter entirely as to whether Facebook’s practices create liability under existing statutes. Of course, Facebook will still have to deal with the watchful eye of the FTC, but enforcement efforts by private plaintiffs look like a dead end.