Class Action Against Amazon.com Over Browser Privacy Settings Dismissed

On December 1, 2011, the U.S. District Court for the Western District of Washington dismissed a class action lawsuit against Amazon.com alleging violation of the Computer Fraud and Abuse Act ("CFAA") and several state law claims based on Amazon.com's use of cookies and related tracking technologies. In dismissing the case, the court found that the plaintiffs failed to allege that Amazon's actions caused any legally cognizable harm. The plaintiffs had alleged that Amazon exploited a known weakness in Internet Explorer's cookie filtering functionality to install cookies on their computers despite the fact that they had set their browser privacy settings not to accept cookies, and that Amazon modified Flash cookies so that they would appear to be regular cookies and be installed as well. The plaintiffs argued that Amazon's actions installing these cookies and tracking their online behavior harmed them by (1) causing the devaluation of their confidential information; and (2) damaging their computers by impairing performance. The CFAA is a criminal statute that provides a civil cause of action against someone who knowingly, and with intent to defraud, accesses a protected computer without authorization and causes damages of at least $5,000. The court, in granting Amazon's motion, found that the plaintiffs did not allege any specific facts that would support any damages, nor did they show how the performance of their computers was impaired by installation of the cookies. Because they did not prove these elements, the court found that the plaintiffs did not meet the threshold damages requirement of the CFAA. The court found that this also defeated the state law claims. Additionally, the court noted that Amazon's privacy policy disclosed that it would use cookies and flash cookies to track user behavior and share the information with third parties.

Tip: Companies that use tracking technologies on their Web sites should ensure that the Web site privacy policy clearly and accurately describes those tracking technologies. This is particularly true in the case of flash cookies.