By: David O. Klein and Neil E. Asnen
Social media giant LinkedIn Corporation (‘LinkedIn’) recently agreed to settle class action
allegations that it violated several federal and state laws by harvesting email addresses from the external contact lists of LinkedIn members, and by sending repeated invitations to join LinkedIn to those addresses. Under the terms of the settlement, LinkedIn will contribute at least $13 million towards consumer relief, and implement changes to its policies and procedures, including more effectively informing users as to how its ‘Add Connections’ feature
functions, as well as more easily allowing users to opt-out of it.
The ‘Add Connections’ feature is a LinkedIn process through which new and existing members can import contact information from external email accounts and/or invite one or more of those contacts to connect on LinkedIn by sending connection invitations via email, including up to two reminder emails. Notably, these emails had displayed the members’ names, photographs, likenesses and/or identities, seemingly endorsing LinkedIn services.
The Plaintiffs, representing a putative class of LinkedIn members, alleged violations of: (1)
California’s common law right of publicity; (2) California’s statutory right of publicity (‘§ 3344’); (3) California’s Unfair Competition Law (‘UCL’), Cal. Bus. & Prof. Code § 17200; (4) theWiretap Act, 18 U.S.C. § 2511; (5) California’s Comprehensive Data Access and Fraud Act, Cal. Penal Code § 502 (‘§ 502’); and (6) the Stored Communications Act (‘SCA’), 18 U.S.C. § 2701. Through two separate motions to dismiss, LinkedIn obtained dismissals of the § 502, § 3334, SCA and
Wiretap Act claims, as well as portions of the UCL claims, though the remainder of the allegations survived before ultimately being settled.
Claims related to LinkedIn’s email harvesting
Plaintiffs alleged that LinkedIn’s practice of harvesting the email addresses of its users’ contacts
violated the SCA andWiretap Act. Broadly speaking, the SCA creates a private right of action for
intentionally accessing a facility through which an electronic communication is provided
without proper authorisation. The Wiretap Act generally prohibits the interception of wire, oral or electronic communications. However, consent and authorisation will preclude liability
under these respective statutes.
The United States District Court for the Northern District of California found that due to the
Rights of publicity claims
Plaintiffs further alleged that they suffered damages to their respective reputations by virtue of
the use of their names, images and likenesses in LinkedIn’s email marketing to the users’ contacts. Plaintiffs sought recovery by alleging violations of California’s common law and statutory rights of publicity. In order to establish a claim for violation of California’s
common law right to publicity, a plaintiff must plead and prove the following elements: (1) defendant’s use of plaintiff’s identity; (2) appropriation of plaintiff’s name or likeness to defendant’s advantage, commercial or otherwise; (3) lack of consent; and (4) resulting injury.1 In addition, California’s statutory right of publicity requires a plaintiff to allege: (5) a knowing use by defendant; and (6) a direct connection between the alleged use and the commercial purpose.2 Where a § 3344 violation has occurred, a plaintiff may recover an amount equal to the greater of seven-hundred and fifty dollars ($750) or the actual damages suffered due to the unauthorised use.3
The Court dismissed the statutory right of publicity claims after LinkedIn successfully argued
that the minimum statutory penalties under § 3344 compensate injuries only to feelings, not to
character or reputation, which was the only injury Plaintiffs alleged. The Court found that while the text of § 3344 contains no express requirement that a Plaintiff plead mental harm in order to claim the minimum statutory damages, the legislative history and relevant case
law support such an inference. Accordingly, the Court reasoned that dismissal of the statutory
claim was warranted, as Plaintiffs sought damages only for commercial loss resulting from
alleged reputational harm.
Initial invitation emails
The Court dismissed the initial invitation email-related claims, concluding that a reasonable user would have understood that his/her name would be used in invitations sent to his/her contacts requesting to join the LinkedIn network. Specifically, the Court highlighted the registration process in which the LinkedIn page bears the title, ‘Why not invite some
people?’ and stated, ‘Stay in touch with your contacts who aren’t on LinkedIn yet. Invite them to connect with you.’ The Court found such disclosures to be explicit. As such, the Court
concluded that Plaintiffs had consented to the dissemination of the invitation emails, finding
sufficient the combination of: (1) the disclosures, which were contained on a page that allowed
the users to de-select some or all of the prospective recipients or to ‘Skip this step’ altogether; and (2) the fact that the Plaintiffs’ explicitly chose ‘Add to Network.’
The Court was not convinced that the Plaintiffs had provided similar consent for the sending of the two reminder emails. The Court noted that nothing in the LinkedIn disclosures alerts users to the possibility that their contacts could receive two additional emails after the initial invitation. In fact, the disclosures had affirmatively stated that ‘We will not […] email anyone without your permission.’Accordingly, the Court concluded that a reasonable LinkedIn user could think that s/he authorised LinkedIn to send only the one invitation and that further
emails would require further authorisations, which users were never subsequently asked to
provide. As such, the Court found that the requisite consent to defeat Plaintiffs’ common law right of publicity claim with regard to the reminder emails was not present.
The Court reinforced the notion that obtaining express informed consent from consumers is
paramount to avoid liability in the marketing space. LinkedIn could have avoided potential liability here by obtaining authorisation to send subsequent reminder emails on behalf of its users, as it had with respect to the initial invitation emails. However, by neither disclosing to its users that these subsequent emails would be sent, as well as by affirmatively advising
the users that such further emails would not be sent without the users’ permission, LinkedIn
exposed itself to significant liability, ultimately paving the way for this class settlement.
In order to avoid exposure to similar liability, it is critically important that email and internet
marketers develop and implement practices and procedures that ensure that users are properly informed that: (1) personal information, including email addresses of contacts, will be collected, stored and potentially utilised; (2) user names, images or likenesses may be used in
endorsements; and/or (3) users will receive email, telephone calls or other marketing-related
communications. This should be accomplished through explicit disclosures at the time of sign-up, as well as further elaborated upon in Privacy Policies that are clearly written and accessible online.
1. Abdul-Jabbar v. Gen. Motors Corp., 85 F.2d 407, 414 (9th Cir. 1996).
2. Downing v. Abercrombie & Fitch, 265 F.3d 994. 1001 (9th Cir. 2001).
3. Cal. Civ. Code § 3344(a).
Source: E-Commerce Law Reports, Vol. 15, Issue 6