Judge tosses online privacy case (Northwest Airlines website)

CNet ^ | June 16, 2004, 4:00 AM PDT | Paul Festa

[FourPeas]

The dismissal of lawsuits brought against Northwest Airlines has online privacy advocates renewing calls for federal privacy legislation.

In a decision dated June 6, U.S. District Court Judge Paul Magnuson ruled that seven consolidated class action lawsuits against Northwest had no merit--in part because the privacy policy posted on the airline's Web site was unenforceable unless plaintiffs claimed to have read it. The plaintiffs had contended that the airline, in giving passenger information to the government in the wake of the Sept. 11, 2001, terrorist attacks, violated laws and its own privacy policy.

"Although Northwest had a privacy policy for information included on the Web site, plaintiffs do not contend that they actually read the privacy policy prior to providing Northwest with their personal information," Magnuson noted. "Thus, plaintiffs' expectation of privacy was low."

Privacy advocates assailed that part of the decision, saying it rendered Web site privacy policies all but unenforceable.

"I don't think it's relevant whether or not they actually read the privacy policy first," said Lee Tien, senior staff attorney for the Electronic Frontier Foundation (EFF) in San Francisco. "Think of all the 'fine print' we run into every day--warranties and the like. Rather than focus on what the plaintiffs actually read, we should focus on what Northwest said it would do."

"The rationale the court uses calls into question the assurances of any policy posted on any Web site," said David Sobel, general counsel for the Electronic Privacy Information Center (EPIC) in Washington, D.C.

Northwest shared passenger information with the National Aeronautical and Space Administration (NASA) for its research into improving airline security following the terrorist attacks of Sept. 11, 2001.

According to the plaintiffs, Northwest violated its privacy policy, the Electronic Communications Privacy Act, the Fair Credit Reporting Act and Minnesota's Deceptive Trade Practices Act by giving NASA passenger name records, which include not only passengers' name but also their flight numbers, credit card information, hotel and car rental reservations, and names of traveling companions.

The EFF's Tien and other privacy advocates said the decision illustrated the inadequacy of U.S. privacy law.

"This decision is precisely why so many advocates call for consumers to be given a right to sue for privacy breaches," said Ray Everett-Church, chief privacy officer for the ePrivacy Group. "This decision tells companies that promises they make in privacy policies can be ignored because the people who are harmed have little legal basis for complaining."

EPIC's Sobel agreed, saying the decision undermined marketers' claims that industry is capable of regulating itself when it comes to consumers' privacy.

"The online industry has always made the argument that there's no need for legislation protecting online privacy, that through privacy policies and self-regulation they're able to give people the protections they need," Sobel said. "This decision really underscores the fact that there appears to be no enforceable protection in place."

Church said the decision would not prevent the Federal Trade Commission from acting against the airline or a Web site vendor that violated its posted privacy policy. Last week, the FTC promised that at least one such action was coming down the pike.

Attorneys for the plaintiffs, asked whether they planned to appeal, did not return calls.

[FourPeas]

Fascinating.

[inquest]

...has online privacy advocates renewing calls for federal privacy legislation.

To protect us from the federal government? Fascinating indeed. The logic, that is.

[cynwoody]

Guess that means EULAs are invalid, right? Just say you didn't read it. They'll have to make you pass a multiple choice comprehension test on the contents of the agreement before granting a license. That ought to cut down on sales!

[NetValue]

America ia a mess. We cannot get our act together in fighting terrorism because we are way too concerned over BS like this.

[B4Ranch]

TSA: Airlines disclosed more passenger data than previously thought

By Chris Woodyard, USA TODAY

The airline industry shared with the government more personal information about passengers than previously acknowledged, a U.S. Senate committee was told Wednesday.
Four airlines and two reservations companies turned over the data to private contractors working for the government as it tested a computerized background-checking system for airport security, said David Stone, acting chief of the Transportation Security Administration.

Stone testified before the Senate Government Affairs Committee at a hearing on his pending nomination as TSA administrator. Critics say the revelations confirm widespread violation of passenger privacy rights by the airlines and the government.

Stone named Delta, Continental, America West and Frontier and reservation systems Sabre and Galileo International as having shared data. The data included credit card numbers, travel reservation information, addresses, phone numbers and special meal requests, which can give hints about religion or ethnicity.

The latest disclosures follow the furor that erupted last year when JetBlue acknowledged sharing 1.1 million passengers' records with the government without informing its customers. The airline apologized.

In January, Northwest Airlines confirmed it gave similar data to NASA for a project on aviation security. American Airlines was named in April as the latest airline having shared passenger data.

Privacy advocates expressed dismay. Barry Steinhardt, director of the ACLU's technology and liberty program, said his group predicted "a clean sweep" of sharing by all the major airlines when disclosures were complete.

"And it's pretty much true," Steinhardt said. "The TSA simply cannot be entrusted with private information on the 100 million Americans who fly every year."

Marc Rotenberg, executive director of the Electronic Privacy Information Center, said the disclosures fly in the face of TSA assurances that no other airlines were involved.

The government has been trying to obtain passenger data to try to perfect a new passenger-screening project. But the project, the Computer Assisted Passenger Prescreening System or CAPPS II, has been dogged by questions about fairness and privacy.

Delta Air Lines spokesman John Kennedy said the airline complied with a legal directive to provide the information to the Secret Service during the Winter Olympics in Salt Lake City in 2002. He said the airline didn't violate its privacy policy.

America West and Frontier denied Wednesday directly sharing information with the government, but both said it could have come from a vendor that handles its reservations system.

Continental didn't respond to a request for comment.

http://www.usatoday.com/travel/news/2004-06-23-passenger-data_x.htm?csp=14