New MacBook Pros are here! Get the lowest prices anywhere: Apple Price Guides updated Aug 19th (exclusive coupons)
 


Tuesday, May 10, 2011, 03:20 pm PT (06:20 pm ET)

Apple, Pandora, Backflip sued over iPhone data privacy

A new lawsuit has been filed against Apple and two third party app developers, Pandora Media and Paper Toss maker Backflip Studios, claiming damages for users over allegations that their unauthorized private data was used to deliver targeted ads.

The case, filed in New York on behalf of Jarret Ammer by Peter Cambs of the Parker Waichman Alonso law firm, appears to be similar to a case filed in San Jose, California, last December.

Like the previous suit, the new complaint appears to be patterned directly upon a Wall Street Journal article which highlighted mobile apps as using the same kind of anonymous user tracking "cookies" that conventional web ad networks use to improve the relevance of display ads.

The difference between the two cases involving smartphone apps and traditional web cookies is that smartphones have a Unique Device ID (UDID) that advertisers can reliably associate with a given user, and which may be linked with location data collected as the user carries the device.

The suit notes that "Apple certainly understands the significance of its UDID and users' privacy, as, internally Apple claims that it treats UDID information as 'personally identifiable information' because, if combined with other information, it can be used to personally identify a user."

However, the complaint also says Apple "does not provide users any way to delete or restrict access to their devices' UDIDs," and that while the company has set up policies to prohibit and remove any apps that "collect and send device data to a third party for processing or analysis," it continues to collect data allegedly collected from users without their consent.

The suit specifically notes that two apps described by the Wall Street Journal article are collecting data but not providing any "location based services" as outlined in the terms of service distributed with iPhone and iPad devices.

"None of these Defendants adequately disclose to Plaintiff and members of the proposed Class that they are transmitting such information to third-party advertising networks," the complaint states. "Plaintiff and members of the proposed class were harmed by Defendants' actions in that their personal, private information was obtained without their knowledge or consent."

The suit adds that Apple "aided and abetted" third party software developers by giving them "substantial assistance," opening the company up to liability for other defendant's torts. It also notes that because Apple is in a joint venture with third party developers, it is "thus legally responsible for the tortuous conduct alleged."

The complaint states that by "accessing and transmitting UDID and location data on the [smartphone] computer of Plaintiff and members of the proposed class, Defendants have accessed Plaintiffs' computer … in excess of the authorization" of those users, alleging that the defendants have violated the Computer Fraud and Abuse Act and New York Computer Crime Law.

The suit says the transmission of users' device IDs and location data "caused harm aggregating at least $5,000 in value," and seeks "recovery for this loss, as well as injunctive relief, to prevent future harm."

The suit also alleges that Apple and its developers have violated general business law related to "unconscionable and deceptive conduct" as well as "trespass to personal property" and taking property "in the form of information that is private and personal."