This is a lawsuit against LinkedIn alleging that LinkedIn wrongly sent out repeated invites to users’ contacts. In an initial ruling, Judge Koh denied LinkedIn’s request to dismiss on the grounds of standing but dismissed the federal claims for alleged violations of the Stored Communications Act and the Wiretap Act. The court said that Plaintiffs consented to the initial invitation email but not the second and third emails. (Blog post on the previous ruling here.) The plaintiffs’ second amended complaint drops the federal claims and alleges violations of publicity rights and California’s unfair competition statute. While the court finds some technical deficiencies with plaintiffs’ pleading, it still declines to dismiss the crux of the case.
The sign-up process: The court walks through the sign-up process in detail. Shockingly, LinkedIn does not have a check-the-box implementation for its sign-up process. Rather than forcing users to check the box as a condition of proceeding, LinkedIn merely includes an asterisk next to a “join linkedin” button that directs the user to a line at the bottom of the page that then link to the relevant policies.* After confirming that the user wishes to “grow their network on LinkedIn,” the user is then directed to the third party email provider page (e.g., Google, Microsoft, and even AOL) where the user then enters in their email password. The court’s run-down of the process vis-a-vis various other platforms is interesting, as the platforms vary in their presentation and amount of control they say they provide to users. The user enters their password and then can connect with those of their contacts who already have LinkedIn accounts and can also urge those who do not have accounts to sign-up and ultimately connect with them on LinkedIn.
[* Note: we have repeatedly blogged about cases where large, established companies have a less-than-airtight sign-up process, which results in all sorts of entirely avoidable legal issues. Zappos was one of the more prominent examples, but there have been others. I didn’t check to see if they revised their sign-up process, but if not, that is something LinkedIn should take care of ASAP.]
Reminder emails: The court also describes the reminder emails in detail. The first email is an “invitation to connect”; the body says “I’d like to add you to my professional network on LinkedIn.” If this email does not result in the recipient joining, a reminder email is sent. This is titled “reminder about your invitation from [user’s name].” Finally, LinkedIn sends a second reminder. For some reason, the second reminder email includes the user’s profile picture.
The plaintiffs describe the difficulty in stopping these reminder emails. Apparently, you have to “individually open up each invitation from within his or her LinkedIn account . . and click a button that allows the user to withdraw that single invitation.” Plaintiffs further point to the complaints users have raised (for example):
at this point I’m finding LinkedIn more of a problem in terms of hurting my reputation rather than helping it.
Ouch. Plaintiffs also point to the various representations LinkedIn made about “respecting users’ privacy” and that LinkedIn would “not email anyone without your permission.” Finally, Plaintiffs pointed to statements in LinkedIn’s filings and corporate materials to the effect that this type of network-based emails along with reminders continue to be an important way for LinkedIn to grow its user base.
LinkedIn raised three defenses, none of which resolve the lawsuit.
Statutory damages under section 3344: First, LinkedIn argued that plaintiffs were not entitled to statutory damages under California’s publicity rights statute because they did not allege emotional damages. The court agrees, and says that while economic damages and reputational harm are available as actual damages, the statutory damage provision was aimed to provide relief to non-celebrity plaintiffs who suffered mental harm from commercial misappropriation of their name. While emotional injury that results from reputational harm is sufficient, plaintiffs did not allege emotional injury. Because plaintiffs only asked for statutory damages and did not allege emotional injury, the court dismisses this claim, but grants leave to amend.
CDA 230: LinkedIn also raised a Section 230 argument, saying that the emails were third party (i.e., users’) content. The court disagrees, crediting plaintiffs’ allegation that LinkedIn was responsible for the content, layout, and design of the reminder emails and cannot take refuge in Section 230. The court focuses on the fact that LinkedIn decided how many emails to send and things like whether or not to include the users’ picture in the email. According to the court, the textual differences in the second and third email also point in the direction that LinkedIn ultimately controlled the content (or, as the court intimates without saying directly, made material changes to content provided by the user).
First Amendment: The court also rejects LinkedIn’s First Amendment defense. First, LinkedIn argued that the reminder emails are non-commercial speech, subject to the full protections of the First Amendment. The court disagrees. Second, LinkedIn argued that even assuming the emails are commercial speech, plaintiffs can only state a right of publicity claim when their likeness is used to promote an “unrelated product”. The court says neither the publicity rights statute nor common law contain such a limitation. Finally, LinkedIn argued it’s entitled to the “adjunct use” rule, where the commercial promotion is incidental to the protected expression. No luck on this score either.
[Finally, the court also rejects the “incidental use” argument, which seems vaguely similar to a fair use argument.]
LinkedIn is doing its best to whittle down this lawsuit, and perhaps it may still succeed, but the court’s order seems to indicate that there’s a cognizable claim buried in there. Auto-posts and emails sent on behalf of users that they can’t control are terrible behavior on the part of networks. Not giving users granular control over these emails just feels like LinkedIn was trying to get cutesy.
Publicity rights in California have turned into a sleeper hit for plaintiffs. (See, e.g., Fraley.) It’s interesting to see the positions reversed here, with the defendant seeking support in an argument premised on plaintiffs’ failure to allege emotional damages. Usually defendants are taking plaintiffs to task for not alleging and having support for economic damages. I’m not sure what to make of the statutory damages provision of section 3344. It would seem trivially easy for plaintiffs to allege that they suffered emotional harm as a result of seeing their network reputation suffer, and the court even alludes to the fact that emotional injury that results from reputational harm is sufficient.
As with all privacy lawsuits, this one is no different in citing to defendant’s flowery marketing assurances—there’s always plenty to choose from.
I don’t think there’s much to say about the First Amendment rulings. The First Amendment defenses did not seem particularly strong to begin with, and I’m surprised the court gave it as much attention as it did. As for the Section 230 defense I agree with Eric’s comments below–it smacked of desperation, or an after-the-fact justification that was not considered at the design phase.
Eric’s Comment: I hate to Section 230 losses but I can see why Judge Koh ruled as she did. She explains about the first and second reminder emails:
Contrary to Defendant’s assertions, then, the first reminder email appears to transform the substance of the initial invitation email from “Do you want to connect with me?” to “You never responded to the user’s first invitation so let us ask you again, do you want to connect with her?” The second reminder email is arguably more transformative still, as the substance changes from “Do you want to connect with me?” to “You never responded to the user’s first invitation or to our reminder concerning that invitation, so let us ask you for a third time, do you want to connect with her?”20 It is precisely this changed character of the reminder emails—from invitation at first to potentially annoying by the end—that the Court found could contribute to the additional harm the reminder emails allegedly caused.
As she summarizes later:
Plaintiffs allege that LinkedIn generated the text, layout, and design of the reminder emails and deprived Plaintiffs any opportunity to edit those emails, which Plaintiffs had no knowledge were being circulated on their behalf.
Perhaps LinkedIn prospectively thought it could rely upon Section 230 for these circumstances, but I doubt it. Instead, I suspect the Section 230 defense emerged only in desperation.
Case citation: Perkins v. LinkedIn, 13-CV-04303-LHK (N.D. Cal. Nov. 13, 2014)
Email Harvesting: Repeated Emails From LinkedIn May Violate Publicity Rights
Path May Be Liable for Text-Spamming Users’ Contact Lists
Facebook’s “Browsewrap” Enforced Against Kids–EKD v. Facebook
Wiretap Claims Against Gmail Scanning Survive Motion to Dismiss — In re: Google Inc. Gmail Litigation
Court Rules That Kids Can Be Bound By Facebook’s Member Agreement
Facebook Sponsored Stories Settlement Approved – Fraley v. Facebook
Judge Seeborg Rejects Sponsored Stories Settlement For Now — Fraley v. Facebook
Facebook “Sponsored Stories” Publicity Rights Lawsuit Survives Motion to Dismiss–Fraley v. Facebook
Court Blesses Instagram’s Right to Unilaterally Amend Its User Agreement–Rodriguez v. Instagram
Privacy Plaintiffs Lose Because They Didn’t Rely on Apple’s Privacy Representations — In re iPhone App Litigation