Home > Legal Library > Article




Join Matindale-Hubbell Connected


Data Breach Lawsuit against LinkedIn is Dismissed for Lack of Standing.




by:
Eric A. Packel
Marshall Dennehey Warner Coleman & Goggin, P.C. - Philadelphia Office

 
October 21, 2013

Previously published on October 18, 2013

re LinkedIn User Privacy Litig., 2013 U.S. Dist. LEXIS 31131 (N.D. Cal., 3/6/13)

After a hacker obtained 6.5 million passwords and email addresses from LinkedIn (the professional networking site), two of its users brought a putative class action claiming that LinkedIn had misrepresented its level of security. However, the plaintiffs ran into a threshold problem seen in many data breach cases: Article III standing.

Among the requirements for standing in any case brought in federal court is that the plaintiff must allege an injury in fact that is concrete and particularized, as well as actual and imminent. Without standing, there is no case in controversy, and the court lacks subject matter jurisdiction.

In the LinkedIn matter, the plaintiffs argued they had standing to sue under an economic harm theory. The plaintiffs claimed they paid to be “premium” LinkedIn users (as opposed to the free account) and did not receive the benefit of the bargain since LinkedIn failed to protect its information.

In dismissing the complaint for lack of standing, the court noted that LinkedIn did not have a different privacy policy or user agreement for premium members. In other words, any promises made by LinkedIn as to privacy were the same for both basic users and premium users. Thus, although paying for premium membership may have provided for advanced capabilities on the LinkedIn site, a user did not pay for any particular level of security.

Further, the fact that one of the plaintiffs’ passwords was posted on the Internet did not amount to a legally cognizable injury. In other words, there were no allegations of actual identity theft or fraudulent use of the information. Accordingly, the court held that the plaintiffs failed to meet the requirements of Article III standing.

Of course, the plaintiffs will continue to push for class action status in the wake of mass data breaches that expose personal information. However, without actual harm, the mere exposure of personal information is generally not enough, and such cases are subject to dismissal for lack of standing.



 

The views expressed in this document are solely the views of the author and not Martindale-Hubbell. This document is intended for informational purposes only and is not legal advice or a substitute for consultation with a licensed legal professional in a particular case or circumstance.
 

View More Library Documents By...

 
Author
 
Eric A. Packel
Marshall Dennehey Warner Coleman & Goggin, P.C.
 
Philadelphia Office
Practice Area
 
Internet Law
Litigation
 
Marshall Dennehey Warner Coleman & Goggin, P.C. Overview