$5.3 Million For Alleged Address Harvesting

App Makers Reach Settlement in Data Harvesting Suit

jeanluc1429 on April 9, 2017

Opperman v. Path
$5.3M preliminary settlement – Path and several other apps allegedly collected, stored, used, and disseminated personal and private address book information in the Apple iDevice ‘Contacts’ App, without user knowledge or consent.

The case survived motions to dismiss based on the court’s determination that Apple’s ‘iOS Human Interface Guidelines’ taught developers how to access contacts irrespective of consumer consent. According to the court, there were two ways in which Apple contributed to the alleged violations:
1) Apple’s ‘iOS Human Interface Guidelines’ for app developers said, “don’t force people to give you information you can easily find for yourself, such as their contacts or calendar information.”
2) They also said, “If possible, avoid requiring users to indicate their agreement to your [end user license agreement] when they first start your application. Without an agreement displayed, users can enjoy your application without delay.”
The court felt the case involved factual issues that a jury should decide. “Fundamentally, this case is about whether Apple’s conduct and that of application developers violated community norms of privacy … A judge should be cautious before substituting his or her judgment for that of the community.”

Settlement highlights include:
• $5,300,000 non-reversionary settlement fund
• nominal damages for each class member – an amazon.com credit or postcard check (-35¢ for postage)
• $15,000 for each class representative (requested – 13 representatives for a total of $195,000)
• $1,590,000 for class counsel (requested – 30% of settlement fund)
[N.D. CA; 3:13-cv-00453]
jbho: keep an eye on your mobile developers, and make sure “privacy by design” is being implemented:

  • know what your app needs to collect, use, and share
  • know what the SDKs you’re using can collect, use, and share
  • turn off the collection/use/sharing you don’t need
  • get consent for the collection you do
  • make sure your privacy policies accurately reflect what the app is collecting, using, and sharing
  • make sure your (updated) privacy policies and app permissions are on Play / The App Store

FYI: a nice feature on Play explicitly lists the special permissions an app requires before install. For example, for the Facebook app, you see:

fb-app-permissions

I haven’t yet figured out if/how to do this on the App Store. Let me know if there’s a way.

Published by jeanluc1429

Leave a Reply

%d bloggers like this: