Moreno v. BART
Class complaint – Bay Area Rapid Transit (BART) allegedly collected personal information, device identifiers, and location data through its Watch app without user knowledge or consent. The purpose of the app was to allow BART riders to quickly and discreetly alert security personnel about safety or security concerns. However, plaintiff alleged, the app secretly collected unique cellular identifiers, periodically monitored user locations, and tracked identities of anonymous reporters. The app allegedly did not specifically request permission for such collection and use, and although mentioned (with dubious specificity) in the terms and privacy policy, those agreements were not seen by plaintiff, as the links were obscured by the keyboard on data entry screens.
Claims have been filed under California’s Cellular Communications Interception Act and Consumers Legal Remedies Act, as well as claims of Intrusion Upon Seclusion and violation of privacy rights under the California Constitution.
[N.D. CA; 4:17-cv-02911]
jbho: another complaint that uses detailed technical information to support its claims. If you are responsible for vetting apps, you might want to learn how to use these tools, or hire someone who already knows them.
Also of interest is that contract formation may be at risk because of app design. Remember that Uber may not be able to enforce arbitration provisions in its user agreement due to similar alleged design flaws. Users can’t consent to terms they don’t see.
Note also the complaint focuses on collection of IMEIs, which although not forbidden, is discouraged by Google. Another reason to question what your developers are collecting and whether you really need it.
BTW: the Watch App privacy policy (elerts.com/privacy) was updated on 26 May 2017. The complaint was filed on 22 May 2017. Curious timing…
Read more tracking cases at:
