AOL Joins Class-Action Club
AOL has been officially initiated into the class-action lawsuit club. Congrats, AOL!
TechCrunch broke the news that three AOL users have filed a class action lawsuit against AOL in California on Friday in response to last month’s privacy breach. According to the filing (PDF), the suit seeks no less than $1000 in damages per user effected and $4,000 per effected California user. I guess that’s the going rate for privacy these days, seems a little cheap to me (though this could be a $658,000,000+ bill for AOL).
There’s a few very interesting things about this suit.
First, how will the courts determine what qualifies an “effected user”? Whose job will it be to identify all 658,000 affected users? To my knowledge, only one person has been identified by name. Will this suit require that everyone be identified by name and have their search history entered into evidence? If so, isn’t that a bigger injustice? I will be very interested to see how this suit will go about identifying its class, and how many users will come creeping out of the woodwork claiming to have been victimized.
Making matters more complicated is that not everyone suffered the same privacy violation. Does just having your name mentioned in AOL’s data make you privy to some of the settlement, or should only those who had credit card numbers or passwords revealed be made part of the suit? What happens to users who were victims of identify theft thanks to AOL’s debacle (are there any)? Do they get more? Surely, some of the 658,000 users will be left unidentified. Are they just forgotten? I think user identification will be the hardest part of the plaintiff’s case.
Second, in addition to cash payments, the suit also demands that AOL not be allow to retain search results for any amount of time, for any purpose. Though everyone would appreciate more transparency regarding how long AOL (and GYM) keeps this data and who has access to it, forbidding them from holding on to it for any amount of time seems somewhat extreme and potentially damaging to the AOL engine. There are good reasons for AOL to hold on to some user data, if only for users own safety.
I’m not too worried about this one. I don’t think the United States government would ever embrace the idea of search engines NOT holding on to their data. It’s too valuable, and I’m not talking about its value to AOL…
Third, it’s only been a little more than a month since the AOL data was leaked. If users participate in this suit, what recourse will they have down the road should someone misuse their identity based on what was released? Should users worried about the long-term effects of his leak opt-out of this suit and leave themselves open for future suits? IF you’re one of the users who had credit card numbers or other very personal information revealed, settling now for damage that may occur in the future seems like a risky venture.
The final point of interest for me comes from page seven of the filing itself [emphasis added]:
“As of the date of this complaint it is the understanding of plaintiffs and their counsel that AOL has not done anything to help the members whose personal sensitive and confidential records were released to the public by AOL. AOL members who sought assistance from AOL about the disclosure of the Member Search Data were not offered any assistance. AOL’s only response, if any, was to offer the victimized member a free month of AOL service, a service which AOL is now offering for free.”
While that’s probably not 100 percent accurate (there were those
public beheadings firings after all), did AOL seriously offer uses a free month of AOL as a way of making up for releasing all their search data? If so, that’s completely insulting and arrogant.
This suit will definitely be one to watch. If the users named in this case are successful, it could lead to future trouble for Google, Yahoo! and Microsoft.