Author: Kim Verska
Last week in the Northern District of California, LinkedIn got a painful reminder of what might properly be called the First Commandment of Data Privacy, namely, “Thou Shalt Not Surprise Thy User with Your Use of User’s Personal Data.” In Perkins et al v. LinkedIn Corp., a group of plaintiffs brought a case against LinkedIn under California’s statute embodying the common law right to control one’s own name and likeness in public use (or “publicity rights”) based upon LinkedIn’s practice of sending second and third e-mail reminders to a user’s business contacts, after an initial email invitation to join LinkedIn was ignored. In its motion to dismiss, LinkedIn attempted to defend on a variety of bases, but last week the court allowed the case to go forward.
Other plaintiffs’ lawyers will no doubt be scouring the land for similar cases of automatic e-mails outside the control of the user, where similar statutory damages might be available under this statute in California court, so companies should examine any communications “on behalf of” their users for similar deficiencies. But in a larger perspective, this case brings home the basic lesson that underlies both the First and the Second Commandment: while US privacy laws may apply in various ways to your business, the best policy is never to do anything with a user’s data that the ordinary user would not expect or which would be an unwelcome surprise to the user. This is the surest path to a clean bill of data privacy health (and a happy user base as well).