LinkedIn has been a wildly successful social media business site for many years. It provides a free platform for millions of members to share professional experiences and for businesses to promote themselves.
However, LinkedIn’s financial success also makes it a target for lawsuits — even suits that don’t seem to make much sense.
LinkedIn Sued for Making Employment History Available
LinkedIn currently claims that it “operates the world’s largest professional network on the Internet with more than 313 million members in over 200 countries and territories.”
Its members voluntarily post their employment history (whether true, embellished, or fabricated) as an online biography or resume. This information is available both to LinkedIn members and Internet users (depending on members’ LinkedIn settings).
A lawsuit was filed on Oct. 4, on behalf of a potential class in the U.S. District Court for the Northern District of California, claiming that LinkedIn violated the Fair Credit Reporting Act (FCRA).
The basis of the suit is that “any potential employer can anonymously dig into the employment history of any LinkedIn member, and make hiring and firing decisions based upon the information they gather, without the knowledge of the member, and without any safeguards in place as to the accuracy of the information that the potential employer has obtained.” In the case of Tracee Sweet et al v. LinkedIn, the plaintiffs allege that LinkedIn does the following:1) fails to comply with the certification and disclosure requirements mandated by the FCRA for credit reporting agencies who furnish consumer reports for employment purposes,
2) fails to maintain reasonable procedures to limit the furnishing of consumer reports for the purposes enumerated in the FCRA and to assure maximum possible accuracy of consumer report information, and
3) fails to provide to users of the reference reports the notices mandated by the FCRA.Given LinkedIn’s business model of members voluntarily posting their own personal employment history, it is hard to believe that there are FCRA violations, so this will be an important case to follow. The next step is for the court to agree that the class should be created (certified) before the case proceeds, or dismiss the case.
Update on 2013 Lawsuit Over LinkedIn Harvesting Email
Perkins et al v. LinkedIn, filed on Sept. 17, 2013, in U.S. District Court for the Northern District of California, alleges the following:LinkedIn intentionally and knowingly created and developed this deceptive advertising scheme to improperly use the names, photographs, likenesses, and identities of Plaintiffs for the purpose of generating substantial profits for LinkedIn.
LinkedIn harvests member email accounts of Yahoo Mail, Microsoft Mail and Google Gmail, …
When a new member signed up for LinkedIn, LinkedIn asked for that new user’s external email address. This request is made without any warning of what the email address will be used for.Although some of the claims make no sense to me, in the lawsuit the plaintiffs allege that among other things LinkedIn “breaks into its user’s third party email accounts” and: “When users sign up for LinkedIn they are required to provide an external email address as their username and to setup a new password for their Linkedln account. LinkedIn uses this information to hack into the user’s external email account and extract email addresses. If a LinkedIn user leaves an external email account open, LinkedIn pretends to be that user and downloads the email addresses contained anywhere in that account to Linkedln’s servers. Linkedln is able to download these addresses without requesting the password for the external email accounts or obtaining users’ consent.”At the beginning of the lawsuit, LinkedIn filed motions to dismiss all claims brought by the plaintiffs. On June 12, Judge Lucy Koh granted two of LinkedIn’s motions to dismiss the lawsuit, since she did not believe that LinkedIn violated the Federal Wiretap Act, the 1986 Stored Communications Act (SCA) and California’s Comprehensive Computer Data Access and Fraud Act (CDAF) (Section 502 of the California Penal Code).
The SCA restricts ISPs from disclosing information about it customers without their consent in civil matters, and the CDAF is a state law that restricts use of online data.
As generally occurs when motions to dismiss are granted, Judge Koh allowed the plaintiffs the opportunity to amend the lawsuit to fix deficiencies in the complaint, so just because the two claims were dismissed does not mean the issues are resolved.
Two claims that Judge Koh did not dismiss include the common law right of publicity, which “challenges LinkedIn’s use of users’ names in the endorsement emails” and the California’s Unfair Competition Law, which broadly prohibits “any unlawful, unfair or fraudulent business act or practice.”
There has been more action since the judge’s order in June. On Sept. 18, the plaintiffs revised their complaint, alleging violations of SCA and CDAF again; and on Oct. 13, LinkedIn filed its motion to dismiss the SCA and CDAF claims in the revised complaint, which is being considered by Judge Koh. So there are still a lot of moving parts, and this LinkedIn case is long from being over.
Given the widespread proliferation of personal data strewn about in social media, no doubt we will continue to see litigation challenging social media sites’ commercializations of user data.