Social-networking site LinkedIn has been sued for violating users' privacy by allegedly leaking information about them to advertisers. In a complaint filed Friday with the U.S. District Court for the Northern District of California, San Francisco resident Kevin Low alleges that LinkedIn enabled ad networks and other third parties to discover his name and connect it to tracking cookies.
"Had he been given the choice, Mr. Low would not have disclosed his personally identifiable browsing history to third parties," he alleges. "Mr. Low was embarrassed and humiliated by the disclosure of his personally identifiable browsing history."
Low is seeking class-action status. A LinkedIn spokesperson said the company had not yet been served with a complaint, but knows about the case and believes it lacks merit. "We will defend ourselves vigorously," the spokesperson said.
As with recent lawsuits against Facebook, the allegations against LinkedIn stem from the information in the referrer headers LinkedIn transmits to other sites. Low alleges that the referrer headers sent by LinkedIn include a unique identifier attached to a persistent LinkedIn cookie. The complaint also alleges that the unique identifiers allow users' names to become known.
Low argues that LinkedIn violated federal wiretap laws and various California state laws. He also alleges that LinkedIn violated its privacy policy, which says that the company does not reveal users' names to advertisers without consent.
The lawsuit includes some sweeping factual allegations, including one implying that marketers are incorporating users' entire clickstream histories into profiles used for ad targeting. "Anyone who has used the Internet to discreetly seek advice about hemorrhoids, sexually transmitted diseases, abortion, drug and/or alcohol rehabilitation, mental health, dementia, etc., can be reasonably certain that these sensitive inquiries have been captured in the browsing history and incorporated into a personalized profile which will be packaged for sale to marketers," the complaint alleges.
The source of that allegation isn't clear. In general, however, companies that use cookies for online behavioral advertising typically only capture data about a limited number of sites that are in publisher networks. In addition, many behavioral targeting companies avoid incorporating sensitive information in profiles.
Facebook recently filed papers asking U.S. District Court Judge James Ware in San Jose to dismiss a lawsuit alleging that it leaked users' names to advertisers. Among other arguments, Facebook says the case should be thrown out because consumers who are suing don't allege that they suffered any tangible loss. That motion is pending.