Nearly a dozen publishers including Rodale, Conde Nast, Time, Inc. and Hearst Communications have recently been hit with potential class-action lawsuits for allegedly violating a California privacy law.
The publishers, which operate sites like RunnersWorld.com and Wired.com, allegedly failed to comply with California's "shine the light" law -- a statute enacted in 2003 that governs the sale of customer lists. The law says that companies selling customer lists must allow California residents to either opt out, or learn who is purchasing their names.
The California law specifies that businesses must make available contact information -- such as a toll-free number or street address -- for consumers who wish to learn who has purchased data about them. Businesses with brick-and-mortar storefronts in the state can give consumers the contact information in person.
But if companies that sell customer lists only have Web presences in the state, they must provide a link to a privacy policy on their home page; the first page of that link must contain a mailing address, e-mail address, toll-free telephone number, or fax number that consumers can use to discover who has bought their names.
A 2009 study by researchers at UC Berkeley and Louisiana State University found that many companies weren't in compliance with the law. For the study, researchers reached out to 112 businesses that appeared to sell customer lists and asked for information about the purchasers; only 53 companies responded.
The lawsuits allege that the publishers' sites did not contain such information in the first page of their privacy policies. In all, Web users filed 11 separate cases against the publishers in recent weeks. The defendants include Men's Journal, Reader's Digest, CBS Interactive, XO Group, Eventful, and Skymall.
A Rodale spokesperson said the company doesn't comment on pending litigation, but believes it is in compliance with the law and intends to defend against the lawsuit.
The same law firm, Edelson McGuire, is representing Web users in all of the cases, which are pending in federal court in California.
Although California's law took effect in 2005, it doesn't appear to have triggered much litigation in the past. Jay Edelson, a partner in Edelson McGuire, attributes the recent wave of lawsuits to a growing awareness of privacy issues.
People are realizing the increased importance of privacy issues," Edelson says. "Consumers are a lot better educated, and we've started to hear a lot of complaints."
The California law says that consumers who can prove violations of the law are entitled to damages of up to $3,000. At this point, however, it's not clear that consumers will have the chance to prove their allegations, given that judges in other privacy-related cases have ruled that Web users must show they were injured before proceeding in court.
The consumers allege in court papers that they were injured because their data is valuable. But judges presiding over other privacy lawsuits, including cases against Facebook, have rejected that argument.