According to court documents filed last week, Netflix has agreed to change its data storage practices and pay about $9 million to settle allegations that it unlawfully retained and disclosed customers’ video-viewing histories. Specifically, Netflix agreed to decouple viewing history from identification information once users have been inactive for a year; to pay $30,000 to the class representatives; to pay up to $2.25 million to class counsel; and to give the remaining funds to nonprofit organizations that provide privacy-related education. The proposed settlement agreement has been submitted to the court for preliminary approval.
The injunctive remedies, cy pres relief, and sizable award to class counsel in In re Netflix Privacy Litigation are consistent with settlements reached in earlier privacy-related lawsuits. For example:
- Nguyen v. Metacafe. To settle allegations over the use of “Flash cookies” (i.e., local shared objects stored in the memory of Adobe’s Flash Player plugin), Metacafe agreed to reimburse class members up to $250 for out-of-pocket expenses; to not use Flash cookies for storing user information absent adequate disclosure; to not use Flash cookies for respawning HTTP cookies; to cease transmitting user IDs to third parties such as comScore; to allow users to cancel their accounts; and to pay $7,500 to the class representatives and $375,000 to class counsel.
- Hillman v. Ringleader Digital, Inc. As we previously noted, to settle claims that it unlawfully used HTML5 to track users’ online activities, Ringleader Digital agreed to work with the Mobile Marketing Association on industry standards; delete information collected from users who opted out of tracking; improve its disclosures informing users about how to opt out; and pay $30,000 to the named plaintiffs and $670,000 in attorneys’ fees.
- In re Clearspring Flash Cookie Litigation and In re Quantcast Advertising Cookie Ligitation. As discussed in an earlier post, to settle allegations over “Flash cookies” being used to track browsing activity, Clearspring and Quantcast agreed to pay $2.4 million to a nonprofit dedicated to promoting privacy awareness. The publishers who used Clearspring’s and Quantcast’s analytics services agreed to recommend amendments to industry self-regulatory principles to prohibit using Flash cookies for respawning; provide a link to an opt-out tool for behavioral advertising; and disclose their use of Flash cookies on their sites.
- Lane v. Facebook. To settle allegations that its Beacon program unlawfully disclosed personal information, Facebook agreed to terminate Beacon and establish a $9.5 million settlement fund. The court ultimately awarded about $36,000 to the class representatives and $2.4 million to class counsel, with the remaining funds to be used for the creation of a new privacy foundation. That initiative remains on hold pending the resolution of certain objectors’ appeal to the Ninth Circuit.
Additionally, in the last few months a number of retailers have agreed to settle putative class actions alleging illegal collection of ZIP code information under California’s Song-Beverly Act:
- Bed Bath & Beyond agreed to provide class members with either a $7 gift card or a discount certificate for 15% off a purchase of up to $250; pay $3,000 to the class representative; and pay up to $200,000 to class counsel.
- Lowe’s agreed to pay a total of $2.9 million, a figure which includes a $9 gift card to class members; $5,000 each to the lead plaintiffs; $750,000 to class counsel; and up to $300,000 to the arbitrator.
- Tiffany and Co. agreed to provide a voucher for either $10 off or free engraving to class members; $142,000 in attorneys’ fees to class counsel; and $2,000 to the class representative.
The Supreme Court’s forthcoming decision in Edwards v. First American Bank could alter the settlement calculus in other privacy-related lawsuits if the Court finds that an alleged statutory violation is sufficient to create Article III standing. We will be following developments closely.