No harm, no lawsuit

California resident Jonathan Gabrielli filed a lawsuit in federal court in New York against Insider, Inc., the operator of the online publication Business Insider, alleging that Insider violated the CIPA by installing software that collected and shared his IP address with a third party without his consent.

Judge Edgardo Ramos, an Obama appointee, dismissed the CIPA claim and distinguished the case from previous privacy lawsuits. According to Judge Ramos, Mr. Gabrielli failed to demonstrate that the disclosure of his IP address, without more, is closely related to a private matter that would be considered highly offensive to a reasonable person. An IP address is necessary for access to a website because an IP address enables a web browser to communicate with a website’s server. However, the judge said, an IP address alone does not identify an individual user and, at most, provides general geographic information, which is insufficient for legal standing.

Takeaways for website operators

Although CIPA lawsuits remain a growing concern, the Insider case suggests that at least in the federal courts in the Southern District of New York, plaintiffs must demonstrate concrete harm beyond mere data collection to establish viable claims. The court’s ruling may help establish and clarify that collecting IP addresses is not enough to establish a concrete injury under the CIPA. The decision should be helpful to those who perform routine data collection practices for website operation.

Nevertheless, to minimize the risk of CIPA violations and potential lawsuits, website operators should do the following:

• Proactively update privacy policies to clearly disclose their data collection practices.
• Obtain user consent where necessary.
• Ensure that they are being transparent about any data shared with third parties. 

Despite the Insider ruling, CIPA lawsuits remain a legal risk for common practices performed as part of website operations. Website operators should stay vigilant and monitor ongoing legal developments in privacy litigation.

The Constangy Cyber Team regularly counsels businesses of all sizes and industries on how to comply with the growing number of data privacy laws and regulations. If you would like additional information on how to prepare your organization, please contact us a cyber@constangy.com.