Friday, October 11, 2013
One of the dangers of constructive contractual consent (a foundational principle of wrap contract doctrine) is that it might be used to prove statutory consent and thereby strip unknowing consumers of rights provided by law. Scholars such as Wayne Barnes and Woody Hartzog have argued that constructive contractual consent can undermine privacy protections provided by federal law. While there aren’t too many federal laws protecting consumer privacy, the ones that do exist generally provide that a practice is permissible if consumers consent. Google raised that very argument recently in its defense to a lawsuit that claimed that Google’s practice of scanning users' emails violated federal and state wiretapping laws.
The Wiretap Act, as amended by the Electronic Communications Privacy Act, prohibits the interception of “wire, oral, or electronic communications,” but it is not unlawful “where one of the parties to the communication has given prior consent to such interception.” Plaintiffs argued that Google violated the Wiretap Act when it intentionally intercepted the content of emails to create profiles of Gmail users and to provide targeted advertising. One of Google’s contentions was that Plaintiffs consented to any interception by agreeing to its Terms of Service and Privacy Policies. The court states:
“Specifically, Google contends that by agreeing to its Terms of Service and Privacy Policies, all Gmail users have consented to Google reading their emails.”
Yes, that’s right-- Google is arguing that by agreeing to its Terms of Service and Privacy Policies, you – yes YOU Gmail user – have agreed to allow Google to read your email!
Even more alarming, Google claims that non-Gmail users who have not agreed to its Terms of Services or Privacy Policies have impliedly consented to Google’s interception when they send email to or receive email from Gmail users.
Thankfully, Judge Lucy Koh is nobody’s fool. Without stepping into the muck and goo of wrap contract doctrine, she notes that the “critical question with respect to implied consent is whether the parties whose communications were intercepted had adequate notice of the interception.” Then she does something astounding , admirable and all-too-rare - - she interprets adequate notice in a way that actually makes sense to real people:
“That the person communicating knows that the interception has the capacity to monitor the communication is insufficient to establish implied consent. Moreover, consent is not an all-or-nothing proposition.”
Even with respect to Gmail users, she notes that “those policies did not explicitly notify Plaintiffs that Google would intercept users’ emails for the purposes of creating user profiles or providing targeted advertising.”
Judge Koh’s nuanced opinion reveals an understanding of online consent that’s based on reality. She notes that that “to the extent” that the user has consented to the Terms of Service, it is “only for the purposes of interceptions to eliminate objectionable content,” not for targeted advertisements or the creation of user profiles. She analyzes the contract from the standpoint of a reasonable user, rather than blindly following the all-or-nothing-constructive consent model mindlessly adopted by ProCD-lemming courts.
The opinion states that “it cannot conclude that any party – Gmail users or non-Gmail users- has consented to Google’s reading of email for the purposes of creating user profiles or providing targeted advertising.” I think most reasonable people - Gmail users and non-Gmail users alike – would agree.