In 2012, The New York Times and others reported that Silicon Valley companies had been accessing iOS address books without users’ knowledge or consent. These practices raised questions and concerns in Congress and at the Federal Trade Commission – and also caught the attention of customers. The FTC filed a complaint, charging that the user interface in mobile social media network Path's iOS app was misleading and provided consumers no meaningful choice regarding the collection of their personal information.
A putative class action lawsuit on behalf of 7 million users against Twitter, Yelp, Instagram, Foursquare Labs, and other Silicon Valley companies followed, alleging that the apps engaged in "unconscionable, illegal practices" because iOS users' contacts had been "accessed and stolen." The claimants had downloaded the companies’ iOS apps on their Apple devices and activated the “Add Friends”, “Find Friends”, or “Suggested Friends” feature, whichever variation was offered, between 2009 and 2012. Then, the claimants allege, the apps, without informing them or obtaining consent, accessed iOS address books and calendars.
The claimants allege that all the companies’ iOS applications were designed to unlawfully upload and disseminate users’ personal information, though the involvement of each mobile application varied both in nature and when the iOS address books were accessed without permission. The damages requested by each member of the class action were in the hundreds of thousands of dollars.
The defendants argued that the customers were validly notified and had legitimately consented, but U.S. District Judge Jon Tigar refused to dismiss the class action, holding that the plaintiffs adequately alleged that they had relied on Apple’s advertisements and representations touting device security, and that the apps invaded their privacy by improperly collecting contacts from address books. The Judge also denied Yelp's motion for summary judgment, explaining that there were factual issues at play that a jury should decide.
After five years of controversy, the lawsuit is likely to result in a consolidated $5.3 million settlement agreement by most but not all of the defendants (a lawsuit about Apple’s alleged misrepresentation is pending). 70% of the settlement would go to the class action members, averaging to about 53 cents per class member. However, since some class members may be entitled to more than others, the settlement would allocate payment based on the number of people who submit claims and the number of apps claimed by each member. All unclaimed funds will be donated to the Electronic Frontier Foundation.
However, Judge Tigar still needs to approve the deal. The Judge, who is expected to consider the fairness and legality of the deal, may consider recent cases like Facebook’s $20 million settlement over the unauthorized use of 124 million Facebook users' likenesses in "sponsored stories" advertisements, Google’s $9 million settlement for divulging 62 million users' search terms, and Google’s $8.5 million settlement for affecting 37 million Gmail users’ privacy in Google Buzz. All of these cases relate to practices that the FTC consider unfair, abusive, or disproportionate due to breach of a privacy expectation or right, and all of these cases have resulted in settlements. However, in these past cases, the companies also agreed to make relevant changes in their practices and terms and conditions and employ privacy risk audits – elements that have not been agreed upon in this settlement. The hearing on the motion for approval of the settlement is scheduled for May 25, 2017.