September 29, 2011
This latest one is no exception.
Pandora, an Internet-based service that provides personalized radio stations, is facing a lawsuit over its publicly sharing individual users’ music choices and tastes.
Of course, this wouldn’t be an Internet privacy lawsuit without Facebook, which is also part of the equation.
When Pandora publicly-shared users’ music profiles (via their email addresses), it also linked their Pandora accounts to their Facebook accounts so everyone who can see a user’s Facebook profile can see what the user likes to listen to.
Oh, and it did this without any notification to users.
So what’s the big deal?
Michigan, the plaintiff’s home state, has a law that prohibits a business entity or individual that is “engaged in the business of selling at retail, renting, or lending…sound recordings or video recordings” from disclosing that exact kind of data.
“Exact kind of data” meaning any information “concerning the purchase, lease, rental, or borrowing of those materials by a customer that indicates the identity of the customer.”
Responding to customer outcry, Pandora notified its users en masse in August of 2010 that their information was publicly available, and provided instruction on how to make that data private.
As the complaint points out, however, the damage was already done, and user information was disseminated publicly for four months.
Hot Doc: Deacon v. Pandora Media Inc.
This seems like a case of Pandora’s legal department being unaware of Michigan’s law when the company started sharing user data throughout the web.
Much to the chagrin of privacy advocates, this trend of sharing user data seems to be on the rise, with more and more companies seeking to link their own websites to Facebook.
Why do this?
Is it because businesses see the Internet as an opportunity for individuals to better connect with each other in some sort of warm, sappy fellowship?
Yes…as long as they can exploit those connections to market their products and services.
Just ask Netflix, who is currently whining about a less-protective federal version of Michigan’s law.
The federal law, the Video Privacy Protection Act (VPPA), prohibits the disclosure of a user’s video rental records to anyone without the user’s consent or a warrant.
Netflix wants to integrate its services with Facebook so that you could watch movies on either site.
Netflix claims the VPPA is interfering with making this dream a reality, and has spent almost $200,000 this year in lobbying to change the law.
Naturally, if Netflix really only wanted to also let its users watch videos on Facebook, the VPPA wouldn’t stand in the way.
It also wants permission to share a user’s viewing history with his or her Friends, and, unsurprisingly, marketing and advertising firms (click here for more).
That was almost certainly the logic behind Pandora’s move, too, but these pesky consumer privacy laws keep getting in the way (according to Netflix, they are also “outdated”).
As much as I love advertising that’s been personalized to a level the envy of most stalkers, I think I’d prefer to keep my legal privacy protections.