Here’s what the suit is about and what you need to know.
LinkedIn Class Action Lawsuit: What It’s All About
There are several class action cases currently pending against LinkedIn – there’s a summary of the other ones below.
The case that settled is, In re LinkedIn User Privacy Litigation. (See the Complaint here). It was filed as a class action by users for unfair business practices, breach of contract, and negligence. The claim is that LinkedIn broke its promise to protect all the information that users provided to LinkedIn using industry standard protocols and technology. The promises are set out in LinkedIn’s Terms of Service and Privacy Policies.
The lawsuit was filed as a class action lawsuit on behalf of LinkedIn users for unfair business practices, negligence, and breach of contract. The complaint claims LinkedIn broke its promise to users, as set out in their own User Agreement and Privacy Policies, to “utilize long-standing, industry standard protocols and technology” to protect users’ personally identified information, or PPI.
Then in June 2012, LinkedIn was breached by hackers, who published 6.5 million usernames and passwords online.
The lawsuit asserts that LinkedIn’s privacy and data protections did not meet the industry standards because the hackers were able to break in and and copy the supposedly “private” data stored by LinkedIn.
For this violation of its own legally enforceable policies (the same ones LinkedIn sues everyone else when LinkedIn thinks they are violated), LinkedIn has agreed to pay $1.25 million from a settlement fund created for this purpose (after associated costs). LinkedIn also has agreed, in settling this class action motion, to change and improve the way they protect personally identifiable user data.
Then in June 2012, hackers published 6.5 million LinkedIn user passwords online.
The settlement involves LinkedIn paying money and also agreeing to change and improve the way they protect user data.
What Does The LinkedIn Lawsuit Have to Do With You?
The case was filed as a class action. This means that a few people get together with a lawyer and bring a lawsuit for themselves and everybody else in the same situation. Only some types of claims can be filed as class actions. It basically depends on whether it be a complete cluster to try to figure out what each person’s claim would be and what it’s worth.
Here, the same thing happened to everyone when the hackers access the data and private passwords got out – which was not supposed to happen. Everybody’s claim arises out of the same event, even if not everyone’s password was published.
The settlement only applies to people who have a paid account with LinkedIn, not the people with free accounts. Under contract law, there has to be an exchange of value for the contract to be enforceable. Here, the court ruled that only paying users had given value. This is complete nonsense, but it will be awhile until judges understand that data is more valuable than money.
So you may have made a claim against LinkedIn, even though you did not know about it. And now that the case is settled, you get a part of the settlement.
What is LinkedIn Paying?
LinkedIn will pay $1.25 million.
What? That’s it? Over 6 million users were affected. That’s like 20 cents per injury. And LinkedIn’s Market Cap (the current value of all of its stock) is almost $33 Billion.
$1.25 million is pocket change to LinkedIn. It’s not enough.
Why so Little?
There are some problems with the case and some incentives to settle.
There is no question that LinkedIn was hacked and users’ private information was published on the internet. That part is easy to prove.
But the case is really about whether or not LinkedIn’s security measures to protect user data were within the industry standards and protocols at the time of the hack. This is boring and very expensive to prove because, in order to prove the case, you have to hire computer geniuses who make more than the lawyers.
It’s also really hard to prove how the users were damaged, even though the passwords are private. This is because LinkedIn is not your bank account, medical records, or credit card. Nobody lost actual money in ways that are reasonably connected to the hack. And courts have been really hesitant (wrongly) to find damages unless you can show it cost you money.
I believe losing data and privacy is a much bigger deal than losing some money, but our culture and legal system are very slow to figure this out.
Is it Worth My Time to Claim My Share?
The total settlement pot is $1.25 million. The plaintiffs lawyers get 1/3. Then they deduct all of the costs of the litigation including all of the costs to go through all the claims and make the payments. Depending on expenses, that leaves around $750-800K. (We’re down to about 12 cents per password published.)
The named plaintiff has asked for $7,500 as an “incentive payment,” which is basically for being the person whose name is on the case. This seems pretty reasonable.
Then the rest goes to everybody else, who will get somewhere between $10 and $50, depending on how many claims they get.
If there is extra money, they will donate it to three organizations focused on cyber-security and the protection of our digital privacy: the Center for Democracy and Technology, the World Privacy Forum, and the Carnegie Mellon CyLab Usable Privacy and Security Laboratory.
So my guess is that your share will do more good at one of these organizations than it will do you, especially when you consider the time it will take and the requirements to get your share.
Why Do the Lawyers Get So Much Money?
It’s a fair and good question, and I can’t honestly say that the lawyers are always worth it. What‘s worth it is that these types of lawsuits get filed.
When companies cause problems that are hard to quantify, or that hurt a lot of people for amounts less than about $50- 100K, lawyers can’t bring a lawsuit for that and get both a fair recovery for the person who was harmed and paid for their time. So making sure the lawyers get a nice chuck of a class action settlement is about holding the defendant companies accountable rather than actually compensating the people who were harmed. It’s screwed up on some levels, and works on others.
What Do I Have to Do To Get My Check?
First, you have to be willing to swear under penalty of perjury that you read and relied on LinkedIn’s Terms of Service and Privacy Policies. And since I am pretty sure I am only one of a handful of people who has actually done that, this may make you uncomfortable.
But assuming you say: Hey, LinkedIn messed up and I’m going to get a latte and muffin in revenge, then go here, and fill it out the form by May 2, 2015. You’ll get your check sometime this summer, probably August.
When I started looking into the settlement, I was prepared to be cynical, but it turned out pretty well, except that it would have been nice to make LinkedIn pay more.
Ultimately, the suit achieved the purpose of forcing LinkedIn to improve its security of data. And I loved the designation of the organizations that will hopefully benefit from the case.
If LinkedIn really wanted to use this as an opportunity to show its concern for users, they would match the settlement amount, divide it by 3, and voluntarily send $416K to each of those organizations.
I won’t hold my breath.
Other LinkedIn Lawsuits
Perkins v. LinkedIn (See the Complaint here) This case, also a class action, claims that LinkedIn misused user emails contacts that are uploaded when you join LinkedIn by permanently storing the information then sending spam and invites without your knowledge or consent to everyone you have ever emailed.
Sweet v. LinkedIn (See the Complaint here). This is another class action alleging violations of the Fair Credit Reporting Act, again for misuse of user contact information. This time, it involved LinkedIn sending endorsement emails, invites, and other spam. Here is a great post on this case by Nicole Strecker.
We’ll let you know what happens with those.
About the Author: Heather Bussing is an attorney who writes a lot, teaches advanced legal writing to law students and is the Editorial Advisory Board editor at HR Examiner. Heather has practiced employment and business law for over 20 years.
She has represented employers, unions and employees in every aspect of employment and labor law including contract negotiations, discrimination and wage hour issues. She regularly advises companies on personnel policies and how to navigate employment discipline and termination issues.
Heather also practices in the areas of real estate, mortgage fraud, construction and business law including business entity formation and corporate governance. Lately, she has been working on issues involving licensing and ownership of internet content. She also teaches legal research and writing, is an accomplished photographer and walks on the beach whenever she can.
Follow Heather on Twitter @HeatherBussing – but you can’t connect with her on LinkedIn.