Amazon settles privacy-breach claims

Text Size

Share this page on any of these social networking sites:
Share this page on any of these social networking sites: LinkedIn


Law Reporter Products

  • Abstract Sets
  • Court Documents
  • Injury Collections

Get More Info »

Search the Exchange »

Verdicts & Settlements

December 4, 2012

Amazon settles privacy-breach claims 

Like many websites, merchandiser uses the Internet Explorer (IE) software P3P to post a privacy policy that allows customers to restrict Amazon’s access to cookies data files on users’ computers that contain personal information. IE recognized each website’s P3P privacy policy and catalogued it to comply with the user’s request.

If a website’s P3P policy did not comply with IE’s software requirements, IE was supposed to downgrade the website’s cookies from a persistent cookie—one that continues to collect data after the user has left the site—to a session cookie that ends when the user leaves the site. There was a design flaw in the IE software, however, that allowed Amazon to circumvent that default privacy setting. Thus, even when customers restricted access to cookies, Amazon cookies would remain persistent, accessing the customers’ personal data, including websites they visited and products they purchased, without their knowledge.

Amazon also accessed personal data through Adobe Flash Local Stored Objects (LSOs), which is software that is supposed to be used to store volume settings and video game scores, among other interactive features. LSOs capture the same private data as cookies, but they are undetectable and can’t be blocked through IE’s privacy settings. Amazon used the LSOs instead of cookies without users’ knowledge, so that even when they restricted cookies or deleted them regularly, Amazon still had access to their information.

Amazon sold this private data to third-party advertisers. Shortly after Ariana Del Vecchio purchased dog food through for the first time, she received a catalog from a dog-supplies retailer.

Del Vecchio and four other Amazon users filed a class action against the company on behalf of all people who used IE browsers to access the site. The plaintiffs alleged violations of the Computer Fraud and Abuse Act (CFAA) and Washington state’s consumer protection act. They also claimed trespass to chattels and unjust enrichment.

The trial court dismissed the CFAA and trespass claims and requested further briefing on the consumer protection and unjust enrichment claims.

The parties reached an undisclosed settlement, and the court dismissed the suit.

Citation: Del Vecchio v., Inc., No. 2:11-cv-00366 (W.D. Wash. Nov. 15, 2012).

Plaintiff counsel: Cliff Cantor, Sammamish, Wash.; Scott A. Kamber, David A. Stampley, and Grace E. Parasmo, all of New York City; Joseph H. Malley, Jeremy R. Wilson, and Majed Nachawati, all of Dallas; and Andrea Tersigni and Anthony L. Tersigni, both of Seattle.

The American Association for Justice
777 6th Street, NW, Ste 200 • Washington, DC  20001 • 800.424.2725 or 202.965.3500

© 2014 AAJ