SAN FRANCISCO — LinkedIn must face a lawsuit claiming the company violated customers’ privacy rights for marketing purposes by accessing their external email accounts and downloading their contacts’ addresses.
The decision by U.S. District Judge Lucy Koh in San Jose, California, means LinkedIn members who sued can continue to pursue damages for revenue the company made using their email address books as they try to expand the case to include thousands of other customers.
Thursday’s ruling follows Koh’s earlier decisions in a Google Inc. privacy case involving email users that were sharply critical of the search engine company’s policies.
The lawsuits against LinkedIn and Google, as well as one before Koh against Yahoo! Inc., have raised novel questions about how wiretap laws enacted before the Internet apply to the companies’ use of troves of data generated when people send emails and surf online.
Users of the world’s most popular professional-networking website consented to LinkedIn’s sending an “endorsement email” to recruit their contacts to the site, Koh said in her ruling. The judge said the company’s practice of then sending reminder messages to contacts who hadn’t responded was grounds for the lawsuit to go forward.
LinkedIn’s sending repeated emails could impair reputations by allowing contacts to think the network member is “unable to take the hint” that they don’t want to join the website, Koh said.
While Koh agreed to throw out claims based on federal wiretap and stored communications claims, she said LinkedIn may have violated California’s right of publicity, which protects against the appropriation of someone’s name or likeness, without their consent, for commercial purposes.
“This type of injury, using an individual’s name for personalized marketing purposes, is precisely the type of harm that California’s common law right of publicity is geared toward preventing,” Koh wrote.
“Nothing in LinkedIn’s disclosures alerts users to the possibility that their contacts will receive not just one invitation, but three,” she said.
Crystal Braswell, a spokeswoman for LinkedIn, said the company is pleased that the court “rejected plaintiffs’ unfounded ‘hacking’ claims and found that LinkedIn members consented to sharing their email contacts with LinkedIn.”
“We will continue to contest the remaining claims, as we believe they have no merit,” she said in an email.
The customers who sued seek group status on behalf of other users. They are asking the court to bar Mountain View, Calif.-based LinkedIn from repeating the alleged violations and to force it to return any revenue stemming from its use of their identities to promote the site to non-members, according to court filings.
LinkedIn required the members to provide an external email address as their username on its site, then used the information to access their external e-mail accounts, according to the complaint.
The customers allege it was part of LinkedIn’s growth initiative to send multiple emails endorsing its products, services, and brand to potential new users.