Paul Hastings Secures Dismissal for WOW! in Privacy Case

September 30, 2013

San Francisco, CA - Paul Hastings LLP, a leading global law firm, announced today that its Privacy and Data Security practice group secured a significant win for client and Internet Service Provider WOW! (formerly “WideOpenWest”), one of the largest cable internet service providers (“ISP”) in the US.
In 2007, WOW! contracted with a third-party advertising service named NebuAd, which used anonymized data (which it retrieved via hardware that accessed the ‘firehose’ of information flowing through WOW!) to tailor the internet advertisements it served to web users (a practice known as “behavioral advertising”). The NebuAd system did not insert any additional ads, it simply used anonymous data to make sure existing ad space was filled with more targeted advertisements. In 2009, NebuAd’s partnership with ISPs gained national media attention and set off a frenzy of privacy watchdogs who complained the practice violated numerous state and federal laws. The issue reached a fever pitch when the former CEO of NebuAd – which had been essentially driven out of business – was asked to testify before Congress about how NebuAd operated and whether it violated any laws.

Not long after the story broke, class-actions were filed across the US against NebuAd’s partners. In late 2009, a former WOW! customer filed a class-action privacy case in the Northern District of Illinois based on WOW!’s relationship with NebuAd. Plaintiffs alleged seven causes of action against WOW!, which included violations of the Electronic Communications Privacy Act (18 U.S.C. § 2510 et. seq.), the Computer Fraud and Abuse Act (18 U.S.C. § 1030 et. seq.), and various Illinois statutory and common law causes of action. WOW! selected Paul Hastings as counsel, for its expertise in Privacy and Data Security and its extensive computer science and privacy knowledge.

The fallout from NebuAd has now lasted almost seven years. As the battle has raged on in various federal courts, the use of behavioral advertising has risen sharply and foisted a spotlight on these issues. Companies in the privacy arena have waited patiently for the courts to weigh in on how to apply the existing legal framework to new and often cutting-edge technologies. With the backbone of internet monetization shifting from a “pay-to-play” to “free-but-with-advertising” model, the outcome of these cases – and the massive damages (exceeding hundreds of millions of dollars) that are potentially permitted – has become of paramount concern. Indeed, several companies are now dealing with their own class-actions regarding their use of contextual or behavioral advertising, are continuing to navigate the murky waters of the Electronic Communications Privacy Act.
WOW!’s win now operates as a guidepost to those companies. Lawyers at Paul Hastings utilized their specialized computer science and privacy expertise to analyze the operation of the system and challenge the sufficiency of the pleadings, essentially arguing that the facts as alleged were inadequate and inconsistent and failed to state a single cause of action. Paul Hastings first prevailed on its motion to compel arbitration – relying on the change in law from the freshly-decided AT&T Mobility v. Concepcion – and succeeded in sending six of Plaintiffs’ seven claims to arbitration on an individual (i.e., not class-wide) basis. Plaintiffs subsequently abandoned those claims, proceeding solely on the ECPA claim. Paul Hastings then moved again for dismissal of the sole remaining ECPA claim. After several rounds of briefing, a partial decision, several requests for supplemental briefing, and a motion by Plaintiffs for reconsideration, the Court just dismissed Plaintiffs’ entire case with prejudice and denied their request for leave to amend their complaint for a fourth time.

Notably, the Court held that a company does not violate ECPA when it allows a third party to access anonymous data but does not itself acquire the contents of that data, and reaffirms in dicta the principle that a company also does not violate ECPA if it accesses the contents of internet transmissions it already had access to in the ordinary course of its business. Moreover, the case also underscores the importance of constructing well-designed and tailored Privacy Policies and Arbitration Provisions.

Tom Counts, partner and co-chair of the Privacy and Data Security practice led the Paul Hastings team, which also included associates Ryan Nier, Sean Unger, and Sam Zun.

Paul Hastings LLP is a leading global law firm with offices in Asia, Europe, and the United States. We provide innovative legal solutions to financial institutions and Fortune 500 companies. Please visit www.paulhastings.com for more information.