AOL Subscribers Sue Over Release Of Search Data

An anonymous reader points out an AP story indicating that AOL hasn't seen the end of its own public embarrassment after airing some dirty laundry on behalf of its customers. Excerpted from the story: "Three AOL subscribers who suddenly found records of their Internet searches widely distributed online are suing the company under privacy laws and are seeking an end to its retention of search-related data ... The lawsuit is believed to be the first in the wake of AOL's intentional release of some 19 million search requests made over a three-month period by more than 650,000 subscribers. ... Filed Friday in U.S. District Court in Oakland, Calif., the lawsuit seeks class-action status. It does not specify the amount of damages being sought."

Any laws broken?

[The Dalex]

Since search inputs are sent over the internet as plain text, and there are often warnings generated by browsers to explain that this isn't secure, I wonder if AOL has done anything illegal and/or anything that they can be sued for in civil court? It was an error that should cost them customers, but I don't see why there should be a class-action lawsuit. They did not release the names of the people searching, and anything linking the searches to the users was a direct result of the search terms they sent across the internet in unsecured form, by choice.

Re:Wondering

[bunions]

> first off, why anyone would enter their social into google

To see if anyone out there is publishing it, so that I might send them a nasty letter?

Probably civilly actionable.

[raehl]

IANAL....

AOL, like most ISPs, has a privacy agreement, which states when and how your information may be distributed. Most call this 'personally identifying' information. That would probably include search terms, especially when grouped by a unique identifier, that would personally identify you.

How AOL obtained that information (plain text over the internet or otherwise) is not relevant - if they agreed with you that they would not share it, then they can't share it.

What I'm curious to see here is most of these agreements also force binding arbitration - if that is the case here, can you even have a class action lawsuit based on the privacy agreement?

And if not, are there any actual LAWS violated here? I don't see any legal culpability. If you tell me that you like to conduct sexual relations with farm animals, and I tell someone else that you told me that you like to conduct sexual relations with farm animals, that wouldn't be actionable. And that's basically what happened here, only in a large volume: People told AOL what they wanted to seach for, and AOL then passed that information to others.

Unfortunate, yes, but there isn't any inherent legal obligation for a 3rd party to hold information you give them in confidence (with certain specific exceptions, like healthcare workers, grand juries, etc, of which AOL is none).

Re:With luck, this will accomplish two things:

[hords]

Each individual user, likely tracked via cookie, has a unique number that identifies all their searches. You can't tell directly who or where they are, unless their search history gives away their identity in one way or another. Some of the data in the logs can lead to very private information.

use a search proxy

[talledega500]

its so-oo-oo simple. http://www.blackboxsearch.com/ [blackboxsearch.com]

Re:With luck, this will accomplish two things:

[KDR_11k]

That's how a search provider like Google would do it but AOL knows which of its IPs correspond to which users so they can tie the results to the accounts which is much more accurate than cookies (which get deleted quite often or maybe even disabled completely).