Last week, a U.S. District Court Judge for the Northern District of California dismissed a lawsuit against Google, Inc. (“Google”) alleging that the technology giant violated the terms of its own privacy policy by disclosing Android device users’ names, e-mail addresses and locations to third parties without the users’ permission.

What was the basis for the dismissal?

The Plaintiffs, representing a nationwide class of Android users that had purchased paid apps through the Android Market/Google Play Store over a 5-year period from 2009 to 2014, had alleged that Google knowingly disclosed to third parties the names, email addresses and location information belonging to each Android user that purchased a paid app through the Android Market, in direct contravention of Google’s express promises contained in its privacy policy. The Judge threw out the Complaint because the Plaintiffs did not allege any damages, despite their argument that they had a quantifiable interest in protecting the privacy of the information that Google disclosed to app developers.

Readers should be aware however, that the disclosure of personal information was not endorsed by the Google court. In fact, the judge noted a recent Ninth Circuit decision in which a complaint against Facebook was permitted to survive where the plaintiffs had alleged that they were harmed by the dissemination of their personal information and by losing the sales value of that information. However, the Google Court distinguished the Facebook case, and ultimately dismissed the Complaint against Google, as a result of the Android users’ failure to actually plead any injury-in-fact or actual harm, as the Facebook users had.

The Importance of a Well-Drafted Privacy Policy

With all the rules and regulations applicable to the collection, use and sharing of the various forms of personally identifiable information – and given the potential financial benefits involved in utilizing a database of consumer information – it makes good business and legal sense to craft a privacy policy that is well-suited to the needs of your business, and that provides your customers or users with all of the information that they require to make an informed decision regarding the disclosure of their personal information. In addition, it is imperative that once a privacy policy is put in place which reflects your business practices, that you strictly adhere to the terms thereof. The privacy policy is a contract with your customers and, as such, any material changes to that privacy policy require the consent of those customers. The failure to adhere to the terms included in the privacy policy could expose your business to significant liability, including regulatory action and private litigation.