Last Tuesday, the federal district court for the Northern District of California held oral arguments on a motion for summary judgment filed by Yelp in a consumer privacy lawsuit involving other prominent technology companies, including Twitter, Apple and Instagram. The lawsuit focuses on various application developers’ use of a “find friends” feature, which the plaintiffs claim violated their privacy by allowing the defendant companies to access and use consumers’ contact list data without their permission.

What argument is Yelp relying on to dismiss the privacy lawsuit?

Last month, the Court certified a class of nearly 500,000 Apple device owners whose contact list data was uploaded by Path using a similar “find friends” function. Apple has appealed that decision and currently awaits a ruling from the Ninth Circuit. Yelp has sought to head off certification of a class in the instant matter by arguing that the users whose contact lists it accessed had expressly consented for that data to be uploaded to Yelp’s servers for the exact purpose that the data was ultimately used, namely to cross reference email addresses already stored on Yelp’s servers in order to allow consumers to participate in social media functionality to which they had consented. Yelp’s arguments for dismissal rely heavily on its terms of service and privacy policy, both of which must be agreed to by consumers before Yelp ever accesses any consumer data, and which it argues allowed for Yelp to access the relevant contact lists.

Privacy Policies: A Penny of Prevention Is Worth a Pound of Cure

As this case demonstrates, it makes good business and legal sense to craft a privacy policy that is well-suited to the needs of your business and provides your users with all of the necessary information to make an informed decision regarding the disclosure of their personal information. Further, once a privacy policy is put in place, it is imperative that businesses strictly adhere to the applicable terms and obtain appropriate user consent to any material changes. Failure to adhere to privacy policy terms could expose your business to significant liability, including regulatory action and class action litigation.