Plaintiff sued Interclick and several advertisers under the Computer Fraud and Abuse Act (“CFAA”) alleging that Interclick used “flash cookies” or “local shared objects” to back up browser cookies. When a computer user deletes the browser cookies, the flash cookie “respawns” the browser cookie without notice or consent of the user. The flash cookie may be larger than the browser cookie. The plaintiff found flash cookies placed on her computer. All defendants moved to dismiss the complaint on the grounds that the plaintiff failed to meet cognizable injury or the $5,000 threshold to state a claim under the CFAA. The court concluded that the plaintiff failed to quantify any damage that Inderclick caused to the plaintiff’s computer’s systems or data that could require an economic remedy. Additionally, the court concluded that Interclick’s collection of the plaintiff’s personal demographic information does not constitute sufficient damages, since a plaintiff’s inability to delete or control cookies may constitute a de minimis injury, but such injury was insufficient to meet the $5,000 threshold. The court did, however, permit the plaintiff to continue with a state law deceptive trade practices claim and a trespass to chattels claim.
TIP: Advertisers who collect personal demographic information from consumers via flash cookies may not constitute a violation of the Computer Fraud and Abuse Act. Advertisers should still take caution when using such technologies, as this is only one opinion among several cases regarding the use of flash cookies. To help avoid liability, advertisers should provide users with notice and an opportunity to opt out from receiving such LSOs.