LinkedIn scored a victory recently when the court dismissed a privacy lawsuit claiming a data breach on the professional networking site was a result of the company’s failure to comply with industry security standards.

Last summer, hackers accessed LinkedIn’s systems and posted approximately 6.5 million passwords on an unrelated site. Two LinkedIn users then filed suit against the site.

But U.S. District Court Judge Edward Davila ruled that the putative class failed to demonstrate a “causal connection” between the alleged misrepresentations made in LinkedIn’s privacy policy and the harm suffered by users.

The plaintiffs had each purchased an upgrade to “premium” membership and contended that they suffered economic harm as a result of the breach. According to them, they did not receive the full benefit of premium memberships and would not have paid the price had they known about the poor security. Analogizing to class actions where plaintiffs claim they would not have purchased a food product had they known that it was not as advertised on the product’s labeling, the court rejected their theory.

“The user agreement and privacy policy are the same for the premium membership as they are for the non-paying basic membership,” Judge Davila wrote. “Any alleged promise LinkedIn made to paying premium account holders regarding security protocols was also made to non-paying members.”

The plaintiffs paid a premium for advanced networking tools and capabilities – not for a particular level of security, the court said.

Further, the plaintiffs did not argue that no security services were provided but said the security services were defective in some way. “This is not the case where consumers paid for a product, and the product they received was different from the one as advertised on the product’s packaging. Because plaintiffs take issue with the way in which LinkedIn performed the security services, they must allege ‘something more’ than pure economic harm,” the court held.

To read the decision in In re LinkedIn User Privacy Litigation, click here.

Why it matters: Although the decision is a victory for LinkedIn, Judge Davila dismissed the suit with leave to amend and provided some road markers for the plaintiffs should they choose to refile. In addition to explaining that the plaintiffs need to plead “something more” than pure economic harm, the court offered a suggestion about what that harm might be, like theft of personally identifiable information. Judge Davila also noted that the plaintiffs failed to mention that they actually read the alleged misrepresentations in the privacy policy, a requirement to support their claims.