A federal court in Washington state recently dismissed two claims against Amazon.com for allegedly violating the Computer Fraud and Abuse Act ("CFAA") and common law trespass to chattel when installing cookies on users' computers, allegedly without their knowledge or consent. Plaintiffs had argued that they suffered actionable harm when Amazon installed cookies by exploiting known loopholes in Microsoft's Internet Explorer browser software against the users' wishes. According to the court, to win a CFAA claim, the plaintiffs would have had to demonstrate that they suffered at least $5,000 in damages from Amazon's actions. The plaintiffs alleged that their monetary damages stemmed from Amazon's: (1) raising the cost of admission to the website; (2) charging an undisclosed "toll" for the use of the website; (3) imposing opportunity costs on the users; (4) taking and using their computer assets without compensation; (5) benefitting the plaintiffs' private information gained from the cookies; and (6) slowing their computers with unwanted cookies. Plaintiffs stated that these harms exceeded the $5,000 floor required by the CFAA. The court, however, was not satisfied that plaintiffs' alleged harms could be calculated in dollar terms, let alone proven to exceed $5,000. Given the tiny size of cookie files, the court doubted the defendants suffered any noticeable performance issues; and the information gathered by Amazon through the cookies had no inherent value—it only gained value when Amazon organized and collected it. Because the court found the plaintiffs' damages arguments speculative, it also dismissed the common law trespass to chattel claim. The court allowed two state-law consumer protection claims that do not require plaintiffs prove money damages to move forward "in an abundance of caution."

TIP: While the outcome of this case was favorable on at least two counts of the class action complaint, the tracking cases are continuing around the country. To help avoid potential exposure, companies who use cookies should be sure they know what cookies are used on their sites and what information is gathered through these cookies. It is becoming standard practice and required under many industry group guidelinesto disclose these uses and purposes clearly to consumers. Depending on the usage, a disclosure in the privacy policy may be sufficient. Taking these steps can help avoid these kinds of cases, whether brought by state AGs, class action lawyers, or the Federal Trade Commission.