On May 16, 2011, the U.S. District Court for the District of Montana dismissed an ISP subscriber’s claims against his ISP for collecting and sharing his internet usage information with a third party. The ISP diverted subscriber internet traffic to a third party, NebuAd, which in turn used the information to send targeted advertisements to the ISP’s subscribers. The subscriber sued the ISP for invasion of Privacy and violations of the Electronic Communications privacy Act (“ECPA”) and Computer Fraud and Abuse Act (“CFAA”). The court dismissed the case, finding that the subscriber consented to the collection and use of his personal information because: (1) the ISP’s privacy policy explained to subscribers that their data would be collected and shared with third-party vendors, including for advertising purposes; and (2) the subscriber had received an email notification that the ISP had partnered with a third party to deliver advertisements to its subscribers while they surfed the Internet, which included the option to opt out of the program.

TIP:   Companies should now only ensure that their Web site privacy policies accurately reflect their data collection and use practices, but also consider what other steps might be needed to clearly explain those practices to Web site users.