A United States Judge has dismissed a lawsuit based on Apple's alleged violation of its own Privacy Policy with its iPhone technology.  In effect, the Judge found the plaintiffs could not show their consumer grievance and loss could be fairly linked to Apple's alleged misconduct (not keeping to its own Privacy Policy), or to any reliance the plaintiffs placed on Apple's Privacy Policy.  The decision has implications for how far companies' self-imposed and publicly stated privacy policies reach in restricting the company and protecting its consumers.

The plaintiffs alleged Apple was not complying with its declared Privacy Policy, which provided that, as a priority, it would take precautions, including administrative, technical and physical measures, to safeguard its consumers' personal information against unauthorised access and disclosure.  They submitted the iOS environment that Apple had developed, and encouraged its consumers to adopt, enabled Apple easily to transmit consumers' personal information to third parties that collect and analyse such data without user consent and detection.  They further alleged Apple collected and exchanged users' location information even when iPhone "location services" were switched off.

While that aspect of the decision was based on consumer protection law relating to misrepresentation and reliance, the result of the decision is relevant to the effect on privacy policies.  It will not be enough for consumers to point to a company's privacy policy to prove that a company's information-sharing activities were harmful.  More is needed to link a company's conduct with the consumer's decision-making and subsequent grievance (in this case, over-paying for iPhones and losing storage space due to unauthorised data transmission).  The mere existence of a privacy policy will not show a company caused the consumer to rely on its assertions and to adopt software, which they thought would be less invasive than it ultimately proved to be.

This decision indicates that lower US courts are not prepared to treat a company's privacy policy as a consumer guarantee of the exact extent of the company's information collection and sharing activities.  This seems to acknowledge the importance of informational accessibility to IT businesses.  Consumers should not wholly rely on a privacy policy, and companies should not be obliged to limit their business's technological tactics with a publicly stated privacy policy.  It remains to be seen whether a claim would have more success under New Zealand's Fair Trading Act's misleading behaviour provisions, which do not require consumer reliance to be proved