Last week, iPhone and iPad App users filed two separate class action complaints against Apple and iOS App developers in the Northern District of California. (The complaints are currently captioned Freeman v. Apple, Inc. and Lalo v. Apple, Inc.) In both, the plaintiffs charge the defendant App developers with accessing and sharing personal information, including Unique Device IDs (“UDIDs”) and geolocation information, without prior consent in violation of the Computer Fraud and Abuse Act and California law. The Lalo plaintiffs also allege violations of the Electronic Communications Privacy Act. The complaints were filed shortly after the publication of a Wall Street Journal report (that we previously reported on here) that looked at 101 popular iPhone and Android Apps and found that many of them transmit UDID and geolocation information to third party advertising networks without obtaining permission from users.
Regulators in the U.S. and abroad have expressed concern about the collection and use of geolocation information. Most recently, the Federal Trade Commission’s recent draft report on consumer privacy indicated that precise geolocation data is sensitive information and that the Commission supports affirmative express consent where companies collect such data.