By Cameron G. Shilling (originally published 5/20/2011)
The ECPA prohibits the interception of an electronic communication when it is in transit from sender to recipient. The SCA prohibits the unauthorized access or disclosure of electronic communications stored on certain computer systems.
The plaintiffs’ claims against Facebook were premised on the theory that, by clicking on advertisements, users intended to communicate directly with advertisers without Facebook’s involvement, or intended to have Facebook simply deliver their messages to the advertisers without disclosing any information about them to advertisers.
The court rejected that theory. It found that Facebook could not be liable under the ECPA because, no matter whether users intended communications to be delivered directly to advertisers or intended Facebook to deliver their communications to advertisers, Facebook did not unlawfully intercept the communications. The court similarly found that Facebook could not be liable under the SCA for accessing and disclosing a stored communication to the advertisers, because the advertisers were the intended recipients of the communications.
While Facebook ceased its practice of disclosing user names to advertisers before this litigation, the court’s decision clears the way for other social media sites and Internet companies to disclose information about their users to advertisers without fear of liability under the ECPA and SCA.