Fordham Law Professor Joel Reidenberg, who serves as the director of the Center on Law and Information Policy, was quoted in a Law360 article about GameStop’s privacy policies—or lack thereof.
GameStop Inc. was accused of violating its privacy policy by disclosing a customer’s personal information to Facebook. Last week, however, the Eighth Circuit ruled that the company had never promised to refrain from sharing the personal data and the case was dismissed.
Professor Reidenberg told LAw360 that he was surprised with the approach that the appellate panel took to interpreting the Game Informer privacy policy, saying it “ignored” a variety of basic contractual interpretation rules, most notably that ambiguous privacy policy language should be interpreted in a manner that is more favorable to the plaintiff.
“The court’s holding here that only data that the user puts in is covered by the privacy policy is just a strange reading of the contract,” Reidenberg told Law360. “It’s also significant because most privacy policies contain very vague language, so if the court is writing special rules of contract interpretation for privacy policies, that’s not good law, and it would also mean that these privacy policies would give very few legal protection for users.”
Reidenberg predicted that the ruling was likely to “open up the door to more litigation on the contractual nature of privacy policies,” although he did note that plaintiffs could take comfort in the fact that the appellate court was willing to treat a privacy policy as a real enforceable contract.
“In many areas, organizations have tried to make the claim that privacy policies are not contractual commitments,” he said. “The acceptance that privacy policies form the terms of a contractual commitment is likely to be helpful to plaintiffs in the future because it means standing is not going to be a problem because a breach of a contract is standing, period.”
