Microsoft Edge privacy case dismissed for lack of standing

standing

A legal dispute involving Microsoft recently concluded with the dismissal of a class-action lawsuit. Plaintiffs had accused Microsoft of unauthorized data collection through its Edge browser, alleging violation of privacy laws. The court, however, ruled in favor of Microsoft, citing the plaintiffs’ lack of standing under Article III of the Constitution.

The Allegations Against Microsoft

The lawsuit centered on the claim that Microsoft Edge intercepted and sent private user data, including activities in “private” browsing mode, to Microsoft-controlled servers. This data, linked to unique user identifiers, allegedly allowed Microsoft to track users’ internet habits. Plaintiffs argued this was done without consent, breaching the Electronic Communications Privacy Act, the Computer Fraud and Abuse Act, and various state laws, and claimed economic injury due to these practices.

Microsoft’s Challenge and the Court’s Decision

Microsoft moved to dismiss the lawsuit, arguing plaintiffs lacked the necessary standing under Article III of the U.S. Constitution. The court agreed, determining the plaintiffs did not meet the required standing criteria.

The core issue was whether the plaintiffs had standing, a fundamental requirement for a case to be heard in a federal court. The constitution requires an actual “case or controversy” for federal courts’ involvement. The court examined whether plaintiffs demonstrated (1) an injury in fact, (2) a direct causation, and (3) a potential remedy through court action.

The 2021 Supreme Court ruling in TransUnion LLC v. Ramirez was key to the outcome in this case. This ruling stressed that not every violation of a statutory right leads to a concrete harm that warrants a federal lawsuit. This court, agreeing with Microsoft, found that the data identified in the complaint was not traditionally considered private. It determined that the collection of browsing data did not closely relate to a harm traditionally actionable in court. The court pointed out that data like browsing history and keystrokes do not carry a reasonable expectation of privacy.

Final Outcome

So the court found that the plaintiffs failed to allege a concrete privacy injury that would fulfill the requirements for Article III standing. The dismissal of this lawsuit highlights the complex challenges in digital privacy litigation and the difficulty plaintiffs face in proving standing in privacy-related legal actions.

Saeedy v. Microsoft Corporation, 2023 WL 8828852 (W.D. Washington, December 21, 2023)

See also: Reading a non-friend’s comment on Facebook wall was not a privacy invasion

No standing to sue Microsoft under XP EULA

Johnson v. Microsoft Corp., No. 06-900, 2008 WL 803124 (W.D. Wash. March 21, 2008).

A number of plaintiffs filed suit against Microsoft in federal court in Washington state, alleging, among other things, that the installation of Windows Genuine Advantage (“WGA”) (which enforces the validity of a user’s version of XP) violated the XP end user license agreement (“EULA”).

Microsoft moved for summary judgment against two of the plaintiffs, arguing that they did not own the computers at the time WGA was installed, and thus these plaintiffs lacked standing. The court agreed and entered summary judgment against these plaintiffs.

The court rejected these plaintiffs’ arguments that they had standing as computer users and business owners to raise the breach of contract claims. The plaintiffs had transferred their ownership to a company before WGA was installed. The parties were therefore not parties to the EULA and lacked privity with any party. Moreover, they could not be treated as third party beneficiaries of the EULA, so they lacked standing.

Scroll to top