IBM Sued Again In Storm Over Weather Channel Data Sharing

IBM has been sued again for allegedly allowing third-party ad partners to collect personal data without consent via videos on its Weather Channel website.

In the absence of a comprehensive federal privacy law, the complaint [PDF] claims Big Blue violated America's Video Privacy Protection Act (VPPA), enacted in 1988 in response to the disclosure of Supreme Court nominee Robert Bork's videotape rental records.

IBM was sued in 2019 by then Los Angeles City Attorney Mike Feuer over similar allegations: That its Weather Channel mobile app collected and shared location data without disclosure. The IT titan settled that claim in 2020. A separate civil action against IBM's Weather Channel was filed in 2020 and settled in 2023.

This latest legal salvo against alleged Weather Channel-enabled data collection takes issue with the sensitive information made available through the company's website to third-party ad partners mParticle and AppNexus/Xandr (acquired by Microsoft in 2022). The former provides customer analytics, and the latter is an advertising and marketing platform.

The complaint, filed on behalf of California plaintiff Ed Penning, contends that by watching videos on the Weather Channel website, those two marketing firms received Penning's full name, gender, email address, precise geolocation, the name, and the URLs of videos he watched, without his permission or knowledge.

It explains that the plaintiff's counsel retained a private research firm last year to analyze browser network traffic during video sessions on the Weather Channel website. The research firm is said to have confirmed that the website provided the third-party ad firms with information that could be used to identify people and the videos that they watched.

The VPPA prohibits video providers from sharing "personally identifiable information" about clients without their consent.

The complaint points out that email addresses and geolocation data can be used to identify people.

It also observes that precise geolocation data can be used to "track consumers to sensitive locations, including places of religious worship, places that may be used to infer an LGBTQ+ identification, domestic abuse shelters, medical facilities, and welfare and homeless shelters."

Furthermore, it calls out how location data can be used to "identify which consumers' mobile devices visited reproductive health clinics," which raises the possibility of legal consequences for those seeking healthcare and for providers in some US states.

The lawsuit aspires to be certified as a class action. Under the VPPA, a successful claim allows for actual damages (if any) and statutory damages of $2,500 for each violation of the law, as well as attorney's fees.

VPPA claims have become enough of a thorn in the side of the marketing industry that the Interactive Advertising Bureau, a trade group for marketers, has published a litigation defense guide. It suggests several ways companies can mitigate the legal risk: "(1) removing the tracker from audio-visual materials, (2) obfuscating or removing video title information, (3) taking measures to ensure the information collected is not identifiable, or (4) obtain consent either in real time (upon each video viewed or shared) or in advance (but note that consent expires after 2 years)."

IBM did not respond to a request for comment.

The US Federal Trade Commission has made it clear that ad companies collecting data through SDKs and APIs must obtain valid consumer consent and has pursued enforcement action against alleged scofflaws Avast, X-Mode/Outlogic, and InMarket to make that point.

The watchdog agency, however, may be muzzled under the pending Trump administration, which, according to billionaire backer Elon Musk, plans to fire FTC Chair Lina Khan next year. ®

RECENT NEWS

From Chip War To Cloud War: The Next Frontier In Global Tech Competition

The global chip war, characterized by intense competition among nations and corporations for supremacy in semiconductor ... Read more

The High Stakes Of Tech Regulation: Security Risks And Market Dynamics

The influence of tech giants in the global economy continues to grow, raising crucial questions about how to balance sec... Read more

The Tyranny Of Instagram Interiors: Why It's Time To Break Free From Algorithm-Driven Aesthetics

Instagram has become a dominant force in shaping interior design trends, offering a seemingly endless stream of inspirat... Read more

The Data Crunch In AI: Strategies For Sustainability

Exploring solutions to the imminent exhaustion of internet data for AI training.As the artificial intelligence (AI) indu... Read more

Google Abandons Four-Year Effort To Remove Cookies From Chrome Browser

After four years of dedicated effort, Google has decided to abandon its plan to remove third-party cookies from its Chro... Read more

LinkedIn Embraces AI And Gamification To Drive User Engagement And Revenue

In an effort to tackle slowing revenue growth and enhance user engagement, LinkedIn is turning to artificial intelligenc... Read more