In a case that sounds nauseatingly familiar, The Weather Company (TWC) is being sued by the City of Los Angeles for using the Weather Channel app to harvest location data from users and then selling it to marketing and financial firms without explicit user consent.
Though all third-party weather apps require users' precise location data to perform their sometimes singular function of providing weather forecasts, filed by Los Angeles city attorney Michael N. Feuer against The Weather Company paints the Weather Channel app as a profitable mass-surveillance tool that made unwitting pawns of its users. The suit insists the app repeatedly fell short of its obligation to be transparent about what it does with the data of the 45 million people who activate the app each month. And what it does is peddle location data to at least a dozen advertising firms, in addition to hedge funds that analyze consumer behavior.
The complaint states:
"For years, TWC has deceptively used its Weather Channel app to amass its users private, personal geolocation data—tracking minute details about its users locations throughout the day and night, all the while leading their users to believe that their data will only be used to provide them with 'personalized local weather alerts and forecasts.'"
On the immediate heels of the lawsuit's there was some about its implications, and whether or not the city's hypothetical victory could unleash an avalanche of similar actions against any app accused of concealing how it monetizes user data.
Harvesting user data, and location data perhaps most invasively, is a that extends far beyond just weather apps, and a tempting option to generate revenue in a market where the default price of apps is free. Feuer wouldn't mind a stampede of lawsuits, admitting that he's very much hoping to spark a wildfire.
He told the Times:
"Ideally this litigation will be the catalyst for other action — either litigation or legislative activity — to protect consumers’ ability to assure their private information remains just that, unless they speak clearly in advance.”
But it may not be that simple. notes the suit could serve as a precedent for more legal action down the line. Whether or not there are ripple effects will depend less on what apps are doing and more on whether or not their individual privacy policies are sound.
"If policies are drafted correctly," Klein told , "apps and online venues should be more than adequately protected."
Still, Klein notes he "would be surprised if their weren’t copycat lawsuits,” especially if other apps "may not get the requisite consent" before seizing on various user data points and selling them.
For Serge Egelman, a security researcher at the University of California Berkeley's International Computer Science Institute (ICSI), the underlying issue is even larger: Privacy notices across the full spectrum of apps are woefully inadequate.
“The whole issue of notice and consent is fundamentally flawed,” he says. "The business of collecting user data and sending it to third parties, that’s how they make money, that’s absolutely true. The difference is what type of data is collected and what companies they’re selling it to."
The most glaring issue, Egelman explains, is that there isn't a single legal expression underlying the terms and conditions pages of popular apps. Business models aren't immediately transparent, because app makers aren't "really under any obligation to be forthcoming with those business practices," he says.
The suit against TWC, even if it succeeds, may not form a perfect blueprint that can be copy and pasted from app to app, but it is a symptom of this larger, underlying malignancy in the methods used to protect users' privacy and to inform them of what's happening to their data. Time will tell if TWC will be made to pay, figuratively and literally for its invasion, but it seems all but certain that as users' awareness of their exploitation rises in the wave of evermore common privacy fiascos, the number of these lawsuits will only grow.
Follow CQ on .