Misleading Privacy Policy Yields $4.5 Million Award
By: STEVEN E. HELLAND
April 2007
In the case of CollegeNET, Inc. v. XAP Corp. (D. Or. 2006), plaintiff CollegeNET alleged that its competitor, XAP, was unfairly stealing business by posting an inaccurate privacy policy on its websites. Both CollegeNET and XAP provided services to assist high school students with college applications.
XAP’s privacy policy read, in part, that “Personal data entered by the User will not be released to third parties without the user’s express consent and direction.” However, if a student indicated interest in financial aid, XAP would sell information regarding that student to third parties, without clearly informing him or her.
At trial, CollegeNET argued that XAP’s actions were a false and misleading advertisement in violation of the Lanham Act. The jury agreed, and awarded CollegeNET $4.5 million in damages.
Practice Tip
Businesses posting privacy policies on the Internet should draft them carefully and review them periodically to ensure that they remain accurate. Further, you may have a claim against a competitor if its website makes grandiose privacy promises, such as “we never share your personal information,” it is unlikely to live up to.