The IT Law Wiki

Citation[]

Dyer v. Northwest Airlines Corp., 334 F.Supp.2d 1196 (D.N.D. 2004) (full-text).

Factual Background[]

After September 11, 2001, the National Aeronautics and Space Administration (NASA) requested that Northwest Airlines provide detailed passenger data to aid NASA’s research in airline security. In response, the airline provided the names, addresses and credit card information of passengers who flew on the airline between July and December of 2001. The airline did not attempt to get the passenger’s permission to give out their personal information.

In March 19. 2004, Plaintiffs, a group of airline passengers brought a suit against Northwest Airlines in response to the production of their personal information to NASA.

Trial Court Proceedings[]

The plaintiffs initially filed their claims in state court, but at the defendants’ request the case was transferred to federal court.

The complaint made two claims. First, that the airline violated the Electronic Communications Privacy Act (ECPA) by disclosing the passengers’ personal information to the government. Second, that the defendants breached its contract because the airline breached its privacy policy posted on their website when they released the customer information to the government.

The ECPA forbids any provider of electronic communication services or remote computing services (generally internet service providers or telecommunications companies that provide internet service) from: (1) divulging the contents of the communications in the service’s electronic storage[1]; and (2) divulging any customer information or stored communications to the government.[2]

Subsequently, the defendants filed a 12(b)(6) motion to dismiss for failure to state a claim. Plaintiffs conceded that no claim existed under §2702(a)(1), but continued to assert the §2702(a)(3) claim and breach of contract claim.

Upon review, the district court granted the defendants' 12(b)(6) motion on the grounds that: (1) the plaintiffs did not have a valid claim under the ECPA because the airline was not an “electronic communications provider“ as defined in the ECPA. Since the airline does not provide access to the internet itself, and merely sells goods and services over the internet it does not fall within the protection of the ECPA; and (2) the plaintiffs’ breach of contract claim failed as a matter of law because: (i) the airline's privacy policy did not constitute a contract because broad statements of company policy generally do not constitute contracts; (ii) the plaintiffs failed to show that they had even read the privacy policy; and (iii) they did not establish a claim for damages.

References[]

  1. 18 U.S.C. §2702(a)(1).
  2. Id. §2702(a)(3).