The IT Law Wiki

Citation[]

In re JetBlue Airways Corp. Privacy Litigation, 379 F.Supp.2d 299 (E.D.N.Y. 2005) (full-text).

Factual Background[]

According to the plaintiffs’ allegations, JetBlue has a practice of compiling and maintaining personal information about each of its passengers. The information, known in the airline industry as Passenger Name Records (PNRs), is obtained from customers purchasing travel over the telephone and through JetBlue’s website. Torch, a data mining company, obtained a contract from the U.S. Department of Defense to conduct a data pattern analysis to predict which individuals pose a risk to the security of military installations. At the urging of the Transportation Security Administration (TSA), JetBlue and another defendant transferred approximately five million PNRs to Torch for use in its data pattern analysis. The information transferred included each individual’s name, address, economic status, Social Security number, occupation, and other personal data.

A class of plaintiffs brought several lawsuits against JetBlue, Torch and other defendants, which were consolidated in the Eastern District of New York.

Trial Court Proceedings[]

The court dismissed the plaintiffs’ claim under the Electronic Communications Privacy Act (ECPA) on the grounds that JetBlue is neither a provider of electronic communication service nor a provider of remote computing service, the two types of potential defendants governed by the ECPA.

Even though JetBlue operates a website that receives and transmits data to and from its customers, the court found that it was more properly characterized as a provider of travel services and a consumer of electronic communication services. The court analogized JetBlue to a company communicating with its customers over the telephone, which would not transform the company into a provider of telephone service. The court also cited federal cases holding that Amazon.com, Northwest Airlines and other entities that purchase Internet services to conduct their business are not electronic service providers within the meaning of the ECPA.

Having dismissed the ECPA claim, and a claim under the New York state consumer protection laws as preempted by federal law, the court went on to dismiss all of the claims under state common law for failure to allege compensable damages. The plaintiffs’ complaints generally alleged that they had been injured by the disclosure of their private information; when pressed, their counsel stated only that their injury may have been their "loss of privacy" or the "economic value" of the information.

The court found that the plaintiffs failed to establish their personal information had any compensable value in the economy at large, that the quality or value of their personal information had been diminished or that JetBlue had been unjustly (or otherwise) enriched by its disclosure of the plaintiffs’ personal information. The court said that "it strains credulity to believe that, had JetBlue not provided the data en masse to Torch, Torch would have gone to each individual JetBlue passenger and compensated him or her for access to his or her personal information."