. . . the customer’s “personally identifiable information” — the stuff that the airline agreed to protect — did not belong to the customer, because the customer “voluntarily provided some information that was included” in the information given to the government, and that when Northwest “compiled and combined” this information with other data it “became Northwest’s property.” The court concluded “Northwest cannot wrongfully take its own property.” This analysis is not limited to airlines. Any company or entity is now free to say anything in order to induce you to part with your personal information (don’t worry, it’s secure, or we won’t sell it), because once you give it up, it “belongs” to them.
Needless to say, this case (PDF) has far-reaching implications for privacy policies, both online and on paper. Further, Judge Magnuson decided that online privacy policies don’t constitute a contract between the company and the customer:
Essentially, what this means is that all those long-winded fine print agreements you have agreed to may not protect your personal information at all. Without judges who will step up to defend the privacy rights of consumers, it won’t matter even if everyone starts reading the fine print thoroughly. By dismissing this case, Judge Magnuson has established that the personal information of online customers is not protected by the Electronic Communications Privacy Act or deceptive trade practices laws. Nor does sharing customers’ personal information amount to an invasion of privacy or a breach of contract. With E-Commerce growth showing no signs of ebbing, the question of how confidential customer information is handled online is going to become increasingly urgent. Without any privacy protection at all, you are at the mercy of the company you are doing business with to honor the agreement. If they do not, then according to Judge Magnuson, you have no legal recourse at all.