updated 12:20 am EST, Thu November 28, 2013
Plaintiffs could not prove any data breach, actual harm
US District Court Judge Lucy Koh -- who just concluded a damages retrial between Apple and Samsung and will preside over the next round in the two companies' ongoing patent battles -- dismissed a consumer protection
The feature -- still in use in a modified form today -- stored a record of cell tower locations and Wi-Fi points where users had been, presumably for quicker location-finding in apps that needed such data (for example, Maps). Apple maintained that neither it nor any third parties ever accessed the data, but did change the archive from an unprotected file to an encrypted one after the discovery.
Two consumers filed suit originally in the spring of 2011, charging that Apple misrepresented how much information was collected from GPS and other tracking activities, that personal data was collected without consent, and that whether or not it was intentional, Apple had created an opportunity for third parties such as ad networks to access the data. None of the claims was ever substantiated.
In her ruling, Judge Koh granted an Apple request for summary judgement, saying that "as Plaintiffs have failed to show that there is a genuine issue of material fact concerning whether any Plaintiff actually relied on any of Apple's alleged misrepresentations, the Court concludes that no Plaintiff has standing to pursue either the iDevice or Geolocation claims."
An earlier request for summary judgement by Apple (filed on the grounds that the Plaintiffs were unable to prove any of the claims) was rejected in the original version of the case (which was first thrown out in 2011). The first suit claimed that Apple had violated some California laws regarding privacy by "tracking" its users and allowing apps and ad networks to access the data.
In fact, the geolocation data collected in iOS (and stored locally, never transmitted) was for points for cellular network towers and Wi-Fi hotspots for triangulation and contained no personal data per se. Had Apple or third parties been able to access the records, a broad and imprecise map of where users tended to travel could have been divined, but to date there has been no evidence that the original unprotected data cache was ever accessed except by geolocation apps.
The court gave the plaintiffs from the original case and 19 other similar lawsuits the opportunity to make new claims and proceed with the case in the summer of 2012, at which point a claim for damages was added for "loss of storage space and bandwidth" that was being used by the tracking activity. While the plaintiffs' claims were ruled to be unfounded, the publicity of the geolocation cache caused Apple and many industry players to rethink how such data is used and stored -- and prompted Apple to more vigorously make users aware of, and grant permission for, location information to be stored or shared.