Photo: phonlamaiphoto/stock.adobe.com
A federal judge allowed a proposed class-action privacy lawsuit against Guardian Credit Union to proceed, which alleged the credit union tracked members' website activity and shared their personal and financial information with third parties.
David Gassman claimed the $291 million Guardian of Oak Creek, Wis., tracked his personal and financial information during visits to its website and improperly shared that data with third parties. Guardian has denied the allegations, arguing that its use of common web analytics tools to collect anonymized member information is lawful and appropriate.
Although U.S. District Court Judge Brett H. Ludwig in Milwaukee allowed the case to advance, he sharply rebuked both Guardian and Gassman for filing legal claims that fail as a matter of law.
Gassman's complaint asserted 17 alleged violations of state and federal law, including negligence, invasion of privacy, breach of contract, unjust enrichment, and violations of Wisconsin consumer protection and electronic communications privacy statutes. Guardian moved to dismiss all of Gassman's claims, but earlier this year, Judge Ludwig's ruling dismissed eight claims and allowed nine to proceed, which permitted the case to continue through a long legal process that may lead to class certification. Attorneys for both sides are expected to meet July 1 to schedule further proceedings.
Even though Judge Ludwig allowed the case to advance, his ruling included critical comments that the legal arguments filed by both Guardian and Gassman "leave something to be desired."
Even reading Gassman's factual allegations generously, several claims fail as a matter of law, the judge wrote. At the same time, Guardian's challenges to the remaining claims fail, however, at least at this stage of the proceedings, he added.
"Plaintiff's multi-count complaint includes legal theories that have no plausible application to the facts alleged. For its part, Guardian's motion to dismiss repeatedly criticizes Plaintiff for not providing supporting facts, even though this case remains at the pleading stage," Judge Ludwig wrote in a footnote. "The Court encourages counsel to focus their efforts on legitimate disputes and to avoid wasting judicial resources."
According to the complaint, Guardian configured and deployed tracking technologies on its website without members' knowledge or consent to collect personal and financial information (PFI), which the credit union allegedly disclosed to third parties for its own benefit. The data collected allegedly included membership application details, account selections and features, beneficiary and co-applicant information, funding methods, online banking registration data and credit card application information.
The lawsuit also alleged Guardian did not disclose its data-sharing practices or obtain written authorization from members and failed to provide a meaningful opportunity to opt out.
In its denial of Gassman's allegations, Guardian said it uses common and lawful web analytics tools called pixels to anonymously track specific types of information, including the webpage URLs that its members visit and the items they click on, without connecting that information to any individual website visitor and without tracking or disclosing any information that could identify the visitor.
Guardian also argued that its use of pixels is fully consistent with and disclosed in its privacy policy. The credit union pointed to several screenshots throughout Gassman's complaint, which it argued undermine his claims.
"While Guardian's global attack may prevail in the end, it is premature," Judge Ludwig wrote. "This argument assumes much in terms of the underlying facts and is thus better made at summary judgment."
Peter Strozniak can be reached at peter.strozniak@arc-network.com.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.