The company is hit with a second class-action lawsuit that accuses it of violating the privacy of millions of Net music listeners.
The case was filed in the Federal District Court for the Eastern District of Pennsylvania on behalf of RealNetworks' RealJukebox users, on the heels of revelations last month that the company had assigned globally unique identification numbers to its popular music listening software that could have been used to track its users without their knowledge.
"This action is being filed on behalf of the millions of users of the RealJukebox software to obtain compensation and other relief for the violations of federal and state law," said Jonathan Shub, an attorney with Sheller Ludwig & Badey, which filed the case. "RealNetworks must be held accountable for its conduct."
To quell privacy advocates' complaints and outcries by consumers, RealNetworks immediately disclosed the use of ID numbers and then offered a patch that would replace the IDs with zeroes in its audio listening products, RealJukebox and RealPlayer 7. The company also said that it doesn't associate the ID with any user's personal information or unique listening habits.
But RealNetworks' quick steps haven't derailed legal action by consumers.
As previously reported, Jeffrey Wilens, a RealJukebox user, filed a $500 million class-action lawsuit against the company in California Superior Court on grounds that RealNetworks' actions violated the state's unfair business practices law.
The federal class-action lawsuit, filed yesterday on behalf of four licensed RealNetworks users from Colorado, Kansas, and Pennsylvania, also accuses the company of deceptive business practices. The suit states that that the company violated the federal Computer Fraud and Abuse Act, as well as state privacy and consumer protections laws. The lawsuit seeks unspecified monetary damages.
"We believe all the litigation is completely meritless," Tom Frank, RealNetworks' chief operating officer, said today. "We're going to defend all the suits vigorously, and we expect to prevail in the ordinary course."
RealNetworks' privacy breach came at an inopportune time for the company, surfacing just a week before it relaunched its Web site in an effort to move away from an emphasis on software downloads and to compete more directly with Net music destinations, such as RioPort.com, EMusic.com, and MP3.com.
But investors apparently were not perturbed by the company's privacy woes. RealNetworks' stock was up nearly 10 percent this morning from yesterday's close.
Legal experts said RealNetworks opened itself to litigation headaches because its original data-collection policy didn't mesh with its practices.
"If you say you are going do something with regard to the collection of personal information and you don't do it, you will be subject to substantial liability because that is an unfair business practice and you are misleading consumers," said Michael Overly, a lawyer with Foley & Lardner.
"RealNetworks acted quickly once they became aware of the problem, and that could reduce damages," he added. "But the [plaintiffs'] argument is that they have already suffered injuries as a result of fraud regarding the use of their information by RealNetworks."
The federal lawsuit will attempt to scrutinize exactly what personal information RealNetworks was collecting and how it was being used. But the company already has published two privacy statements, one for its Web site and one for its software, that more clearly state its data-collection practices.
Moreover, the privacy program Truste, which certifies RealNetworks' compliance with the data-collection policy on its Web site, has asked the company to submit to an outside audit to ensure that its ID feature is disabled by default and that RealNetworks' other remedies are in place.
To consumer advocates' dismay, however, Truste didn't revoke RealNetworks' privacy seal after its investigation. Arguing that software falls outside of its scope, Truste also took no action against Microsoft when it was discovered that the Windows 98 operating system could be exploited to surreptitiously collect user information.