Internet Library of Law
and Court Decisions

Edwin Dyer, et al. v. Northwest Airlines Corp., et al.

Court Holds That Airline's Disclosure Of Personal Information Concerning Passengers Is Nonactionable

Court dismisses plaintiffs' claims that Northwest Airlines violated the Electronic Communications Privacy Act ("ECPA") by disclosing personal information about plaintiff passengers to governmental authorities.  The Court grounded its decision on its determination that the ECPA did not apply because Northwest, by virtue of its operation of a web site at which consumers can purchase airline tickets, was not a provider of "electronic communication services" within the meaning of the ECPA.  The Court also dismissed plaintiffs' claims that this disclosure constituted a breach of the parties' agreement, as reflected in the privacy policy Northwest posted on its web site, not to disclose such personal information, finding that the posting of such a policy did not create an enforceable agreement between the parties.

Disclosure Does Not Violate Electronic Communications Privacy Act 

Northwest Airlines operates a web site at which it sells airline tickets to the public.  In response to a governmental request received shortly after September 11, 2001, Northwest disclosed personal information about its passengers, including names, addresses, travel itinerary and credit cards, to NASA.  NASA sought such information to aid in a study of airline security.

Claiming this disclosure constituted a violation of the Electronic Communications Privacy Act, and a breach of the privacy policy posted on Northwest's web site, plaintiffs, as well as others, commenced suit.  On Northwest's motion, the Court dismissed plaintiffs' claims.

Subject to certain exceptions, the ECPA prohibits those who provide an "electronic communication service" from "knowingly divulge[ing] a record or other information pertaining to a subscriber or customer of such service …. to any governmental agency."  18 U.S.C. §2702(a)(3).

The ECPA defines "electronic communication service" as "any service which provides the users thereof the ability to send or receive wire or electronic communications" 18 U.S.C. §2510 (15).  Despite the fact that consumers can use Northwest's web site to send or receive electronic communications to Northwest, the Court held that Northwest was not a provider of an "electronic communication service" within the meaning of the ECPA, and, accordingly, that its strictures did not apply here.  In reaching this result, the Court followed the decisions of other courts, which "have concluded that 'electronic communication service' encompasses internet service providers as well as telecommunication companies whose lines carry internet traffic, but does not encompass businesses selling traditional products or services online …" or via a web site.

Online Privacy Policy Is Not An Enforcable Contract 

The Court also rejected plaintiffs' claims that the disclosure breached the agreement between the parties arising out of the privacy policy posted on Northwest's web site.  Northwest's web site contained a privacy policy that stated that Northwest would not share customer information except as necessary to make travel arrangements.  Importantly, the Court held that "the broad statements of company policy" found on the web site did not create a contract between the parties and that Northwest's alleged violation of that policy accordingly did not give rise to a breach of contract claim.  The Court also rejected plaintiffs' breach of contract claims because plaintiffs failed to either allege that they had read the privacy policy before supplying their personal information, or allege any facts that supported their claim that they had sustained damages as a result of defendants' disclosure of this information.

Minnesota District Court Reaches Same Result

North Dakota District Court's decision was in accord with that issued by the Minnesota District Court in In re Northwest Privacy Litigation, 2004 US Dist. Lexis 10580 (D. Minn., June 6, 2004).  Like Dyer, the plaintiffs in Northwest Privacy asserted a series of claims arising out of Northwest's disclosure of personal information concerning its passengers to NASA as part of NASA's investigation of airline security.  Like the plaintiffs in Dyer, these included both claims under the ECPA, as well as claims that such disclosures breached the contract between the parties evidenced by the privacy policy on Northwest's web site. 

The Minnesota District Court dismissed these claims.  The ECPA did not apply to Northwest because "defining 'electronic communication service' to include online merchants or service providers like Northwest stretches the ECPA too far."  Plaintiffs could not pursue their breach of contract claims because "the privacy statement on Northwest's web site did not constitute a unilateral contract" under the "usual rule in contract cases . . . that 'general statements of policy are not contractual.'"  Finally, the Minnesota District Court dismissed state law claims plaintiffs asserted under the Minnesota Deceptive Trade Practice Act, and for negligent misrepresentation, finding the same pre-empted by the Federal Airline Deregulation Act.