FindLaw | Legal News & Information

Court Tosses Passengers' Data-Disclosure Lawsuit

Plaintiffs who claim an American Airlines affiliate illegally disclosed their personal information to federal officials and several private contractors have had their case dismissed by a federal judge in Fort Worth, Texas.

U.S. District Judge Sidney A. Fitzwater of the Northern District of Texas dismissed all of the plaintiffs' allegations. Those included claims for trespass to property, invasion of privacy, deceptive trade practices, unjust enrichment and breach of contract under various state laws, and violations of the federal Electronic Communications Privacy Act. However, the judge said the plaintiffs could file an amended complaint to correct the deficiencies identified in his May 25 ruling.

According to court records, in 2004 American revealed that it allowed Airline Automation Inc. to access certain data, known as "passenger name records," and to provide the information to the Transportation Security Administration. AAI is involved in operating American's Web site, where customers can purchase tickets.

The plaintiffs claim their records were disclosed to the TSA without their consent. They also claim AAI disclosed the records to four private firms: Fair, Isaac & Co., Infoglide Software Corp., Lockheed Martin Corp. and Ascent Technology Inc.

Numerous class-action lawsuits were filed around the country, which were consolidated for pretrial proceedings in the Northern District of Texas. American, AAI and the four private companies were named as defendants.

The defendants then moved to dismiss the suit, arguing that the plaintiffs failed to state a claim under the ECPA, and that their state law claims were preempted by the Airline Deregulation Act.

Judge Fitzwater first explained that the plaintiffs allege violation of two provisions of the ECPA — Section 2701, which prohibits unauthorized access to electronic communications systems, and Section 2702, which prohibits the provider of an electronic communications or remote computer system from revealing the contents of communications stored or carried on the service.

The Section 2701 claim fails, the judge said, because the plaintiffs' own pleading says American authorized AAI to disclose the data to the TSA.

That means AAI had American's permission to access the data, he said. The plaintiffs claim AAI disclosed the data beyond what American had authorized, but that allegation cannot support a Section 2701 claim, Judge Fitzwater said.

He next rejected the Section 2702 claim, finding that American had the legal capacity to give AAI consent to disclose the records. The plaintiffs argued that American's consent was not valid because it violated the promise American made to customers in the privacy policy on its Web site, but the judge said the privacy policy was irrelevant.

Judge Fitzwater found that all of the state law claims except for breach of contract are preempted by the Airline Deregulation Act. That statute preempts all state laws that purport to regulate an airline's routes, prices or services. Here, the judge said, the state law claims all relate to American's provision of ticketing services.

The breach-of-contract claim — in this case, the alleged contract is American's privacy policy — is not preempted, he said, because it does not involve any state laws, only obligations American voluntarily assumed. Nonetheless, that claim also must be dismissed because the plaintiffs failed to allege that they suffered any damages as a result of the alleged breach, the judge ruled.