SAN FRANCISCO — Yahoo Inc. has agreed to settle a class action challenging the way the company analyzes email messages to serve targeted ads to users of its popular Yahoo Mail service.
The deal, outlined in court papers filed Thursday evening, would settle claims brought on behalf of non-Yahoo subscribers who claimed their messages were intercepted, scanned and stored as part of communications with Yahoo Mail users. The settlement is subject to approval from U.S. District Judge Lucy Koh who has been overseeing In re Yahoo Mail Litigation, 13-4980.
The proposed settlement doesn’t include a cash payout to class members. However, the company has pledged to make changes to its privacy disclosures and the architecture of its email system. Plaintiffs counsel at Girard Gibbs and Kaplan Fox & Kilsheimer intend to ask for up to $4 million in fees and costs.
Under the terms announced Thursday, Yahoo would make “technical changes” so that incoming email is only analyzed for advertising purposes after it reaches a Yahoo user’s inbox. For outgoing messages, scans will only occur after a message appears in a user’s sent email folder.
Laurence King of Kaplan Fox said that he believes the settlement brings Yahoo’s practices “into compliance with California law.” He declined to elaborate on how the changes might quell the privacy concerns of non-Yahoo mail users whose messages will continue to be scanned.
Yahoo has vowed to keep the changes in place for three years and said it “has no intention” of undoing them after that. The deal doesn’t prohibit the company from analyzing messages for spam, malware, and abuse detection and protection efforts.
Yahoo spokesperson Rebecca Neufeld said in an email that the company was “pleased to resolve this matter, subject to the court’s approval.” She said that the company continues to deny any wrongdoing and that the judge “has not issued any ruling that Yahoo acted unlawfully.”
Plaintiffs initially claimed that Yahoo’s email scanning violated the California Invasion of Privacy Act (CIPA) and the federal Stored Communications Act (SCA), as well as the federal Wiretap Act, a privacy law carrying stiff statutory penalties that’s often invoked in email privacy cases, but seldom successfully. In August 2014, Koh allowed plaintiffs’ claims to proceed under the CIPA and the SCA, but dismissed claims under the Wiretap Act. The judge found that Yahoo’s terms of service agreement explicitly acknowledged Yahoo’s scanning, fulfilling the Wiretap Act’s requirement that at least one party consent to interception of communications.
In May, Koh rejected Yahoo’s contention that non-Yahoo users had consented to the company’s conduct by continuing to email Yahoo users after learning about the scanning practices. She certified a nationwide class under the SCA and a California-only subclass under the state privacy law. The parties indicated in Thursday’s settlement papers that they reached the agreement after mediation sessions late last year with Cathy Yanni of JAMS.
Plaintiffs counsel at Girard Gibbs and Kaplan Fox said they would seek fees and costs based on the lodestar value for more than two years spent fending off Yahoo’s motion to dismiss, winning class certification, and fully briefing summary-judgment motions. The plaintiffs also plan to seek a $5,000 service award for each of the four class representatives. Under the terms of the deal, the class representatives will be the only class members who release all claims for monetary damages.
Plaintiffs made the strategic decision earlier in the suit to drop their demand for statutory damages in order to face a lower burden at the class-certification stage.
Yahoo is represented in the litigation by a team from Morrison & Foerster in San Francisco office and ZwillGen in Washington, D.C. MoFo’s Rebekah Kaufman didn’t respond to a phone message.
Contact the reporter at email@example.com.