A U.S. district judge in Illinois recently denied a motion to dismiss in a class action involving an alleged violation of the Illinois’ Right of Publicity Act (IRPA). The court determined that the defendant’s arguments were more suitable for an affirmative defense and was unpersuaded by any of the arguments.

In Krause v. RocketReach LLC, named plaintiff Krause argued her image was used in violation of her IRPA rights. The defendant owns and operates a website that sells paid subscription access to a database of emails, phone numbers, and social media profiles. The company states it is “the world’s largest and most accurate database.” A paid subscription allows its users to search for any individual and obtain their contact information and complete work history.

The plaintiff argued that her image was used as part of the defendant’s marketing strategy. The plaintiff alleged this strategy allows nonsubscribers to preview profiles of those they search, and this preview includes “uniquely identifying information,” including their location, work history, and education. The plaintiff argued this advertising is intended to entice nonsubscribers to sign up for the service.

The complaint alleged the defendant violated IRPA, which generally prohibits the use of a person’s name, photograph, or likeness for the purpose of advertising without the individual’s written consent. The plaintiff alleged her image was used as part of a preview when her name is searched. She claimed the defendant did not obtain her consent before using her image.

In its motion to dismiss, the defendant argued its conduct fell within an exemption to IRPA, namely:

  • An exemption for use to “portray, describe, or impersonate that individual in a live performance, a single and original work of fine art, play, book, article, musical work, film, radio, television, or other audio, visual, or audio-visual work, provided that the performance, work, play, book, article, or film does not constitute in and of itself a commercial advertisement for a product, merchandise, goods, or service.” (765 1075/35(b)(1);
  • An exemption for use in any “news, public affairs, or sports broadcast … or any political campaign” (765 1075/35(b)(2)); and
  • An exemption for uses of one’s identity for “promotional materials, advertisements, or commercial announcements for a use described,” however, this use must be related to the above exemptions. (765 1075/35(b)(4)).

The court stated that the defendant’s arguments “misses the point” because the plaintiff argued against the use solely during the preview, and not her inclusion in the directory itself. Moreover, because the defendant’s arguments are like an affirmative defense, such arguments only support dismissal if the complaint “itself facially establishes each element of the defense.” The court stated, “that is not the case here.”

The defendant also argued its conduct was permissible under the First Amendment, it was immune from liability under the Communications Decency Act (CDA), and that the plaintiff’s claim ran afoul of the dormant commerce clause. The court was unpersuaded by any of these arguments. The court ruled that the defendant’s conduct constituted commercial speech, and that the plaintiff’s allegations described a “textbook example” of using one’s identity for commercial speech. The court was similarly unimpressed with the CDA argument because CDA only protects publishers of content provided by “another information content provider” (i.e., it protects entities functioning as a “passive conduit” of information, and the plaintiff alleged there is an element of editorial selection when the defendant displays profile previews. Lastly, the court stated the defendant’s dormant commerce clause argument could not be resolved at the pleading stage, and the complaint did not allege enough facts necessary to conduct a potential analysis.

Businesses that use personal information for commercial purposes (e.g., marketing, advertising, and fundraising) must pay attention. Developing a data privacy compliance program that takes into consideration all aspects of the business — including marketing and product development — is key to avoiding these types of privacy-based claims. At Troutman Pepper, we educate our clients on developing programs based on the Fair Information Practice Principles (FIPPs). The FIPPs, which form the basis of many privacy laws in the United States (including IRPA), encourage organizations to adopt certain basic principles (such as notice, consent, and data subject access) into their privacy practices. By creating a compliance program based on these core foundational principles, businesses will more likely develop privacy programs that align with existing and future privacy laws or may only need to make minor adjustments to their programs in order to comply.