Earlier this month, San Francisco City Attorney Dennis Herrera filed a complaint in California state court against MeetMe, Inc., the maker of a social networking app that, as the complaint puts it, is designed “to introduce users to new people and enable them to interact with strangers online and in person.” The complaint takes issue with one of the ways MeetMe encourages users to interact—by sharing their location with each other. Herrera asserts that although MeetMe informs users about the way its app uses geolocation information, it fails to do so in a way that is sufficiently clear—particularly given that many of MeetMe’s users are minors. 

According to Herrera, the consequences of MeetMe’s data practices have been serious—the app allegedly has been used by men accused of sexual misconduct involving minors. 

Importantly for privacy professionals, this case raises questions about what it means to provide clear notice in the mobile environment, and how, if it all, the answer changes when the user is a minor. The case also raises the important question of whether failure to adequately disclose how information is shared can be a violation of California’s Unfair Competition Law (UCL), a statute that sometimes is compared to Section 5 of the Federal Trade Commission Act. 


According to the complaint, the MeetMe app collects geolocation data from MeetMe users’ mobile devices and uses that data to tell other users “who is nearby and how far away they are.” Herrera alleges that this functionality “broadcasts” geolocation data collected from minors—who make up a large portion of MeetMe’s user base—to “thousands of other users, including sexual predators, stalkers and other criminals.” The complaint cites several press accounts about men who allegedly have used this feature to engage in sexual misconduct involving minors.

The complaint also alleges that the MeetMe app fails to adequately inform users that their location will be shared with other users. According to the complaint, the “only” notice about MeetMe’s use and sharing of geolocation data comes through a pop-up notice displayed after the initial installation of the app. The pop-up allegedly asks permission to “use your location data to show you cool people to meet near you.”

Herrera asserts that this permission “falsely impl[ies] that geolocation data will be used only to show the user the location of others who are nearby and will not automatically be used for other purposes—like broadcasting the user’s location to thousands of other people.” He contends that the pop-up notice is therefore insufficient to inform MeetMe’s users about how their geolocation data will be used.


The complaint asserts that, as a consequence of these practices, MeetMe violates California’s UCL which prohibits any “unlawful, unfair or fraudulent business act or practice.” Herrera contends that MeetMe’s practices are “unfair,” “deceptive” and “unlawful.”  


 The complaint asserts that MeetMe’s practices are unfair because they offend “established public policy” and “cause harm that greatly outweighs any benefits associated with those practices.” It is important to note that the “practices” at issue in Herrera’s suit are not the underlying crimes against minors described in the complaint, but rather MeetMe’s allegedly unauthorized sharing of geolocation data with others.

Even assuming the sharing described in the complaint was unauthorized—which may be a dubious assumption—it is noteworthy that Herrera asserts the sharing offends “established public policy.” Herrera’s support for this assertion appears to come in the form of privacy best practices guides, published by the FTC and California Attorney General, for mobile app developers and others in the mobile ecosystem. These guides are unquestionably important to companies that operate in the mobile ecosystem; but MeetMe may push back against the notion that the guides, published just last year, represent “established public policy.”

Check out the IAPP’s Mobile App Tool to compare the different guidelines and figure out which apply to you.

Also up for debate is how MeetMe’s practices “cause harm.” Although the perpetrators involved in the crimes described in the complaint allegedly used MeetMe to cause substantial harm, it is not clear precisely how MeetMe caused any harm. And if, as appears likely, the “harm” asserted in the complaint is the sharing of geolocation information, then there may be a question about whether the mere sharing of information through an app can cause the harm necessary to support a legal claim. Courts in recent privacy litigation matters have suggested it cannot.


The complaint also asserts that MeetMe violated the UCL’s prohibition on fraudulent practices by deceptively failing to disclose (or adequately disclose) how it uses and shares minors’ geolocation information. As noted above, however, the complaint acknowledges that MeetMe presented users with a pop-up requesting permission “to use your location data to show you cool people to meet near you.” Herrera asserts that notwithstanding this disclosure, users would not have understood that their location information would be shared with others—i.e., users would have believed that their location information would be used only so that they could see others’ locations, but others could not see theirs.

This assertion may be seen as implausible, particularly given the MeetMe app’s basic functionality appears to be the sharing of location information with people nearby to encourage interaction. Put differently, it may be hard to convince a court that a user would expect the app not to disclose the user’s geolocation data to others even while disclosing the geolocation data of others to that one user.


 Claims under the UCL’s unlawfulness prong “piggyback” on other legal claims; if the plaintiff can prove that the defendant’s businesses practices violated any federal, state or local law, he or she may obtain relief under the UCL.

Here, Herrera asserts—without elaboration—that MeetMe’s practices constituted a common law invasion of privacy and a violation of the right to privacy under California’s Constitution. Litigants in similar privacy litigation matters have struggled to show that the alleged misuse of personal information collected online involves harm of a sufficient magnitude to support recovery under these theories.  In general, these claims have been successful only in cases involving egregious privacy violations. Herrera may face significant hurdles in convincing the court that sharing geolocation data gives rise to a claim under one of these theories.


It is, of course, difficult to predict how a case will unfold in litigation. It will be very interesting to see how MeetMe responds to Herrera’s complaint and how the court will address these issues.

Written By

Stephen Satterfield

1 Comment

If you want to comment on this post, you need to login.

  • Jason Cronk Mar 20, 2014

    I think the City Attorney is upset about the use of the app for illegal purposes but it stretching to make this argument. As you point out the user is implicitly acknowledging that their location will be shared with other users to facilitate the exact same information they themselves are receiving (information about the whereabouts of others). Perhaps they could have been explicit about it but I'm not convinced that UCL requires explicit consent in these bidirectional cases. 


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Get more News »

IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find a KnowledgeNet Chapter Near You

Talk privacy and network with local members at IAPP KnowledgeNet Chapter meetings, taking place worldwide.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

The Privacy Core™ Library Has Evolved

Privacy Core™ e-learning essentials just expanded to include seven new units for marketers. Keep your data safe and your staff in the know!

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

Upcoming Web Conferences

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Team

Get your team up to speed on privacy by bringing IAPP training to your organization.

Let’s Get You DPO Ready

There’s no better time to train than right now! We have all the resources you need to meet the challenges of the GDPR.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

FIP Designation

Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.


The IAPP’S CIPP/E and CIPM are the ANSI/ISO-accredited, industry-recognized combination for DPO readiness. Learn more today.

Learn more about IAPP certification »

Are You Ready for the GDPR?

Check out the IAPP's EU Data Protection Reform page for all the tools and resources you need.

IAPP-OneTrust PIA Platform

New U.S. Government Agency privacy impact assessments - free to IAPP members!

IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.

Privacy Vendor List

Find a privacy vendor to meet your needs with our filterable list of global service providers.

More Resources »

Europe Data Protection Intensive 2017

The Intensive is sold out! But cancellations do happen—so hurry and get on the wait list in case more seats become available.

Global Privacy Summit 2017

The world’s premier privacy conference returns with the sharpest minds, unparalleled programs and preeminent networking opportunities.

Canada Privacy Symposium 2017

The Symposium returns to Toronto this spring and registration has opened! Take advantage of Early Bird rates and join your fellow privacy pros for another stellar program.

The Privacy Bar Section Forum 2017

The Privacy Bar Section Forum is sold out! But you can still add your name to the wait list, and we'll keep in touch about your status. Good luck!

Asia Privacy Forum 2017

Call for Speakers open! Join the Forum in Singapore for exclusive networking and intensive education on data protection trends and challenges in the Asia Pacific region.

Privacy. Security. Risk. 2017

We're bringing the best of the best in privacy and infosecurity to sunny San Diego. Early registration for P.S.R. opens May 1.

Europe Data Protection Congress 2017

Call for Speakers open! The Congress is your source for European policy debate, multi-level strategic thinking and thought-provoking discussion. Submit a proposal by March 19.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»