March 12, 2021

Federal Circuit Confirms Data Privacy Patent Is an Invalid Abstract Idea under Section 101

Holland & Knight Section 101 Blog
Anthony J. Fuga
Section 101 Blog

The U.S. Court of Appeals for the Federal Circuit looked at a patent directed to a data privacy system that described users operating mobile device apps to "socialize, bank, shop, and navigate." As users operate such apps, information about their activities may be collected automatically.

The patent purported to address the drawbacks of the current data collection/privacy schemes by providing an "improved, more transparent opt-in process." The patent specifically described an arrangement that allowed a component of the app to determine what information is to be collected, how it'll be used and what permissions are required from the user. Once permissions were obtained, additional app functionalities were provided to the user.

At Alice step one, the patent owner argued that the patent is directed to an eligible improvement to computer functionality. Specifically, the patent owner argued:

  • the system can generate different privacy disclosures based on a user's location in real time
  • the remote database managing the "privacy disclosure policies upon which the user-specific disclosure is generated can be regularly updated without the need for users to agree to the updates."

The Federal Circuit disagreed. "Stripped of excess verbiage, at its most basic level, claim 1 is anchored on the abstract idea of exchanging privacy for functionality." The claim is not focused on a technological improvement, but it is rather directed to an improvement to the "abstract notion of exchanging privacy for functionality that utilizes an API to achieve the desired result."

At Alice step two, the patent owner argued that the patent claimed an inventive concept because it covered "a distributed data privacy system" that allowed for 1) generation of a user-specific privacy disclosure based on a user's personal information before presenting the user-specific privacy disclosure to the user, 2) receiving the user's opt-in consent, 3) collecting personal information and 4) providing the user with the enhanced functionality in exchange for consent.

The Federal Circuit found that none of that transformed the nature of the claim into patent-eligible subject matter. Instead, the claim comprised implementing the abstract idea using conventional steps at a high level of generality. Despite the patent owner's argument, the disclosure being generated before being presented to the user "is anything but routine and conventional under Alice step two."

Accordingly, the Federal Circuit affirmed the judgment of the district court. The case is VeriPath, Inc. v. Didomi, No. 2020-1777, 2021 WL 422817, at *1 (Fed. Cir. Feb. 8, 2021).

The representative claim follows:

1. A method for controlling access to a user's personal information comprising:

providing a software component for inclusion in an application, the software component having an application programming interface (API);

obtaining, from the application executing on a device of a user of the application, personal information about the user of the application, the personal information obtained via the API by the software component executing on the device;

identifying the type of the obtained personal information;

determining, based on at least the type of obtained personal information, a required permission from the user for at least one proposed use of the obtained personal information;

presenting, to the user, a first offer to provide access to at least one enhanced function of the application in exchange for the required permission; and

responsive to the user providing the required permission, providing the user with access to at least one enhanced function of the application.

Thank you for reading. Sign up for a monthly roundup from the Holland & Knight Section 101 blog.

Related Insights