The court held that DoubleClick was not liable under any of the three federal laws because it fell within the consent exceptions under the Stored Communications Act and the Wiretap Statute.

DoubleClick was not excluded from the consent exception of the Wiretap Statute because it did not intercept the communications for criminal or tortious purposes.

DoubleClick was also not liable under the Computer Fraud and Abuse Act because the plaintiffs had failed to meet the statutory threshold of $5,000 in losses.

The court established that damages under the Computer Fraud and Abuse Act may only be aggregated for the unauthorized access of each cookie.

[3] Cookies’ identification numbers, which are sent from users' computers, also do not fall within the confines of "electronic storage" and the Stored Communications Act.

The court held that the consent exception remains valid as the communication was not intercepted for the purpose of committing any criminal or tortious act.

The plaintiffs sought damages for the loss caused accruing from the unauthorized access of their computers and the misappropriation of information by DoubleClick.

The court dismissed the plaintiffs' claim under the Computer Fraud and Abuse Act on the grounds that the damage caused by each cookie did not meet the statutory threshold of $5,000.

Plaintiffs' alleged emotional distress due to DoubleClick’s invasion of their privacy, trespass to their personal property, and misappropriation of confidential data was not actionable under the Computer Fraud and Abuse Act which only authorized the recovery of economic losses.

Under the settlement's terms, DoubleClick was required to explain its privacy policy in "easy-to-read" language; conduct a public information campaign consisting of 300 million banner ads inviting consumers to learn more about protecting their privacy; and institute data purging and opt-in procedures among other requirements.