216728 (E.D. Penn. Dec. 5, 2023), the plaintiffs, a group of website users, filed a class action alleging the defendants, Cabela's and Bass, allegedly intercepted their communications through session replay code on the companies' websites in violation of the Federal Wiretap Act, the Computer Fraud and Abuse Act, and state-specific statutes. The plaintiffs sought damages, restitution, and injunctive relief. The defendants filed a motion to dismiss the complaint pursuant to Rule 12(b)(1). The court granted the motion to dismiss. The defendants argued that the plaintiffs lacked Article III standing because they have not adequately shown concrete harm resulting from their website visits. The court agreed with the defendants, stating that the users did not plausibly allege a risk of future injury and emphasized that standing must be demonstrated for each claim and form of relief sought. The plaintiffs asserted that the interception itself, not just the lack of awareness, constituted an injury sufficient to confer standing. However, the court found that the users were not likely to suffer future harm as they were now aware of the alleged risks associated with browsing the websites. The court opined that the plaintiffs did not allege that the defendants disclosed highly sensitive personal information such as medical diagnosis information or financial data from banks or credit cards. Id . at *38. The court reasoned that the plaintiffs merely allege that the session replay code captured "mouse clicks, keystrokes, pages and content viewed." Id . The court concluded that the information would be no different than what any of defendants’ employees would have been able to observe if the plaintiffs had gone into a brick-and-mortar store and began browsing the inventory. Id . at *39. The court opined that the plaintiffs did not have a personal privacy interest in their shopping activity. The court dismissed with prejudice the claims of six named plaintiffs on the basis that they lacked standing because they did not purchase items on the websites or engage in activities prompting sensitive information disclosure. The court dismissed three users’ claims without prejudice and with leave to amend their claims, provided they alleged the disclosure of highly sensitive personal information during purchases that they made on the websites. For these reasons, the court granted the defendants’ motion to dismiss. In Minahan, et al. v. Google LLC, 2023 U.S. Dist. LEXIS 93207 (N.D. Cal. May 1, 2023), the plaintiffs filed a class action alleging that defendant violated the New York Video Consumer Privacy Act (NYVCPA) and the Minnesota Video Privacy Law (MVPL) by retaining users’ personally identifiable video rental history data. The defendant filed a motion to dismiss, and the court granted the motion. The defendant provided video hosting services through various platforms, and the plaintiffs argued that the defendant collected their personally identifiable information to facilitate video rentals and continued to retain this information. The defendant argued that the private rights of action provided by the NYVCPA and the MVPL only applied to the unlawful disclosure of such data, and not for its retention. The court discussed a similar case which concluded that the private rights of action under these statutes were meant to address the disclosure of video rental history information only. The court also noted that the Ninth Circuit generally held that when the language of a statute is directed toward the entity being regulated rather than the party seeking relief, there is no private right of action. The court further opined that the plaintiffs’ theory of damages, based solely on the retention of personally identifiable video rental data, was not sufficient to plead an actionable violation, and the legislative history of the statutes did not indicate any intent to create a private right of action for the unlawful retention of the data. For these reasons, the court granted the defendant ’ s motion to dismiss. In Esparza, et al. v. Lenox Corp., 2023 U.S. Dist. LEXIS 44552 (N.D. Cal. Mar. 16, 2023), the plaintiff filed a class action alleging that the defendant violated the California wiretapping statute when visitors to the defendant ’ s website used a chat feature. The plaintiff asserted that the website ’ s embedded code automatically intercepted, recorded, and created transcripts of chat conversations by a third-party vendor in real time, in violation of § 631(a) of the California Invasion of Privacy Act (CIPA). The defendant moved to dismiss the complaint pursuant to Rule 12(b)(6), and the court granted the motion. The plaintiff ’ s complaint asserted that the defendant violated all clauses of § 631(a), which deals with unauthorized wiretapping, eavesdropping, and the use of information obtained through these activities. However, the court found that the plaintiff ’ s claim failed because the defendant was a party to the chat conversation in question and parties to a conversation cannot eavesdrop on their own conversation according to California law. The court opined that the complaint only presented a vague assertion that an unidentified third party was eavesdropping in real-time, and the plaintiff failed to allege any specific facts to support the claim.
28
© Duane Morris LLP 2024
Duane Morris Privacy Class Action Review – 2024
Made with FlippingBook - professional solution for displaying marketing and sales documents online