Duane Morris Privacy Class Action Review – 2024

communications with the website in real time, and also could enable reenactments of a user ’ s visit to the website, and that these actions constituted actionable privacy violations under the provisions of the MWESA. Relying on the U.S. Supreme Court ’ s decision in TransUnion v. Ramirez, et al. , 141 S. Ct. 2190 (2021), the court rejected the plaintiff ’ s argument that a statutory violation alone is a concrete injury. The court opined that it must independently decide whether the plaintiff had suffered a concrete harm because the plaintiff “cannot automatically satisfy the injury-in-fact requirement whenever there is a statutory violation.” Id. at *5. Id. Accordingly, the court granted the defendant ’ s motion to dismiss. In Jones, et al. v. Ford Motor Co., 2023 U.S. App. LEXIS 28600 (9th Cir. Oct. 27, 2023), the plaintiffs filed a class action alleging that the defendant ’ s automobiles contained information systems that automatically downloaded, copied, and indefinitely stored the call logs and text messages of any cellphone connected to it, and that the vehicle owners could not access or delete their personal information once it had been stored. The plaintiffs asserted that their private communications were unlawfully recorded from cellphones and permanently stored in violation of the Washington Privacy Act (WPA). The plaintiff further contended that the information could be accessed by a third-party company such as Berla Corp., which sells software restricted to law enforcement, the military, civil and regulatory agencies, and private investigation service providers. Id. at *4. The district court previously had granted the defendant ’ s motion to dismiss on the basis that: (i) the plaintiffs failed to allege an injury to their “person,” “business,” or “reputation,” as required by the WPA, and (ii) that the defendant did not violate the WPA merely by manufacturing and selling vehicles with infotainment systems. Id. On appeal, the Ninth Circuit affirmed the district court ’ s ruling. The Ninth Circuit explained that the complaint stated that the vehicle ’ s system downloads all text messages and call logs from cellphones as soon as they are connected, and that the infotainment system permanently stored the private communications without the plaintiffs’ knowledge or consent. The Ninth Circuit found that the plaintiffs’ allegations plausibly alleged an Article III injury because they asserted a violation of a substantive privacy right. The Ninth Circuit thereby affirmed that the plaintiffs had standing to bring their claims. Additionally, the Ninth Circuit stated that in order to bring a claim under the WPA, the plaintiff must show that “a violation of [the WPA] has injured his or her business, his or her person, or his or her reputation. Any person so injured shall be entitled to actual damages . . . or liquidated damages.” Id. at *7. On appeal, the plaintiffs claimed that a violation of the WPA itself was an invasion of privacy that constituted a remediable injury. Id. The Ninth Circuit rejected this interpretation of the statute. It opined that the WPA expressly requires an injury to one ’ s business, person, or reputation, and thus an invasion of privacy, without more, is insufficient to meet the statutory injury requirements of the WPA. Accordingly, the Ninth Circuit affirmed the district court ’ s order granting the defendant ’ s motion to dismiss. In Katz-Lacabe, et al. v. Oracle America, Inc., 2023 U.S. Dist. LEXIS 61306 (N.D. Cal. Apr. 6, 2023), the plaintiffs filed a class action alleging that the defendant, a database management company, violated privacy and federal wiretap laws by illegally gathering and selling personal information of users. The defendant filed a motion to dismiss pursuant to Rule 12(b)(1) and Rule 12(b)(6), and the court granted in part and denied in part the motion. The plaintiffs specifically asserted that the defendant stored a vast number of detailed profiles, or digital “dossiers,” on millions of people worldwide and profited by selling the information to private and governmental entities. The plaintiffs contended that the defendant unlawfully gathered the personal information through its products. The plaintiffs brought claims for a privacy invasion under the California Constitution on behalf of the California sub-class; violation of the California Invasion of Privacy Act (CIPA) on behalf of the CIPA sub-class; violation of the Federal Wiretap Act on behalf of a sub- class; and unjust enrichment, unfair competition, declaratory judgment and intrusion upon seclusion under California common law on behalf of all classes. First, the court denied the motion to dismiss the invasion of privacy claims, because the plaintiffs’ claims extended to “sensitive health and personal safety information,” and race and politics, and such allegations of data collection went well beyond the “routine commercial behavior” of collecting contact information for sending advertisements. Id. at *21. The court agreed with the defendants that the plaintiffs lacked standing to bring a Unfair Competition Law (UCL) claim because California ’ s Business & Professional Code limits standing to those who “suffered injury in fact and ha[ve] lost money or property as a result of . . . unfair

30

© Duane Morris LLP 2024

Duane Morris Privacy Class Action Review – 2024

Made with FlippingBook - professional solution for displaying marketing and sales documents online