- 1 2 3 4 5 6 7 8 UNITED STATES DISTRICT COURT 9 EASTERN DISTRICT OF CALIFORNIA 10 ----oo0oo---- 11 12 DEREK MASTEL, individually and No. 2:21-cv-00124 WBS KJN on behalf of all others 13 similarly situated, 14 Plaintiff, ORDER RE: DEFENDANTS’ MOTIONS TO DISMISS 15 v. 16 MINICLIP SA; APPLE INC., 17 Defendants. 18 19 ----oo0oo---- 20 Plaintiff Derek Mastel brought this putative class 21 action against defendants Miniclip SA (“Miniclip”) and Apple Inc. 22 (“Apple”), claiming that they violated the California Invasion of 23 Privacy Act (“CIPA”), Cal. Penal Code § 631, and California’s 24 Unfair Competition Law (“UCL”), Cal. Bus. & Prof. Code § 17200, 25 and invaded his privacy under the California Constitution via an 26 app developed by Miniclip for use on Mastel’s iPhone. (See 27 generally Compl. (Docket No. 1).) Mastel’s complaint also brings 28 a claim under the Federal Stored Communications Act (“SCA”), 18 1 U.S.C. §§ 2701, solely against Miniclip. (Compl. ¶ 62.) 2 Defendants now move to dismiss plaintiff’s claims in their 3 entirety. (See Apple’s Mot. to Dismiss (Docket No. 8); 4 Miniclip’s Mot. to Dismiss (Docket No. 21).) 5 I. Factual Background 6 Miniclip is a developer of videogames that can be 7 played on web browsers or downloaded as mobile applications and 8 played on various electronic devices, including iPhones. (Compl. 9 ¶¶ 5, 14.) This case centers around one of Miniclip’s iPhone 10 games known as 8 Ball Pool. (See Compl. ¶¶ 1-3.) 11 Apple manufactures and sells iPhones. (Compl. ¶ 10.) 12 All iPhones run on an operating system known as iOS. (Id.) One 13 feature of iOS that is relevant to this case is the “Pasteboard,” 14 which is similar to the copy-paste function on a computer. 15 (Compl. ¶ 11.) Pasteboard allows the user to copy text while 16 using one application and paste it into another application. 17 (Id.) For instance, as noted in the complaint, a user might 18 “copy an Internet address from a web browser to the Pasteboard 19 and paste the Internet address in a text message.” (Id.) 20 The Pasteboard itself only saves one set of copied text 21 at a time; as soon as a user copies another set of text, any 22 previously saved text is deleted. (Compl. ¶ 12.) However, Apple 23 authorizes mobile applications to view, copy, and save the text 24 stored in the Pasteboard any time the user opens the application. 25 (Compl. ¶¶ 12, 17) Thus, a mobile application developer may 26 program its application to save and compile a library of text 27 that iPhone users have copied into the Pasteboard while the 28 application is open. (Compl. ¶¶ 12, 17-18.) 1 Mastel downloaded 8 Ball Pool onto his iPhone in 2013. 2 (Compl. ¶ 22.) Mastel alleges that 8 Ball Pool accessed the 3 Pasteboard on his iPhone each time he opened the application, 4 without his knowledge or consent. (Compl. ¶¶ 24, 29.) 5 Mastel’s complaint provides a screenshot of 8 Ball Pool’s “device 6 log,” which provides a list of the functions performed by the 7 application with corresponding timestamps in chronological order. 8 (Compl. ¶ 19.) The device log purportedly shows 8 Ball Pool 9 requesting access to and reading the contents of the Pasteboard. 10 (See id.) 11 Mastel does not specifically allege how many times he 12 opened 8 Ball Pool over the eight-year period it has been on his 13 iPhone, or what information was on the Pasteboard each time he 14 opened it. (See id.) Rather, he alleges that, since he 15 downloaded 8 Ball Pool in 2013, he “has copied numerous sets of 16 text” into the Pasteboard, including his name, email, phone 17 number, and address, addresses of friends and relatives, and 18 personal and private messages that have been sent to friends and 19 relatives. (Compl. ¶ 23.) Mastel alleges that Miniclip had 20 access to all of the data stored in the 8 Ball Pool application. 21 (Compl. ¶¶ 26-27.) 22 II. Discussion 23 Federal Rule of Civil Procedure 12(b)(6) allows for 24 dismissal when the plaintiff’s complaint fails to state a claim 25 upon which relief can be granted. See Fed. R. Civ. P. 12(b)(6). 26 The inquiry before the court is whether, accepting the 27 allegations in the complaint as true and drawing all reasonable 28 inferences in the plaintiff’s favor, the complaint has stated “a 1 claim to relief that is plausible on its face.” Bell Atl. Corp. 2 v. Twombly, 550 U.S. 544, 570 (2007). “The plausibility standard 3 is not akin to a ‘probability requirement,’ but it asks for more 4 than a sheer possibility that a defendant has acted unlawfully.” 5 Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009). “Threadbare 6 recitals of the elements of a cause of action, supported by mere 7 conclusory statements, do not suffice.” Id. Although legal 8 conclusions “can provide the framework of a complaint, they must 9 be supported by factual allegations.” Id. at 679. 10 A. California Invasion of Privacy Act 11 Mastel’s first claim is that defendants violated 12 § 631(a) of the CIPA, which addresses “wiretapping.” (See Compl. 13 ¶¶ 39-51); Cal. Penal Code § 631(a). Section 631(a) imposes 14 liability upon 15 Any person who, by means of any machine, instrument, or contrivance, or in any other 16 manner, intentionally taps, or makes any unauthorized connection, whether physically, 17 electrically, acoustically, inductively, or otherwise, with any telegraph or telephone 18 wire, line, cable, or instrument, including the wire, line, cable, or instrument of any 19 internal telephonic communication system, or who willfully and without the consent of all 20 parties to the communication, or in any unauthorized manner, reads, or attempts to 21 read, or to learn the contents or meaning of any message, report, or communication while 22 the same is in transit or passing over any wire, line, or cable, or is being sent from, 23 or received at any place within this state; or who uses, or attempts to use, in any 24 manner, or for any purpose, or to communicate in any way, any information so 25 obtained . . . . 26 Id. 27 The California Supreme Court has explained that this 28 lengthy provision contains three operative clauses covering 1 “three distinct and mutually independent patterns of conduct”: 2 (1) “intentional wiretapping,” (2) “willfully attempting to learn 3 the contents or meaning of a communication in transit over a 4 wire,” and (3) “attempting to use or communicate information 5 obtained as a result of engaging in either of the two previous 6 activities.” Tavernetti v. Superior Court, 22 Cal. 3d 187, 192 7 (Cal. 1978); accord In re Google Inc., No. 13-MD-02430-LHK, 2013 8 WL 5423918, at *15 (N.D. Cal. Sept. 26, 2013). Section 631(a) 9 further contains a fourth basis for liability, for anyone “who 10 aids, agrees with, employs, or conspires with any person or 11 persons to unlawfully do, or permit, or cause to be done any of 12 the” other three bases for liability. Cal. Penal Code § 631(a). 13 As an initial matter, Mastel concedes in his opposition 14 that he has only brought his § 631(a) claim against Apple under 15 the fourth clause. (Pl.’s Opp’n at 3.) Thus, while Mastel 16 argues that Miniclip may be found liable under any of § 631(a)’s 17 four clauses, Apple may only be liable if the court finds that it 18 “aid[ed], agree[d] with,” or “conspire[d]” with Miniclip to 19 violate § 631(a). 20 1. Intentional Wiretapping 21 Beginning with § 631(a)s’ first clause, in order to 22 plausibly state a claim, Mastel must allege that Miniclip 23 “intentionally tap[ped], or ma[de] any unauthorized connection . 24 . . with any telegraph or telephone wire, line, cable, or 25 instrument . . . .” Cal. Penal Code § 631(a). Miniclip argues 26 that Mastel’s allegations are insufficient because, at most, they 27 show that the 8 Ball Pool App tapped or made an unauthorized 28 connection with the iOS Pasteboard, which is not a “telegraph or 1 telephone wire, line, cable, or instrument.” (Miniclip Mot. to 2 Dismiss at 4-5; FAC ¶¶ 22-25.) 3 Mastel cites to several decisions by federal courts 4 interpreting the CIPA for the proposition that the statute should 5 be read broadly to encompass new technologies that have developed 6 since its enactment. See Matera v. Google Inc., No. 15-CV-04062- 7 LHK, 2016 WL 8200619, *19 (N.D. Cal. Aug. 12, 2016) (“[T]he 8 California Supreme Court has construed CIPA in accordance with 9 the interpretation that provides the greatest privacy 10 protection.”); In re Google Inc., No. 13-MD-02430-LHK, 2013 WL 11 5423918, *21 (N.D. Cal. Sep. 26, 2013) (noting that the 12 California Supreme Court “regularly reads statutes to apply to 13 new technologies where such a reading would not conflict with the 14 statutory scheme”); Revitch v. New Moosejaw, LLC, No. 18-cv- 15 06827-VC, 2019 WL 5485330 (N.D. Cal. Oct. 23, 2019). 16 While it is true that several federal courts 17 interpreting the CIPA have held that the statute may apply to 18 technologies beyond telephones or telegraphs, those holdings have 19 largely been limited to the statute’s second clause, which 20 prohibits persons from reading, or attempting to read, the 21 “contents or meaning of any message, report, or communication 22 while the same is in transit or passing over any wire, line, or 23 cable” without consent or authorization. See Matera, 2016 WL 24 8200619, at *18 (finding that § 631(a)’s first prong is “limited 25 to communications passing over ‘telegraph or telephone’ wires, 26 lines, or cables”); In re Google Inc., 2013 WL 5423918, at *20 27 (explaining that the first prong of CIPA is “limited to 28 communications passing over ‘telegraphic or telephone’ wires, 1 lines, or cables”); accord In re Google Assistant Priv. Litig., 2 457 F. Supp. 3d 797, 979, 826 (N.D. Cal. 2020) (“Google 3 Assistant”) (holding that CIPA claim under first clause must be 4 dismissed if allegations do not show that technology at issue 5 “operates using telegraph or telephone wires”). 6 At oral argument, counsel for Mastel cited New Moosejaw 7 for the proposition that § 631(a)’s first prong may apply to 8 technologies beyond telephones or telegraphs. See New Moosejaw, 9 LLC, 2019 WL 5485330, at **1-2. In New Moosejaw, however, the 10 court simply assumed that § 631(a) could apply to customer 11 interactions with a website, and instead focused its analysis on 12 whether such interactions constitute a “communication” under the 13 statute. See id. Though the court did not specify which clause 14 of § 631(a) it was analyzing, the word “communication” only 15 appears in § 631(a)’s second clause. See Cal. Penal Code 16 § 631(a). It is therefore unlikely that New Moosejaw intended to 17 implicitly hold that § 631(a)’s first clause may apply to new 18 technologies like the internet. See id. Moreover, in a 19 supplemental response filed two days after the hearing, counsel 20 for Mastel conceded that New Moosejaw does not support his 21 argument that Miniclip may be held liable under § 631(a)’s first 22 clause. (See Docket No. 37.) The court will therefore follow 23 the overwhelming weight of authority requiring a plaintiff to 24 plausibly allege that a defendant intentionally tapped or made an 25 unauthorized connection with a “telegraph or telephone wire, 26 line, cable, or instrument” to state a claim under § 631(a)’s 27 first clause. Cal. Penal Code § 631(a) (emphasis added). 28 Mastel’s complaint plainly does not involve any 1 allegations concerning “telephone wires, lines, or cables.” (See 2 generally Compl.) Mastel contends, however, that the Pasteboard 3 falls within the text of the statutory prohibition because it may 4 be considered a “telephone instrument.” (See Pl.’s Opp’n at 4.) 5 Mastel cites dictionary.cambridge.org for the following 6 definition of “instrument”: “a tool or other device used for 7 doing a particular piece of work.” (Id. (citing INSTRUMENT, 8 https://dictionary.cambridge.org/us/dictionary/English/instrument 9 ).) Because the Pasteboard is a “tool or device” exclusive to 10 iPhones, Mastel contends, it qualifies as a “telephone 11 instrument.” (See FAC ¶¶ 10-11.) 12 The court rejects this argument. Although iPhones 13 contain the word “phone” in their name, and have the capability 14 of performing telephonic functions, they are, in reality, small 15 computers. iPhones contain a complex operating system which 16 allows the user to download mobile applications that perform 17 functions well beyond and unrelated to those of a telephone. 18 (See Compl. ¶¶ 10-15.) The Pasteboard, which permits iPhone 19 users to copy and paste text from one application to another, is 20 a feature of the portion of the iPhone that functions as a 21 computer, not the phone. (Compl. ¶ 11.) While Pasteboard may 22 enable an iPhone user to paste a phone number into the phone 23 application, labeling it a “telephone instrument” for this reason 24 would be analogous to calling a pen and paper “telephone 25 instruments” because they allow a caller to write down a phone 26 number before dialing. The court therefore finds that § 631(a)’s 27 first clause does not apply to Miniclip’s conduct as alleged in 28 the complaint. See Cal. Penal Code § 631(a). 1 2. Willfully Attempting to Learn the Contents of Communications in Transit Over a Wire 2 3 Under § 631(a)’s second clause, Mastel must allege that 4 Miniclip “willfully and without the consent of all parties to the 5 communication, or in any unauthorized manner, read[], or 6 attempt[ed] to read, or to learn the contents or meaning of any 7 message, report, or communication while the same [was] in transit 8 or passing over any wire, line, or cable, or [was] being sent 9 from, or received at any place within [California].” Id. 10 As discussed above, unlike § 631(a)’s first clause, 11 courts interpreting the second clause have generally held that it 12 is not limited to communications sent via telephone or telegram 13 wire, line, or cable. See Matera, 2016 WL 8200619, at *18; In re 14 Google Inc., 2013 WL 5423918, at *20; Google Assistant, 457 F. 15 Supp. 3d at 826. However, these courts have also noted that the 16 second clause only imputes liability when the defendant reads, or 17 attempts to read, a communication that is “in transit or passing 18 over any wire, line, or cable, or is being sent from, or received 19 at any place within” California.” Id. (emphasis added); see also 20 Mireskandari v. Mail, No. CV 12-02943 MMM (FFMx), 2013 WL 21 12129559, *10 n.44 (C.D. Cal. July 30, 2013) (finding that 22 plaintiff had failed to plausibly allege CIPA claim under second 23 clause because complaint failed “plausibly to plead that NSC 24 intercepted any electronic communication while it was in transit; 25 at most, he alleges the illegal disclosure of data NSC held in 26 storage”). 27 Here, Mastel’s complaint does not contain any 28 allegations that Miniclip intercepted any communications while 1 they were “in transit,” as they were “passing over” a line, wire, 2 or cable, or as they were “being sent” or “received.” Cal. Penal 3 Code § 631(a). As the complaint alleges, text ends up in the 4 Pasteboard because the user copies it from another application. 5 (See Compl. ¶¶ 10-29.) The complaint does not allege that the 6 Pasteboard is in any way involved in or necessary to the iPhone’s 7 mechanism for sending or receiving communications such as text 8 messages or emails. (See id.) Thus, to the extent that Mastel’s 9 complaint alleges that the 8 Ball Pool application obtained the 10 content of his communications, this content could only have come 11 from previously-sent or previously-received communications that 12 Mastel chose to copy into the Pasteboard. There are simply no 13 allegations in the complaint that reasonably give rise to the 14 inference that the 8 Ball Pool App ever read or learned the 15 contents of a communication while the communication was in 16 transit, or in the process of being sent or received. See Iqbal, 17 556 U.S. at 678. 18 Mastel next argues that the CIPA’s second clause may be 19 satisfied because he has adequately alleged that the Pasteboard 20 performs a “transitory electronic storage” function. Citing two 21 cases interpreting the analogous Federal Wiretap Act, In re 22 Carrier IQ, Inc., 78 F. Supp. 3d 1057, 1081 (N.D. Cal. 2015) 23 (“Carrier IQ”) and United States v. Councilman, 418 F.3d 67, 79 24 (1st Cir. 2005), Mastel contends that some courts have concluded 25 that a defendant “intercepts” a communication when he acquires it 26 from “transitory electronic storage” that is part of the overall 27 message transmission process. 28 While some cases have looked to the Federal Wiretap Act 1 for guidance in evaluating claims under the CIPA, see, e.g., In 2 re Facebook, Inc. Internet Tracking Litigation, 956 F.3d 589, 3 606-07 (9th Cir. 2020) (“Facebook Tracking”), the court does not 4 find Mastel’s reliance on those cases to be persuasive in the 5 context of this case. As Carrier IQ itself notes, the Ninth 6 Circuit has expressly held that, for an electronic communication 7 to be “intercepted,” it must have been “acquired during 8 transmission, not while it is in electronic storage.” Konop v. 9 Hawaiian Airlines, Inc., 302 F.3d 868, 878 (9th Cir. 2002). 10 Thus, even to the extent the Pasteboard does perform transitory 11 storage functions, the Ninth Circuit’s interpretation of the 12 Federal Wiretap Act only reinforces the court’s conclusion that 13 the crucial question under § 631(a)’s second clause is whether 14 Mastel has plausibly alleged that Miniclip read one of his 15 communications while it was still in transit, i.e., before it 16 reached its intended recipient. See Mireskandari, 2013 WL 17 12129559, at *10 n.44. Because the complaint fails to do so, the 18 court finds that his complaint fails to state a claim against 19 Miniclip under § 631(a)’s second clause. 20 Because the court concludes that Mastel has failed to 21 state a claim under either clause 1 or 2, his claim that Miniclip 22 violated § 631(a)’s third clause fails as a matter of law. See 23 Google Assistant, 457 F. Supp. 3d at 827 (“Plaintiffs must 24 establish that the information at issue . . . was obtained 25 through a violation of the first or second clauses. Because 26 plaintiffs have not done so, they also have failed to plead a 27 violation of the third clause.”). Likewise, because Mastel has 28 failed to establish an underlying violation, Mastel cannot 1 maintain a claim against Apple under the fourth clause because 2 none of the alleged conduct that Apple allegedly “agreed to” or 3 “aided” violated § 631(a). See Cal. Penal Code § 631(a). 4 Accordingly, the court will dismiss plaintiff’s first 5 claim against defendants for violations of the CIPA § 631(a). 6 B. Right to Privacy under the California Constitution 7 Mastel next claims that defendants’ behavior violated 8 his right to privacy under the California Constitution. To state 9 a claim under the California constitutional right to privacy, a 10 plaintiff “must show that (1) [he] possess[es] a legally 11 protected privacy interest, (2) [he] maintain[s] a reasonable 12 expectation of privacy, and (3) the intrusion is ‘so serious . . 13 . as to constitute an egregious breach of the social norms’ such 14 that the breach is ‘highly offensive.’” In re Facebook, Inc. 15 Internet Tracking Litigation, 956 F.3d 589, 601 (9th Cir. 2020) 16 (“Facebook Tracking”) (quoting Hernandez v. Hillsides, Inc., 47 17 Cal. 4th 272, 286 (Cal. 2009)). 18 1. Standing 19 Miniclip first argues that Mastel lacks standing to 20 pursue his claim for violation of his right to privacy under the 21 California Constitution. (Miniclip Mot. to Dismiss at 10.) 22 “Where standing is raised in connection with a motion to dismiss, 23 the court is to ‘accept as true all material allegations of the 24 complaint, and . . . construe the complaint in favor of the 25 complaining party.’” Facebook Tracking, 956 F.3d at 601 (quoting 26 Levine v. Vilsack, 587 F.3d 986, 991 (9th Cir. 2009)). 27 To establish standing, a “[p]laintiff must have (1) 28 suffered an injury in fact, (2) that is fairly traceable to the 1 challenged conduct of the defendant, and (3) that is likely to be 2 redressed by a favorable judicial decision.” Spokeo v. Robins, 3 578 U.S. 330, 336 (2016). To establish an injury in fact, a 4 plaintiff must show that he or she suffered “an invasion of a 5 legally protected interest” that is “concrete and 6 particularized.” Id. at 337 (quoting Lujan v. Defs. of Wildlife, 7 504 U.S. 555, 560 (1992)). A concrete injury is one that is 8 “real and not abstract.” Id. 9 In a recent decision, TransUnion LLC v. Ramirez, 594 10 U.S. --, -- S. Ct. --, 2021 WL 2599472 (Jun. 25, 2021), the 11 Supreme Court provided additional guidance to lower courts tasked 12 with assessing whether a plaintiff’s alleged harm is adequately 13 “concrete” so as to confer Article III standing. See TransUnion, 14 2021 WL 2599472, at *7. The Court explained that, while certain 15 harms, such as physical and monetary harms, “readily qualify as 16 concrete injuries under Article III,” other intangible injuries, 17 such as “reputational harms, disclosure of private information, 18 and intrusion into seclusion,” may nevertheless qualify as 19 “concrete” as well, even though they are harder to discern. Id. 20 (citing Spokeo, 578 U.S. at 340-41). 21 The Court noted that the chief examples of such 22 intangible injuries that are nevertheless “concrete” are those 23 “with a close relationship to harms traditionally recognized as 24 providing a basis for lawsuits in American courts.” Id. It also 25 explained that, though the view of Congress may be instructive in 26 the sense that it may “elevate to the status of legally 27 cognizable injuries concrete, de facto injuries that were 28 previously inadequate in law,” Congress may not “simply enact an 1 injury into existence, using its lawmaking power to transform 2 something that is not necessarily harmful into something that 3 is.” Id. (citing Spokeo, 578 U.S. at 341). 4 Applying these principles to the case before it, the 5 Court held that certain members of the putative class had failed 6 to allege that TransUnion had caused them a “concrete” injury 7 when it failed to use reasonable procedures to ensure the 8 accuracy of their credit files. Id. at *14. Though Congress had 9 enacted a statute authorizing the plaintiffs to sue when a credit 10 reporting agency negligently created inaccurate credit files, and 11 TransUnion had concededly violated the terms of that statute, the 12 Court held that the plaintiffs had not alleged a concrete injury 13 because TransUnion had not disseminated the inaccurate credit 14 files to any third parties. See id. at **11-14. 15 Miniclip argues that Mastel has similarly failed to 16 adequately allege an injury in fact because he offers only a 17 “conclusory assertion of a privacy violation.” (Miniclip Mot. to 18 Dismiss at 10.) Miniclip contends that, without some allegation 19 that it shared or otherwise published Mastel’s private 20 information, such that it became known to a third party, Mastel 21 has not adequately alleged a “concrete” harm that resulted from 22 Miniclip’s alleged invasion of his privacy. (Miniclip Reply at 23 6-7 (Docket No. 30) (citing TransUnion, 2021 WL 2599472, at *3.) 24 The court finds TransUnion to be distinguishable from 25 this case, however, because TransUnion involved a fundamentally 26 different type of alleged injury than the one here. TransUnion 27 concerned a violation of a statute which the Supreme Court 28 analogized to the common law tort of defamation. See TransUnion, 1 2021 WL 2599472, at *10. The Court held that the plaintiffs had 2 not alleged a “concrete” harm because “publication is ‘essential 3 to liability’ in a suit for defamation.” Id. at *11 (quoting 4 Restatement of Torts § 577, Comment a, at 192). 5 By contrast, the closest historical analogue to 6 plaintiff’s invasion of privacy claim under the California 7 Constitution is not defamation, but other “invasion of privacy” 8 torts such as intrusion upon seclusion. Facebook Tracking, 956 9 F.3d at 598 (“[V]iolations of the right to privacy have long been 10 actionable at common law.”). The Ninth Circuit has expressly 11 noted that, because the right to privacy “encompasses the 12 individual’s control of information concerning his or her 13 person,” allegations that a company has violated a plaintiff’s 14 right to privacy under the California Constitution by collecting 15 personal information without the plaintiff’s consent involve a 16 sufficiently “concrete” injury, even if there are no additional 17 allegations of publication, because the invasion itself causes 18 harm to the plaintiff’s interest in controlling the information. 19 Id.; see also Eichenberger v. ESPN, Inc., 876 F.3d 979, 983 (9th 20 Cir. 2017) (““privacy torts do not always require additional 21 consequences to be actionable . . . [in] the tort of intrusion 22 upon seclusion . . . the ‘intrusion itself’ makes the defendant 23 liable” (citing Restatement (Second) of Torts § 652B cmt. b. (Am. 24 Law Inst. 1977))). 25 Though Facebook Tracking and Eichenberger were decided 26 before TransUnion, they are not overruled by TransUnion. 27 TransUnion involved a claim akin to defamation, not invasion of 28 privacy. The court therefore finds Facebook Tracking and 1 Eichenberger to be more on point, and rejects Miniclip’ argument 2 that plaintiff must necessarily allege that it shared or 3 otherwise disseminated his private information in order to 4 satisfy Article III’s standing requirement. 5 2. Egregious Breach of Social Norms 6 Next, both Apple and Miniclip argue that, even if 7 Mastel has standing to pursue an invasion of privacy claim 8 against them under the California Constitution, any alleged 9 intrusion by Miniclip into the iPhone’s Pasteboard fails to 10 satisfy the third element of an invasion of privacy claim because 11 it does not rise to the level of an “egregious breach of social 12 norms” that is “highly offensive.” Facebook Tracking, 956 F.3d 13 at 601. 14 As an initial matter, the court recognizes that 15 questions of whether conduct is “egregious,” “offensive,” or 16 violates “social norms” tend by their very nature to be 17 subjective determinations about which reasonable jurists may 18 differ. As such, these questions are typically more 19 appropriately resolved by a jury. Social norms, as reflections 20 of contemporary community values, necessarily change over time. 21 What was “egregious” or “offensive” at one time and place may be 22 completely unobjectionable, or even laudable, in another. 23 “That the jury provides a better link to community 24 values than does a single judge is supported not only by our 25 cases, but also by common sense.” Spaziano v. Florida, 468 U.S. 26 447, 486 (1984) (Stevens, J., concurring). “Juries--comprised as 27 they are of a fair cross section of the community--are more 28 representative institutions of the community as a whole, and 1 inevitably make decisions based on community values more 2 reliably, than can that segment of the community that is selected 3 for service on the bench.” Id. Indeed, as Justice Gorsuch 4 recently observed, judges are “hardly the representative group 5 you’d expect (or want) to be making empirical judgments” as to 6 what values society at large holds. Carpenter v. United States, 7 138 S. Ct. 2206, 2265 (2018) (Gorsuch, J., dissenting). 8 “Politically insulated judges come armed with only the attorneys' 9 briefs, a few law clerks, and their own idiosyncratic experiences 10 . . . [u]nsurprisingly, too, judicial judgments often fail to 11 reflect public views.” Id. 12 For those reasons, if the court were left to rely only 13 upon its own subjective opinion, without any objective criteria 14 from the statutes or caselaw defining what constitutes 15 “egregious,” or “highly offensive” conduct in breach of “social 16 norms”, it would be hesitant to make such determination at the 17 motion to dismiss stage. See In re Facebook, Inc., Consumer 18 Privacy User Profile Litigation, No. 18-MD-02843-VC, 2019 WL 19 4261048, at *17. 20 However, in the context of claims under the California 21 Constitution for invasion of privacy, the California courts have 22 provided some clear and objective guidance as to the trial 23 courts’ role in applying those terms at the pleading stage. In 24 Loder v. City of Glendale, 14 Cal. 4th 846, 893 (Cal. 1997), the 25 California Supreme Court instructed that courts have a role to 26 play in “weed[ing] out claims that involve so insignificant or de 27 minimus an intrusion on a constitutionally protected privacy 28 interest as not even to require an explanation or justification 1 by the defendant.” “No community could function if every 2 intrusion into the realm of private action, no matter how slight 3 or trivial, gave rise to a cause of action for invasion of 4 privacy.” Hill v. Nat’l Collegiate Athletic Ass’n, 7 Cal. 4th 1, 5 37 (Cal. 1994). Accordingly, if the “undisputed material facts 6 show . . . an insubstantial impact on privacy interests, the 7 question of invasion may be adjudicated as a matter of law.” Id. 8 at 40. 9 Miniclip cites to no less than twelve cases in which 10 courts have dismissed an invasion of privacy claim under the 11 California Constitution at the pleading stage. (See Miniclip 12 Mot. to Dismiss at 10-12.) While no hard-and-fast rule has been 13 set out for determining when an alleged invasion of privacy is 14 “sufficiently serious in [its] nature, scope, and actual or 15 potential impact to constitute an egregious breach of the social 16 norms underlying the privacy right,” Hill, 7 Cal. 4th at 37, one 17 important factor that courts often rely on is whether the 18 plaintiff alleges that the defendant used the private or 19 confidential information obtained for some improper purpose. 20 In Gonzales v. Uber Technologies, Inc., for instance, 21 the court held that the plaintiff had failed to state a claim 22 under the California Constitution against Uber because, while he 23 had alleged that Uber obtained his name and home address, “there 24 [were] no allegation[s] as to what Uber did, if anything, with 25 this information.” 305 F. Supp. 3d 1078, 1092 (N.D. Cal. 2018). 26 “Without more allegations as to what, if anything, Uber did with 27 this information, plaintiff has not plausibly alleged a serious 28 invasion of privacy.” Id. at 1093. 1 Similarly, in White v. Social Security Administration, 2 applying California law, a federal district court held that 3 plaintiff’s invasion of privacy claim failed because, while the 4 plaintiff had alleged that the defendant had “made unauthorized 5 photocopies of identity documents, without any allegation that he 6 sold, distributed, or otherwise improperly used the information,” 7 the plaintiff had failed to adequately allege a sufficiently 8 serious invasion of privacy. 111 F. Supp. 3d 1041, 1053 (N.D. 9 Cal. 2015). Even in Folgelstrom v. Lamps Plus, Inc., where the 10 plaintiff had alleged that the defendant had obtained his name 11 and zip code through misrepresentation and then used this 12 information to obtain his address so that it could send him 13 mailed advertisements, the court dismissed the plaintiff’s claim 14 because the alleged use was “not an egregious breach of social 15 norms, but routine commercial behavior.” 195 Cal. App. 4th 986, 16 992 (2d Dist. 2011) (“[W]e have found no case which imposes 17 liability based on the defendant obtaining unwanted access to the 18 plaintiff's private information which did not also allege that 19 the use of plaintiff's information was highly offensive.”). 20 In this case, Mastel has not alleged that Miniclip or 21 Apple used his information for any purpose at all, much less a 22 purpose that could plausibly constitute an egregious breach of 23 social norms. Though Mastel alleges that Miniclip has access to 24 all of the data collected in the 8 Ball Pool application, 25 including the information collected from his Pasteboard, he does 26 not allege that Miniclip “sold, distributed, or otherwise 27 improperly used the information.” See White, 111 F. Supp. 3d at 28 1053. Nor has he even alleged that defendants intended to use 1 his information for any purpose. Mastel’s counsel also admitted 2 at oral argument that the complaint does not even allege that 3 Miniclip compiled or otherwise collected information from 8 Ball 4 Pool to form any sort of data library that would correspond with 5 individual users. 6 Another factor that some courts have relied on is the 7 “pervasiveness” of the alleged invasion. In Facebook Tracking, 8 the Ninth Circuit held that the plaintiffs had adequately pled a 9 claim for invasion of privacy where they had alleged that 10 Facebook used internet browser plug-ins to track which websites 11 they visited, even after they had logged out of Facebook. 956 12 F.3d 589, 596 (9th Cir. 2020). Not only did Facebook Tracking 13 involve allegations that Facebook compiled this information into 14 personal user profiles and sold those profiles to advertisers to 15 generate revenue, the Ninth Circuit specifically distinguished 16 the case from other invasion of privacy claims which had been 17 dismissed at the pleading stage because the Facebook Tracking 18 plaintiffs had alleged that Facebook’s invasion of privacy 19 continued even after they had ceased using the application. Id. 20 at 606 n.8 (citing cases). 21 Much like the cases the Ninth Circuit sought to 22 distinguish, Mastel does not allege that 8 Ball Pool continued to 23 view or copy the contents of his Pasteboard after he had closed 24 the application. (See Compl. ¶¶ 22-25.) This case therefore 25 does not present the sort of “pervasive” invasion of privacy that 26 led the court in Facebook Tracking to conclude that the 27 plaintiffs had adequately stated a California constitutional 28 claim for invasion of privacy. See Facebook Tracking, 956 F.3d 1 at 606 n.8. 2 Finally, some courts have held that the information 3 obtained by the defendant may itself be so sensitive or private 4 that the alleged intrusion alone suffices to state a claim. 5 However, these cases almost always involve information which is 6 clearly more private or sensitive that that at issue in this 7 case. See Hill, 7 Cal. 4th at 40-41 (holding that plaintiffs had 8 stated a claim for invasion of privacy against NCAA based on 9 requirement that athletes provide urine samples under closely 10 monitored conditions, thus implicating “a human bodily function 11 that by law and social custom is generally performed in private 12 and without observers”); Goodman v. HTC America, Inc., 2012 WL 13 2412070, *15 (W.D. Wash. 2012) (holding collection of continuous 14 geolocation data sufficient under California Constitution because 15 such data may reveal private information such as “trips to the 16 psychiatrist, the plastic surgeon, the abortion clinic, the AIDS 17 treatment center, the strip club, the criminal defense attorney, 18 the by-the-hour motel, union meeting, mosque, synagogue or 19 church, the gay bar and on and on” (quoting United States v. 20 Jones, 565 U.S. 400, 415 (2012) (Sotomayor, J., concurring)). 21 Even “highly personal information, including social security 22 numbers, does not ‘approach [the] standard’ of actionable conduct 23 under the California Constitution and thus does not constitute a 24 violation of” a plaintiff’s right to privacy. In re iPhone 25 Application Litig., 844 F. Supp. 2d 1040, 1063 (N.D. Cal. 2012) 26 (citing Ruiz v. Gap, Inc., 540 F. Supp. 2d 1121, 1128 (N.D. Cal. 27 2008)). 28 The allegations in Mastel’s complaint do not approach 1 this standard. Mastel offers only the broad allegation that the 2 8 Ball Pool application read text that had been copied onto his 3 Pasteboard, which may have included his contact information, 4 addresses for his friends and relatives, or text from messages 5 that he had sent to friends and relatives, depending on what was 6 in his Pasteboard at the time whenever he opened the application 7 over an eight year timespan. (Compl.¶¶ 22-23.) He does not 8 specify what the content of any of those messages were, what 9 contact information 8 Ball Pool had access to, which friends or 10 relatives’ contact information was obtained, or even point to 11 specific communications that he copied from. (See id.) He 12 provides no indication of the sensitivity of the communications 13 at issue other than a conclusory assertion that they were 14 “personal and private.” (Id.) Accordingly, even based on the 15 undisputed allegations presented in the complaint, the court has 16 no basis to conclude that any of the information Miniclip 17 allegedly obtained even rises to the level of sensitivity of a 18 social security number, which itself has been held to be 19 inadequate under the California Constitution without some 20 additional unauthorized use or harm. See Ruiz, 540 F. Supp. 2d 21 at 1128. 22 Mastel points to one case, Opperman v. Path, Inc., in 23 which a federal district court held that iPhone users’ personal 24 contact lists could be considered “highly offensive” such that 25 the plaintiff could state a claim for invasion of privacy based 26 solely on allegations that phone applications had accessed the 27 information without permission. See 87 F. Supp. 1018, 1062 (N.D. 28 Cal. 2014). The court finds Opperman to be distinguishable from 1 this case, however. Not only did Opperman involve a claim for 2 intrusion upon seclusion under California common law, rather than 3 a claim under the California Constitution, but the alleged 4 privacy violations at issue were so widespread and pervasive that 5 the Federal Trade Commission and Congress had already “closely 6 scrutinized the practices at issue . . . because of concerns that 7 the practices were inappropriate.” See Opperman v. Path, Inc., 8 87 F. Supp. 1018, 1062 (N.D. Cal. 2014). 9 Notwithstanding the authority cited by Mastel, the 10 weight of the case law indicates that his allegations simply do 11 not approach the sort of “egregious” or “highly offensive” 12 conduct which courts have typically permitted to proceed beyond 13 the motion to dismiss stage. See In re iPhone, 844 F. Supp. 2d 14 at 1063; Hill, 7 Cal. 4th at 40-41. The court therefore 15 concludes that Mastel has failed to state a claim against 16 Miniclip for invasion of privacy under the California 17 Constitution. Id. Furthermore, because Mastel seeks to hold 18 Apple responsible based solely on allegations that it knowingly 19 enabled Miniclip’s conduct, the court concludes that Mastel has 20 also failed to state a claim for invasion of privacy under the 21 California Constitution against Apple. 22 The court will therefore dismiss Mastel’s second claim 23 for invasion of privacy under the California Constitution. 24 C. Stored Communications Act 25 Next, Mastel claims that Miniclip’s conduct violated 26 the SCA, which provides a cause of action against a person who 27 “intentionally accesse[d] without authorization a facility 28 through which an electronic communication service is provided” or 1 “who intentionally exceed[ed] an authorization to access that 2 facility; and thereby obtain[ed], alter[ed], or prevent[ed] 3 authorized access to a wire or electronic communication while it 4 [wa]s in electronic storage in such system.” 18 U.S.C. 5 § 2701(a). In other words, to state a claim against Miniclip 6 under 18 U.S.C. § 2701(a), Mastel must show that Miniclip “(1) 7 gained unauthorized access to a ‘facility’ where it (2) accessed 8 an electronic communication in ‘electronic storage.’” Calhoun v. 9 Google LLC, -- F. Supp. 3d --, No. 20-CV-05146-LHK, 2021 WL 10 1056532, *13 (N.D. Cal. Mar. 17, 2021) (quoting Facebook 11 Tracking, 956 F.3d at 608). 12 It is questionable whether Mastel’s iPhone even 13 qualifies as a “facility” under the SCA. See Hildermann v. Enea 14 TekSci, Inc., 551 F. Supp. 2d 1183, 1204 (S.D. Cal. 2008) 15 (noting, without deciding the issue, that it is questionable 16 whether a laptop computer qualifies as a “facility”). Setting 17 this issue aside, however, Mastel’s claim fails because text 18 contained in the Pasteboard is not in “electronic storage” for 19 purposes of the SCA. See id. The SCA defines “electronic 20 storage” as “(A) any temporary, intermediate storage of a wire or 21 electronic communication incidental to the electronic 22 transmission thereof; and (B) any storage of such communication 23 by an electronic communication service for purposes of backup 24 protection of such communication.” 18 U.S.C. § 2510(17). 25 Courts interpreting subsection (A) have held that, 26 because this subsection only applies to messages in “temporary, 27 intermediate storage,” its coverage is limited to messages that 28 are in transit but which have not yet been delivered to their 1 intended recipient. See Theofel v. Farey-Jones, 359 F.3d 1066, 2 1075 (citing In re Doubleclick, Inc. Privacy Litig., 154 F. Supp. 3 2d 497 (S.D.N.Y. 2001)). For instance, subsection (A) may apply 4 to email messages stored on an internet service provider’s server 5 pending delivery to the recipient. See Doubleclick, 154 F. Supp. 6 2d at 511-12. But once the email reaches its intended recipient 7 and is stored on the recipient’s laptop, access does not violate 8 the SCA because it is no longer in “temporary, intermediate 9 storage.” See Hilderman, 551 F. Supp. 2d at 1205. 10 Plaintiff’s own complaint indicates that the Pasteboard 11 does not provide “temporary, intermediate storage” of a 12 communication “incidental to the electronic transmission 13 thereof.” Id. Pasteboard is merely a tool that allows iPhone 14 users to copy and paste text from one application to another. 15 (Compl. ¶ 11.) As discussed above, while text placed in the 16 Pasteboard may have originated from a previously-sent or 17 previously-received communication (i.e., a text message or 18 email), there is no allegation in Mastel’s complaint that 19 Miniclip was somehow able to access the contents of any of 20 Mastel’s communications as they were in transit or prior to their 21 delivery to an intended recipient. (See Compl. ¶¶ 10-29.) 22 Mastel’s allegations thus does not satisfy subsection (A) of the 23 SCA’s definition of “electronic storage.” See Hilderman, 551 F. 24 Supp. 2d at 1205. 25 Nor does accessing text in the Pasteboard fall under 26 subsection (B). Subsection (B) covers storage of communications 27 “by an electronic communication service for purposes of backup 28 protection” of the communication. 18 U.S.C. § 2510(17). Even 1 assuming Apple qualifies as an “electronic communications 2 service,” storage of text in the Pasteboard is plainly not for 3 “purposes of backup protection” of any communication. As Mastel 4 himself alleges, text is only stored in the Pasteboard 5 temporarily--as soon as the user copies a new piece of text, the 6 text previously held in the Pasteboard is deleted. (Compl. 7 ¶ 12.) 8 The court therefore finds that Mastel has failed to 9 allege a plausible violation of the SCA. Accordingly, the court 10 will dismiss Mastel’s third claim against Miniclip for violation 11 of the SCA. 12 D. California Unfair Competition Law 13 Finally, Mastel claims that Miniclip and Apple’s 14 conduct violated the California UCL, which prohibits “any 15 unlawful, unfair, or fraudulent business act or practice . . . .” 16 Clark v. Countrywide Home Loans, Inc., 732 F. Supp. 2d 1038, 1049 17 (E.D. Cal. 2010) (Wanger, J.) (quoting Hall v. Time, Inc., 158 18 Cal. App. 4th 847, 849 (4th Dist. 2008)); see also Cal. Bus. & 19 Prof. Code § 17200, et seq. In order to bring a UCL claim, a 20 plaintiff must have UCL standing, which is distinct from Article 21 III standing. See Ehret v. Uber Tech., Inc., 68 F. Supp. 3d 22 1121, 1132 (N.D. Cal. Sept. 17, 2014) (“[A] federal plaintiff's 23 [Article III] ‘injury in fact’ may be intangible and need not 24 involve lost money or property . . . a UCL plaintiff's ‘injury in 25 fact’ [must] specifically involve lost money or property.”) To 26 establish standing under the UCL, a plaintiff “must establish 27 that [he] (1) suffered an injury in fact and (2) lost money or 28 property as a result of the unfair competition.” Birdsong v. 1 Apple, Inc., 590 F.3d 955, 959 (9th Cir. 2009) (citing Cal. Bus. 2 & Prof. Code § 17204)). 3 Mastel has failed to satisfy the UCL’s standing 4 requirement because he has not alleged any economic injury as a 5 result of defendants’ conduct. In his opposition to Apple’s 6 motion to dismiss, Mastel argues that because he alleges that 7 defendants surreptitiously obtained his personal information, he 8 has “suffered a loss in the value of his personal information.” 9 (Pl.’s Opp’n to Apple’s Mot. to Dismiss at 12 (Docket No. 22).) 10 However, Mastel’s complaint never mentions or describes the 11 economic value of his personal information. (See generally 12 Compl.) Numerous courts have held that disclosure of personal 13 information alone does not constitute economic or property loss 14 sufficient to establish UCL standing, unless the plaintiff 15 provides specific allegations regarding the value of the 16 information. See, e.g., In re Yahoo! Inc. Customer Data Sec. 17 Breach Litig., No. 16-MD-02752-LHK, 2017 WL 3727318, *22 (N.D. 18 Cal. Aug. 30, 2017) (rejecting UCL standing to victims of data 19 breach who had failed to allege specific benefit-of-the-bargain 20 losses or out-of-pocket expenses); In re Facebook Privacy Litig., 21 791 F. Supp. 2d 705, 714 (N.D. Cal. 2011), aff’d 572 F. App’x 494 22 (9th Cir. 2014) (“A plaintiff’s ‘personal information does not 23 constitute property under the UCL.”); Archer v. United Rentals, 24 Inc., 195 Cal. App. 4th 807, 816 (2d Dist. 2011) (dismissing UCL 25 invasion of privacy claim because “plaintiffs have failed to 26 demonstrate how . . . unlawful collection and recordation of 27 personal information . . . translates into a loss of money or 28 property”). 1 All of the cases cited by Mastel are distinguishable 2 because they either relied on allegations of lost cash payments 3 or specific allegations as to the value of the personal 4 information at issue. See In re Yahoo!, 2017 WL 3727318, at 5 **21-22; In re Anthem Inc. Data Breach Litig., No. 15-MD-02617- 6 LHK, 2016 WL 3029783, *30 (N.D. Cal. May 27, 2016); Calhoun v. 7 Google LLC, --F. Supp. 3d--, No. 20-CV-05146-LHK, 2021 WL 8 1056532, **1-2 (N.D. Cal. Mar. 17, 2021). In Calhoun, for 9 instance, the plaintiffs devoted 50 paragraphs of their complaint 10 to detailing the economic value of their information, how that 11 value had been lost as a result of Google’s conduct, and how 12 Google profited by selling their data in a robust marketplace. 13 See Calhoun, Case No. 20-cv-05146, Compl. (Docket No. 1) ¶ 413 14 (“the unauthorized disclosure and taking of their personal 15 information which has value as demonstrated by its use and sale 16 by Google. Plaintiffs have suffered harm in the form of 17 diminution of the value of their private and personally 18 identifiable data and content”), ¶¶ 209-58 (describing the 19 “robust market” for the data Google allegedly collected and 20 monetized). 21 Moreover, Calhoun relied on cases that address Article 22 III standing, which, unlike UCL standing, does not necessarily 23 require plaintiffs to show economic harm. See Plaid, 2021 WL 24 1721177, at *14 n.8 (“This court disagrees with Calhoun. It 25 rests on four cases that address Article III standing, which is 26 different from UCL standing.”). In fact, in one of these cases, 27 while the Ninth Circuit held (in an unpublished memorandum 28 opinion) that the alleged dissemination of the plaintiffs’ 1 personal information and loss of “the sales value of that 2 information” sufficed to confer Article III standing, the court 3 expressly held that these allegations did not confer UCL standing 4 because the plaintiffs had “failed to allege that they ‘lost 5 money or property.’” See In re Facebook Privacy Litig., 572 F. 6 | App’x 494 (9th Cir. 2014). Because Mastel has failed to present 7 any allegations concerning the economic value of the personal 8 information allegedly obtained by defendants, the court will 9 dismiss Mastel’s fourth claim against defendants for violations 10 of the UCL. 11 IT IS THEREFORE ORDERED that defendants’ motions to 12 dismiss (Docket Nos. 8, 21) be, and the same hereby are, GRANTED. 13 | Dated: July 14, 2021 dette 7h. (LA. WILLIAM B. SHUBB 15 UNITED STATES DISTRICT JUDGE 16 17 18 19 20 21 22 23 24 25 26 27 28 29
Document Info
Docket Number: 2:21-cv-00124
Filed Date: 7/15/2021
Precedential Status: Precedential
Modified Date: 6/19/2024