- 1 2 3 4 5 6 7 8 UNITED STATES DISTRICT COURT 9 SOUTHERN DISTRICT OF CALIFORNIA 10 Case No.: 22cv2012 DMS (MSB) DACIA THOMAS, individually and on 11 behalf of all others similarly situated, ORDER GRANTING DEFENDANT’S 12 Plaintiff, MOTION TO DISMISS v. 13 PAPA JOHNS INTERNATIONAL, INC., 14 D/B/A PAPA JOHNS, 15 Defendant. 16 17 18 On August 14, 2023, this Court granted in part and denied in part Defendant’s 19 motion to dismiss this case. (See ECF No. 26.) Specifically, the Court denied Defendant’s 20 motion to dismiss for lack of personal jurisdiction, and granted Defendant’s motion to 21 dismiss for failure to state a claim. Plaintiff’s claim under California’s Invasion of Privacy 22 Act was dismissed without leave to amend, but the Court granted Plaintiff leave to amend 23 to add specific facts to support her claim for invasion of privacy/intrusion upon seclusion. 24 Following that Order, Plaintiff filed a Second Amended Complaint realleging her intrusion 25 upon seclusion claim. Defendant now moves to dismiss that claim with prejudice, or at a 26 minimum, to dismiss Plaintiff’s requests for injunctive and equitable relief. 27 As stated in the Court’s previous order, a claim for intrusion upon seclusion has two 28 elements. “First, the defendant must intentionally intrude into a place, conversation, or 1 matter as to which the plaintiff has a reasonable expectation of privacy. Second, the 2 intrusion must occur in a manner highly offensive to a reasonable person.” Hernandez v. 3 Hillsides, Inc., 47 Cal. 4th 272, 286 (2009). Defendant argues primarily that Plaintiff has 4 failed to allege sufficient facts to support the elements of a “reasonable expectation of 5 privacy” and an intrusion “highly offensive to a reasonable person.”1 6 “A ‘reasonable’ expectation of privacy is an objective entitlement founded on 7 broadly based and widely accepted community norms.” Hill v. NCAA, 7 Cal. 4th 1, 37 8 (1994). Whether an expectation of privacy is “reasonable” depends on the circumstances 9 of each case. Id. at 36. Those circumstances include the “customs, practices, and physical 10 setting” surrounding the activity, whether there was advance notice of any impending 11 action, whether there was an opportunity to give voluntary consent, id. at 36-37, the identity 12 of the intruder, and the nature of the intrusion. Hernandez, 47 Cal. 4th at 289. Other 13 relevant factors include “the amount of data collected, the sensitivity of data collected, the 14 manner of data collection, and the defendant’s representations to its customers.” 15 Hammerling v. Google LLC, 615 F.Supp.3d 1069, 1088 (N.D. Cal. 2022). Although 16 whether a plaintiff has a reasonable expectation of privacy is generally a mixed question 17 of law and fact, In re Facebook, Inc. Internet Tracking Litig., 956 F.3d 589, 601 (9th Cir. 18 2020), “[i]f the undisputed material facts show no reasonable expectation of privacy …, 19 the question of invasion may be adjudicated as a matter of law.” Hill, 7 Cal. 4th at 40. 20 Here, Plaintiff alleges she was browsing and using Defendant’s public website. 21 (SAC ¶ 8.) Generally, the internet is not a place where users have a reasonable expectation 22 of privacy. As stated in In re Nickelodeon Consumer Privacy Litig., 827 F.3d 262, 266 (3d 23 Cir. 2016): 24 25 26 1 Defendant also argues Plaintiff has failed to plead a legally protected privacy interest, and 27 Plaintiff is not entitled to seek relief in equity. In light of the discussion below on the “reasonable expectation of privacy” and “highly offensive” elements, the Court declines to 28 1 Most of us understand that what we do on the Internet is not completely private. How could it be? We ask large companies to manage our email, we 2 download directions from smartphones that can pinpoint our GPS coordinates, 3 and we look for information online by typing our queries into search engines. We recognize, if only intuitively, that our data has to be going somewhere. 4 And indeed it does, feeding an entire system of trackers, cookies, and 5 algorithms designed to capture and monetize the information we generate. 6 Given the inherent nature of the internet, a number of courts have found that consumers do 7 not have a reasonable expectation of privacy over their activity in that space. See D’Angelo 8 v. Penny OpCo, LLC, No. 23-cv-0981-BAS-DDL, 2023 WL 7006793, at *10-11 (S.D. Cal. 9 Oct. 24, 2023) (stating “accepted community norms around conversations in this type of 10 space (a commercial website for selling merchandise) point away from a reasonable 11 expectation of privacy.”); Saleh v. Nike, Inc., 562 F.Supp.3d 503, 524-25 (C.D. Cal. 2021) 12 (agreeing with defendants that plaintiff did not have “a reasonable expectation of privacy 13 over his activity on Nike’s Website”); Saeedy v. Microsoft Corp., No. 23-cv-1104, 2023 14 WL 8828852, at *4 (W.D. Wash. Dec. 21, 2023) (stating “mouse movements, clicks, 15 keystrokes, keywords, URLs of web pages visited, product preferences, interactions on a 16 website, search words typed into a search bar, user/device identifiers, anonymized data, 17 product selections to a shopping cart, and website browsing activities” are not the types of 18 information in which plaintiffs could have “a reasonable expectation of privacy”); Farst v. 19 AutoZone, Inc., ___ F.Supp.3d ___, 2023 WL 7179807, at *4 (M.D. Penn. Nov. 1, 2023) 20 (“Shopping on a public website, like shopping in a public store, is not an activity one can 21 reasonably expect to keep private from the retailer.”); Massie v. General Motors LLC, No. 22 21-787-RGA, 2022 WL 534468, at *5 (D. Del. Feb. 17, 2022) (stating plaintiffs did not 23 have a reasonable expectation of privacy over anonymized data captured by Session Replay 24 software); see also Campbell v. Facebook Inc., 77 F.Supp.3d 836, 849 (N.D. Cal. 2014) 25 (“California appeals courts have generally found that Internet-based communications are 26 not ‘confidential’ within the meaning of section 632, because such communications can 27 easily be shared by, for instance, the recipient(s) of the communications.”); In re Google 28 Inc., No. 13-MD-02430-LHK, 2013 WL 5423918, at *22-23 (N.D. Cal. Sept. 26, 2013) 1 (granting motion to dismiss claims under California Penal Code § 632 because instant 2 messages were not “confidential”); Cook v. GameStop, Inc., ___ F.Supp.3d ___, 2023 WL 3 5529772, at *6-10 (W.D. Penn. Aug. 28, 2023), appeal filed, No. 23-2574 (3d Cir. Aug. 4 29, 2023) (explaining why mouse movements and clicks, URLs, and keystrokes are not 5 protected under Pennsylvania’s Wiretap Act). 6 This is not to say there can never be a reasonable expectation of privacy over internet 7 activity. For instance, courts have found users have a reasonable expectation of privacy if 8 a company states it will not collect your information in certain spaces or while searching 9 in a protected mode. See In re Facebook, 956 F.3d at 601-03 (finding users had reasonable 10 expectation of privacy in activity outside of application where privacy policy stated 11 defendant would not collect user data after user had logged out); Brown v. Google LLC, 12 ___ F.Supp.3d ___, 2023 WL 5029899, at *19-20 (N.D. Cal. Aug. 7, 2023) (finding 13 plaintiffs had reasonable expectation of privacy when browsing in private or incognito 14 mode); Calhoun v. Google LLC, 526 F.Supp.3d 605, 630 (N.D. Cal. 2021) (finding 15 plaintiffs “had a reasonable expectation of privacy in the data allegedly collected” based 16 on defendant’s representations that it would not receive user data while they were not 17 synced). 18 In each of these cases, In re Facebook, Brown, and Calhoun, the plaintiffs pleaded 19 specific facts concerning the factors sets out above, i.e., the customs, practices and 20 circumstances surrounding the defendant’s particular activities, the amount and sensitivity 21 of the data collected, and the manner of data collection. In In re Facebook, for instance, 22 the plaintiffs attached to their complaint copies of certain “Help Center” pages regarding 23 the defendant’s data tracking practices. 956 F.3d at 602. See also In re Nickelodeon, 827 24 F.3d at 269 (including allegations that defendant’s registration form disclaimed that any 25 data was collected from plaintiff’s kids); Calhoun, 526 F.Supp.3d at 614 (detailing 26 allegations about defendant’s data collection practices); Brown, 2023 WL 5029899, at *2 27 (same). They also included specifics about the amount and sensitivity of the data the 28 defendants were allegedly collecting. See In re Facebook, 956 F.3d at 603 (describing 1 “enormous amount of individualized data” collected by defendant); Calhoun, 526 2 F.Supp.3d at 613-14 (detailing amount and nature of personal information defendant 3 collected). 4 Here, Plaintiff describes the general circumstances surrounding Defendant’s 5 activities, namely, its procurement of Session Replay Providers to embed Session Replay 6 Code on its website, and how Session Replay Code generally works. (SAC ¶¶ 24-44.) 7 Plaintiff also identifies one of Defendant’s specific Session Replay Providers, FullStory, 8 and sets out further details about how its Session Replay Code, FullStory Script, works. 9 (Id. ¶¶ 47-49.) Plaintiff further alleges that her “Website Communications”2 with 10 Defendant were secretly “captured by Session Replay Code and sent to various Session 11 Replay Providers.” (Id. ¶ 60.) 12 Notably absent from the SAC are any specific allegations about the customs and 13 practices related to Defendant’s activities. However, the numerous cases filed in federal 14 courts around the country challenging the use of Session Replay Code suggest Defendant 15 is not alone in this practice. See Mikulsky v. Noom, Inc., No. 3:23-cv-00285-H-MSB, 2024 16 WL 251171, at *1 (S.D. Cal. Jan. 22, 2024) (noting the “dozens of proposed class actions 17 being litigated in federal courts challenging the use of ‘Session Replay Code.’”); In re 18 TikTok, Inc., Consumer Privacy Litig., ___ F.Supp.3d ___, 2024 WL 278987, at *7 n.8 19 (N.D. Ill. Jan. 25, 2024) (stating session replay code “is widely used by website operators 20 and app developers to track and record how users interact with digital platforms.”); see 21 also Popa v. PSP Group, LLC, No. C23-0294JLR, 2023 WL 7001456, at *1 (W.D. Wash. 22 Oct. 24, 2023) (listing “dozens of proposed class actions being litigated in federal court 23 24 25 2 The SAC defines “Website Communications” as “electronic communications with the Papa Johns website, [her] mouse movements, clicks, keystrokes (such as text being entered 26 into an information field or text box), URLs of web pages visited, and/or other electronic 27 communications in real-time[.]” (Id. ¶ 1.) Plaintiff also alleges “Website Communications” include “her name, home address, credit card number(s), and billing 28 1 across the country challenging the use of ‘Session Replay Code’ to record, save, analyze, 2 and replay internet users’ interactions with consumer websites.”); Jones v. Papa John’s 3 Int’l, Inc., No. 4:23-cv-00023-SRC, 2023 WL 7155562, at *1 (E.D. Missouri Oct. 31, 4 2023) (“This is one of many lawsuits challenging the use of ‘session replay code’ that 5 companies such as Papa John’s say helps improve the user experience on their websites by 6 monitoring user activity.”); Cook, ___ F.Supp.3d ___, 2023 WL 5529772, at *1 (same). 7 Standing alone, this does not mean Plaintiff did not have a reasonable expectation of 8 privacy over her “Website Communications” on Defendant’s website, but it is a factor to 9 consider in making that determination. See In re Facebook, 956 F.3d at 601-02 (quoting 10 Hernandez, 47 Cal. 4th at 286) (stating reasonable expectation of privacy inquiry considers 11 “whether a defendant gained ‘unwanted access to data by electronic or other covert means, 12 in violation of the law or social norms.’”); Hill, 7 Cal. 4th at 24-25 (stating common law 13 invasion of privacy is concerned “with aspects of life consigned to the realm of the 14 ‘personal and confidential’ by strong and widely shared social norms.”) 15 Another factor is the amount and sensitivity of any data collected. Here, Plaintiff 16 alleges Defendant collected users’ “Website Communications,” which, by definition, are 17 limited to Defendant’s website. This limited amount of data stands in stark contrast to the 18 “significant” amounts of data collected in other cases. See In re Facebook, 956 F.3d at 603 19 (stating defendant “acquires an ‘enormous amount of individualized data’ through its use 20 of cookies on the countless websites that incorporate Facebook plug-ins.”); Calhoun, 526 21 F.Supp.3d at 630 (noting that defendant’s code was used on 86 percent of popular 22 websites); Brown, 2023 WL 5029899, at *20 (stating amount of data collected was 23 “indisputably vast”). 24 The type of data allegedly collected in this case also pales in comparison to the type 25 of data collected in other cases. In those cases, the data collected included “the user’s 26 browsing history, including the identity of the individual internet user and the web servers, 27 as well as the name of the web page and the search terms that the user used to find it[,]” In 28 re Facebook, 956 F.3d at 596, which enabled the defendant to compile “cradle-to-grave” 1 profiles without the users’ consent. Id. at 599. Those profiles “would allegedly reveal an 2 individual’s likes, dislikes, interests, and habits over a significant amount of time, without 3 affording users a meaningful opportunity to control or prevent the unauthorized exploration 4 of their private lives.” Id. See also Katz-Lacabe v. Oracle America, Inc., 668 F.Supp.3d 5 928, 942 (N.D. Cal. 2023) (allegation that defendant collected “sensitive health and 6 personal safety information” was sufficient to withstand motion to dismiss claim for 7 intrusion upon seclusion). 8 Here, the data allegedly collected includes Plaintiff’s “electronic communications 9 with the Papa Johns website, [her] mouse movements, clicks, keystrokes (such as text being 10 entered into an information field or text box), URLs of web pages visited, and/or other 11 electronic communications in real-time[.]” (SAC ¶ 1.) As for Plaintiff’s web chats or 12 emails on Defendant’s website, case law is relatively clear that it is not objectively 13 reasonable to expect those communications to be private. See D’Angelo, 2023 WL 14 7006793, at *10-11 (S.D. Cal. Oct. 24, 2023) (stating it would not be reasonable for a 15 consumer to expect privacy over chats on a public website); In re Yahoo Mail Litig., 7 16 F.Supp.3d 1016, 1041 (N.D. Cal. 2014) (“to the extent Plaintiffs claim they have a legally 17 protected privacy interest and reasonable expectation of privacy in email generally, 18 regardless of the specific content in the emails at issue, Plaintiffs’ claim fails as a matter of 19 law.”); In re Google Inc., 2013 WL 5423918, at *22-23 (granting motion to dismiss claims 20 under California Penal Code § 632 because instant messages were not “confidential”). This 21 is because these communications “are by their very nature recorded on the computer of at 22 least the recipient, who may then easily transmit the communication to anyone else who 23 has access to the internet or print the communications.” Id. at *23; see also Campbell, 77 24 F.Supp.3d at 849 (“California appeals courts have generally found that Internet-based 25 communications are not ‘confidential’ within the meaning of section 632, because such 26 communications can easily be shared by, for instance, the recipient(s) of the 27 communications.”) 28 / / / 1 Next are Plaintiff’s “mouse movements, clicks, keystrokes (such as text being 2 entered into an information field or text box), [and] URLs of web pages visited[.]” (SAC 3 ¶ 1.) As with the communications discussed above, a number of courts have found this 4 type of information is not something over which a consumer has an objectively reasonable 5 expectation of privacy. See Saleh, 562 F.Supp.3d at 524-25 (agreeing with defendants that 6 plaintiff did not have “a reasonable expectation of privacy over his activity on Nike’s 7 Website”); Saeedy, 2023 WL 8828852, at *4 (stating “mouse movements, clicks, 8 keystrokes, keywords, URLs of web pages visited, product preferences, interactions on a 9 website, search words typed into a search bar, user/device identifiers, anonymized data, 10 product selections to a shopping cart, and website browsing activities” are not the types of 11 information in which plaintiffs could have “a reasonable expectation of privacy”); Cook, 12 ___ F.Supp.3d ___, 2023 WL 5529772, at *6-10 (explaining why mouse movements and 13 clicks, URLs, and keystrokes are not protected under Pennsylvania’s Wiretap Act). See 14 also Massie, 2022 WL 534468, at *5 (stating plaintiffs did not have a reasonable 15 expectation of privacy over anonymized data captured by Session Replay software); Farst, 16 ___ F.Supp.3d ___, 2023 WL 7179807, at *4 (“Shopping on a public website, like 17 shopping in a public store, is not an activity one can reasonably expect to keep private from 18 the retailer.”) 19 The only other specific information identified as “Website Communications” is 20 Plaintiff’s “name, address, credit card number(s), and billing information.” (SAC ¶ 56.) 21 Reading that information in context, it appears Plaintiff entered this information on 22 Defendant’s website in connection with ordering “take-out and/or delivery of food from 23 Papa Johns’ brick and mortar stores located in California.” (Id. ¶ 8.) This information is 24 similar to Plaintiff’s web chats and emails, and is not information over which society is 25 prepared to recognize a reasonable expectation of privacy “because ‘a person has no 26 legitimate expectation of privacy in information he voluntarily turns over to third parties.’” 27 United States v. Forrester, 512 F.3d 500, 509 (9th Cir. 2008) (quoting Smith v. Maryland, 28 442 U.S. 735, 743-44 (1979)). 1 The type of data allegedly collected here is also a far cry from the type of data that 2 supports a finding of a reasonable expectation of privacy. See Opperman v. Path, Inc., 87 3 F.Supp.3d 1018, 1060 (N.D. Cal. 2014) (address books); Thompson v. Spitzer, 90 Cal. App. 4 5th 436, 460 (2023) (DNA and genetic information); Murchison v. County of Tehama, 69 5 Cal. App. 5th 867, 883 (2021) (private homes); County of Los Angeles v. Superior Court, 6 65 Cal. App. 5th 621, 643 (2021) (medical records); Chantiles v. Lake Forest II Master 7 Homeowners Assn., 37 Cal. App. 4th 914, 924 (1995) (voting information); Doyle v. State 8 Bar, 32 Cal. 3d 12, 19 (1982) (financial information). 9 The only factor that possibly supports a finding of a reasonable expectation of 10 privacy in this case is the notice factor. On that factor, Plaintiff alleges Defendant secretly 11 embedded Session Replay Codes on its website, (SAC at 12), which removed any 12 opportunity for Plaintiff to consent to the interception and recording of her “Website 13 Communications.”3 However, given the other circumstances and factors discussed above, 14 Defendant’s alleged failure to give notice, in and of itself, does not give rise to a reasonable 15 expectation of privacy in users’ “Website Communications.” See D’Angelo, 2023 WL 16 17 3 It is unclear when Plaintiff allegedly visited Defendant’s website, but if her visits occurred 18 between December 19, 2020, and December 19, 2022, Defendant’s Privacy Policy then in 19 effect would contradict Plaintiff’s allegation that Defendant secretly embedded Session Replay Code on its website. (See Decl. of Joshua Hall in Supp. of Mot. ¶¶ 5-6.) That 20 Policy was linked on every page of Defendant’s website, (id. ¶ 6), and would have alerted 21 Plaintiff to the possibility that third parties were monitoring her interactions with Defendant’s website. See https://tinyurl.com/ymr8af7p (“We use tracking tools like 22 browser cookies and web beacons. To learn more about these tools and how you can control 23 them, click here. We collect information about users over time when you use this website. We may have third parties collect personal information this way. We also collect 24 information from our mobile apps.”) (emphasis added). That Policy is subject to judicial 25 notice, see Knievel v. ESPN, 393 F.3d 1068, 1076 (9th Cir. 2005) (stating incorporation by reference doctrine “applies with equal force to internet pages as it does to printed 26 material.”), and would rebut any presumption of truth applicable to Plaintiff’s allegations. 27 See Sprewell v. Golden State Warriors, 266 F.3d 979, 988 (9th Cir. 2001) (stating court need not accept as true “allegations that contradict matters properly subject to judicial 28 1 7006793, at *11 (stating factors “point away from a reasonable expectation of privacy” 2 even though plaintiffs did not have advance notice or provide consent to defendant’s 3 activities). 4 Plaintiff’s allegations about the reasonable expectations of privacy of website users, 5 (SAC ¶ 19) (alleging “website visitors reasonably expect that their interactions with a 6 website should not be released to third parties unless explicitly stated.”), the reasonable 7 expectations of privacy of visitors to Defendant’s website, (id. ¶ 53) (alleging “Papa Johns’ 8 customers, such as Plaintiff, reasonably expect their conversations with Papa Johns via its 9 website to be private and not shared with third parties. Moreover, they reasonably expect 10 their potential conversations that they type into a chatbox on Papa Johns’ website that they 11 never share (such as by deleting before clicking ‘send’) to be private. Finally, they 12 reasonably expect mouse movements and other resizing and scrolling to be private.”), and 13 her own subjective expectations of privacy while she was on Defendant’s website, (id. ¶ 14 47) (alleging Plaintiff “had a reasonable expectation of privacy in [her] Website 15 Communications specifically including but not limited to the expectation that Defendant 16 would not disclose and/or provide this information to third parties, including the Session 17 Replay Providers.”) are also insufficient to satisfy the “reasonable expectation of privacy” 18 element. All of these allegations are either general and conclusory, and therefore not 19 entitled to a presumption of truth, Ashcroft v. Iqbal, 556 U.S. 662, 681 (2009), or irrelevant 20 to whether visitors to Defendant’s website had an objectively reasonable expectation of 21 privacy in their “Website Communications.” See Shulman v. Grp. W Prods., Inc., 18 Cal. 22 4th 200, 232 (1998) (stating tort of intrusion upon seclusion “is proven only if the plaintiff 23 had an objectively reasonable expectation of seclusion or solitude in the place, conversation 24 or data source.”) (emphasis added). 25 Considering the factors and allegations discussed above, both alone and in 26 combination, Plaintiff has failed to allege sufficient, specific facts to support the 27 “reasonable expectation of privacy” element of her claim. 28 / / / 1 The only other element of Plaintiff’s claim is an intrusion that is “highly offensive 2 to a reasonable person.” Before addressing the parties’ substantive arguments on this 3 element, the Court first addresses Plaintiff’s argument that this issue cannot be resolved on 4 the present motion. In support of this argument, Plaintiff relies on In re Facebook, where 5 the court stated the question of whether the defendant’s data collection practices “could 6 highly offend a reasonable individual is an issue that cannot be resolved at the pleading 7 stage.” In re Facebook, 956 F.3d at 606. Subsequent cases, however, have not read that 8 statement so broadly. Indeed, some courts have interpreted that statement as limited to the 9 facts of that case. See James v. Allstate Ins. Co., No. 3:23-cv-01931-JSC, 2023 WL 10 8879246, at *6 (N.D. Cal. Dec. 22, 2023); Williams v. DDR Media, LLC, No. 22-cv-03789- 11 SI, 2023 WL 5352896, at *5-6 (N.D. Cal. Aug. 18, 2023). And those courts are not alone 12 in resolving the issue on the basis of the pleadings. See Cousin v. Sharp Healthcare, 681 13 F.Supp.3d 1117, 1126-27 (S.D. Cal. 2023); Hammerling, 615 F.Supp.3d at 1090-91; 14 Mastel v. Miniclip SA, 549 F.Supp.3d 1129, 1139-42 (E.D. Cal. 2021); In re Google, Inc. 15 Privacy Policy Litig., 58 F.Supp.3d 968, 987-99 (N.D. Cal. 2014); Low v. LinkedIn Corp., 16 900 F.Supp.2d 1010, 1024-26 (N.D. Cal. 2012). 17 The Mastel court’s reasoning on this issue is particularly persuasive. There, the 18 court looked to California Supreme Court decisions involving invasion of privacy claims 19 under the California Constitution, namely Hill and Loder v. City of Glendale, 14 Cal. 4th 20 846 (1997), both of which “provided some clear and objective guidance as to the trial 21 courts’ role in applying [the term ‘highly offensive’] at the pleading stage.” Mastel, 549 22 F.Supp.3d at 1140. That guidance instructs “that courts have a role to play in ‘weed[ing] 23 out claims that involve so insignificant or de minimus an intrusion on a constitutionally 24 protected privacy interest as not even to require an explanation or justification by the 25 defendant.’” Id. (quoting Loder, 14 Cal. 4th at 893). As stated in Hill, “’No community 26 could function if every intrusion into the realm of private action, no matter how slight or 27 trivial, gave rise to a cause of action for invasion of privacy.’” Id. (quoting Hill, 7 Cal. 4th 28 / / / 1 at 41). Based on this reasoning, and in light of the dispute over the language in In re 2 Facebook, this Court will address the “highly offensive” element here. 3 The “highly offensive” element “essentially involves a ‘policy’ determination as to 4 whether the alleged intrusion is ‘highly offensive’ under the particular circumstances.” 5 Hernandez, 47 Cal. 4th at 287 (citing Taus v. Loftus, 40 Cal. 4th 683, 737 (2007)). 6 “Relevant factors include the degree and setting of the intrusion, and the intruder’s motives 7 and objectives[,]” id. (citations omitted), the likelihood of serious harm to the victim, and 8 whether countervailing interests or social norms render the intrusion inoffensive. 9 Hammerling, 615 F.Supp.3d at 1090 (quoting In re Facebook, 956 F.3d at 606). 10 Here, Plaintiff addresses some of these factors in her SAC. (See SAC ¶¶ 83, 89) 11 (alleging Defendant utilized information gathered for “business gain” and “economic 12 value”); (id. ¶¶ 86-87) (alleging Defendant’s conduct caused “mental anguish and 13 suffering,” and “emotional distress, worry, fear, and other harms.”) But again, Plaintiff’s 14 allegations are general and conclusory. Plaintiff provides more specific allegations on the 15 degree of the intrusion factor, (see id. ¶ 36) (alleging Session Replay Provider can create 16 “fingerprints” from information “collected across all sites that the Session Replay Provider 17 monitors[,]”) but she fails to allege the Session Replay Provider or Providers procured by 18 Defendant actually collected that kind of “fingerprint” information from Plaintiff or any 19 other visitor to Defendant’s website. Plaintiff’s other allegations directed to the “highly 20 offensive” element are conclusory, (see id. ¶ 41 (“Papa Johns’ procurement of Session 21 Replay Providers to surreptitiously and instantaneously record every Website 22 Communication is highly offensive[.]”); see also id. ¶ 54 (same)), and do not defeat 23 Defendant’s motion. See Oregon Clinic, PC v. Fireman’s Fund Ins. Co., 75 F.4th 1064, 24 / / / 25 / / / 26 / / / 27 / / / 28 / / / 1 || 1073 (9th Cir. 2023) (“conclusory allegations, without more, are insufficient to defeat a 2 || motion to dismiss.”)* 3 HII. 4 CONCLUSION 5 In light of the above discussion, the Court finds Plaintiff has failed to allege 6 || sufficient, specific facts to support either the “reasonable expectation of privacy” or “highly 7 || offensive” prongs of her intrusion upon seclusion claim. Accordingly, the Court grants 8 || Defendant’s motion to dismiss and dismisses this case with prejudice. The Clerk of Court 9 || shall enter judgment accordingly and close this case. 10 IT IS SO ORDERED. 11 ||Dated: May 8, 2024 □ gf, p 12 a Yn: Hon. Dana M. Sabraw, Chief Judge 13 United States District Court 14 15 16 17 18 19 20 21 4 Even if the Court assumed all of Plaintiffs allegations were true, those allegations would be sufficient to support the “highly offensive” element. See Doe v. Kaiser Foundation 23 || Health Plan, Inc., No. 23-cv-02865-EMC, 2024 WL 1589982, at *18-19 (N.D. Cal. Apr. 54 11, 2024) (stating it was not clear that defendant’s employment of third party to collect information about website users for defendant’s benefit was “highly offensive to a 25 ||reasonable person’); Popa v. Harriet Carter Gifts, Inc., 426 F.Supp.3d 108, 122-23 (W.D. 5 Penn. 2019) (“The act of collecting Popa’s keystrokes, mouse clicks, and [Personally © || Identifiable Information] is simply not the type of highly offensive act to which liability 27 attach.”); see also Cousin, 681 F.Supp.3d at 1126-27 (“disclosing a user’s browsing 28 history does not plausibly reach the level of ‘highly offensive’ conduct under either the common law or the California Constitution.”).
Document Info
Docket Number: 3:22-cv-02012
Filed Date: 5/8/2024
Precedential Status: Precedential
Modified Date: 6/20/2024