JON S. TIGAR, District Judge.
Before the Court are nine motions to dismiss Plaintiffs' Second Consolidated Amended Complaint ("SCAC") filed by Defendants Twitter, Inc.; Foodspotting, Inc. and Yelp! Inc.; Foursquare Labs, Inc.; Chillingo Ltd., Electronic Arts Inc., Rovio Mobile Oy, and ZeptoLab UK Limited; Gowalla Incorporated; Instagram, LLC; Kik Interactive, Inc.; Apple Inc.; and Path, Inc. ECF Nos. 493, 495, 497, 498, 499, 500, 501, 503. For the reasons set forth below, the Court will grant the Motions in part and deny them in part.
This is a putative class action challenging conduct by Apple and various developers of applications for Apple devices ("App Defendants"). SCAC, ECF No. 478, ¶ 1. Plaintiffs allege that, during the class period (July 10, 2008 through February 2012), they owned one or more of the three Apple products at issue here—the iPhone, iPad, and/or iPod touch (collectively, "iDevices"). Id., ¶ 2. Plaintiffs allege that Apple engaged in a mass marketing campaign, whereby it "consciously and continuously misrepresented its iDevices as secure, and that the personal information contained on iDevices—including, specifically, address books, could not be taken without their owners' consent." Id., ¶ 3.
Each iDevice comes pre-loaded with a "Contacts" mobile software application (or "App"), which iDevice owners may use as an address book to input and store the following information about the owner's contacts:
Id., ¶ 54, 55. The "information in the Contacts App is among the most private and personal of such information a user maintains on an iDevice. The address book
According to Plaintiffs, and notwithstanding Apple's representations about the security of its iDevices, Apple knew that the devices permitted the App Defendants' Apps "to secretly upload, store, and in some cases disseminate [Plaintiffs'] personal and private address books as stored in the `Contacts' App from the iDevices without [Plaintiffs'] knowledge or consent." Id., ¶ 2. In fact, Plaintiffs allege, Apple provided its "assistance and cooperation" to the App Defendants in accessing and misusing iDevice owners' address-book information. Id. And despite Apple's "unique knowledge that its iDevices were not as secure as represented," Apple "consistently and deliberately failed to reveal its products' security flaws to consumers. . . ." Id., ¶ 4. Because of "Apple's conduct, Plaintiffs and millions of other people purchased iDevices reasonably believing that they were secure when, in fact, they are not, and then downloaded Apps, including the Apps manufactured by App Defendants, and suffered the unexpected and unauthorized theft of their personal data." Id. Plaintiffs allege that they would not have paid as much for their iDevices had they known of the devices' security flaws. Id., ¶¶ 142, 148, 154, 161, 168, 174, 180, 186, 192, 197, 203, 210, 216, 223, 230.
Apple offers Apps solely through its App Store, which Apple launched in July 2008. Id., ¶ 39. "Apple has exclusive control over what Apps are available in the App Store, and the iDevices are designed to only accept software downloads from the App Store. . . ." Id. According to Plaintiffs, "[t]he App Store and the availability of numerous Apps to perform different functions are key parts of Apple's marketing strategy and the popularity of the iDevices." Id. ¶ 40.
In order to offer an App through the App store, "a third-party developer must be registered as an `Apple Developer,' agree to the iOS Developer Program License Agreement with Apple, and pay a $99 yearly registration fee." Id., ¶ 44. To further control the Apps offered through its store, "Apple provides third-party developers with review guidelines, and conducts a review of all applications submitted for inclusion in the App Store for compliance with these documents." Id. In addition, Apple provides a host of tools, as well as support services and guidelines to third-party developers who are licensed to provide Apps through the App Store. Id., ¶¶ 44, 45, 49, 53. The result of these circumstances, according to Plaintiffs, is that "all iDevice Apps were built, in part, by Apple." Id., ¶ 46.
Apple's guidelines provide that "Apps `cannot transmit data about a user without obtaining the user's prior permission and providing the user with access to information about how and where the data will be used.'" Id., ¶ 47. And "Apple has sole discretion over the App approval process and may reject any App at any time and for any reason," including a violation of the terms and conditions of the licensing agreement, providing Apple with inaccurate information, or if Apple learns the App "violates, misappropriates, or infringes the rights of a third party." Id.
Plaintiffs further contend that,
Id., ¶ 52. In particular, Plaintiffs allege that Apple's iOS Human Interface Guidelines include the following statements:
Id., ¶ 88 (emphases omitted).
This action began as several class actions filed both in California and Texas.
Defendants filed several motions to dismiss the CAC, and on May 14, 2014, the Court granted the motions in part. ECF No. 471. The Court dismissed Plaintiffs' false and misleading advertising, consumer legal remedies/misrepresentation, deceit, Unfair Competition Law ("UCL"), and conversion claims, which Plaintiffs continue to assert in their SCAC, and also dismissed several other claims, which Plaintiffs no longer assert. Id. The Court also denied the motions to dismiss Plaintiff's invasion of privacy (intrusion upon seclusion) claim. Id.
Plaintiffs then filed their SCAC. In the SCAC, Plaintiffs allege conversion and invasion of privacy (intrusion upon seclusion) claims against all Defendants
In August 2014, Defendants filed these motions to dismiss. See ECF Nos. 493, 495, 497, 498, 499, 500, 501, 503. All of the motions challenge all claims alleged against each defendant, except that Path does not challenge the invasion of privacy (intrusion upon seclusion) claim alleged against it. Id.
This Court has jurisdiction over this case under the Class Action Fairness Act of 2005 because the amount in controversy exceeds $5 million, exclusive of interest and costs, there are 100 or more class members, and the parties are minimally diverse. 28 U.S.C. § 1332(d).
A complaint may be dismissed for lack of jurisdiction under Federal Rule of Civil Procedure 12(b)(1). In resolving a challenge to the adequacy of the jurisdictional allegations in a complaint, a court assumes that the allegations in the complaint are true, and draws all reasonable inferences in the plaintiff's favor. Wolfe v. Strankman, 392 F.3d 358, 362 (9th Cir. 2004) (citations omitted). If, viewing the allegations in the light most favorable to plaintiff, the Court finds that a plaintiff's claim does not meet the Article III case-or-controversy requirement, and therefore that the plaintiff does not have standing to bring the claim, the Court must dismiss the claim for lack of jurisdiction. See Steel Co. v. Citizens for a Better Env't, 523 U.S. 83, 101-04, 118 S.Ct. 1003, 140 L.Ed.2d 210 (1998).
A court may also dismiss a complaint or claims asserted therein pursuant to Federal Rule of Civil Procedure 12(b)(6). The court should grant a motion to dismiss for failure to state a claim under Rule 12(b)(6) if the complaint does not proffer "enough facts to state a claim to relief that is plausible on its face." Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570, 127 S.Ct. 1955, 167 L.Ed.2d 929 (2007). "A claim has facial plausibility when the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged." Id. In considering a motion to dismiss, the court accepts the material facts alleged in the complaint, together with all reasonable inferences to be drawn from those facts, as true. Navarro v. Block, 250 F.3d 729, 732 (9th Cir.2001). But "the tenet that a court must accept a complaint's allegations as true is inapplicable to threadbare recitals of a cause of action's elements, supported by mere conclusory statements." Ashcroft v. Iqbal, 556 U.S. 662, 678, 129 S.Ct. 1937, 173 L.Ed.2d 868 (2009). The Court will dismiss a claim when it is not based on a cognizable legal theory or the plaintiff has not pleaded sufficient facts to support that theory. Balistreri v. Pacifica Police Dep't, 901 F.2d 696, 699 (9th Cir.1990).
In addition, fraud-based claims are subject to a heightened pleading standard under Federal Rule of Evidence 9(b). This heightened standard applies when evaluating a Rule 12(b)(6) motion to dismiss. Semegen v. Weidner, 780 F.2d 727, 731 (9th Cir.1985). Fraud allegations must be specific enough to give the defendant notice of the particular misconduct alleged to constitute the fraud so that the defendant may defend against the charge. Id. In general, allegations sounding in fraud must contain "an account of the time, place, and specific content of the false representations as well as the identities of the parties to the misrepresentations."
If a court dismisses the complaint or a claim alleged therein, it must grant leave to amend unless amendment would be futile. Lucas v. Dep't of Corrections, 66 F.3d 245, 248 (9th Cir.1995). But where a court has previously granted a plaintiff leave to amend, the court's discretion to deny leave to amend and dismiss a claim with prejudice is "particularly broad." See Salameh v. Tarsadia Hotel, 726 F.3d 1124, 1133 (9th Cir.2013), cert. denied, ___ U.S. ___, 134 S.Ct. 1322, 188 L.Ed.2d 306 (2014). When a plaintiff has been granted leave to amend, but has failed to cure the deficiencies identified in an earlier complaint, a district court may find that the plaintiff has no additional facts or theories to plead, and may therefore dismiss with prejudice. Zucco Partners, LLC v. Digimarc Corp., 552 F.3d 981, 1007 (9th Cir.2009) (citations omitted).
In support of its motion, Apple has asked the Court to take judicial notice of the following: (1) the English-language portions of Apple's Software License Agreements, iPad, iPhone, and iPod touch Terms and Conditions for iOS 4.1, 5.0, 5.1, 6.0, and 7.0 software; (2) a document entitled "Apple Answers the FCC's Questions"; (3) Apple's Customer Privacy Policy; (4) Apple's iOS Human Interface Guidelines; (5) Apple's App Store Approval Process instructions for developers; (6) the complaint in Apple Inc. v. Paul S. Devine, No. 10-cv-03563 EJD; and (7) the civil docket for Case No. 10-cv-03563 EJD. ECF Nos. 502, 516. Plaintiffs have not objected to Apple's requests.
The Court may take judicial notice of facts that are "not subject to reasonable dispute" because they are either "generally known within the trial court's territorial jurisdiction" or "can be accurately and readily determined from sources whose accuracy cannot reasonably be questioned." Fed.R.Evid. 201.
The Court will take judicial notice of the Software License Agreements, Privacy Policy, iOS Human Interface Guidelines, and Apple's App Store Approval Process instructions, as they are publicly available, standard documents that are capable of ready and accurate determination, and they are relevant to Plaintiffs' UCL and FAL claims. See Datel Holdings, Ltd. v. Microsoft Corp., 712 F.Supp.2d 974, 983-84 (N.D.Cal.2010) (taking judicial notice of an Xbox software license, terms of use, and packaging); McMahon v. Take-Two Interactive Software, Inc., No. EDCV 13-02032-VAP (SPx), 2014 WL324008, at *2 (C.D.Cal. Jan. 29, 2014) (citation omitted). Moreover, the SCAC references the License Agreements, Privacy Policy, Human Interface Guidelines, and "Apple Answers the FCC's Questions," and for that independent reason, those documents are judicially noticeable. See Id. at 983; In re Adobe Sys., Inc. Privacy Litig., 66 F.Supp.3d 1197, 1206-07, 2014 WL 4379916, at *2 n.2 (N.D.Cal. Sep. 4, 2014) (taking judicial notice of Adobe's terms of use and privacy policies, which were incorporated by reference into the complaint). The Court takes judicial notice of the fact that these documents exist, "not whether, for example, the documents are valid or binding contracts." Datel, 712 F.Supp.2d at 984. And with respect to the document entitled "Apple
The Court also will take judicial notice of the two court documents, as they are matters of public record, which are generally subject to notice. Lee v. City of L.A., 250 F.3d 668, 688-89 (9th Cir.2001).
Apple seeks to dismiss Plaintiffs' fraud-based
With regard to the first point, Apple contends that Plaintiffs have failed adequately to plead reliance because the named Plaintiffs have not identified which alleged misrepresentations they viewed, heard, or read, and therefore which they relied on in purchasing their iDevices. ECF No. 501 at 7-8. Plaintiffs effectively concede this point. See ECF No. 509 at 3. Plaintiffs respond, however, that they have sufficiently alleged a Tobacco II-type extensive and long-term advertising campaign, such that they should be excused from pleading reliance. Id. at 3-10.
In Tobacco II, the California Supreme Court held that, while a plaintiff alleging a UCL claim "must plead and prove actual reliance," the plaintiff "is not required to necessarily plead and prove individualized reliance on specific misrepresentations or false statements where, as here, those misrepresentations and false statements were part of an extensive and long-term advertising campaign." 46 Cal.4th at 328, 207 P.3d at 41. Thus, a plaintiff may plead "an extensive and long-term advertising campaign," rather than pleading reliance on specific misrepresentations.
In its order on the previous motions to dismiss in this case, the Court identified six factors from the prior case law that bear on whether a plaintiff has pleaded an advertising campaign in accordance with Tobacco II. ECF No. 471 at 27-31. First, a plaintiff must allege that she actually saw or heard the defendant's advertising campaign. Second, the advertising campaign must be sufficiently lengthy in duration, and widespread in dissemination, that it would be unrealistic to require the plaintiff to plead each misrepresentation she saw and relied upon. Third, the plaintiff must describe in the complaint, and preferably attach to it, a representative sample of the advertisements at issue so as to adequately notify the defendant of the precise nature of the misrepresentation claim—what, in particular, defendant is alleged to have said, and how it was misleading. Fourth, the plaintiff must allege, and the court must evaluate, the degree to which the alleged misrepresentations contained within the advertising campaign are similar to each other. Fifth, each plaintiff must plead with particularity, and separately, when and how they were exposed to the advertising campaign, so as to ensure the advertisements
Apple argues that Plaintiffs' allegations do not satisfy Tobacco II. It first argues that Tobacco II did not relax the heightened pleading requirements of Rule 9(b), so Plaintiffs must still identify the representations on which they relied. ECF No. 501 at 8. Next, Apple contends that Plaintiffs have failed adequately to plead a long-term advertising campaign and have "plainly flunk[ed] the six-factor test set out in this Court's [prior] MTD order."
As a preliminary matter, Apple argues that Plaintiffs must still identify the specific advertisements they saw and relied on, notwithstanding the holding in Tobacco II. According to Apple, Tobacco II held that "reliance need not be proved through exposure to particular advertisements; [but that] the case does not stand for, nor could it, a general relaxation of the pleading requirements under Rule 9(b)." ECF No. 501 at 8 (quoting In re iPhone 4S Consumer Litig., No. C 12-1127 CW, 2013 WL 3829653, at *12 (N.D.Cal. July 23, 2013)) (emphasis added by Apple). A number of district courts within the Ninth Circuit have reached similar conclusions. See Herrington v. Johnson & Johnson Consumer Cos., Inc., No. C 09-1597 CW, 2010 WL 3448531, at *8 (N.D.Cal. Sept. 1, 2010); In re Actimmune Mktg. Litig., No. C 08-02376 MHP, 2009 WL 3740648, at *8-10 (N.D.Cal. Nov. 6, 2009), aff'd, 464 Fed.Appx. 651 (9th Cir.2011); Garcia v. Sony Computer Entm't Am., LLC, 859 F.Supp.2d 1056, 1063 (N.D.Cal.2012); In re WellPoint, Inc. Out-of-Network UCR Rates Litig., 865 F.Supp.2d 1002, 1048 (C.D.Cal.2011); Goldsmith v. Allergan, Inc., No. CV 09-7088 PSG EX, 2011 WL 2909313, at *4 (C.D.Cal. May 25, 2011); Germain v. J.C. Penney Co., No. CV 09-2847CAS(FMOX), 2009 WL 1971336, at *4 (C.D.Cal. July 6, 2009); Stanwood v. Mary Kay, Inc., 941 F.Supp.2d 1212, 1219-20 (C.D.Cal.2012).
This Court, however, has previously reached the opposite conclusion. Haskins v. Symantec Corp., No. 13-CV-01834-JST, 2013 WL 6234610 (N.D.Cal. Dec. 2, 2013).
Id. at *5.
The Court still believes this conclusion to be the correct one. The holding of Tobacco II was substantive, not procedural: "a plaintiff . . . is not required to necessarily plead and prove individualized reliance on specific misrepresentations or false statements where, as here, those misrepresentations and false statements were part of an extensive and long-term advertising campaign." 46 Cal.4th at 328, 207 P.3d at 41 (emphases added). To require Plaintiffs now to plead their claims more particularly than they are required to prove them at trial would abridge and modify their substantive legal rights. If a plaintiff sufficiently alleges exposure to a long-term advertising campaign as set forth in Tobacco II, she need not plead specific reliance on an individual representation.
The Court next turns to the six factors it previously identified as most significant to the Tobacco II analysis.
As to the first Tobacco II factor, Apple argues that Plaintiffs have alleged no facts in support of their allegation that they were "exposed" to its alleged advertising campaign. ECF No. 501 at 9. Apple also states that, to the extent Plaintiffs have alleged facts regarding their exposure to particular advertisements, those advertisements are not specific to the subject of Plaintiffs' claims.
The Court finds that Plaintiffs have adequately alleged that the individual named Plaintiffs saw or heard Apple's advertising campaign. Each set of allegations specific to individual Plaintiffs alleges, among other things, that he or she viewed, heard, or read Apple's advertisements, or statements in news reports, articles, blogs, and/or statements by Apple's former CEO, Stephen Jobs; attended Apple conferences, presentations or product-release events; and/or received emails or other communications from Apple touting its devices' security and/or its respect for its customers' privacy. See, e.g., ECF No. 478, ¶¶ 144, 170. These allegations significantly improve upon the single and bare allegation that "Plaintiffs `viewed Apple's website, saw in-store advertisements, and/or [were] aware of Apple's representations regarding the safety and security of the iDevices prior to purchasing their own iDevices.'" ECF No. 471 at 33 (citing CAC, ¶ 126). The pleading stage is not summary judgment; to the extent that allegations regarding individual Plaintiffs' exposure to Apple's advertising campaign are sparse, they can be tested after discovery allows the parties further factual development. See, e.g., Id., ¶ 176.
The SCAC satisfies the first Tobacco II factor.
Plaintiffs have alleged that the relevant portion of Apple's advertising campaign lasted "from before the time the iPhone was first announced in 2007 continuing through the present day." ECF No. 509 at 6. Thus, the relevant period for purposes of this motion is approximately five years—from before the iPhone was first announced in 2007 until the end of the class period in February 2012. Apple contends that this duration is insufficient under Tobacco II. ECF No. 501 at 9 (citing Haskins v. Symantec Corp., No. 13-cv-01834-JST, 2014 WL 2450996, at *2 (N.D. Cal. June 2, 2014), and Pfizer, Inc. v. Super. Ct., 182 Cal.App.4th 622, 633-34, 105 Cal.Rptr.3d 795 (2010)).
Plaintiffs point out that where courts have found that media campaigns are more targeted or extensive, shorter periods of time—even as short as nine months—have been considered "long-term." ECF No. 509 at 6-7 (citing Makaeff v. Trump Univ., LLC, No. 3:10-cv-0940-GPC-WVG, 2014 WL 688164, at *13 (S.D.Cal. Feb. 21, 2014), and Morgan v. AT & T Wireless Servs., Inc., 177 Cal.App.4th 1235, 1245-46, 1258, 99 Cal.Rptr.3d 768 (2009)). Further, Plaintiffs contend that, given the short lifespans of technological products, a bright-line rule requiring that an advertising campaign span more than five years would "essentially immunize much of the tech industry from Tobacco II claims. . . ." Id. at 7.
The Court cannot find, as a matter of law, that the five-year duration of the alleged advertising campaign is insufficient for the purposes of Tobacco II. While the alleged campaign certainly is shorter than the "decades-long" campaign analyzed in Tobacco II, as Plaintiffs have pointed out, at least one court has also held that the "long-term" requirement is met by a shorter timeframe.
Apple also argues that Plaintiffs have failed to allege that Apple's advertising campaign was sufficiently "extensive" because Plaintiffs have only specifically identified a handful of advertisements per year during the relevant period. ECF No. 501 at 10-11.
But, as Plaintiffs point out, the identified advertisements are merely "examples, . . . and are incomplete." ECF No. 509 at 7. Plaintiffs identify dozens of specific examples of what they believe represents the advertising campaign, and those examples span eighteen pages of the SCAC (not including the numerous examples attached to the complaint, ECF No. 478, Exs. ACC). Construing the facts in the light most favorable to Plaintiffs, these examples demonstrate an "extensive" campaign. See ECF No. 478, ¶¶ 61-78.
Plaintiffs' allegations satisfy this Tobacco II factor.
As described in the preceding section, Plaintiffs have extensively described, and
Apple argues that the advertisements and marketing materials that Plaintiffs have identified are not actionable because many of the identified materials: (1) are too general, (2) are not relevant, (3) are not contained in the types of materials that consumers are likely to view, and (4) cannot be attributed to Apple. ECF No. 501 at 11-14.
As to generality, Apple makes two arguments. First, Apple contends that many of the alleged advertisements only generally discuss the "security" of Apple iDevices and protections for consumers' "privacy." The Court addresses this argument in section IV.B.2.g., infra. Second, Apple argues that some of the identified advertisements are too general to support a "specific and measurable claim, capable of being proved false or of being reasonably interpreted as a statement of objective fact." ECF No. 501 at 11-12 (quoting Rasmussen v. Apple, Inc., 27 F.Supp.3d 1027, 2014 WL 1047091, at *9 (N.D.Cal. Mar. 14, 2014), and citing Minkler v. Apple, Inc., 65 F.Supp.3d 810, 821, 2014 WL 4100613, at *7 (N.D.Cal. Aug. 20, 2014)). But both cases Apple cites for this proposition are inapposite; in neither case did Plaintiffs invoke Tobacco II, and in both circumstances, the Plaintiffs were therefore instead required to identify, in their pleadings, specific misrepresentations on which they relied. Further, while Plaintiffs do cite a number of general statements regarding "security" and "privacy," they also cite more specific statements regarding sandboxing and consumer-data protection. See, e.g., ECF No. 478, ¶¶ 76(ix) ("Apple issued a statement that it was `readying a software update to the iPhone, fixing a security flaw in the device that gives unauthorized access to contacts and e-mails.'"), 76(xxi) ("Apps cannot transmit data about a user without obtaining the user's prior permission and providing the user with access to information about how and where the data will be used.") (emphasis omitted), 77(ii) ("Applications on the device are `sandboxed' so they cannot access data stored by other applications.") (emphasis omitted). These statements are capable of being proven false, and therefore the above-cited cases do not defeat Plaintiffs' Tobacco II allegations.
Apple also argues that certain elements of the alleged advertising campaign that Plaintiffs rely on are not relevant because they were either alleged prior to (though in anticipation of) the App Store's launch or were directed to corporate networks and device passcodes. ECF No. 501 at 12-13.
As an initial matter, the Court finds that elements of Apple's alleged marketing campaign that pre-dated the launch of the App Store, but anticipated that impending launch, are relevant to Plaintiffs' Tobacco II allegations. Statements and advertising concerning corporate security networks and device passwords, however, are not the most probative examples of the alleged advertising campaign. They do, however, provide context for the more general campaign and tend to show the consistency of the message that Apple allegedly intended to convey—i.e., that Apple's iDevices are "secure" and include comprehensive consumer-privacy protections.
Apple also explains that consumers are not likely to view or be aware of Apple's licensing agreements with App developers, which Plaintiffs have identified as part of the alleged advertising campaign. Plaintiffs argue, generally, that statements in the licensing agreements, guidelines, and those directed to at least purportedly limited audiences have a cumulative effect on "buzz" or "earned media." ECF No. 509 at 9.
Finally, Apple claims that representations made by third parties in the media are not properly attributable to the alleged advertising campaign. But to the extent Apple commissioned these messages or took advantage of the opportunity to put its message into the media, these statements can be attributed to Apple for the purposes of Tobacco II. Further, Plaintiffs have adequately alleged and further explained that many of these messages are examples of "buzz marketing" or "earned media," whereby Apple "capitalized on its ubiquitous presence and the immense public attention given anything Apple does" to spread its messages by the "eagerly follow[ing]. . . media and the public." ECF No. 478, ¶¶ 3, 62-66. Plaintiffs even allege that Apple employed a "Worldwide Global Director of Buzz Marketing" to take advantage of this type of media, which is largely spread by third parties. Id., ¶ 63. At the very least, even purely third-party messages are circumstantial evidence of Apple's advertising campaign; without such a campaign, the messages are less likely to be picked up and expressed by third parties. The third-party documents Plaintiffs have identified as part of the Tobacco II campaign are sufficiently probative to be counted as part of the alleged campaign. The precise relationship between Apple's "buzz marketing" and third party advertisements is a subject better left for summary judgment or trial.
Even excising the materials as to which Apple's objections are well-taken, the SCAC contains ample discussion of advertisements, marketing materials, and equivalent activity to satisfy this Tobacco II factor.
Apple argues that the materials Plaintiffs have identified as constituting the Tobacco II campaign are too dissimilar: "Plaintiffs fail to allege a `single set of messages. . . . [The] SAC-alleged statements address security or privacy in a wide range of contexts—including corporate network applications, App Store transactions, device passcodes, storage, location data, and others." ECF No. 501 at 14. Apple's main contention is that the portions of the alleged advertising campaign that Plaintiffs have identified largely do not pertain specifically to address book data. Id. at 14-15. Plaintiffs respond that, "[a]s set forth in the SCAC, Apple's statements about security and privacy in all aspects of its iDevices constitute characteristics that, if false, [are] actionable under Tobacco II." ECF No. 509 at 10.
The Court finds that, despite being directed to different audiences and being of varying degrees of specificity, the materials that Plaintiffs have identified are sufficiently similar for the purposes of Tobacco II. All of the statements relate to Apple's concern for its devices' security, and its customers' privacy, and thus they send a unified and consistent message. To the extent that Apple challenges the generality of certain statements, that concern is addressed in section IV.B.2.g, infra.
As discussed in section IV.B.2.a., supra, with respect to the first Tobacco II
Most Plaintiffs allege that they viewed the alleged advertising campaign "prior to" their purchase of their iDevices. ECF No. 478, ¶¶ 144(ii), 150(ii), 156(ii), 163(ii), 170(ii), 182(ii), 187(ii), 193(ii), 199(ii), 205(v), 212(ii), 218, 225(ii), 232(ii). They do not allege specific dates, or even timeframes, during which they were exposed to the campaign. See Id. This failure weighs against a finding that Plaintiffs' allegations are sufficient under Tobacco II.
On the other hand, the majority of Plaintiffs have averred that they viewed the alleged campaign prior to their purchase of their iDevices. The exact dates of viewing are less relevant than is the fact that Plaintiffs viewed the campaign before they purchased their iDevices—the implication being that they, therefore, relied on the campaign in choosing their purchases.
Except as to Plaintiff Jason Green, who has not alleged any "when," the gaps in Plaintiffs' "when" allegations are not fatal to Plaintiffs' Tobacco II claims. Instead, individual Plaintiffs' exposure to Apple's campaign can be tested after discovery permits further factual development.
Apple does not argue that Plaintiffs have failed to meet this factor. Each Plaintiff has alleged a timeframe in which he or she purchased one or more iDevices. See ECF No. 471, ¶¶ 139, 145, 151, 157, 158, 164, 165, 171, 177, 183, 188, 189, 194, 200, 206, 207, 213, 219, 220, 226, 227.
Plaintiffs have satisfied this Tobacco II factor.
Apple raises a seventh and final concern, namely: how specifically must the campaign address the particular characteristics of the product that Plaintiffs allege were misrepresented? Here, the question is whether the statements Plaintiffs point to that generally tout the iDevices' "security" and Apple's emphasis on consumer "privacy" are sufficient evidence—in conjunction with the advertisements and marketing materials Plaintiffs have pointed to that specifically identify protections for address book data or "sandboxing"—to show that Apple engaged in a Tobacco II campaign advertising that Apple protected, in particular, Plaintiffs' address book data.
Plaintiffs' response to this concern is to point out that "[n]othing in the Court's prior order, Tobacco II, or any relevant case law immunizes Apple from the effect of a misleading advertising campaign touting the `safety and reliability' of its product because its statements may not have uniformly specified safety from `address book data . . . collected and used by third party applications.'" ECF No. 509 at 5. Further, say Plaintiffs, Apple's contention that the advertising campaign must be specific to the protection of address book data is "like saying the tobacco companies were immunized from their statements about the `safety and health effects' of smoking because their statements did not uniformly specify safety `from tar and chemical additive intake in the development of lung cancer' or specify the effect `from nicotine intake in the development of addiction.'" Id.
Plaintiffs' comparison to the generality of the advertising campaign alleged in Tobacco II is well-taken. The Court finds that the fifteen or twenty more-specific statements about sandboxing, protection of
Plaintiffs' Tobacco II allegations, taken as a whole, are sufficient to survive Apple's motion to dismiss.
In addition to Plaintiffs' claims regarding Apple's alleged affirmative misrepresentations, they also allege that Apple knew, but failed to disclose (and actively concealed), that users' private data was not secure on Apple's iDevices.
As this Court noted in its previous order, "the Ninth Circuit has recently cautioned [that], in the context of product defect claims, California courts have generally rejected a broad obligation to disclose." Donohue v. Apple, Inc., 871 F.Supp.2d 913, 925 (N.D.Cal.2012) (citing Wilson v. Hewlett-Packard Co., 668 F.3d 1136, 1141 (9th Cir. 2012)) (internal quotations omitted). Omission or concealment constitute actionable fraud in three circumstances that are relevant here: when defendants (1) had exclusive knowledge of material facts not known to plaintiffs; (2) actively concealed a material fact from plaintiffs; or (3) made partial representations, but also suppressed some material facts. LiMandri v. Judkins, 52 Cal.App.4th 326, 336, 60 Cal.Rptr.2d 539 (1997). Further, "[a] manufacturer's duty to consumers is limited to its warranty obligations absent either an affirmative misrepresentation or a safety issue." Donohue, 871 F.Supp.2d at 925 (quoting Oestreicher v. Alienware Corp., 322 Fed. Appx. 489, 493 (9th Cir. 2009)). The Court now examines whether Plaintiffs have sufficiently alleged such circumstances.
Plaintiffs allege that Apple had exclusive knowledge of material facts regarding its iDevices' lack of security, as evidenced by: (1) security breaches involving Path, Inc., the Aurora Feint App, and the Google Voice App; (2) information developed at congressional hearings and before the FTC; (3) its software upgrades in response to specific, identified software vulnerabilities; (4) Apple's removal from the App Store of an App designed to alert users to other Apps' stealing of user data; and (5) Apple's punishment of a privacy researcher, Charlie Miller, who "intentionally passed a non-compliant App through Apple's review and onto the App Store in a proof-of-concept security test and reported to Apple the gaping security hole that he found in Apple's App procedures." ECF No. 478, ¶¶ 79-89.
Apple contends that Plaintiffs' allegations regarding Apple's exclusive knowledge of material facts are inconsistent with Plaintiffs' other allegations regarding the widespread dissemination of information about Apple in the media, and the discussion in the media of the security flaws in Apple's iDevices. ECF No. 501 at 18; ECF No. 515 at 10.
Plaintiffs respond that although the media discussed isolated security breaches, Apple effected a campaign to "drown out" reports of those breaches, and Plaintiffs never had knowledge, unlike Apple, "that this address book-related flaw was an inherent defect in the iDevices (as opposed to an itinerant instance of hacking), much less that Apple was aiding App Defendants and teaching and permitting them to exploit the defect." Id. Further, Plaintiffs point to their allegations that Apple took "affirmative steps to discourage or even disable people's attempts to determine
The Court finds that Plaintiffs have sufficiently alleged that Apple had exclusive knowledge of at least the material fact that its iDevices contained an inherent defect that permitted Apps to access users' address book data.
Plaintiffs allege as active concealment the same facts in support of their claims of Apple's exclusive knowledge of material facts. See ECF No. 478, ¶¶ 79-89. Apple contends that Plaintiffs have failed to allege active concealment adequately because Apple's Privacy Policy disclosed that third parties, including those who offer Apps, may collect information such as "data or contact details." ECF No. 501 at 17-18; ECF No. 515 at 9-10. Thus, argues Apple, "[b]ecause Apple disclosed precisely the information that Plaintiffs say was omitted, the omissions claims must be dismissed." ECF No. 501 at 17 (citations omitted).
Apple's argument does not foreclose Plaintiffs' allegations of active concealment. Although Plaintiffs acknowledge that Apple disclosed some of the risks associated with its iDevices, they also allege that Apple failed to disclose all the material facts, and that Apple falsely reassured consumers that its iDevices did not contain security vulnerabilities that Apple knew they contained. See ECF No. 478, ¶¶ 87, 88. Moreover, Plaintiffs allege that Apple did not disclose that it taught or encouraged the App Defendants to access users' information via the Human Interface Guidelines. See Id., ¶ 89. At this stage of the proceedings, the Court concludes that Plaintiffs' allegations of active concealment are legally adequate.
Under California law, the "failure to disclose a fact can constitute actionable fraud. . . when the defendant makes partial representations that are misleading because some other material fact has not been disclosed." Collins v. eMachines, Inc., 202 Cal.App.4th 249, 255-56, 134 Cal.Rptr.3d 588 (2011) (citations omitted).
Plaintiffs allege partial disclosures in the form of: Apple's (1) alleged advertising campaign; (2) public acknowledgment of security breaches involving Path, Inc., the Aurora Feint App, and the Google Voice App; (3) statements at congressional hearings and to the FTC; and (4) software upgrades in response to identified software vulnerabilities.
The Court finds that Plaintiffs' partial-disclosure allegations are insufficient. Plaintiffs have not alleged that class members saw or heard these partial representations and were misled by them in such a way that Apple should have fully disclosed related information. A partial-representation claim requires Plaintiffs to plead reliance on at least some misleading partial representations. See, e.g., In re Toyota Motor Corp., 785 F.Supp.2d 883, 924 (C.D.Cal.2011). Because Plaintiffs have
"A manufacturer's duty to consumers is limited to its warranty obligations absent either an affirmative misrepresentation or a safety issue." Donohue, 871 F.Supp.2d at 925 (citation omitted). The Court, in its prior order on Defendants' prior motions to dismiss, explained that, because Plaintiffs had failed "to allege when they purchased their iDevices, when the alleged defects arose, what kind of warranty Apple provided, the terms of the warranty, and the warranty's duration," the Court was "unable to conclude whether the alleged defect manifested within the warranty period" and thus Plaintiffs' claims were inadequate. ECF No. 471 at 34.
In the SCAC, Plaintiffs' warranty allegations are contained in two paragraphs, which state: "iDevices come with a written limited warranty with a warranty period of one year from the date of purchase. Additional extended warranties were not available for purchase," ECF No. 478, ¶ 38, and "[the] deficiencies in the iDevices . . . were inherent in the products and existed at the time of purchase and at all times thereafter. Though the iDevices are covered by a limited one-year warranty, the deficiencies at issue were present from the outset, and therefore arose and manifested within the warranty period," Id., ¶ 291.
Apple points to the obvious defect in Plaintiffs' allegations—i.e., that Plaintiffs have again failed to identify the warranty terms applicable to their allegations. Without those warranty terms, the Court cannot assess whether the alleged security defects in Apple's iDevices somehow contravene those terms.
Accordingly, though Plaintiffs have identified some potentially actionable omissions, they have failed to identify any relevant warranty obligations. For that reason, Plaintiffs' omissions theories fail.
To adequately plead aiding and abetting liability under California law, Plaintiffs must allege that Apple (1) knew the App Defendants' conduct constituted a breach of duty and gave substantial assistance or encouragement to the App Defendants to so act, or (2) gave substantial assistance to the App Defendants in accomplishing either conversion or invasion of privacy, and Apple's own conduct, separately considered, constituted a breach of the duty to Plaintiffs. Casey v. U.S. Bank Nat'l Ass'n, 127 Cal.App.4th 1138, 1144, 26 Cal.Rptr.3d 401 (2005) (citations omitted); In re First Alliance Mortg. Co., 471 F.3d 977, 993 (9th Cir. 2006) (citing Casey); Laborers' Local v. Intersil, 868 F.Supp.2d 838, 850 (N.D.Cal.2012).
Apple contends that Plaintiffs have failed to allege Apple's knowledge of the App Defendants' tortious conduct. ECF No. 501 at 18-20; ECF No. 515 at 11-13. Plaintiffs point to their allegations that the "iOS Human Interface Guidelines expressly teach and tell App Defendants to take contacts data without seeking permission," that Apple is "responsible for creating the harmful APIs
As an initial matter, the Court notes that, even for fraud-based claims, which are subject to the Rule 9(b) heightened pleading standard, scienter allegations may be pleaded generally. Fed. R. Civ. Pro. 9(b) ("Malice, intent, knowledge, and other conditions of a person's mind may be alleged generally."). Plaintiffs' complaint does this. See ECF No. 478, ¶¶ 250, 266 ("Despite its ostensible policies against the collection of iDevice users' private information . . ., Apple in fact ... knowingly and/or recklessly permitted the unauthorized access and collection of Plaintiffs' and class members' private address books.").
Further, Plaintiffs have alleged sufficient facts from which an inference of knowledge can be drawn—most particularly the language in the iOS Human Interface Guidelines and Apple's alleged development of APIs that permitted Apps to access address book data, but also because of the extent to which Plaintiffs allege Apple was involved in and controlled the development and functions of Apps offered through its App Store. See Id., ¶¶ 39, 43-53. It is true, as Apple points out, that even the SCAC acknowledges that Apple, at times, withdrew Apps from its App Store that it discovered were accessing consumer data without consent. See ECF No. 501 at 28 n.21 (citing SCAC, ECF No. 478, ¶ 140, among others). But these contrary factual allegations merely point to the need for further factual development of this issue.
Apple seeks to dismiss Plaintiffs' invasion of privacy and conversion claims on the basis that the Communications Decency Act ("CDA"), 47 U.S.C. § 230, bars those claims.
In its previous order granting in part Apple's motion to dismiss the CAC, the Court rejected the same argument. See ECF No. 471 at 18-23. Apple contends that the Court should take a fresh look at the CDA because the factual allegations in the SCAC differ from those in the CAC, and "there have been relevant developments in the fast-changing law concerning the CDA." ECF No. 501 at 24 n.18 (citing Jones v. Dirty World Entm't Recordings, LLC, 755 F.3d 398 (6th Cir. 2014)).
The Court has read the SCAC and Jones. The SCAC's allegations have not materially changed with regard to whether Apple is an "information content provider" not subject to CDA protection, and Apple does not explain how the allegations of the SCAC are different from those of the CAC in a way that helps Apple. In fact, Apple still relies on allegations from the now-superseded CAC to make its arguments. See ECF No. 501 at 27-28. It also spills a great deal of ink analyzing Fair Housing Council of San Fernando Valley v. Roommates.com, 521 F.3d 1157, 1168 (9th Cir. 2008), which was the centerpiece of its prior motion to dismiss. ECF No. 501 at 25-29. Though dressed up in "fresh look" language, this portion of the motion reads more like a belated motion for reconsideration.
Jones, the one new case cited by Apple, does not change the Court's conclusion that Apple is an "information content provider." The Jones court merely adopted the Ninth Circuit's reasoning in Roommates.com,
Here, Plaintiffs allege that Apple effectively was a creator, at least in part, of the App Defendants' Apps that misappropriated Plaintiffs' address book data. ECF No. 478, ¶ 46 ("all iDevice Apps were built, in part, by Apple."). Plaintiffs have also provided factual detail regarding how Apple controlled the development of Apps provided by its App Store, and contributed to the creation of the offensive content, for example, by using its iOS Human Interface Guidelines to instruct App developers to access address book data without prior permission. See, e.g., Id., ¶¶ 39, 43-53, 88. This is all the information-content-provider exemption requires: "The term `information content provider' means any person or entity that is responsible, in whole or in part, for the creation or development" of the offending content. 47 U.S.C. § 230(f)(3). Neither Jones nor the new allegations in the SCAC compel the Court to reverse its prior conclusion.
Apple, as an alleged "information content provider" under the CDA, is not entitled, as a matter of law and at this stage of the proceedings, to blanket CDA immunity for the conduct challenged here.
Apple also alleges that Plaintiffs do not have standing to assert their conversion claim, and have failed to allege the requisite elements of that claim because Plaintiffs have failed to adequately allege an Article III injury, or the element of a property interest, as is required to assert their conversion claim. ECF No. 501 at 21-22. Apple's argument is materially identical to the App Defendants', and the Court addresses it in section V.B., infra.
To establish Article III standing, a plaintiff in federal court must meet three requirements. Lujan v. Defenders of Wildlife, 504 U.S. 555, 560-61, 112 S.Ct. 2130, 119 L.Ed.2d 351 (1992). First, the plaintiff must have suffered an "injury in fact"—an invasion of a legally protected interest that is (a) concrete and particularized, and (b) actual or imminent. Id. at 560, 112 S.Ct. 2130 (citations omitted). Second, the injury and the conduct complained of must be causally connected. Id. (citation omitted). Third, it must be likely, as opposed to merely speculative, that a favorable decision would redress the injury. Id. at 561, 112 S.Ct. 2130, (citation omitted).
A plaintiff lacks standing to seek injunctive relief if he or she has not alleged "a real or immediate threat" that he or she will be wronged again; without such an allegation, a plaintiff fails to show an "injury in fact," and therefore to satisfy the first prong of the standing inquiry. City of L.A. v. Lyons, 461 U.S. 95, 111, 103 S.Ct. 1660, 75 L.Ed.2d 675 (1983). "Past exposure to illegal conduct does not in itself show a present case or controversy regarding injunctive relief . . . if unaccompanied by any continuing, present adverse effects." O'Shea v. Littleton, 414 U.S. 488, 495-96, 94 S.Ct. 669, 38 L.Ed.2d 674 (1974).
Apple argues that Plaintiffs have not adequately pled entitlement to injunctive relief. See ECF No. 501 at 22-23. First, Apple argues that Plaintiffs have
Apple is correct that Plaintiffs must allege some degree of intent to purchase Apple's iDevices in the future. As the Court recently noted, "the contours of what a plaintiff must claim about a future interest in a product in order to have standing to represent a 23(b)(2) class have not been defined with precision." Lilly v. Jamba Juice Co., No. 13-CV-02998-JST, 2015 WL 1248027, at *5 (N.D.Cal. Mar. 18, 2015) (footnote omitted). But it is clear that a Plaintiff seeking injunctive relief must allege at least a willingness to consider purchasing the product at issue in the future. Id. Here, Plaintiffs make no such allegation. Accordingly, they lack standing to seek injunctive relief.
Plaintiffs also cannot seek injunctive relief against Apple because no realistic threat exists that the complained-of conduct is ongoing or will be repeated. As the Court noted in its earlier order, Plaintiffs have alleged that Apple has remedied the alleged gaps in its privacy protection. ECF No. 471 39; CAC ¶ 120. Plaintiffs removed those allegations from the SCAC, and now allege that "Apple's foregoing misconduct is ongoing, and unless restrained by this Court, is likely to recur." ECF No. 478 at ¶ 281. But because they are contradicted by Plaintiff's earlier allegations, the latest allegations are implausible, and the Court will not accept them as true. Smith v. Wilt, No. 12-cv-05451-WHO, 2013 WL 5675897, at *4 n. 5 (N.D.Cal. Oct. 17, 2013).
Because Plaintiffs have failed to plead a real or immediate threat of future injury, they lack standing to seek injunctive relief. Plaintiffs' prayer for injunctive relief, as it pertains to Apple, is dismissed with prejudice pursuant to Rule 12(b)(1). See Zucco, 552 F.3d at 1007.
Plaintiffs allege that "[e]ach of the App Defendants here created and distributed an App" that "improperly invaded Plaintiffs' privacy and misappropriated address book data stored in the iDevices' Contacts App without authorization to do so." ECF No. 478, ¶ 90. Plaintiffs further allege that they "were not made aware of, nor did they consent to the taking of their data by the App Defendants." Id., ¶ 92.
The App Defendants allege that the Copyright Act preempts both the conversion and the invasion of privacy claims that Plaintiffs have alleged.
Copyright Act preemption has two prongs. First, the rights at issue under state law must be equivalent to those protected
The Court finds that The Copyright Act does not preempt Plaintiffs' conversion and intrusion upon seclusion claims, because the Court finds that both Plaintiffs' conversion and invasion of privacy claims are not equivalent to those protected by the Copyright Act because they involve something "beyond mere reproduction or the like." G.S. Rasmussen & Assocs., Inc. v. Kalitta Flying Serv., Inc., 958 F.2d 896, 904 (9th Cir. 1992) (citation omitted). Defendants argue that Plaintiffs have not alleged any act by Defendants beyond mere copying of users' address book data. See, e.g., ECF No. 501 at 8-9; ECF No. 513 at 6-9. And certain Defendants contend that Plaintiffs consented to the use of their address book information using a "Find Friends" (or equivalent) feature.
The Court finds, however, that Plaintiffs' allegations involve more than the mere reproduction of Plaintiffs' address book data; they include the unauthorized access, transmission, misuse, and misappropriation of that data. While the particular meanings of "misuse" and "misappropriate," as alleged in Plaintiffs' complaint, could be more clear
Given the information available at this stage of the proceedings, Defendants have not shown that the Copyright Act preempts Plaintiffs' conversion and invasion of privacy claims.
Under California law, a conversion claim has three elements: (1) the plaintiff's right to possession or ownership of a property interest; (2) the defendant's conversion of the property by a wrongful act or disposition of property rights; and (3) damages. Firoozye v. Earthlink Network, 153 F.Supp.2d 1115, 1129 (N.D.Cal.2001) (citing Burlesci v. Petersen, 68 Cal.App.4th 1062, 1066, 80 Cal.Rptr.2d 704 (1998)) (alternate citation omitted). Plaintiffs allege that Defendants converted their address book data by accessing, uploading, transmitting, and/or otherwise misappropriating that information.
Defendants assert that Plaintiffs lack standing to bring their conversion claim because they have failed to allege an injury-in-fact. At the pleading stage, Plaintiffs bear the burden of adequately alleging facts that, if proven, would tend to show that they suffered a constitutionally recognized injury. Lujan, 504 U.S. at 561, 112 S.Ct. 2130.
Plaintiffs first respond by re-arguing their contention that the common law of conversion shows that Plaintiffs have a protectable interest in their contacts information that is injured by Defendants' copying. The Court previously rejected this argument, finding that "Plaintiffs . . . [had] failed to allege any details concerning their argument that their address books' value was diminished by the App Defendants' conduct." ECF No. 471 at 40.
The Plaintiffs provide no reason for the Court to change its mind on this question. The sole new authority they cite involves the misappropriation of indisputably commercial intellectual property—the songs of the 1960's popular music group The Turtles.
Plaintiffs also argue that California statutory law confers standing because "detriment caused by the wrongful conversion of personal property is presumed," Cal. Civ.Code § 3336, and because nominal damages are always available under California law, Cal. Civ.Code § 3360. These arguments are not persuasive. Section 3336 describes an appropriate measure of damages, and does not provide that a plaintiff alleging conversion is entitled to a presumption of injury. A conversion plaintiff in California court must still prove "the fact of proximately caused injury." Lueter v. State of Cal., 94 Cal.App.4th 1285, 1303, 115 Cal.Rptr.2d 68 (2002). Section 3360 sets forth the rule that a plaintiff who has suffered an injury, but whose damages are speculative, is entitled to nominal damages. Hutcherson v. Alexander, 70 Cal.Rptr. 366, 264 Cal.App.2d 126,
Having not alleged a sufficient injury, Plaintiffs lack standing to bring their conversion claim. Because the Court previously dismissed Plaintiffs' conversion claim on the same basis, the Court now dismisses the claim with prejudice. See Zucco, 552 F.3d at 1007.
To allege an invasion of privacy by intrusion upon seclusion, a plaintiff must plead: (1) the defendant's intrusion into a private place, conversation, or matter, (2) in a manner highly offensive to a reasonable person. Shulman v. Grp. W Prods., Inc., 18 Cal.4th 200, 231, 74 Cal.Rptr.2d 843, 955 P.2d 469 (1998). Defendants argue that Plaintiffs have failed to allege those elements adequately on several bases. First, Defendants assert that Plaintiffs lack standing. Second, Defendants contend that Plaintiffs had no reasonable expectation of privacy in their address book information. Third, Defendants argue that Plaintiffs have failed, as a matter of law, to allege "highly offensive" behavior by the App Defendants. Finally, Defendants argue that Plaintiffs' intrusion upon seclusion claim should be dismissed because Plaintiffs have failed to allege any harm resulting from their actions, and therefore Plaintiffs are unable to prove the element of damages.
Certain App Defendants contend that Plaintiffs lack standing to bring their intrusion upon seclusion claim because Plaintiffs have failed to identify an injury-in-fact. See ECF No. 497 at 10-11; ECF No. 498 at 5-9; ECF No. 499 at 7-10. As the Court explained in its previous order, however, Plaintiffs here have sufficiently pleaded the injury of an invasion of their privacy by intrusion upon their seclusion. ECF No. 471 at 40-41. Defendants provide no compelling reason for the Court to reconsider its prior order. Accordingly, the Court finds that Plaintiffs have adequately alleged an Article III injury.
The App Defendants argue that Plaintiffs had no reasonable expectation of privacy in their address book data. Certain Defendants argue that Plaintiffs consented to at least the accessing of their data because they navigated through a "Find Friends" feature (or something equivalent) when they signed up for the App's services, and agreed to use that feature, which informed them that the App would access their address book data.
The Court discussed the Defendants' consent arguments in its prior order, and reasoned that though Plaintiffs who used a "Find Friends" function may have knowingly consented to the scanning of their address book data, or other use of the data solely for the purpose of "Finding Friends, Plaintiffs alleged that Defendants had exceeded the parameters of that consent by otherwise transmitting, uploading, storing, and using that information for unauthorized purposes or in unauthorized ways. See ECF No. 471 at 44-45. Defendants urge the Court to revisit that determination on two bases: (1) differing allegations in the SCAC, as compared to the CAC; and (2) the court's decision in In re Yahoo Mail Litigation, 7 F.Supp.3d 1016 (N.D.Cal.2014).
Defendants fault Plaintiffs for condensing the allegations in the SCAC, as compared to those in the CAC, regarding the Apps' alleged misuse of Plaintiffs' data. See, e.g., ECF No. 498 at 10-11. Contrary to Defendants' characterizations, however, Plaintiffs did not "abandon" or "withdraw" the CAC's allegations that the App Defendants did something more with Plaintiffs' address book data than merely access it. Plaintiffs continue to allege that the App Defendants did more—by uploading, transmitting, and/or otherwise misusing or misappropriating Plaintiffs' address book data—than Plaintiffs were aware or consented to. See ECF No. 508 at 3-4.
Also, Yahoo Mail is distinguishable from this case. There, in the context of the federal Wiretap Act, the Court stated that it found "implausible that [Yahoo email] users did not—after agreeing, based on the [Yahoo Terms of Service], to Yahoo's scanning and analysis of emails—realize that in order to engage in an analysis of emails, Yahoo would have to store the emails somewhere on its servers." 7 F.Supp.3d at 1031. But in that case, Yahoo's Additional Terms of Service expressly informed users that, "by scanning and analyzing such communications content, Yahoo collects and stores the data." Id. at 1022. Yahoo's consent page also told users that Yahoo would scan their e-mails for a variety of purposes, including to provide "targeted advertising." Id. No equivalently explicit consent is present here. As the court in Yahoo explicitly acknowledged, in evaluating a consent defense, a court must consider the scope of the alleged consent. Id. at 1028.
Here, in sum, the Court does not find it implausible that, while App users were aware that "Find Friends"-type features would scan the address book information stored on their iDevices for the sole purpose of finding friends, they were not aware that those features and the Apps with which they were associated used their address book information in other, unauthorized ways.
Neither the changes to the SCAC, nor Yahoo Mail, compel the Court to revisit its earlier determination that Plaintiffs' intrusion upon seclusion claim survives Defendants' consent arguments.
Defendants' argument that Plaintiffs could not have had a reasonable expectation of privacy in their address book data because the "Find Friends" features they signed up for required access to Plaintiffs' address book data fails for the same reason that Defendants' consent argument does. Plaintiffs allege not only
The Court previously found that Plaintiffs had sufficiently alleged that the App Defendants' actions satisfied the "highly offensive" prong of their intrusion upon seclusion claim. See ECF No. 471 at 45-46. Defendants contend that the Court should revisit that conclusion in light of (1) Plaintiffs' alleged consent; and (2) allegations in the SCAC that materially differ from those in the CAC. The Court has already rejected both arguments. See section V.C.2.a., supra.
Plaintiffs have also pointed to evidence indicating that at least some iDevice users found the Apps' accessing of address book information highly offensive—i.e., the response from Congress, the FTC, the public, and the media to learning that Apps were accessing and using address book information in the manner herein alleged.
In a final bid to seek dismissal of Plaintiffs' intrusion upon seclusion claim, Defendants contend that the claim must fail because Plaintiffs have failed adequately to allege damages. See, e.g., ECF No. 499 at 17; 500 at 11. The only authority that Defendants cite for this proposition is the Court's prior order (and citations therein), which found Plaintiffs' allegations sufficient. ECF No. 471 at 46.
In the SCAC, Plaintiffs allege again, generally, that they suffered "harm and damages" as a result of Defendants' intrusion upon their seclusion. ECF No. 478, ¶ 248. These allegations remain sufficient for Rule 12(b)(6) purposes.
For the reasons set forth above, Plaintiff's conversion claim and requests for injunctive relief are hereby dismissed with prejudice. In all other respects, the motions to dismiss are denied.