Cahen v. Toyota Motor Corp.
147 F. Supp. 3d 955
N.D. Cal.2015Background
- Plaintiffs sue Ford Motor Company, GM, Toyota and Toyota Sales alleging vehicle hacking vulnerabilities and improper data collection/transmission of driving data.
- FAC asserts three classes: California (GM/Toyota), Oregon (Ford), and Washington (Ford) seeking injunctive relief, recalls, and damages.
- Allegations focus on CAN bus security weaknesses, ECUs, wireless interfaces, and supposed non-encryption of CAN packets allowing potential remote control.
- Plaintiffs claim Defendants knew of vulnerabilities yet marketed vehicles as safe and failed to adequately disclose data practices.
- Court grants Ford, GM, Toyota’s motions to dismiss for lack of jurisdiction/standing, with leave to amend; later dismissal is with prejudice or amendment deadline provided.
Issues
| Issue | Plaintiff's Argument | Defendant's Argument | Held |
|---|---|---|---|
| Personal jurisdiction over Ford in California | Ford plaintiffs contend California contacts suffice for jurisdiction. | Ford argues no specific or general jurisdiction in California. | Lack of both specific and general jurisdiction over Ford in California. |
| Standing of plaintiffs to pursue claims | Plaintiffs allege injury-in-fact from risk of hacking and related economic/privacy harms. | Defendants contend injury is too speculative and not concrete or imminent. | Plaintiffs lack Article III standing; risk of future hacking deemed speculative with no concrete injury. |
Key Cases Cited
- Daimler AG v. Bauman, 134 S. Ct. 746 (2014) (limits general jurisdiction; at-home concept for corporations requires exceptional affiliations)
- International Shoe Co. v. Washington, 326 U.S. 310 (1945) (establishes minimum contacts and due process for jurisdiction)
- Schwarzenegger v. Fred Martin Motor Co., 374 F.3d 797 (9th Cir. 2004) (plaintiff must show prima facie jurisdictional facts; allegations cannot be bare)
- Ranza v. Nike, Inc., 793 F.3d 1059 (9th Cir. 2015) (out-of-state defendant; prima facie showing required when no evidentiary hearing)
- Birdsong v. Apple, Inc., 590 F.3d 955 (9th Cir. 2009) (standing requires concrete and particularized injury; not just generalized risk)
- Onity, Inc. v. Hotel Indus., 2014 WL 3748639 (D. Minn. 2014) (speculative future harm not enough for standing when no concrete risk of breach)
- In re Toyota Motor Corp. Unintended Acceleration Litig. II, 790 F. Supp. 2d 1152 (C.D. Cal. 2011) (economic injury requires more than speculative product-function risk; recalls/market effects can establish standing)
- Krottner v. Starbucks Corp., 628 F.3d 1136 (9th Cir. 2010) (credible risk of future harm required for privacy-related standing)
- In re Sony Gaming Networks & Customer Data Security Breach Litig., 996 F. Supp. 2d 942 (S.D. Cal. 2014) (data breach harms require concrete risk to individuals' personal information)