77 F. Supp. 3d 836
N.D. Cal.2014Background
- Privacy case about Facebook allegedly scanning private messages to detect URLs and increment page 'like' counters.
- Plaintiffs allege use of data to build profiles and target advertising in violation of federal Wiretap Act and state CIPA, plus California UCL.
- Plaintiffs seek nationwide class of Facebook users who sent/received private messages containing URLs within two years prior to filing.
- Facebook allegedly scanned messages via a web crawler; dispute over whether this interception occurred and whether it was in the ordinary course of business.
- Court addresses whether consent or internal policies bar claims and whether the ordinary-course-of-business exception applies, with rulings on several claims.
- Court notes Facebook ceased the challenged practice in Oct. 2012 but may still conduct some content analysis for other purposes.
Issues
| Issue | Plaintiff's Argument | Defendant's Argument | Held |
|---|---|---|---|
| Wiretap Act interception sufficiency | Plaintiffs allege interception occurred via scanning messages with a web crawler. | Interception may be limited to in-transit transmission; use alone could be actionable only if interception occurred. | Survives: court cannot rule out interception; allegations plausible at this stage. |
| Ordinary course of business exception scope | Court should reject broad exemption; Google/Gmail and Hall/Kirch guide analysis to nexus with service. | Targeted advertising and data processing are within ordinary course and consented uses. | Denied for dismissal: factual record incomplete; exception cannot be determined on motion. |
| Consent as a defense to Wiretap Act and related claims | No consent to interception of message contents for advertising purposes; consent to delivery does not extend to scanning. | Users allegedly consented via terms; implied consent also argued due to message-features. | Denied: express/implicit consent not established at this stage for the challenged interception. |
| CIPA sections 631 and 632 viability | Interception in transit and reading messages may violate state privacy law. | Consent defenses; lack of confidential communications; messages may not be confidential under 632. | 631 claim denied? Actually 631 claim denied or allowed? Held: 631 is DENIED? (Court denies dismissal of 631); 632 claim GRANTED. |
| California UCL standing and injury-in-fact | Victims suffer injury via privacy violations; data value/monetary injury not required if statute provides relief. | No loss of money or property; insufficient injury-in-fact. | GRANTED: UCL claim dismissed without leave to amend. |
Key Cases Cited
- Noel v. Hall, 568 F.3d 743 (9th Cir. 2009) (interception includes acquisition of contents, not just transmission)
- Hall v. EarthLink Network, Inc., 396 F.3d 500 (2d Cir. 2005) (ordinary course of business analysis for interception scope)
- Kirch v. Embarq Management Co., 702 F.3d 1245 (10th Cir. 2012) (third-party interception and ordinary course considerations)
- In re Google Inc. Gmail Litigation, 2013 WL 5423918 (N.D. Cal. 2013) (narrow vs broad interpretations of ordinary course; not official reporter; included for context)
- In re Google Inc. Privacy Policy Litigation, 2013 WL 6248499 (N.D. Cal. 2013) (broad interpretation of ordinary course; not official reporter)
- In re Yahoo Mail Litigation, 7 F. Supp. 3d 1016 (N.D. Cal. 2014) (interception/analysis considerations in email context)
- In re Zynga Privacy Litigation, 750 F.3d 1098 (9th Cir. 2014) (standing under privacy statutes; injury-in-fact analysis)
- Claridge v. RockYou, Inc., 785 F. Supp. 2d 855 (N.D. Cal. 2011) (privacy violations and related claims in social networking context)
- Faulkner v. ADT Sec. Services, Inc., 706 F.3d 1017 (9th Cir. 2013) (confidentiality expectations and privacy standards)
- Kearney v. Salomon Smith Barney, Inc., 39 Cal.4th 95 (Cal. 2006) (confidentiality expectation standards under §632)