305 F. Supp. 3d 864
E.D. Ill.2018Background
- Plaintiffs are four California small businesses who allege telemarketing calls from IPS and later Ironwood were secretly recorded without consent in violation of California's Invasion of Privacy Act (CIPA), Cal. Penal Code §§ 632, 632.7.
- IPS (Nevada) operated Illinois call centers owned by the Bentleys; Ironwood purchased IPS's operations in 2015 and continued the same practices under owners Lovelace and Lewis. Plaintiffs allege calls used scripts (approved by banks) and Caller ID spoofing and that recordings were stored on cloud vendors (Veracity, IRIS).
- Plaintiffs assert both direct and vicarious liability theories against acquiring banks and processor TPAs (Wells Fargo, Fifth Third, First Data, Vantiv, NPC) based on agency/apparent authority, supervision, revenue-sharing, and access to recordings.
- Defendants moved to dismiss raising: Article III standing after Spokeo; that CIPA protects individuals not businesses; that §632 only covers “confidential” calls and §632.7 requires particular phone types; personal jurisdiction objections by nonresidents; and insufficiency of allegations of control/ratification.
- The court denied all motions to dismiss and denied Rule 11 sanctions without prejudice, finding (1) Plaintiffs adequately alleged a concrete injury from statutory privacy violations, (2) businesses may sue under CIPA, (3) pleading adequately alleged confidentiality and §632.7 coverage at the dismissal stage, (4) plausible allegations of agency, control, and forum contacts to survive dismissal, and (5) Rule 11 concerns over a whistleblower’s (Tibor) forged emails warranted further discovery, not sanctions.
Issues
| Issue | Plaintiff's Argument | Defendant's Argument | Held |
|---|---|---|---|
| Article III standing (Spokeo) | CIPA violations are concrete privacy injuries; statutory damages available without proof of actual harm | No concrete injury; statutory violation alone insufficient post-Spokeo | Court: CIPA privacy invasion is a concrete, cognizable injury; standing exists; speculative data-breach risk claim dismissed |
| "Statutory standing" (business plaintiffs) | Corporations/partnerships are "persons" under CIPA and may sue for statutory privacy violations | Businesses lack personal privacy rights; CIPA protects individuals only | Court: Businesses can sue under CIPA; statutory text and precedent allow corporate plaintiffs |
| §632 "confidential" communications | Lack of warning, unsolicited telemarketing, and context create objectively reasonable expectation of privacy | Business calls are not confidential as a matter of law; recipient expectations unreasonable; spoofing negates expectation | Court: At pleading stage, allegations that calls lacked any warning and were not initiated by recipients suffice to plausibly allege confidentiality |
| §632.7 device requirement (cell/cordless/landline) | Plaintiffs allege calls received on cellular/cordless devices; plausibly within §632.7 scope | Compl. fails to identify device types used by callers; VoIP may fall outside statute | Court: Dismissal premature; allegations sufficient for now—device-identification can be resolved later |
| Personal jurisdiction (Bentleys, Lovelace, Lewis, IPS) | Visits to Illinois, implementation/oversight of recording scheme in Illinois, and call-center operations support specific jurisdiction | Nonresidents lack sufficient Illinois contacts; corporate contacts do not automatically bind owners | Court: Specific jurisdiction exists based on forum-directed conduct tied to the claims (implementation, control, and injuries arising from Illinois activities) |
| Vicarious liability / agency (banks and TPAs) | Contracts, approval of scripts, supervision under card-brand rules, revenue-sharing, and access to recordings create apparent/actual agency or ratification | No evidence of control; contractual compliance clauses negate agency for illegal acts | Court: Allegations plausibly support apparent/actual agency and vicarious liability at pleading stage; dismissal denied |
| Rule 11 sanctions re: whistleblower (Tibor) | Plaintiffs relied on corroborated evidence beyond Tibor; counsel conducted reasonable inquiry | Defendants contend core allegations relied on fabricated/altered emails by Tibor warrant sanctions | Court: Evidence raises serious concerns, but sanctions premature; denial without prejudice pending further discovery |
Key Cases Cited
- Spokeo, Inc. v. Robins, 136 S. Ct. 1540 (2016) (statutory violations require concrete injury for Article III standing)
- Lujan v. Defenders of Wildlife, 504 U.S. 555 (1992) (injury-in-fact requirements)
- Clapper v. Amnesty Int'l USA, 568 U.S. 398 (2013) (speculative future injury insufficient for standing)
- Flanagan v. Flanagan, 27 Cal. 4th 766 (2002) (CIPA §632 confidentiality—objective expectation of privacy)
- Kearney v. Salomon Smith Barney, 39 Cal. 4th 95 (2006) (importance of warnings/disclosures under CIPA)
- Daimler AG v. Bauman, 571 U.S. 117 (2014) (limits on general personal jurisdiction)
- Tamburo v. Dworkin, 601 F.3d 693 (7th Cir. 2010) (specific jurisdiction framework)
- Bell Atlantic Corp. v. Twombly, 550 U.S. 544 (2007) (plausibility pleading standard)