D. v. Aspen Dental Management, Inc.
1:24-cv-01404
N.D. Ill.Sep 9, 2024Background
- Plaintiffs are users of Aspen Dental’s website, alleging that Aspen embedded tracking technology (pixels, cookies, APIs) that transmitted users’ personally identifiable information and protected health information to third parties (Meta/Facebook, Google, Bing).
- Plaintiffs filed a class action asserting federal ECPA claims and various state-law claims, including wiretap statutes, consumer protection statutes, negligence, and unjust enrichment.
- Plaintiffs allege Aspen intended to profit from the disclosure of sensitive patient data by enabling targeted advertising.
- Plaintiffs sought certification of nationwide and several state classes.
- Aspen moved to dismiss the complaint in its entirety under Rule 12(b)(6).
- Plaintiffs withdrew their claims for invasion of privacy, breach of implied contract, and violation of the Massachusetts Consumer Protection Act.
Issues
| Issue | Plaintiff’s Argument | Defendant’s Argument | Held |
|---|---|---|---|
| ECPA one-party exception (crime-tort exception) | Aspen’s sharing of PHI was for financial gain and violated HIPAA, triggering exception | Aspen was a party to the communications; exception inapplicable | Motion to dismiss denied; sufficient to plead crime-tort exception applies |
| Illinois Eavesdropping Statute | Aspen intercepted “private conversations” using devices as a party | Statute applies only to non-parties; web data is not “oral communication” | Dismissed; statute does not cover the electronic communications alleged |
| State wiretap acts (FSCA, CIPA, WESCA) | Plaintiffs’ data included covered “contents,” were intercepted with a “device,” and constituted “electronic communications” | URLs/metadata was not “content”; tracking software not a “device”; interception not in relevant state | Motion to dismiss denied; allegations plausible under these state statutes |
| ICFA and similar consumer protection statutes | Overpayment/diminished data value were actual damages caused by Aspen’s misrepresentations | No concrete, pecuniary harm alleged; benefit-of-bargain theory disallowed | Dismissed; failed to allege legally cognizable monetary damages |
| Negligence | Aspen owed duty to protect user’s info under PIPA and its representations | No independent duty exists beyond physician-patient privilege | Motion to dismiss denied; duty plausibly alleged |
| Unjust enrichment | Aspen benefited unfairly from unauthorized data use | Duplicative of statutory claims | Dismissed; does not state an independent claim |
Key Cases Cited
- Desnick v. Am. Broad. Companies, Inc., 44 F.3d 1345 (7th Cir. 1995) (crime-tort exception to wiretap act requires intent to commit a separate crime or tort at time of interception)
- Bell Atl. Corp. v. Twombly, 550 U.S. 544 (2007) (plaintiff must plead enough factual matter to state a plausible claim)
- Lax v. Mayorkas, 20 F.4th 1178 (7th Cir. 2021) (standards for evaluating motion to dismiss; must draw inferences in plaintiff’s favor)
- Camasta v. Jos. A. Bank Clothiers, Inc., 761 F.3d 732 (7th Cir. 2014) (elements for claim under Illinois Consumer Fraud Act)
- Lewert v. P.F. Chang’s China Bistro, Inc., 819 F.3d 963 (7th Cir. 2016) (rejecting benefit-of-the-bargain damages theory outside product defect/physical harm context)