In re Yahoo Mail Litigation
2014 U.S. Dist. LEXIS 112323
N.D. Cal.2014Background
- Plaintiffs (non‑Yahoo Mail users) allege Yahoo scanned, analyzed, collected, stored and shared the content of emails sent to/from Yahoo Mail users, for functions including targeted advertising and product features, without their consent. Plaintiffs seek statutory damages, injunctive and declaratory relief on behalf of a nationwide class.
- Yahoo Mail has online terms (TOS, ATOS) and a Privacy Policy; ATOS §1(c) discloses that Yahoo’s automated systems “scan and analyze all incoming and outgoing communications” for purposes including targeted advertising and spam/malware detection and states users must notify non‑users of this practice. Yahoo’s FAQ gives examples of sharing “specific objects” from messages (e.g., tracking numbers) with third parties.
- Plaintiffs brought claims under the Wiretap Act (ECPA Title I), the Stored Communications Act (ECPA Title II), California Invasion of Privacy Act (CIPA §631), and the California constitutional right to privacy.
- Yahoo moved to dismiss under Rule 12(b)(6), arguing (1) the SCA, not the Wiretap Act, governs the alleged conduct; (2) Yahoo obtained consent via its user agreements; (3) statutory immunities and good‑faith defenses apply; and (4) federal law preempts state law where applicable.
- The Court accepted Plaintiffs’ allegations that interception occurred while emails were "in transit" for the pleading stage, but evaluated consent and sufficiency of allegations against the ATOS/Privacy Policy disclosures.
Issues
| Issue | Plaintiff's Argument | Defendant's Argument | Held |
|---|---|---|---|
| Applicability of Wiretap Act (intercept in transit vs. electronic storage) | Baker: Yahoo intercepted emails while in transit, so Wiretap Act applies | Yahoo: alleged access occurred after emails reached provider servers (electronic storage), so SCA governs | Denied dismissal on this ground — Court accepts Plaintiffs’ in‑transit allegations at pleading stage and defers resolution to post‑discovery |
| Consent under the Wiretap Act (§2511(2)(d)) | Plaintiffs: ATOS/TOS/Privacy do not adequately disclose scanning/sharing, so no consent | Yahoo: ATOS (clicked at signup) expressly discloses scanning/analysis and targeted advertising; thus users consented | Court held ATOS provided explicit, reasonable notice that scanning/analysis and targeted advertising would occur; dismissed Wiretap Act claims as to those purposes with prejudice; left narrow collecting/storing/future‑use theory dismissible with leave to amend |
| SCA claims — unauthorized access (§2701) and disclosure (§2702) | Plaintiffs: in the alternative, SCA applies if emails were in storage; Yahoo disclosed/shares contents with third parties | Yahoo: immunity under §2701(c)(1) for provider access; attack on sufficiency of disclosure allegations | Court granted dismissal with prejudice for §2701(a) (provider immunity). Denied dismissal as to §2702(a)(1) (improper disclosure) — Plaintiffs plausibly alleged Yahoo divulged contents (FAQ example of sharing "specific objects") |
| California constitutional privacy claim (Article I, §1) | Plaintiffs: interception, scanning, storage and stockpiling of email content violates constitutional informational privacy | Yahoo: Plaintiffs plead only conclusory allegations, no specific confidential content; no reasonable expectation of privacy in email generally | Court dismissed the constitutional claim without prejudice — plaintiffs must plead specific confidential/sensitive email content to meet the high Hill standard; leave to amend granted |
| CIPA (§631) applicability | Plaintiffs: CIPA prohibits interception "in transit"; applies here | Yahoo: emails were in storage or preempted by federal law; CIPA shouldn’t reach provider access to stored emails | Court denied dismissal of CIPA claim — accepted Plaintiffs’ in‑transit allegations at pleading stage and deferred preemption/other factual issues to later stages |
Key Cases Cited
- Konop v. Hawaiian Airlines, 302 F.3d 868 (9th Cir. 2002) (Wiretap Act and definition of electronic communication; discussion of interception vs. storage)
- Theofel v. Farey‑Jones, 359 F.3d 1066 (9th Cir. 2004) (treatment of electronic communications and interception/storage issues)
- Bell Atlantic Corp. v. Twombly, 550 U.S. 544 (U.S. 2007) (plausibility pleading standard under Rule 12(b)(6))
- Ashcroft v. Iqbal, 556 U.S. 662 (U.S. 2009) (pleading standards; courts need not accept legal conclusions)
- Hill v. NCAA, 7 Cal.4th 1 (Cal. 1994) (elements and high threshold for California constitutional privacy claims)
- In re Zynga Privacy Litig., 750 F.3d 1098 (9th Cir. 2014) (distinguishing contents from subscriber/record information under the SCA)
- Low v. LinkedIn Corp., 900 F. Supp. 2d 1010 (N.D. Cal. 2012) (provider immunity under SCA and informational‑privacy analysis)
Decision summary: Court denied in part and granted in part Yahoo’s motion. Wiretap Act claims based on scanning for product features, targeted ads, spam/abuse detection, profiling and third‑party sharing were dismissed with prejudice for lack of claim due to consent via ATOS; SCA unauthorized‑access claim (§2701) dismissed with prejudice (provider immunity); SCA disclosure claim (§2702) and CIPA claim survived; California constitutional privacy claim dismissed with leave to amend. Plaintiffs permitted 21 days to amend.