INGRAO v. ADDSHOPPERS, INC., 2:24-cv-01022

Plaintiffs Amelia Ingrao (California resident) and Elisabeth Pacana (Pennsylvania resident) filed a class action claiming unauthorized tracking of their internet activity by AddShoppers, Inc. through its “SafeOpt” program.
AddShoppers partners with retailers (including Nutrisystem and Vivint) to install tracking code, allegedly compiling profiles of users' browsing history and email addresses to send targeted ads.
Plaintiffs allege violations of the Pennsylvania Wiretapping and Electronic Surveillance Control Act (WESCA), California Invasion of Privacy Act (CIPA), and California Computer Access and Data Fraud Act (CDAFA).
Defendants moved to dismiss for lack of Article III standing, lack of personal jurisdiction (as to AddShoppers), and failure to state a claim under Rule 12(b)(6).
The court granted all motions to dismiss, holding plaintiffs lacked standing, the court lacked personal jurisdiction over AddShoppers, and the facts pled did not establish valid claims under WESCA, CIPA, or CDAFA.

Issue	Plaintiff's Argument	Defendant's Argument	Held
Article III Standing	Disclosure of browsing and email info is analogous to privacy torts; establishes concrete harm.	No concrete harm; browsing and email info not sufficiently private; speculation about personal info is not enough.	Plaintiffs lack standing; harm not sufficiently concrete or related to privacy torts.
Personal Jurisdiction (AddShoppers)	AddShoppers targeted PA by installing code on PA retailer sites, knowing PA users would access.	No express targeting or minimum contacts; mere agreements with PA companies and sending of emails insufficient.	No personal jurisdiction under Calder "effects" or traditional tests.
WESCA and CIPA Claims	Tracking code intercepted "contents" of communications (URLs, web pages).	Only non-content data (dates, times, URLs) was collected; no substantive communication intercepted.	No claim stated; information gathered is not "contents" per statute.
CDAFA Claim	Loss via deprivation of value in personal data satisfies damage/loss requirement.	CDAFA requires harm to plaintiff's computer/system, not mere data collection.	No claim stated; no qualifying damage or loss alleged.

Spokeo, Inc. v. Robins, 578 U.S. 330 (Art. III standing requires concrete, particularized injury)
TransUnion LLC v. Ramirez, 594 U.S. 413 (Harm must closely relate to traditional basis for lawsuit)
Cook v. GameStop, Inc., 689 F. Supp. 3d 58 (Browsing data not sufficiently private for standing under WESCA)
In re Zynga Privacy Litigation, 750 F.3d 1098 (URL and related data are not "contents" under Wiretap Act)
Popa v. Harriet Carter Gifts, Inc., 52 F.4th 121 (WESCA applies to communications intercepted at server in Pennsylvania)
Ford Motor Co. v. Mont. Eighth Judicial Dist. Ct., 592 U.S. 351 (Test for specific personal jurisdiction)
Daimler AG v. Bauman, 571 U.S. 117 (General jurisdiction over corporations)
Ashcroft v. Iqbal, 556 U.S. 662 (Pleading standard for Rule 12(b)(6) motions)