549 F.Supp.3d 1129
E.D. Cal.2021Background:
- Plaintiff Derek Mastel downloaded Miniclip’s 8 Ball Pool iPhone app and alleges the app read the iOS Pasteboard (the device-wide copy/paste buffer) each time it was opened without his knowledge or consent; he submitted a device log screenshot showing Pasteboard reads.
- Pasteboard stores a single copied text item temporarily; apps are permitted to read Pasteboard contents when opened. Mastel alleges over years he copied personal data (name, email, phone, addresses, messages) that the app could have accessed, but does not identify specific instances, content, or any use/disclosure by Miniclip.
- Claims: (1) CIPA §631(a) (wiretapping) against Miniclip (and Apple only under aiding/conspiracy), (2) invasion of privacy under the California Constitution against both defendants, (3) Stored Communications Act (SCA) claim against Miniclip, and (4) California UCL claim against both.
- Defendants moved to dismiss under Rule 12(b)(6); the court evaluated whether Pasteboard access qualifies as a tapped/intercepted communication or as electronic storage, and whether Mastel pleaded standing, an egregious privacy intrusion, SCA access, or UCL economic injury.
- Ruling: The court granted the motions and dismissed all claims (CIPA, California constitutional privacy, SCA, and UCL) for the reasons summarized below.
Issues
| Issue | Plaintiff's Argument | Defendant's Argument | Held |
|---|---|---|---|
| CIPA §631(a): Does reading the iOS Pasteboard violate §631(a)? | Pasteboard is a phone "instrument" and CIPA should be read to cover new tech; Miniclip read communications. | Pasteboard is not a telegraph/telephone wire/line/instrument and app did not intercept communications "in transit." | Dismissed. First clause (wiretapping) inapplicable; second clause fails because no interception while communications were in transit. Apple cannot be liable on aiding/conspiracy absent underlying violation. |
| California constitutional privacy: Does alleged Pasteboard access state an actionable invasion? | Mastel: unauthorized collection of personal data injures privacy interest and is a concrete harm. | Defendants: no concrete injury/insufficiently egregious; no use, dissemination, pervasiveness, or sensitive data alleged. | Dismissed. Court finds Article III standing distinguishable from TransUnion but holds allegations are not an "egregious," highly offensive intrusion as required. |
| Stored Communications Act (18 U.S.C. §2701): Is Pasteboard "electronic storage" or interception? | Pasteboard performs transitory electronic storage; access constitutes unauthorized access to stored electronic communications. | Pasteboard is not temporary/intermediate storage incidental to transmission nor backup storage; items were at rest and user-copied. | Dismissed. Pasteboard content is not SCA "electronic storage" as defined. |
| California UCL (unlawful/unfair): Does Mastel have UCL standing (lost money/property)? | Plaint iff alleges loss of value of personal information; this suffices as economic injury. | No specific economic loss or diminution-of-value allegations; mere collection/disclosure is not money/property loss. | Dismissed. Plaintiff failed to allege loss of money or property or the value of his data. |
Key Cases Cited
- Bell Atl. Corp. v. Twombly, 550 U.S. 544 (establishes the plausibility standard for Fed. R. Civ. P. 12(b)(6))
- Ashcroft v. Iqbal, 556 U.S. 662 (complaints must contain factual allegations supporting legal conclusions)
- Tavernetti v. Superior Court, 22 Cal.3d 187 (interpreting §631(a)’s distinct clauses)
- Konop v. Hawaiian Airlines, 302 F.3d 868 (for Wiretap Act, interception must occur during transmission)
- In re Facebook, Inc. Internet Tracking Litigation, 956 F.3d 589 (California constitutional privacy and standing for data-collection intrusions)
- Eichenberger v. ESPN, Inc., 876 F.3d 979 (privacy torts can be concrete injuries without additional consequences)
- Hill v. Nat’l Collegiate Athletic Ass’n, 7 Cal.4th 1 (egregiousness requirement for constitutional privacy)
- Loder v. City of Glendale, 14 Cal.4th 846 (courts may dismiss de minimis privacy intrusions)
- Theofel v. Farey-Jones, 359 F.3d 1066 (definition of temporary/intermediate storage under SCA context)
- In re DoubleClick, Inc. Privacy Litigation, 154 F. Supp. 2d 497 (interception vs. stored access analysis)
- Hildermann v. Enea TekSci, Inc., 551 F. Supp. 2d 1183 (questioning whether a device qualifies as an SCA "facility")
- In re iPhone Application Litigation, 844 F. Supp. 2d 1040 (sensitivity of data and constitutional privacy analysis)
- Carrier IQ, Inc., 78 F. Supp. 3d 1057 (discussing transitory storage and interception under Wiretap Act)
- United States v. Councilman, 418 F.3d 67 (transitory electronic storage doctrine)
- United States v. Jones, 565 U.S. 400 (privacy of location data and historical trip information)