FLORENTINO JAVIER, Plaintiff, v. ASSURANCE IQ, LLC, et al., Defendants.
Case No. 20-cv-02860-CRB
IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF CALIFORNIA
Filed 01/05/23
Plaintiff Florentino Javier (“Javier“) sues Assurance IQ, LLC, an insurance website operator, and ActiveProspect Inc., a software provider (together, “Defendants“), for violations of Section 631 the California Invasion of Privacy Act (“CIPA“) and Invasion of Privacy under the California Constitution. See SAC (dkt. 38). Javier alleges that during his visit to Assurance‘s website, Nationalfamily.com, Defendants, through Active Prospect‘s software, “secretly observe[d] and record[ed] [his] keystrokes, mouse clicks, and other electronic communications.” Id. ¶ 4.
After two prior orders on motions to dismiss before Judge White, which held that Javier consented to Defendants’ information collection by assenting to Assurance‘s Privacy Policy at the end of his interaction with the website, the Ninth Circuit reversed, holding that Javier plausibly pleaded that he did not consent to any information collection that occurred prior to assenting to the Privacy Policy. Javier v. Assurance IQ, LLC, No. 21-16351, 2022 WL 1744107 (9th Cir. May 31, 2022). The Ninth Circuit did not reach “Defendants’ other arguments, including whether Javier impliedly consented to the data collection, whether ActiveProspect is a third party under Section 631(a), and whether the statute of limitations has run.” Id. at *2. Judge White ordered a third round of motion to dismiss briefing on those issues. After that briefing was completed, the case was reassigned to this Court.
Finding this matter suitable for resolution without oral argument pursuant to Civil Local Rule 7-1(b), and finding that Javier has failed to plead facts sufficient to invoke the delayed discovery doctrine, thus rendering his claims time-barred, the Court GRANTS Defendants’ motion to dismiss.
I. BACKGROUND
A. Facts
Assurance runs an online platform for users to obtain life insurance quotes. SAC ¶¶ 6-9. A user enters information about their demographics, family situation, and medical history, and then clicks “View My Quote.” Id. ¶¶ 38-45. At the final step, the website states that by clicking “View my Quote,” the user provides an “electronic signature as an indication of . . . intent to agree to the website‘s Privacy Policy” and “Terms of Service.” Id. ¶ 45.
Assurance partners with ActiveProspect to provide software for its website. Id. ¶¶ 29-31. ActiveProspect makes a software product called “TrustedForm,” which is a “lead certification product that helps businesses comply with regulations like the [TCPA] . . . by documenting consumer consent.” Id. ¶ 12. Specifically, TrustedForm is a piece of code that can be pasted into a form page to record “keystrokes, mouse clicks, data entry, and other electronic communications of visitors to websites,” id. ¶ 21, and “begins the moment a user accesses or interacts with” a website.
Javier visited Nationalfamily.com in January 2019. Id. ¶ 35. He entered all of the required information, including health data, and presumably later obtained a life insurance quote. Id. ¶ 38-45. In April 2020, Javier sent a letter through counsel “over purported violations of the Telephone Consumer Protection Act.” Id. ¶ 51. The TrustedForm VideoReplay recording was produced to Javier‘s counsel in response to that letter. Id. Javier alleges that he had “no way of knowing Defendants had recorded his activities prior to the production of this recording because the video was private and exclusively in Defendants’ possession.” Id.
B. Procedural History
In March 2021, Judge White granted Defendants’ first motion to dismiss, finding that Javier had consented to their collection of his information by clicking “View my Quote,” because the conduct Javier complained of was disclosed in Assurance‘s Privacy Policy. Javier v. Assurance IQ, LLC, 20-cv-2860, 2021 WL 940319, at *2-3 (N.D. Cal. Mar. 9, 2021). After Javier filed the second amended complaint (the same complaint at issue in this order), Judge White again dismissed Javier‘s claims on the same grounds, this time without leave to amend. Javier v. Assurance IQ, LLC, 20-cv-2860, 2021 WL 3669343, at *3-4 (N.D. Cal. Aug. 6, 2021). Javier appealed this ruling to the Ninth Circuit,1 and the Ninth Circuit reversed, holding that Javier did not consent under Section 631 to any information collection that occurred prior to assenting to the Privacy Policy. Javier, 2022 WL 1744107. The Ninth Circuit did not reach “Defendants’ other arguments, including whether Javier impliedly consented to the data collection, whether ActiveProspect is a third party under Section 631(a), and whether the statute of limitations has run.” Id. at *2. Judge White ordered a third round of motion to dismiss briefing on those issues. After that briefing was completed, this case was reassigned to this Court.
II. LEGAL STANDARD
Under Rule 12(b)(6) of the Federal Rules of Civil Procedure, a complaint may be dismissed for failure to state a claim for which relief may be granted.
If a court dismisses a complaint for failure to state a claim, it should “freely give leave” to amend “when justice so requires.”
III. DISCUSSION
The Court addresses Defendants’ three arguments for dismissal of Javier‘s Section 631 claim in the following order: (1) Javier impliedly consented to Assurance and ActiveProspect‘s collection of his data; (2) ActiveProspect is an “extension” of Assurance, rather than a third-party eavesdropper; and (3) Javier failed to plead requisite facts to assert delayed discovery, thus requiring dismissal on statute of limitations grounds.
A. Implied Consent
Defendants argue that Javier “impliedly consented to the data collection he now challenges from the moment he arrived at Assurance‘s website.” Mot. (dkt. 58) at 5. Because, while he may have impliedly consented to Assurance‘s collection of his information, he did not impliedly consent to ActiveProspect doing so, this argument fails.
“In the wiretapping context, a finding of implied-in-fact consent requires ‘circumstances indicating that the [party] knowingly agreed to the surveillance.‘” Negro v. Superior Ct., 230 Cal. App. 4th 879, 892 (2014) (quoting Griggs-Ryan v. Smith, 904 F.2d 112, 117 (1st Cir. 1990)). Such circumstances “will vary from case to case,” but “will ordinarily include language or acts which tend to prove (or disprove) that a party knows of, or assents to, encroachments on the routine expectation that conversations are private.” Griggs-Ryan, 904 F.2d at 117. “The typical case involves the user‘s continued use of a communication device or system after receiving notice that his or her communications may be intercepted.” Negro, 230 Cal. App. 4th at 892.
Defendants argue that three facts demonstrate implied consent here: (1) Javier visited a website to get an insurance quote, which would necessarily require “answering questions relevant to a quote tailored to him“; (2) he “kept moving through the webform” even as it displayed evidence that “the information he was entering was being collected and processed“; and (3) Javier‘s assent to the Privacy Policy via clicking the “View My Quote” button is “‘corroborative’ of his earlier implied consent.” Mot. at 6-7 (quoting United States v. Johnson, 875 F.3d 1265, 1278 n.7 (9th Cir. 2017)).
While Defendants’ first two arguments may go to Javier‘s consent to Assurance‘s
assent to the Privacy Policy after entering his information, but the Ninth Circuit reversed Judge White‘s prior order on that basis. Javier, 2022 WL 1744107, at *2. And in any case, Defendants have not demonstrated that Javier “continued [to] use” Assurance‘s website after he had constructive notice that his communications “may be intercepted” by ActiveProspect. Negro, 230 Cal. App. 4th at 892. Thus, implied consent does not provide a basis for dismissal of the Section 631 claim against ActiveProspect at this stage.
B. Whether ActiveProspect is a Third-Party Eavesdropper
Defendants argue that Javier‘s claims must be dismissed because “ActiveProspect acted solely as an extension of Assurance and therefore was not a third party within the meaning of Section 631.” Mot. at 8. Whether software providers like ActiveProspect are third parties under California‘s eavesdropping statute, or mere tools used by websites, goes to the heart of the privacy concerns articulated in Section 631 and California cases interpreting it.
(1) where a person “by means of any machine, instrument, or contrivance, or in any other manner, intentionally taps, or makes any unauthorized connection . . . with any telegraph or telephone wire, line, cable, or instrument“;
(2) where a person “willfully and without consent of all parties to the communication, or in any unauthorized manner, reads, or attempts to read, or to learn the contents or meaning of any message, report, or communication while the same is in transit“;
(3) where a person “uses, or attempts to use, in any manner, or for any purpose, or to communicate in any way, any information so obtained“; and
(4) where a person “aids, agrees with, employs, or conspires with any person or persons to unlawfully do, or permit, or cause to be done any of the acts or things mentioned above.”
Two basic principles of Section 631 liability are undisputed. First, if a
A brief explanation of Rogers v. Ulrich and Ribas v. Clark is useful here. In Rogers v. Ulrich, Ulrich used a tape recorder jack installed in his telephone to record a conversation he had with Rogers, and then played the conversation for a third party. 52 Cal. App. 3d at 897-98. Relying on the legislative finding that the law is intended to prevent “eavesdropping,” the appellate court held that a party to a conversation cannot “eavesdrop” under the law: “It is never a secret to one party to a conversation that the other party is listening to the conversation; only a third party can listen secretly to a private conversation.” Id. at 899;
settlement, the wife asked her friend, Clark, to listen in (via an extension) to a conversation with her former husband, Ribas, about a prior conversation Ribas had had with the wife‘s attorney. Ribas, 38 Cal. 3d at 358.4 The California Supreme Court held that such an act is eavesdropping under the statute, because the statute differentiates between “the secondhand repetition of the contents of a conversation and its simultaneous dissemination to an unannounced second auditor.” Id. at 360-61. “[S]uch secret monitoring denies the speaker an important aspect of privacy of communication—the right to control the nature and extent of the firsthand dissemination of his statements.” Id. at 361.
Thus, the Court must decide whether ActiveProspect is more akin to the tape recorder in Rogers, held by Assurance, or the friend in Ribas (in which case, Assurance is the wife who allowed ActiveProspect to listen in). See Yoon v. Lululemon USA, Inc., 549 F. Supp. 3d 1073, 1081 (C.D. Cal. 2021) (“The question thus becomes, in analogue terms: is Quantum Metric a tape recorder held by Lululemon, or is it an eavesdropper standing outside the door?“). Javier‘s counsel has brought many similar cases in this Circuit,5 with two general avenues of decision.
pages functioned as a wiretap that redirected [Revitch‘s] communications to NaviStone while he browsed the site.” Revitch, 2019 WL 5485330, at *1. Similarly, in In re Facebook, Inc., Internet Tracking Litigation, the Ninth Circuit held that Facebook, when it intercepted communications between a user‘s browser and a third-party website, was not as a matter of law a “party” to that communication. 956 F.3d 589, 607-08 (9th Cir. 2020); see also Yoon, 549 F. Supp. 3d at 1081 (“Yoon‘s first claim for relief survives Quantum Metric‘s participant exception challenge because she alleges that QM captures, stores, and interprets her real-time data—which extends beyond the ordinary function of a tape recorder.“); Saleh v. Nike, Inc., 562 F. Supp. 3d 503, 521 (C.D. Cal. 2021) (“Here, as in Revitch, FullStory did not become a “party” to the communication simply because it was providing recording and transmission services for Nike.“).
The second set of cases, led by Judge Beeler in Graham v. Noom, holds that software vendors like ActiveProspect are “extension[s]” of the websites that employ them, and thus not third parties within the meaning of the statute. 533 F. Supp. 3d 823, 832 (N.D. Cal. 2021). In Graham, the software vendor, FullStory, “provide[d] a tool – like the tape recorder in Rogers – that allow[ed] Noom to record and analyze its own data in aid of Noom‘s business,” and thus was “not a third-party eavesdropper” under the statute. Id. at 832-33. Judge Beeler distinguished Moosejaw and In re Facebook because both of the third parties in those cases were alleged to have used the data for their own benefit and not for the sole benefit of the party to the communication. Id. at 832 (“NaviStone and Facebook were independent parties who mined information from other websites and sold it: NaviStone through its code on participating e-commerce sites and Facebook through its plug-ins on third-party sites.“). Judge Beeler then applied this reasoning in two other cases. Johnson v. Blue Nile, Inc., No. 20-CV-08183-LB, 2021 WL 1312771, at *2 (N.D. Cal. Apr. 8, 2021); Yale v. Clicktale, Inc., No. 20-CV-07575-LB, 2021 WL 1428400, at *3 (N.D. Cal. Apr. 15, 2021). Substantially similar reasoning regarding a different website‘s use of ActiveProspect‘s TrustedForm software was also recently adopted by Judge Alsup in Williams v. What If Holdings, LLC, 22-cv-3780, dkt. 49 (N.D. Cal. Dec. 22, 2022), slip op. at 2-7. Defendants argue that the Court should agree with Judges Beeler and Alsup and hold that where “the alleged third party is doing only what the party to the communication directs, then that purported third party is nothing more than ‘an extension’ of the party and cannot be liable under a statute concerned only with non-party recording.” Mot. at 12 (quoting Graham, 533 F. Supp. 3d at 832).
There are only two other grounds upon which to conclude that ActiveProspect is not an “unannounced second auditor” of the interaction between Javier and Assurance: (1) If ActiveProspect does not have the capability to use its record of the interaction for any other purpose (just as a tape recorder has no independent capability to divulge the recording for any other purpose but that of its owner); or (2) the ubiquity of services like ActiveProspect on the internet effectively renders it party to the “firsthand dissemination” of Javier‘s information to Assurance. Id. As to the first, Javier pleads that ActiveProspect monitors, analyzes, and stores information about visits to Assurance‘s websites, and that Active Prospect can use that information for other purposes, even if Javier has not alleged that they have done so in this case. See, e.g., SAC ¶¶ 21-25, 57, 62. As the court in Yoon v. Lululemon articulated, this is “beyond the ordinary function of a tape recorder.” Yoon, 549 F. Supp. 3d at 1081. As to the second, Javier pleads that he was “unaware at the time that his keystrokes, mouse clicks, and other electronic communications . . . would be disclosed to ActiveProspect,” and the Court treats this allegation as true on a motion to dismiss. See SAC ¶ 4.
Defendants’ arguments to the contrary are also unavailing. First, Defendants contend that the ubiquity of third-party tools like ActiveProspect‘s software “would force websites to either expressly disclose” the presence of those tools, or “create those tools in-house.” Mot. at 10. Defendants call the first option “technologically impractical and far-from-user-friendly” and the second “wildly inefficient.” Id. The acquisition of consent when visiting websites (for the collection of cookies, for example) is a regular occurrence and hardly particularly “technologically impractical.” Second, Defendants argue that “Plaintiff would have no claim if Assurance had created the TrustedForm software itself.” Id. at 9. This is true. But under Section 631, it has always mattered who is holding the tape recorder: If Rogers is holding it, there is no claim; but if Ribas is, there surely is one. This is because the Ribas Court viewed “the right to control the nature and extent of the firsthand dissemination of [one‘s] statements” as critical to the purposes of Section 631, and there is no reason to suspect that it would decide differently in this context. Ribas, 38 Cal. 3d at 361.
Thus, Javier
C. The Delayed Discovery Doctrine
Defendants argue that Javier fails to plead facts necessary to invoke the delayed discovery doctrine. Because the Court finds that Javier was on inquiry notice as a result of his visit to Assurance‘s website in January 2019, Defendants’ motion to dismiss is granted on this basis.
CIPA has a one-year statute of limitations.
To invoke the delayed discovery doctrine, a plaintiff must plead facts to show the “(1) the time and manner of discovery and (2) the inability to have made earlier discovery despite reasonable diligence.” Fox v. Ethicon Endo-Surgery, Inc., 35 Cal. 4th 797, 808 (2005). But the delayed discovery doctrine “only delays accrual until the plaintiff has, or should have, inquiry notice of the cause of action.” Id. at 807. A plaintiff has inquiry notice “when the plaintiff suspects or should suspect that her injury was caused by wrongdoing, that someone has done something wrong to her.” Jolly v. Eli Lilly & Co., 44 Cal. 3d 1103, 1110 (1988). “[P]laintiffs are required to conduct a reasonable investigation after becoming aware of an injury, and are charged with knowledge of the information that would have been revealed by such an investigation.” Fox, 35 Cal. 4th at 807. “The question when a plaintiff actually discovered or reasonably should have discovered the facts for purposes of the delayed discovery rule is a question of fact unless the evidence can support only one reasonable conclusion.” Ovando v. County of Los Angeles, 159 Cal. App. 4th 42, 61 (2008).
Javier argues that he was aware of Assurance‘s collection of his information, but he was not aware of ActiveProspect‘s involvement until April 2020. Opp‘n at 10. But under the delayed discovery doctrine, knowledge of injury, not knowledge of a particular defendant‘s role in the injury, triggers inquiry notice. In Raifman v. Wachovia Securities, for example, the plaintiffs alleged that they were on notice of one defendant‘s wrongdoing, and not the other defendant, within the statute of limitations period. 649 F. App‘x 611, 612 (9th Cir. 2016). The Ninth Circuit affirmed the district court‘s dismissal, because “a potential plaintiff who suspects that an injury has been wrongfully caused must conduct a reasonable investigation of all potential causes of that injury.” Id. at 613 (quoting Fox, 35 Cal. 4th at 808).
Javier contends that
If Javier, by his own admission, was aware Assurance‘s collection of his information in January 2019, he also had constructive notice of the Privacy Policy, which states that Assurance “may use third party vendors to assist” it with the collection of visitors’ personal information, including “monitoring and analyzing Site activity.” Swenson Decl. (dkt. 58-2) Ex. B;6 see also Eisenberg v. Citibank, NA, 787 F. App‘x 929, 930-31 (9th Cir. 2019) (“Eisenberg had all the necessary information related to her claims when she signed the loan paperwork at the end of July 2006. Even if the court credits her assertion that she did not read or understand the documents, the documents put her on constructive notice.“). Thus, Javier was on inquiry notice of a possible third party who would have been another “potential cause[] of [his] injury.” Raifman, 649 F. App‘x at 613 (emphasis omitted). It is of no consequence, too, that Javier did not know that ActiveProspect was the third party involved. See Fox, 35 Cal. 4th at 807 (“The discovery rule . . . allows accrual of the cause of action even if the plaintiff does not have reason to suspect the defendant‘s identity.“); see also Jolly, 44 Cal. 3d at 1111 (“A plaintiff need not be aware of the specific ‘facts’ necessary to establish the claim; that is a process contemplated by pretrial discovery.“).
Neither of the cases Javier relies upon require a different result. Javier cites Eidson v. Medtronic, Inc. for the proposition that “the mere fact that information of a potential claim is available to plaintiff does not defeat the delayed discovery rule if the
records” for mention of the device. Id. at 1219. But the same is not true for this plaintiff: Though he alleges a direct Section 631 claim against Assurance, he states that he “assumed” Assurance would be collecting his information to provide an insurance quote; and unlike the plaintiff in Eidson, whose consent form did not refer to the medical device at issue, Javier assented to a Privacy Policy that disclosed possible monitoring by third parties like ActiveProspect. See Opp‘n at 10; Swenson Decl. Ex. B. He was therefore on notice that Assurance would collect his information and it “may use third party vendors to assist” in that process. Similarly, Franklin v. Ocwen Loan Servicing, LLC concerned a plaintiff who was notified during a call (rather than at the beginning) that the call was being recorded, only to receive full recordings of the calls in discovery. Franklin v. Ocwen Loan Servicing, LLC, 18-cv-3333, 2018 WL 5923450, at *1 (N.D. Cal. Nov. 13, 2018). The court in Franklin stated that “[t]he very nature of plaintiff‘s allegations is that the recordings were done surreptitiously” and that “[o]n calls where plaintiff received a recording disclosure, it is a reasonable inference that plaintiff was not aware that the recording had started before he heard the disclosure and gave consent.” Id. at *3. But Javier does not allege any similar disclosure halfway through the form on Nationalfamily.com; nor does he plausibly allege that Assurance “surreptitiously” hid its use of ActiveProspect‘s software when the Privacy Policy discloses that it “may use third party vendors to assist” with “monitoring and analyzing Site activity.” Swenson Decl. Ex. B.
Because Javier states that he was aware that Assurance was collecting his information in January 2019 despite alleging a direct Section 631 injury, and had constructive notice that a third party may be aiding it in that process, Javier does not plausibly plead that he was unable to discover Assurance‘s use of ActiveProspect‘s software despite reasonable diligence. After all, he received the VideoReplay recording promptly after sending the letter alleging TCPA violations. See Swenson Decl. Ex. C-D (attaching Plaintiff‘s counsel‘s letter sent on March 31, 2020, and the email chain sending Plaintiff‘s counsel the recording, dated April 10, 2020).7 There is no reason to expect that Plaintiff‘s counsel would have been any less successful if they had reached out before January 2020.8
As a result, Javier‘s Section 631 claim is dismissed because he has failed to plead sufficient facts to invoke the delayed discovery rule, and thus his claim is barred by the statute of limitations. Because it is not clear that this defect cannot be cured by amendment, the Court will grant Javier
IV. CONCLUSION
For the foregoing reasons, the Court GRANTS Defendants’ motion to dismiss with leave to amend his delayed discovery allegations. Javier may file an amended complaint within 21 days of this order.
IT IS SO ORDERED.
Dated: January 5, 2023
CHARLES R. BREYER
United States District Judge