Case Information
UNITED STATES DISTRICT COURT FOR THE EASTERN DISTRICT OF CALIFORNIA CHRISTINA KING, No. 2:24-cv-01119-DC-CKD Plaintiff,
v. ORDER GRANTING DEFENDANT’S MOTION TO DISMISS PLAINTIFF’S FIRST HARD ROCK CAFE INTERNATIONAL AMENDED COMPLAINT (USA), INC.,
(Doc. No. 18)
Defendant.
This matter is before the court on Defendant’s motion to dismiss Plaintiff’s first amended class action complaint. (Doc. No. 18.) Pursuant to Local Rule 230(g), the pending motion was taken under submission to be decided on the papers. (Doc. No. 26.) For the reasons explained below, the court will grant Defendant’s motion to dismiss.
BACKGROUND
On March 4, 2024, Plaintiff Christina King filed a complaint initiating this class action against Defendant Hard Rock Cafe International (USA), Inc. for allegedly aiding Meta Platforms, Inc. (“Meta”), formerly known as Facebook, [1] in intercepting her sensitive and confidential communications via a hidden tracking tool known as Meta Pixel (“Pixel”), that was installed on Defendant’s website at hardrockhotel[destination].com (“Website”). (Doc. No. 1-3 at 3.) Defendant filed a motion to dismiss that original complaint, which the court denied as moot because Plaintiff timely filed a first amended complaint as a matter of course pursuant to Federal Rule of Civil Procedure 15(a)(1). (Doc. Nos. 10, 15.)
That is, on May 20, 2024, Plaintiff filed the operative first amended class action complaint (“FAC”), bringing two claims against Defendant: (1) violation of the California Invasion of Privacy Act (“CIPA”), California Penal Code § 631(a); and (2) violation of CIPA, California Penal Code § 632. (Doc. No. 14 at 30–35.) Plaintiff brings these claims on behalf of herself and a putative class consisting of “all California residents who have a Facebook account and accessed and navigated the Website while in California.” ( Id. at 28.)
Plaintiff alleges the following facts in her FAC.
Defendant is a Florida corporation that operates several hotels throughout the state of California. ( Id. at ¶ 4.) Defendant embedded Pixel, a “piece of code” that “tracks [] people and the types of actions they take,” on its Website. ( Id. ¶¶ 30, 42.) Pixel is one of many business tools developed by Meta to “help website owners and publishers . . . integrate with Meta, understand and measure their products and services, and better reach and serve people who might be interested in their products and services.” ( Id. at ¶ 27.) Pixel functions by tracking events on the Website, such as when a user visits a webpage or clicks on a button to browse offerings. ( Id. at ¶¶ 29–32). When an event occurs, Pixel causes the Website user’s browser “to secretly and simultaneously duplicate the communication with Defendant[], transmitting it to [Meta’s] servers alongside additional information that transcribe the communication’s content and the individual’s identity.” ( Id. at ¶ 31.)
The data intercepted by Meta via Pixel consists of “‘guest records’ identifying Website users as [Defendant’s] guests, boarders, occupants, lodgers, customers, or invitees ( i.e. , name, address, telephone number, credit card number, email address, ZIP code, and user-specific values contained in [Meta] cookies).” ( at ¶ 44.) Meta also intercepts “Website users’ button clicks selecting the destination to which they wish to travel, the desired dates for their trip, the number of rooms they require, the numbers of adults and children who will be traveling, and the particular hotel section or tower in which they wish to stay.” ( Id. at ¶ 116.) In addition, Meta “intercepts the URL of webpages visited by Website users,” allowing Meta “to track Website users’ actions or conversions funneling them from one portion of the Website to another.” ( Id. ) The information intercepted by Meta is not anonymized because Meta “collects users’ email addresses” and “Defendant enables [Meta] to link users’ communications with [the Website to] their Facebook IDs, which reveal their identities.” ( Id. at ¶ 72.)
Plaintiff is a resident of Sacramento, California. ( at ¶ 3.) In or around 2010, Plaintiff created a Facebook account. ( Id. ) Plaintiff visited Defendant’s Website “[s]everal times, including on or around March 29, 2023 and June 6, 2023,” using the same web browser she used to access her Facebook account. ( Id .) On the Website, Plaintiff “browsed and booked a Hard Rock hotel.” ( Id. ) Plaintiff alleges each of her communications, including confidential “guest records,” was intercepted by Meta, enabled by Defendant. ( Id .) Plaintiff did not consent to Meta’s interception of her communications with Defendant’s Website. ( Id. )
On July 3, 2024, Defendant filed the pending motion to dismiss Plaintiff’s claims pursuant to Federal Rule of Civil Procedure 12(b)(6) for failure to state a claim upon which relief can be granted. (Doc. No. 18.) On August 5, 2024, Plaintiff filed an opposition to the pending motion. (Doc. No. 23.) On August 19, 2024, Defendant filed its reply thereto. (Doc. No. 24.) On October 10, 2024, Plaintiff filed a notice of supplemental authority in support of her opposition to Defendant’s motion to dismiss. (Doc. No. 27.)
LEGAL STANDARD
A motion to dismiss pursuant to Federal Rule of Civil Procedure 12(b)(6) is a challenge to the sufficiency of the allegations set forth in the complaint. Navarro v. Block , 250 F.3d 729, 732 (9th Cir. 2001). “Dismissal under Rule 12(b)(6) is proper when the complaint either (1) lacks a cognizable legal theory or (2) fails to allege sufficient facts to support a cognizable legal theory.” Somers v. Apple, Inc ., 729 F.3d 953, 959 (9th Cir. 2013). In determining whether a complaint states a claim upon which relief can be granted, the court accepts as true the allegations in the complaint and construes the allegations in the light most favorable to the plaintiff. Manzarek v. St. Paul Fire & Marine Ins. Co ., 519 F.3d 1025, 1031 (9th Cir. 2008). However, the court is not required to accept as true “allegations that are merely conclusory, unwarranted deductions of fact, or unreasonable inferences.” In re Gilead Scis. Sec. Litig. , 536 F.3d 1049, 1055 (9th Cir. 2008).
Under Federal Rule of Civil Procedure Rule 8(a), a complaint must include “a short and plain statement of the claim showing that the pleader is entitled to relief,” in order to “give the defendant fair notice of what the . . . claim is and the grounds upon which it rests.” Bell Atl. Corp. v. Twombly , 550 U.S. 544, 570 (2007). A complaint must allege enough facts to state a claim to relief that is plausible on its face. Id. at 570. “A claim has facial plausibility when the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged.” Ashcroft v. Iqbal , 556 U.S. 662, 678 (2009). “The plausibility standard is not akin to a ‘probability requirement,’ but it asks for more than a sheer possibility that a defendant has acted unlawfully.” (quoting Twombly , 550 U.S. at 556). If a claim is dismissed for failure to comply with these requirements, “[l]eave to amend should be granted unless the district court ‘determines that the pleading could not possibly be cured by the allegation of other facts.’” Knappenberger v. City of Phoenix , 566 F.3d 936, 942 (9th Cir. 2009) (quoting Lopez v. Smith , 203 F.3d 1122, 1127 (9th Cir. 2000)).
ANALYSIS
Defendant contends that Plaintiff’s complaint should be dismissed in its entirety because Plaintiff fails to state a claim under Section 631(a) and Section 632 of CIPA. [2] (Doc. No. 18.) The court addresses each argument in turn.
A. California Invasion of Privacy Act: Section 631(a)
The CIPA “broadly prohibits the interception of wire communications and disclosure of the contents of such intercepted communications.” Tavernetti v. Superior Ct. of San Diego Cnty ., 22 Cal. 3d 187 (1978). Section 631(a) of CIPA creates four avenues for relief:
(1) where a person “by means of any machine, instrument, or
contrivance, or in any other manner, intentionally taps, or makes any unauthorized connection . . . with any telegraph or telephone wire, line, cable, or instrument”;
(2) where a person “willfully and without consent of all parties to the communication, or in any unauthorized manner, reads, or attempts to read, or to learn the contents or meaning of any message, report, or communication while the same is in transit”;
(3) where a person “uses, or attempts to use, in any manner, or for any purpose, or to communicate in any way, any information so obtained”; and
(4) where a person “aids, agrees with, employs, or conspires with any person or persons to unlawfully do, or permit, or cause to be done any of the acts or things mentioned above.”
Javier v. Assurance IQ, LLC , 649 F. Supp. 3d 891, 897 (N.D. Cal. 2023). Plaintiff invokes the fourth avenue of relief, alleging Defendant has violated Section 631(a) of the CIPA by “enabling [Meta’s] wrongdoing.” (Doc. Nos. 14 at ¶¶ 105, 107; 23 at 10.)
Defendant contends that Plaintiff’s Section 631(a) claim should be dismissed because Plaintiff (1) fails to allege Meta “read or attempted” to read the “contents” of Plaintiff’s communications that were allegedly intercepted and (2) fails to allege facts showing that Defendant “aided” or “conspired” with Meta. (Doc. No. 18-1 at 12–16.) Because the court finds dismissal of Plaintiff’s Section 631(a) claim is warranted due to her failure to allege the “contents” of her communications, the court need not and will not address Defendant’s remaining argument.
A violation of CIPA is analyzed under the same standards applied to a violation of the federal wiretap act, Electronic Communications Privacy Act (“ECPA”), 18 U.S.C § 2510 et seq .; Hammerling v. Google LLC , 615 F. Supp. 3d 1069, 1092 (N.D. Cal. 2022). The ECPA defines the term “contents” as “any information concerning the substance, purport, or meaning of that communication.” 18 U.S.C. § 2510. “Contents” means “the intended message conveyed by the communication” as opposed to “record information regarding the characteristics of the message that is generated in the course of the communication.” In re Zynga Priv. Litig. , 750 F.3d 1098, 1106 (9th Cir. 2014); Yoon v. Lululemon USA, Inc ., 549 F. Supp. 3d 1073, 1083 (C.D. Cal. 2021) (noting that Section 631(a) “protects only the internal, user-generated material of a message, not routine identifiers, whether automatically generated or not”). “Courts employ a contextual ‘case- specific’ analysis hinging on ‘how much information would be revealed’ by the information’s tracking and disclosure.” Hammerling , 615 F. Supp. 3d at 1092. While a URL that includes “basic identification and address information” is not “content,” a website “user’s request to a search engine for specific information could constitute a communication such that divulging a URL containing that search term to a third party could amount to disclosure of the contents of a communication.” Id. at 1108–09.
In its motion, Defendant argues the information Plaintiff alleges that Defendant enabled Meta to obtain constitutes only “record information,” not the “contents” of any communication. (Doc. No. 18-1 at 14.) In Defendant’s view, Plaintiff alleges Meta intercepted only the following information: “her name, email, address, phone number, and room-selection information.” ( Id. ) Defendant further argues that the URLs Plaintiff alleges were intercepted contain “room-related selections and other (record) information” as opposed to the “intended message conveyed by the communication.” ( at 13–14.)
In her opposition to the pending motion, Plaintiff argues that she has pled the “contents” of her communications were intercepted because she alleges Meta received information regarding her “button clicks.” (Doc. No. 23 at 13.) Specifically, Plaintiff alleges “button clicks” convey “the destination to which [Website users] wish to travel, the desired dates for their trip, the number of rooms they require, the number of adults and children who will be traveling, and the particular hotel section or tower in which they wish to stay. (Doc. No. 14 at ¶ 20.) Plaintiff further argues Defendant intercepted “full-string URLs of the Website pages she visited,” which convey “individualized search terms and booking information.” (Doc. No. 23 at 7, 13.)
As an initial matter, the court notes that Plaintiff’s FAC does not identify with specificity what information she provided on Defendant’s Website that was intercepted by Meta. Plaintiff’s FAC dedicates only one short paragraph to describing her personal interactions with Defendant’s Website. (Doc. No. 14 at ¶ 3.) Plaintiff alleges that she used Defendant’s Website “[s]everal times” to “browse[] and book a Hard Rock hotel” ( id. ), but she does not describe her browsing activity, such as what webpages she viewed, what buttons she clicked, what search terms she used, what destinations she searched for, or what her desired dates of travel were. Nor does Plaintiff describe the hotels she allegedly booked. Instead, Plaintiff’s FAC vaguely alleges that her communications with Defendant’s Website included “guest records” that were intercepted by Meta, as enabled by Defendant. See , e.g. , Cousin v. Sharp Healthcare , 681 F. Supp. 3d 1117, 1123 (S.D. Cal. 2023) (finding the plaintiffs’ complaint lacked sufficient factual support for a CIPA claim because it only provided hypothetical examples and failed to specify what information plaintiffs provided defendants through their browsing history).
In any event, Plaintiff’s FAC falls short of alleging that the “contents” of communications, as opposed to “record information,” were intercepted. To the extent Plaintiff alleges Meta intercepted “guest records” including the address, telephone number, email address, or zip code of Website users, those allegations are insufficient because that information constitutes “record information.” (Doc. No. 14 at ¶¶ 44, 68, 115); see Hammerling , 615 F. Supp. 3d at 1092–93 (“Generally, customer information such as a person’s name, address, and subscriber number or identity is record information, but it may be contents when it is part of the substance of the message conveyed to the recipient.”); In re Zynga Priv. Litig ., 750 F.3d at 1106 (holding that “contents” under CIPA does not include customer record information such as name or address). Likewise, “button clicks” are “more akin to the ‘record’ information that the Ninth Circuit has held not to be contents of a communication.” Mikulsky v. Bloomingdale’s, LLC , 713 F. Supp. 3d 833, 845 (S.D. Cal. 2024) (citing In re Zynga Priv. Litig ., 750 F.3d at 1106); see also Yoon v. Lululemon USA, Inc ., 549 F. Supp. 3d 1073, 1082–83 (C.D. Cal. 2021) (explaining that “mouse clicks” do not constitute “message content in the same way that the words of a text message or an email do” for purposes of CIPA). Finally, although “descriptive URLs that reveal specific information about a user’s queries” may reflect the “contents” of communications under CIPA, St. Aubin v. Carbon Health Techs., Inc ., No. 4:24-cv-00667-JST, 2024 WL 4369675, at *4 (N.D. Cal. Oct. 1, 2024), as discussed above, Plaintiff’s FAC is devoid of any allegation describing her search queries, if any. Notably, Plaintiff’s FAC provides examples of the types of “full-string URLs” allegedly intercepted by Meta, but Plaintiff does not allege she conducted the searches or visited the webpages provided in the examples. (Doc. No. 14 at ¶¶ 47–52.) Thus, Plaintiff has not alleged that the “contents” of her communications were intercepted.
Therefore, the court will grant Defendant’s motion to dismiss Plaintiff’s claim brought under Section 631(a) of CIPA. Because alleging additional facts could cure this pleading deficiency, the court will grant Plaintiff leave to amend this claim.
B. California Invasion of Privacy Act: Section 632
Section 632 of CIPA imposes liability against a “person who, intentionally and without the consent of all parties to a confidential communication, uses an electronic amplifying or recording device to eavesdrop upon or record the confidential communication, whether the communication is carried on among the parties in the presence of one another or by means of a telegraph, telephone, or other device, except a radio.” Cal. Penal Code § 632(a). The CIPA defines a “confidential communication” as “any communication carried on in circumstances as may reasonably indicate that any party to the communication desires it to be confined to the parties thereto, but excludes a communication made . . . in any other circumstance in which the parties to the communication may reasonably expect that the communication may be overheard or recorded.” Cal. Penal Code § 632(c).
“Courts generally find that internet communications do not have an objectively reasonable expectation of confidentiality, especially if those communications can be easily shared by the recipients of the communications.” Yoon v. Meta Platforms, Inc ., No. 5:24-cv-02612-NC, 2024 WL 5264041, at *6 (N.D. Cal. Dec. 30, 2024) (citing Brown v. Google LLC , 685 F. Supp. 3d 909, 938 (N.D. Cal. 2023)). A plaintiff must plead “something unique about [] particular internet communications” to demonstrate those communications are confidential. In re Meta Pixel Healthcare Litig ., 647 F. Supp. 3d 778, 799 (N.D. Cal. 2022) (finding that communications made in the context of a patient-medical provider relationship were considered distinguishable from typical online communications because they are protected by federal law and are uniquely personal).
In its motion, Defendant argues Plaintiff has failed to allege that her communications were “confidential” for purposes of a Section 632 claim. (Doc. No. 18-1 at 17.) Specifically, Defendant argues that Plaintiff has not alleged facts “sufficient to overcome any presumption that the information in her ‘internet-based’ communications” with Defendant’s Website are not confidential. ( Id. ) Defendant contends Plaintiff has not plausibly alleged that she had a reasonable expectation of privacy that booking information such as her “name, email address, phone number, and/or room-related selections” would not be shared. ( at 18.) In her opposition, Plaintiff counters that her communications were “confidential” and she “reasonably expected that her communications would be confined” to her and Defendant because California Civil Code Section 53.5(a) mandates that “guest records” are confidential. (Doc. No. 23 at 16) (citing Cal. Civ. Code § 53.5(a)). In response, Defendant argues California Civil Code Section 53.5(a) permits the sharing of information by business entities with third parties for business-related purposes, and there is no authority for the proposition that a “guest record” as defined by California Civil Code Section 53.5(a) is per se confidential under Section 632 of CIPA. (Doc. Nos. 18-1 at 17–19, 24 at 10.)
Regardless of whether “guest records” under California Civil Code Section 53.5(a) qualify as “confidential” communications under Section 632 of CIPA, Plaintiff has not alleged that her communications with Defendant’s Website constitute guest records. As discussed above, because the extent of Plaintiff’s allegations are that she used Defendant’s Website “[s]everal times” to “browse[] and book a Hard Rock hotel,” (Doc. No. 14 at ¶ 3), Plaintiff’s FAC lacks sufficient factual information regarding her interactions with Defendant’s Website, as required to state a cognizable Section 632 claim. In light of Plaintiff’s bare allegations regarding her interactions with Defendant’s Website, a reasonable inference cannot be drawn that Plaintiff had a reasonable expectation of privacy in the communications Meta intercepted. Thus, Plaintiff has not pled that her communications were “confidential” as required for a claim under Section 632.
Therefore, the court will grant Defendant’s motion to dismiss Plaintiff’s claim under Section 632 of CIPA. Because alleging additional facts could cure this pleading deficiency, the court will grant Plaintiff leave to amend this claim as well.
CONCLUSION
For the reasons explained above:
1. Defendant’s request for judicial notice (Doc. No. 18-15) is DENIED; 2. Defendant’s motion to dismiss (Doc. No. 18) is GRANTED, with leave to amend; 3. Within twenty-one (21) days of the date of entry of this order, Plaintiff shall file a second amended complaint, or alternatively, file a notice of her intent not to file a second amended complaint; and
4. Plaintiff is warned that her failure to comply with this order may result in an order dismissing this case.
IT IS SO ORDERED. ___________________________ D e n a C ogg i n s U n it e d S t a t e s D i s t r i c t J udg e Dated: June 9, 2025
[1] Plaintiffs refer to Meta as both “Meta” and “Facebook” throughout their complaint. For clarity in this order, the court uses “Meta” to refer to the corporation and “Facebook” to refer only to Meta’s social media platform.
[2] Defendant also argues Plaintiff’s CIPA claims fail because she expressly consented to Defendant’s terms and policies that allowed Meta to obtain her information. (Doc. No. 18-1 at 20–25.) Because the court finds Plaintiff has failed to state a claim under Sections 631 and 632, the court does not address Defendant’s arguments regarding consent. Accordingly, the court will deny as moot Defendant’s request for judicial notice of relevant terms and conditions. (Doc. No. 18-15.)