DEREK MASTEL, individually and on behalf of all others similarly situated v. MINICLIP SA; APPLE INC.
No. 2:21-cv-00124 WBS KJN
July 14, 2021
WILLIAM B. SHUBB
ORDER RE: DEFENDANTS’ MOTIONS TO DISMISS
Plaintiff Derek Mastel brought this putative class action against defendants Miniclip SA (“Miniclip“) and Apple Inc. (“Apple“), claiming that they violated the California Invasion of Privacy Act (“CIPA“),
I. Factual Background
Miniclip is a developer of videogames that can be played on web browsers or downloaded as mobile applications and played on various electronic devices, including iPhones. (Compl. ¶¶ 5, 14.) This case centers around one of Miniclip‘s iPhone games known as 8 Ball Pool. (See Compl. ¶¶ 1-3.)
Apple manufactures and sells iPhones. (Compl. ¶ 10.) All iPhones run on an operating
The Pasteboard itself only saves one set of copied text at a time; as soon as a user copies another set of text, any previously saved text is deleted. (Compl. ¶ 12.) However, Apple authorizes mobile applications to view, copy, and save the text stored in the Pasteboard any time the user opens the application. (Compl. ¶¶ 12, 17) Thus, a mobile application developer may program its application to save and compile a library of text that iPhone users have copied into the Pasteboard while the application is open. (Compl. ¶¶ 12, 17-18.)
Mastel downloaded 8 Ball Pool onto his iPhone in 2013. (Compl. ¶ 22.) Mastel alleges that 8 Ball Pool accessed the Pasteboard on his iPhone each time he opened the application, without his knowledge or consent. (Compl. ¶¶ 24, 29.) Mastel‘s complaint provides a screenshot of 8 Ball Pool‘s “device log,” which provides a list of the functions performed by the application with corresponding timestamps in chronological order. (Compl. ¶ 19.) The device log purportedly shows 8 Ball Pool requesting access to and reading the contents of the Pasteboard. (See id.)
Mastel does not specifically allege how many times he opened 8 Ball Pool over the eight-year period it has been on his iPhone, or what information was on the Pasteboard each time he opened it. (See id.) Rather, he alleges that, since he downloaded 8 Ball Pool in 2013, he “has copied numerous sets of text” into the Pasteboard, including his name, email, phone number, and address, addresses of friends and relatives, and personal and private messages that have been sent to friends and relatives. (Compl. ¶ 23.) Mastel alleges that Miniclip had access to all of the data stored in the 8 Ball Pool application. (Compl. ¶¶ 26-27.)
II. Discussion
Federal Rule of Civil Procedure 12(b)(6) allows for dismissal when the plaintiff‘s complaint fails to state a claim upon which relief can be granted. See
A. California Invasion of Privacy Act
Mastel‘s first claim is that defendants violated
Any person who, by means of any machine, instrument, or contrivance, or in any other manner, intentionally taps, or makes any unauthorized connection, whether physically, electrically, acoustically,
inductively, or otherwise, with any telegraph or telephone wire, line, cable, or instrument, including the wire, line, cable, or instrument of any internal telephonic communication system, or who willfully and without the consent of all parties to the communication, or in any unauthorized manner, reads, or attempts to read, or to learn the contents or meaning of any message, report, or communication while the same is in transit or passing over any wire, line, or cable, or is being sent from, or received at any place within this state; or who uses, or attempts to use, in any manner, or for any purpose, or to communicate in any way, any information so obtained . . . .
The California Supreme Court has explained that this lengthy provision contains three operative clauses covering “three distinct and mutually independent patterns of conduct“: (1) “intentional wiretapping,” (2) “willfully attempting to learn the contents or meaning of a communication in transit over a wire,” and (3) “attempting to use or communicate information obtained as a result of engaging in either of the two previous activities.” Tavernetti v. Superior Court, 22 Cal. 3d 187, 192 (Cal. 1978); accord In re Google Inc., No. 13-MD-02430-LHK, 2013 WL 5423918, at *15 (N.D. Cal. Sept. 26, 2013).
As an initial matter, Mastel concedes in his opposition that he has only brought his
1. Intentional Wiretapping
Beginning with
Mastel cites to several decisions by federal courts interpreting the CIPA for the proposition that the statute should be read broadly to encompass new technologies that have developed since its enactment. See Matera v. Google Inc., No. 15-CV-04062-LHK, 2016 WL 8200619, *19 (N.D. Cal. Aug. 12, 2016) (“[T]he California Supreme Court has construed CIPA in accordance with the interpretation that provides the greatest privacy protection.“); In re Google Inc., No. 13-MD-02430-LHK, 2013 WL 5423918, *21 (N.D. Cal. Sep. 26, 2013) (noting that the California Supreme Court “regularly reads statutes to apply to new technologies where such a reading would not conflict with the statutory scheme“); Revitch v. New Moosejaw, LLC, No. 18-cv-06827-VC, 2019 WL 5485330 (N.D. Cal. Oct. 23, 2019).
While it is true that several federal courts interpreting the CIPA have held that the statute may apply to technologies beyond telephones or telegraphs, those holdings have largely been limited to the statute‘s second clause, which prohibits persons from reading, or attempting to
At oral argument, counsel for Mastel cited New Moosejaw for the proposition that
Mastel‘s complaint plainly does not involve any allegations concerning “telephone wires, lines, or cables.” (See generally Compl.) Mastel contends, however, that the Pasteboard falls within the text of the statutory prohibition because it may be considered a “telephone instrument.” (See Pl.‘s Opp‘n at 4.) Mastel cites dictionary.cambridge.org for the following definition of “instrument“: “a tool or other device used for doing a particular piece of work.” (Id. (citing INSTRUMENT, https://dictionary.cambridge.org/us/dictionary/English/instrument).) Because the Pasteboard is a “tool or device” exclusive to iPhones, Mastel contends, it qualifies as a “telephone instrument.” (See FAC ¶¶ 10-11.)
The court rejects this argument. Although iPhones contain the word “phone” in their name, and have the capability of performing telephonic functions, they are, in reality, small computers. iPhones contain a complex operating system which allows the user to download mobile applications that perform functions well beyond and unrelated to those of a telephone. (See Compl. ¶¶ 10-15.) The Pasteboard, which permits iPhone users to copy and paste text from one application to another, is a feature of the portion of the iPhone that functions as a computer, not the phone. (Compl. ¶ 11.) While Pasteboard may enable an iPhone user to paste a phone number into the phone application, labeling it a “telephone instrument” for this reason would be analogous to calling a pen and paper “telephone instruments” because they allow a caller to write down a phone number before dialing. The court
2. Willfully Attempting to Learn the Contents of Communications in Transit Over a Wire
Under
As discussed above, unlike
Here, Mastel‘s complaint does not contain any allegations that Miniclip intercepted any communications while they were “in transit,” as they were “passing over” a line, wire, or cable, or as they were “being sent” or “received.”
Mastel next argues that the CIPA‘s second clause may be satisfied because he has adequately alleged that the Pasteboard performs a “transitory electronic storage” function. Citing two cases interpreting the analogous Federal Wiretap Act, In re Carrier IQ, Inc., 78 F. Supp. 3d 1057, 1081 (N.D. Cal. 2015) (“Carrier IQ“) and United States v. Councilman, 418 F.3d 67, 79 (1st Cir. 2005), Mastel contends that some courts have concluded that a defendant “intercepts” a communication when he acquires it from “transitory electronic storage” that is part of the overall message transmission process.
While some cases have looked to the Federal Wiretap Act for guidance in evaluating claims under the CIPA, see, e.g., In re Facebook, Inc. Internet Tracking Litigation, 956 F.3d 589, 606-07 (9th Cir. 2020) (“Facebook Tracking“),
Because the court concludes that Mastel has failed to state a claim under either clause 1 or 2, his claim that Miniclip violated
Accordingly, the court will dismiss plaintiff‘s first claim against defendants for violations of the
B. Right to Privacy under the California Constitution
Mastel next claims that defendants’ behavior violated his right to privacy under the California Constitution. To state a claim under the California constitutional right to privacy, a plaintiff “must show that (1) [he] possess[es] a legally protected privacy interest, (2) [he] maintain[s] a reasonable expectation of privacy, and (3) the intrusion is ‘so serious . . . as to constitute an egregious breach of the social norms’ such that the breach is ‘highly offensive.‘” In re Facebook, Inc. Internet Tracking Litigation, 956 F.3d 589, 601 (9th Cir. 2020) (“Facebook Tracking“) (quoting Hernandez v. Hillsides, Inc., 47 Cal. 4th 272, 286 (Cal. 2009)).
1. Standing
Miniclip first argues that Mastel lacks standing to pursue his claim for violation of his right to privacy under the California Constitution. (Miniclip Mot. to Dismiss at 10.) “Where standing is raised in connection with a motion to dismiss, the court is to ‘accept as true all material allegations of the complaint, and . . . construe the complaint in favor of the complaining party.‘” Facebook Tracking, 956 F.3d at 601 (quoting Levine v. Vilsack, 587 F.3d 986, 991 (9th Cir. 2009)).
To establish standing, a “[p]laintiff must have (1) suffered an injury in fact, (2) that is fairly traceable to the challenged conduct of the defendant, and (3) that is likely to be redressed by a favorable judicial decision.” Spokeo v. Robins, 578 U.S. 330, 336 (2016). To establish an injury in fact, a plaintiff must show that he or she suffered “an invasion of a legally protected interest” that is “concrete and particularized.” Id. at 337 (quoting Lujan v. Defs. of Wildlife, 504 U.S. 555, 560 (1992)). A concrete injury is one that is “real and not abstract.” Id.
In a recent decision, TransUnion LLC v. Ramirez, 594 U.S. --, -- S. Ct. --, 2021 WL 2599472 (Jun. 25, 2021), the Supreme Court provided additional guidance to lower courts tasked with assessing whether a plaintiff‘s alleged harm is adequately “concrete” so as to confer Article III standing. See TransUnion, 2021 WL 2599472, at *7. The Court explained that, while certain harms, such as physical and monetary harms, “readily qualify as concrete injuries under Article III,” other intangible injuries, such as “reputational harms, disclosure of private information, and intrusion into seclusion,” may nevertheless qualify as “concrete” as well, even though they are harder to discern. Id. (citing Spokeo, 578 U.S. at 340-41).
The Court noted that the chief examples of such intangible injuries that are nevertheless “concrete” are those “with a close relationship to harms traditionally recognized as providing a basis for lawsuits in American courts.” Id. It also explained that, though the view of Congress may be instructive in the sense that it may “elevate to the status of legally cognizable injuries concrete, de facto injuries that were previously inadequate in law,” Congress may not “simply enact an injury into existence, using its lawmaking power to transform something that is not necessarily harmful into something that is.” Id. (citing Spokeo, 578 U.S. at 341).
Applying these principles to the case before it, the Court held that certain members of the putative class had failed to allege that TransUnion had caused them a “concrete” injury when it failed to use reasonable procedures to ensure the accuracy of their credit files. Id. at *14. Though Congress had enacted a statute authorizing the plaintiffs to sue when a credit reporting agency negligently created inaccurate credit files, and TransUnion had concededly violated the terms of that statute, the Court held that the plaintiffs had not alleged a concrete injury because TransUnion had not disseminated the inaccurate credit files to any third parties. See id. at **11-14.
Miniclip argues that Mastel has similarly failed to adequately allege an injury in fact because he offers only a “conclusory assertion of a privacy violation.” (Miniclip Mot. to Dismiss at 10.) Miniclip contends that, without some allegation that it shared or otherwise published Mastel‘s private information, such that it became known to a third party, Mastel has not adequately alleged a “concrete” harm that resulted from Miniclip‘s alleged invasion of his privacy. (Miniclip Reply at 6-7 (Docket No. 30) (citing TransUnion, 2021 WL 2599472, at *3.)
The court finds TransUnion to be distinguishable from this case, however, because TransUnion involved a fundamentally different type of alleged injury than the one here. TransUnion concerned a violation of a statute which the Supreme Court analogized to the common law tort of defamation. See TransUnion, 2021 WL 2599472, at *10. The Court held that the plaintiffs had not alleged a “concrete” harm because “publication is ‘essential to liability’ in a suit for defamation.” Id. at *11 (quoting Restatement of Torts § 577, Comment a, at 192).
By contrast, the closest historical analogue to plaintiff‘s invasion of privacy claim under the California Constitution is not defamation, but other “invasion of privacy” torts such as intrusion upon seclusion. Facebook Tracking, 956 F.3d at 598 (“[V]iolations of the right to privacy have long been actionable at common law.“). The Ninth Circuit has expressly noted that, because
Though Facebook Tracking and Eichenberger were decided before TransUnion, they are not overruled by TransUnion. TransUnion involved a claim akin to defamation, not invasion of privacy. The court therefore finds Facebook Tracking and Eichenberger to be more on point, and rejects Miniclip’ argument that plaintiff must necessarily allege that it shared or otherwise disseminated his private information in order to satisfy Article III‘s standing requirement.
2. Egregious Breach of Social Norms
Next, both Apple and Miniclip argue that, even if Mastel has standing to pursue an invasion of privacy claim against them under the California Constitution, any alleged intrusion by Miniclip into the iPhone‘s Pasteboard fails to satisfy the third element of an invasion of privacy claim because it does not rise to the level of an “egregious breach of social norms” that is “highly offensive.” Facebook Tracking, 956 F.3d at 601.
As an initial matter, the court recognizes that questions of whether conduct is “egregious,” “offensive,” or violates “social norms” tend by their very nature to be subjective determinations about which reasonable jurists may differ. As such, these questions are typically more appropriately resolved by a jury. Social norms, as reflections of contemporary community values, necessarily change over time. What was “egregious” or “offensive” at one time and place may be completely unobjectionable, or even laudable, in another.
“That the jury provides a better link to community values than does a single judge is supported not only by our cases, but also by common sense.” Spaziano v. Florida, 468 U.S. 447, 486 (1984) (Stevens, J., concurring). “Juries--comprised as they are of a fair cross section of the community--are more representative institutions of the community as a whole, and inevitably make decisions based on community values more reliably, than can that segment of the community that is selected for service on the bench.” Id. Indeed, as Justice Gorsuch recently observed, judges are “hardly the representative group you‘d expect (or want) to be making empirical judgments” as to what values society at large holds. Carpenter v. United States, 138 S. Ct. 2206, 2265 (2018) (Gorsuch, J., dissenting). “Politically insulated judges come armed with only the attorneys’ briefs, a few law clerks, and their own idiosyncratic experiences . . . [u]nsurprisingly, too, judicial judgments often fail to reflect public views.” Id.
For those reasons, if the court were left to rely only upon its own subjective opinion, without any objective criteria from the statutes or caselaw defining what constitutes “egregious,” or “highly offensive” conduct in breach of “social norms“, it would be hesitant to make such determination at the motion to dismiss stage. See In re Facebook, Inc., Consumer Privacy User Profile Litigation, No. 18-MD-02843-VC, 2019 WL 4261048, at *17.
However, in the context of claims under the California Constitution for invasion of privacy, the California courts have provided some clear and objective guidance as to the trial courts’ role in applying those terms at the pleading stage. In Loder v. City of Glendale, 14 Cal. 4th 846, 893 (Cal. 1997), the California Supreme Court instructed that courts have a role to play in “weed[ing] out claims that involve so insignificant or de minimus an intrusion on a constitutionally protected privacy interest as not even to require an explanation or justification by the defendant.” “No community could function if every intrusion into the realm of private action, no matter how slight or trivial, gave rise to a cause of action for invasion of privacy.” Hill v. Nat‘l Collegiate Athletic Ass‘n, 7 Cal. 4th 1, 37 (Cal. 1994). Accordingly, if the “undisputed material facts show . . . an insubstantial impact on privacy interests, the question of invasion may be adjudicated as a matter of law.” Id. at 40.
Miniclip cites to no less than twelve cases in which courts have dismissed an invasion of privacy claim under the California Constitution at the pleading stage. (See Miniclip Mot. to Dismiss at 10-12.) While no hard-and-fast rule has been set out for determining when an alleged invasion of privacy is “sufficiently serious in [its] nature, scope, and actual or potential impact to constitute an egregious breach of the social norms underlying the privacy right,” Hill, 7 Cal. 4th at 37, one important factor that courts often rely on is whether the plaintiff alleges that the defendant used the private or confidential information obtained for some improper purpose.
In Gonzales v. Uber Technologies, Inc., for instance, the court held that the plaintiff had failed to state a claim under the California Constitution against Uber because, while he had alleged that Uber obtained his name and home address, “there [were] no allegation[s] as to what Uber did, if anything, with this information.” Gonzales v. Uber Technologies, Inc., 305 F. Supp. 3d 1078, 1092 (N.D. Cal. 2018). “Without more allegations as to what, if anything, Uber did with this information, plaintiff has not plausibly alleged a serious invasion of privacy.” Id. at 1093.
Similarly, in White v. Social Security Administration, applying California law, a federal district court held that plaintiff‘s invasion of privacy claim failed because, while the plaintiff had alleged that the defendant had “made unauthorized photocopies of identity documents, without any allegation that he sold, distributed, or otherwise improperly used the information,” the plaintiff had failed to adequately allege a sufficiently serious invasion of privacy. White v. Social Security Administration, 111 F. Supp. 3d 1041, 1053 (N.D. Cal. 2015). Even in Folgelstrom v. Lamps Plus, Inc., where the plaintiff had alleged that the defendant had obtained his name and zip code through misrepresentation and then used this information to obtain his address so that it could send him mailed advertisements, the court dismissed the plaintiff‘s claim because the alleged use was “not an egregious breach of social norms, but routine commercial behavior.” Folgelstrom v. Lamps Plus, Inc., 195 Cal. App. 4th 986, 992 (2d Dist. 2011) (“[W]e have found no case which imposes liability based on the defendant obtaining unwanted access to the plaintiff‘s private information which did not also allege that the use of plaintiff‘s information was highly offensive.“).
In this case, Mastel has not alleged that Miniclip or Apple used his information for any purpose at all, much less a purpose that could plausibly constitute an egregious breach of social norms. Though Mastel alleges that Miniclip has access to all of
Another factor that some courts have relied on is the “pervasiveness” of the alleged invasion. In Facebook Tracking, the Ninth Circuit held that the plaintiffs had adequately pled a claim for invasion of privacy where they had alleged that Facebook used internet browser plug-ins to track which websites they visited, even after they had logged out of Facebook. Facebook Tracking, 956 F.3d 589, 596 (9th Cir. 2020). Not only did Facebook Tracking involve allegations that Facebook compiled this information into personal user profiles and sold those profiles to advertisers to generate revenue, the Ninth Circuit specifically distinguished the case from other invasion of privacy claims which had been dismissed at the pleading stage because the Facebook Tracking plaintiffs had alleged that Facebook‘s invasion of privacy continued even after they had ceased using the application. Id. at 606 n.8 (citing cases).
Much like the cases the Ninth Circuit sought to distinguish, Mastel does not allege that 8 Ball Pool continued to view or copy the contents of his Pasteboard after he had closed the application. (See Compl. ¶¶ 22-25.) This case therefore does not present the sort of “pervasive” invasion of privacy that led the court in Facebook Tracking to conclude that the plaintiffs had adequately stated a California constitutional claim for invasion of privacy. See Facebook Tracking, 956 F.3d at 606 n.8.
Finally, some courts have held that the information obtained by the defendant may itself be so sensitive or private that the alleged intrusion alone suffices to state a claim. However, these cases almost always involve information which is clearly more private or sensitive that that at issue in this case. See Hill, 7 Cal. 4th at 40-41 (holding that plaintiffs had stated a claim for invasion of privacy against NCAA based on requirement that athletes provide urine samples under closely monitored conditions, thus implicating “a human bodily function that by law and social custom is generally performed in private and without observers“); Goodman v. HTC America, Inc., 2012 WL 2412070, *15 (W.D. Wash. 2012) (holding collection of continuous geolocation data sufficient under California Constitution because such data may reveal private information such as “trips to the psychiatrist, the plastic surgeon, the abortion clinic, the AIDS treatment center, the strip club, the criminal defense attorney, the by-the-hour motel, union meeting, mosque, synagogue or church, the gay bar and on and on” (quoting United States v. Jones, 565 U.S. 400, 415 (2012) (Sotomayor, J., concurring)). Even “highly personal information, including social security numbers, does not ‘approach [the] standard’ of actionable conduct under the California Constitution and thus does not constitute a violation of” a plaintiff‘s right to privacy. In re iPhone Application Litig., 844 F. Supp. 2d 1040, 1063 (N.D. Cal. 2012) (citing Ruiz v. Gap, Inc., 540 F. Supp. 2d 1121, 1128 (N.D. Cal. 2008)).
The allegations in Mastel‘s complaint do not approach this standard. Mastel offers only the broad allegation that the 8 Ball Pool application read text that had been copied onto his Pasteboard, which may
Mastel points to one case, Opperman v. Path, Inc., in which a federal district court held that iPhone users’ personal contact lists could be considered “highly offensive” such that the plaintiff could state a claim for invasion of privacy based solely on allegations that phone applications had accessed the information without permission. See Opperman v. Path, Inc., 87 F. Supp. 3d 1018, 1062 (N.D. Cal. 2014). The court finds Opperman to be distinguishable from this case, however. Not only did Opperman involve a claim for intrusion upon seclusion under California common law, rather than a claim under the California Constitution, but the alleged privacy violations at issue were so widespread and pervasive that the Federal Trade Commission and Congress had already “closely scrutinized the practices at issue . . . because of concerns that the practices were inappropriate.” See Opperman v. Path, Inc., 87 F. Supp. 3d 1018, 1062 (N.D. Cal. 2014).
Notwithstanding the authority cited by Mastel, the weight of the case law indicates that his allegations simply do not approach the sort of “egregious” or “highly offensive” conduct which courts have typically permitted to proceed beyond the motion to dismiss stage. See In re iPhone, 844 F. Supp. 2d at 1063; Hill, 7 Cal. 4th at 40-41. The court therefore concludes that Mastel has failed to state a claim against Miniclip for invasion of privacy under the California Constitution. Id. Furthermore, because Mastel seeks to hold Apple responsible based solely on allegations that it knowingly enabled Miniclip‘s conduct, the court concludes that Mastel has also failed to state a claim for invasion of privacy under the California Constitution against Apple.
The court will therefore dismiss Mastel‘s second claim for invasion of privacy under the California Constitution.
C. Stored Communications Act
Next, Mastel claims that Miniclip‘s conduct violated the SCA, which provides a cause of action against a person who “intentionally accesse[d] without authorization a facility through which an electronic communication service is provided” or “who intentionally exceed[ed] an authorization to access that facility; and thereby obtain[ed], alter[ed], or prevent[ed] authorized access to a wire or electronic communication while it [wa]s in electronic storage in such system.”
It is questionable whether Mastel‘s iPhone even qualifies as a “facility” under the SCA. See Hildermann v. Enea TekSci, Inc., 551 F. Supp. 2d 1183, 1204 (S.D. Cal. 2008) (noting, without deciding the issue, that it is questionable whether a laptop computer qualifies as a “facility“). Setting this issue aside, however, Mastel‘s claim fails because text contained in the Pasteboard is not in “electronic storage” for purposes of the SCA. See id. The SCA defines “electronic storage” as “(A) any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and (B) any storage of such communication by an electronic communication service for purposes of backup protection of such communication.”
Courts interpreting subsection (A) have held that, because this subsection only applies to messages in “temporary, intermediate storage,” its coverage is limited to messages that are in transit but which have not yet been delivered to their intended recipient. See Theofel v. Farey-Jones, 359 F.3d 1066, 1075 (9th Cir. 2004) (citing In re Doubleclick, Inc. Privacy Litig., 154 F. Supp. 2d 497 (S.D.N.Y. 2001)). For instance, subsection (A) may apply to email messages stored on an internet service provider‘s server pending delivery to the recipient. See Doubleclick, 154 F. Supp. 2d at 511-12. But once the email reaches its intended recipient and is stored on the recipient‘s laptop, access does not violate the SCA because it is no longer in “temporary, intermediate storage.” See Hilderman, 551 F. Supp. 2d at 1205.
Plaintiff‘s own complaint indicates that the Pasteboard does not provide “temporary, intermediate storage” of a communication “incidental to the electronic transmission thereof.” Id. Pasteboard is merely a tool that allows iPhone users to copy and paste text from one application to another. (Compl. ¶ 11.) As discussed above, while text placed in the Pasteboard may have originated from a previously-sent or previously-received communication (i.e., a text message or email), there is no allegation in Mastel‘s complaint that Miniclip was somehow able to access the contents of any of Mastel‘s communications as they were in transit or prior to their delivery to an intended recipient. (See Compl. ¶¶ 10-29.) Mastel‘s allegations thus does not satisfy subsection (A) of the SCA‘s definition of “electronic storage.” See Hilderman, 551 F. Supp. 2d at 1205.
Nor does accessing text in the Pasteboard fall under subsection (B). Subsection (B) covers storage of communications “by an electronic communication service for purposes of backup protection” of the communication.
The court therefore finds that Mastel has failed to allege a plausible violation of the SCA. Accordingly, the court will dismiss Mastel‘s third claim against Miniclip for violation of the SCA.
D. California Unfair Competition Law
Finally, Mastel claims that Miniclip and Apple‘s conduct violated the
Mastel has failed to satisfy the UCL‘s standing requirement because he has not alleged any economic injury as a result of defendants’ conduct. In his opposition to Apple‘s motion to dismiss, Mastel argues that because he alleges that defendants surreptitiously obtained his personal information, he has “suffered a loss in the value of his personal information.” (Pl.‘s Opp‘n to Apple‘s Mot. to Dismiss at 12 (Docket No. 22).) However, Mastel‘s complaint never mentions or describes the economic value of his personal information. (See generally Compl.) Numerous courts have held that disclosure of personal information alone does not constitute economic or property loss sufficient to establish UCL standing, unless the plaintiff provides specific allegations regarding the value of the information. See, e.g., In re Yahoo! Inc. Customer Data Sec. Breach Litig., No. 16-MD-02752-LHK, 2017 WL 3727318, *22 (N.D. Cal. Aug. 30, 2017) (rejecting UCL standing to victims of data breach who had failed to allege specific benefit-of-the-bargain losses or out-of-pocket expenses); In re Facebook Privacy Litig., 791 F. Supp. 2d 705, 714 (N.D. Cal. 2011), aff‘d 572 F. App‘x 494 (9th Cir. 2014) (“A plaintiff‘s ‘personal information does not constitute property under the UCL.“); Archer v. United Rentals, Inc., 195 Cal. App. 4th 807, 816 (2d Dist. 2011) (dismissing UCL invasion of privacy claim because “plaintiffs have failed to demonstrate how . . . unlawful collection and recordation of personal information . . . translates into a loss of money or property“).
All of the cases cited by Mastel are distinguishable because they either relied on allegations of lost cash payments or specific allegations as to the value of the personal information at issue. See In re Yahoo!, 2017 WL 3727318, at **21-22; In re Anthem Inc. Data Breach Litig., No. 15-MD-02617-LHK, 2016 WL 3029783, *30 (N.D. Cal. May 27, 2016); Calhoun v. Google LLC, --F. Supp. 3d--, No. 20-CV-05146-LHK, 2021 WL 1056532, **1-2 (N.D. Cal. Mar. 17, 2021). In Calhoun, for instance, the plaintiffs devoted 50 paragraphs of their complaint to detailing the economic value of their information, how that value had been lost as a result of Google‘s conduct, and how Google profited by selling their data in a robust marketplace. See Calhoun, Case No. 20-cv-05146, Compl. (Docket No. 1) ¶ 413 (“the unauthorized disclosure and taking of their personal information which has value as demonstrated by its use and sale by Google. Plaintiffs have suffered harm in the form of diminution of the value of their private and personally identifiable data and content“), ¶¶ 209-58 (describing the
Moreover, Calhoun relied on cases that address Article III standing, which, unlike UCL standing, does not necessarily require plaintiffs to show economic harm. See Plaid, 2021 WL 1721177, at *14 n.8 (“This court disagrees with Calhoun. It rests on four cases that address Article III standing, which is different from UCL standing.“). In fact, in one of these cases, while the Ninth Circuit held (in an unpublished memorandum opinion) that the alleged dissemination of the plaintiffs’ personal information and loss of “the sales value of that information” sufficed to confer Article III standing, the court expressly held that these allegations did not confer UCL standing because the plaintiffs had “failed to allege that they ‘lost money or property.‘” See In re Facebook Privacy Litig., 572 F. App‘x 494 (9th Cir. 2014). Because Mastel has failed to present any allegations concerning the economic value of the personal information allegedly obtained by defendants, the court will dismiss Mastel‘s fourth claim against defendants for violations of the UCL.
IT IS THEREFORE ORDERED that defendants’ motions to dismiss (Docket Nos. 8, 21) be, and the same hereby are, GRANTED.
Dated: July 14, 2021
WILLIAM B. SHUBB
UNITED STATES DISTRICT JUDGE