Case Information
UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA ABBY LINEBERRY, et al., Case No. 23-cv-01996-VC Plaintiffs, ORDER DISMISSING CASE IN PART
v. AND OTHERWISE DENYING MOTION FOR CLASS ADDSHOPPERS, INC., et al., CERTIFICATION Defendants. Re: Dkt. No. 147
This is a proposed privacy class action. The named plaintiffs allege that when they visited certain websites and put an item in their virtual shopping cart, the websites used tracking technology from a company called AddShoppers to send them targeted marketing emails, even though the named plaintiffs never provided their email addresses or any other personal information to those websites.
During the discovery process in this case, several problems arose. For example, one named plaintiff deleted the browsing history on her phone after AddShoppers requested it, thereby preventing AddShoppers from testing her allegation about visiting the website and placing an item in the cart. The other named plaintiff never received a marketing email from his alleged website visit, raising questions about whether he really put an item in his cart—questions that were only magnified by unreliable testimony he subsequently provided about his browsing activities.
These problems (and others discussed below) mean that if a class were certified and the case went to trial, a jury could easily find against the named plaintiffs on grounds that wouldn’t apply to the absent class members. At a minimum, the specific problems with the named plaintiffs’ claims would overshadow the question whether the defendants are liable to the class. This means the named plaintiffs have failed to show that their claims are typical of the proposed class members’ claims. Relatedly, it means they would not be adequate class representatives. So the motion for class certification is denied. As discussed in Section IV, the failure to properly vet named plaintiffs, and the seeming unwillingness to promptly address issues that arise during litigation with named plaintiffs, are serious problems that the class action plaintiffs’ bar desperately needs to rectify.
I
A AddShoppers is a digital marketing company that helps online retailers send targeted emails to potential customers. Ordinarily, if someone just browses a retailer’s website without submitting an email address or some other identifying information, the retailer won’t be able to email that person. But by contracting with AddShoppers, the retailer can email that user a discount offer for the very product they were viewing. AddShoppers has approximately 2,000 brand partners (what it calls its customers) and a database of over 150 million shopper records.
AddShoppers operates its program, SafeOpt, in the following way. When a user visits a brand partner’s website using a browser that enables JavaScript (like Chrome or Firefox), the browser downloads AddShoppers’ pixel, called a “widget.” The widget then tracks data such as the IP address of the user’s device; the URL of the website; time stamp; cookies; products viewed; and which products, if any, were placed in a shopping cart. That data is initially stored on the device and then transmitted to AddShoppers when a “campaign” is triggered. AddShoppers offers three types of campaigns from which the brand partner can choose: the “cart abandon” campaign (when a user places an item in their cart and then exits the page without making a purchase); the “browse abandon” campaign (when a user views multiple pages on the site without making a purchase); and the “awareness” campaign (when a user spends “quality time” on a page but doesn’t navigate to multiple pages or put anything in their cart). For example, Peet’s Coffee chose both the cart abandon and browse abandon campaigns when it partnered with AddShoppers, so a user would have triggered a campaign on the Peet’s website if they added an item to their cart and then left the site or if they clicked on several pages and then left the site. Ex. 13, Dkt. No. 147-14.
After a campaign is triggered and the data is transmitted to AddShoppers, AddShoppers matches the data with an email address associated with that device. To do that, AddShoppers uses several sources of emails. First, a small number of people directly sign up for SafeOpt and provide their email addresses (because they want to receive discount offers). Second, a user may have provided their email address to a different brand partner, who then shares it with AddShoppers. Third, and most commonly, AddShoppers buys aggregated email records from data brokers. AddShoppers’ email sources are imperfect and will often associate multiple email addresses with the same device. Once associated with an email address, AddShoppers then sends marketing emails to the user on behalf of the brand partner, oftentimes offering a discount on a product they were browsing or had put in their cart.
B
The procedural history of this lawsuit is somewhat tortured. Some of the plaintiffs, claims, and theories have changed over time. But recounting this history is important to understanding the issues that are now before the Court on this motion for class certification.
The lawsuit was filed in April 2023. There were originally four named plaintiffs—Oather McClung, Greg Dessart, Terry Cook, and Abby Lineberry. They sued three named defendants— AddShoppers and two brand partners, Presidio Brands and Peet’s Coffee—alleging various privacy violations. Specifically, they asserted claims based on the California Invasion of Privacy Act (CIPA), the California Computer Access and Data Fraud Act (CDAFA), the Unfair Competition Law (UCL), common law invasion of privacy, statutory larceny, trespass to chattels, and unjust enrichment. Each of the four plaintiffs alleged that they had visited one or more of AddShoppers’ brand partner’s websites and then received a promotional email from AddShoppers about the products they saw, despite never having provided their email or personal information to that brand partner. Lineberry, for instance, alleged that she had browsed certain products on MedTerraHemp.org on her work computer and subsequently got a marketing email for those products on her personal email. Of the four plaintiffs, only Cook (a non-California plaintiff) alleged that he had visited the Peet’s website and received two subsequent emails for Peet’s products. The other non-California plaintiff was Dessart. McClung and Lineberry were the California plaintiffs.
In January 2024, this Court granted in part and denied in part the defendants’ first motion to dismiss, allowing three of the plaintiffs’ claims to go forward—CIPA (except Dessart’s), UCL, and CDAFA. See McClung v. AddShopper, Inc. , No. 23-CV-1996, 2024 WL 189006 (N.D. Cal. Jan. 17, 2024). In February 2024, McClung voluntarily dismissed his claim, leaving three plaintiffs, with Lineberry as the only California plaintiff. Discovery proceeded.
In October 2024, about two months before the deadline to move for class certification, the plaintiffs sought leave to file an amended complaint to add Miguel Cordero, a California resident, as a named plaintiff. Shortly after, Dessart voluntarily dismissed his claim. This Court granted the motion to amend, and the plaintiffs filed an amended complaint—which is the operative complaint now—in November 2024. In the amended complaint, Lineberry’s allegations continue to focus on her visit to the MedTerra website. First Amended Complaint ¶¶ 53–57, Dkt. No. 135. Cordero, for his part, alleges that he was tracked by AddShoppers when he visited the Peet’s website. Id. at ¶¶ 63–66.
The defendants moved to dismiss again, and the parties completed their motion to dismiss briefing at the same time they began briefing class certification. In February 2025, the Court dismissed all of Cook’s claims and all of the plaintiffs’ CDAFA claims, and the plaintiffs dropped their UCL claims. This meant that there were only two plaintiffs remaining—California residents Lineberry and Cordero. And their only remaining claim was under CIPA. See Lineberry v. AddShopper, Inc. , No. 23-CV-01996, 2025 WL 551864 (N.D. Cal. Feb. 19, 2025).
While the motion to dismiss was pending, the plaintiffs filed their motion for class certification. There were some differences between the operative complaint and the motion for class certification. As noted above, in the complaint, Lineberry alleged that she had visited the MedTerra website from her work computer and then received a discount offer on her personal email. But in the class certification motion, Lineberry dropped the allegation about MedTerra and replaced it with an allegation (supported by a declaration) that she had visited a different website, a women’s plus-size clothing website called Dia, and had been tracked by AddShoppers while visiting that website. Cordero, for his part, continued to allege that he visited the Peet’s website. But he presented no evidence that he had received a marketing email in the wake of that visit. Instead, he argued that the details of his visit, such as what products he viewed, must have been tracked given how AddShoppers’ campaigns work.
Another difference between the complaint and the class certification motion was the composition of the proposed classes. In the complaint (including the amended complaint that was filed shortly before the deadline to move for class certification), the plaintiffs said they were seeking to represent everyone (nationwide or at least in California) whose information was collected by AddShoppers, regardless of brand partner. But in the class certification motion, they sought only to represent visitors to the Dia website or the Peet’s website whose information was collected by AddShoppers. Not people who visited the MedTerra website, and not any other people who visited the websites of other brand partners of AddShoppers.
Thus, three potential classes were still in play. First, a Rule 23(b)(3) class against Peet’s, represented by Cordero, which would include “[a]ll natural persons who, while in California, visited Peet’s website for whom AddShoppers collected their detailed browsing activity.” Second, a Rule 23(b)(3) class against AddShoppers, represented by Cordero and Lineberry, which would include “[a]ll natural persons who, while in California, visited Peet’s or Dia’s websites for whom AddShoppers collected their detailed browsing activity.” And third, a Rule 23(b)(2) injunctive relief class against AddShoppers, represented by Lineberry and Cordero, which would include “all natural persons who, while in California, visited a website for whom AddShoppers collected their detailed browsing activity.” Motion for Class Certification at 14– 15, Dkt. No. 147.
As discussed further below, the plaintiffs’ presentation raised questions about whether Cordero and Lineberry’s claims were typical of the proposed class, and whether they would be adequate class representatives. In fact, there were questions about whether Cordero and Lineberry were even members of the classes they proposed to represent. Finally, there were questions about whether Cordero had been harmed at all as a result of his visit to the Peet’s website. So the Court scheduled an evidentiary hearing to explore these issues, requiring Cordero and Lineberry to testify.
II
The defendants have always asserted that the plaintiffs lack Article III standing. At the motion to dismiss stage, the Court rejected this assertion. It noted that standing based on a privacy injury in the pixel-tracking context depends on “how much information is captured and how it is aggregated or used.” Lineberry , 2025 WL 551864, at *1; see also Carolus v. Nexstar , No. 24-CV-7790, 2025 WL 1338193, at *1 (N.D. Cal. Apr. 9, 2025) (holding that plaintiffs failed to allege standing when the only information tracked was that their IP addresses had visited a given site). And the Court held that the plaintiffs pled facts sufficient to establish standing here by alleging that AddShoppers and Peet’s collected not just the fact that a plaintiff had visited the website of “one retailer or on one occasion” but rather that AddShoppers had “aggregated browsing activity,” including the individual products viewed or put into carts, “across many retailers and over years,” and then used that information to send marketing emails to the plaintiffs without their consent. See Lineberry , 2025 WL 551864, at *1.
Now, at the class certification stage, the standing inquiry can be reassessed with the benefit of actual evidence, and the evidentiary burden is on the plaintiffs. See B.K. ex rel Tinsley v. Snyder , 922 F.3d 957, 966–67 (9th Cir. 2019). For Lineberry’s and Cordero’s claims against AddShoppers, the analysis hasn’t changed. The evidence shows that AddShoppers did track their browsing activity on multiple sites and sent them marketing emails related to those visits. For instance, AddShoppers’ database shows that it tracked Lineberry’s browsing on sites like MedTerra and CatPerson and sent her promotional emails about products she had viewed on those sites. Ex. B, Dkt. No. 163-3. The database also shows that Cordero was tracked on sites like Everyplate, Kayak, and Cruise America, and that he also received promotional emails about products on those sites shortly after visiting them. See Ex. L, Dkt. No. 166-10. So the named plaintiffs have been “injured” by AddShoppers for purposes of the claims in their complaint (putting aside, for the moment, the question whether they are members of the narrower classes they now propose to represent).
Further, both plaintiffs have shown a “sufficient likelihood” that they will “again be wronged in a similar way” such that they have standing to pursue their injunctive relief claim. Campbell v. Facebook, Inc. , 951 F.3d 1106, 1120 (9th Cir. 2020) (quoting Villa v. Maricopa County , 865 F.3d 1224, 1229 (9th Cir. 2017)). Both have stated, understandably, that they plan to continue browsing online shopping websites. And given that AddShoppers operates on thousands of retailers’ websites, it’s likely that they will browse another website on which AddShoppers operates. AddShoppers responds that Lineberry and Cordero both said they generally decline cookies when cookie banners pop up and that they could block all cookies on their browser preferences if they really want to avoid AddShoppers’ tracking in the future. The fact that Lineberry and Cordero generally decline cookies doesn’t mean they necessarily will avoid AddShoppers because some websites don’t have cookie banners, some sites have banners that only have an “accept” button (like Dia’s), and other sites continue to track users even if they affirmatively opt out of all cookies (like Peet’s). Ex. 46, Dkt. No. 178-13 (Dia’s cookie banner); Georgianna Deposition at 89:20–93:4, Ex. 14, Dkt. No. 147-15 (describing functionality of Peet’s cookie banner). And neither plaintiff is required to affirmatively change their own conduct (such as blocking all cookies) to avoid being unlawfully tracked. Cf. Melendres v. Arpaio , 695 F.3d 990, 998 (9th Cir. 2012). Indeed, the very fact that they would need to alter their internet browsing practices suggests that injunctive relief would redress their future injuries.
However, Cordero lacks standing for his claim against Peet’s because he has not shown that Peet’s tracked enough information to give rise to a privacy injury.
The documentary evidence suggests that AddShoppers only tracked the fact that Cordero visited the Peet’s website once on November 9, 2021. The database has only one record associated with Cordero and Peet’s Coffee. This record contains the time and date of his visit but does not have any other information about what URL he visited, what products he viewed, or what products he put in his cart (if any). See Ex. D, Dkt. No. 163-5. There is no evidence, from either AddShoppers’ database or from Cordero’s email inbox, that Cordero received a promotional email from SafeOpt after his visit to the Peet’s website.
Cordero responds that even if AddShoppers’ database no longer has the records of products he put in his cart, it must have collected that information when he originally visited the site in November 2021. To support that theory, Cordero relies on three pieces of evidence. First, he points to the AddShoppers’ record which says that the “cart value” column said “true” for his visit, which typically means that a campaign has been triggered. See id . Second, he testified that he searched his Google browsing history for all visits to the Peet’s website, and it showed that he visited the site on November 9, 2021. Cordero Deposition at 61:16–21, Ex. 40, Dkt. No. 178- 7. The Google browsing history showed that he searched on Google for a chicken waffle sandwich and then clicked on Peet’s product page for that sandwich. Id. at 62:5–7. These two pieces of evidence corroborate that he went to the Peet’s website on that day, but they are also consistent with AddShoppers’ database record’s lack of any recorded product viewed or placed in a cart. That’s why the third piece of evidence is critical: Cordero’s testimony, at the evidentiary hearing, that he remembers putting the chicken waffle sandwich in his cart.
At his deposition, Cordero testified that before he searched his Google browsing history, he didn’t recall the specific date that he visited the Peet’s website but generally remembered visiting the site before. Id. at 61:22–62:2. When asked what prompted his visit to the website, Cordero responded, “So I looked at my data” and “it said I was looking at a chicken waffle sandwich.” Id. at 62:3–7. He was then asked if he recalled “looking at a chicken waffle sandwich” and answered, “I do. I remember it looking pretty tasty.” Id. at 62:8–10. He also testified that he did not make any purchases on the Peet’s website, that he “just looked at the price,” and that he didn’t recall looking at anything else or doing anything else on the site. Id. at 62:19–63:2. Cordero was then asked what information he believed Peet’s collected during the visit, and Cordero answered, “The cart that I had the chicken sandwich in.” Id. at 64:9–12. AddShoppers’ counsel asked what the basis of that belief was, and Cordero responded that it was “two specific items”: his “search history” from Google and the AddShoppers’ data which “had the date of November 2021.” Id. at 64:13–18.
At the March 2025 evidentiary hearing, Cordero claimed to have a far more precise memory of the details about his visit to the Peet’s website that day in November 2021, offering a definitive statement that he remembered putting the sandwich in his cart. At first, he testified that although his Google browsing history doesn’t reflect whether he put the sandwich in the cart, he did “remember adding it to the cart to see kind of taxes, how much it would be, allergen information, things of that nature.” March 21 Hearing Transcript (“Tr.”) 30:16–18. He elaborated that his answer was “based on patterns” of how he normally shops online, by putting items in the cart to check their price, but that he remembered “specifically putting it in the cart and seeing the value of it, and the allergen information was something [he] was worried about.” Id. at 30:22– 31:12. The Court then asked why one would need to put an item in the cart to determine allergen information, and Cordero backtracked: “I think in the -- in the cart, it’s mostly about the price; but I do remember -- if I remember correctly, the landing page on the chicken and waffle sandwich had, like, allergen information. So it wasn’t necessarily about the cart, but I think what I mean by that is just searching for that item. But the cart is me selecting it for -- to see the total price.” Id. at 32:1–7. Cordero then confirmed that he “didn’t put the product in the cart to discern allergen information” but rather he “put it in the cart to discern the price.” Id. at 32:8–12. The Court then asked whether he could see the price before putting an item in the cart, and Cordero said that if he remembered correctly, the website had the base price but that “[i]t’s only until you put it” in the cart “that you see all the fees, if there are any, and taxes and things like that, and that’s what I was interested in.” Id. at 33:1–13. Cordero did not explain why he wanted to know the precise amount of taxes (48 cents? 64 cents? 76 cents?) that he would need to pay for the chicken waffle sandwich.
Cordero also testified that in addition to the November 9, 2021, visit to Peet’s, his Google browsing history reflected one other visit to the Peet’s website on July 23, 2024, during which he clicked on multiple product pages but did not purchase anything. See Tr. 28:10–21; 24:17–35:13. On that same day, plaintiffs’ counsel Kasey Youngentob had called Cordero to provide him with a status update about this case and told him to request his data from AddShoppers (at this time, plaintiffs’ counsel had not yet sought to add Cordero as a named plaintiff). See Decl. of Kasey Youngentob ¶¶ 3, 8, Dkt. No. 121-1; see also Tr. 36:2–8. At the hearing, Cordero was asked if he went onto the Peet’s website that day in the hopes of triggering a SafeOpt email to him, either on his own initiative or at his counsel’s directive. Tr. 37:11–16. He denied that he had done so, and instead testified that he was just coincidentally on the website to do “Christmas shopping.” Id. at 36:20, 37:11–16. In July.
During this hearing, it became clear that Cordero’s testimony is not credible and that he doesn’t actually remember putting the sandwich in his cart. This finding is based both on the inherent implausibility of his overall narrative and his demeanor. Therefore, Cordero fails to overcome the documentary evidence suggesting that AddShoppers only tracked the fact he visited the Peet’s website once. [1] He fails to meet his burden to prove standing.
This means that Cordero’s claim must be dismissed, which in turn means that Peet’s must be dismissed from the case, and the motion for class certification of a class against Peet’s needs not be reached. 1 Newberg and Rubenstein on Class Actions § 2:6 (6th ed. 2022) (“Because individual standing requirements constitute a threshold inquiry, the proper procedure when the class plaintiff lacks individual standing is to dismiss the complaint, not to deny class certification.”). [2]
III
As for the motion to certify the Rule 23(b)(3) class against AddShoppers (on behalf of people in California who visited the Dia website or the Peet’s website), AddShoppers makes lots of arguments, but based on this record the overlapping issues of typicality and adequacy of representation are the most important. A named plaintiff is not typical or adequate if “there is a danger that absent class members will suffer if their representative is preoccupied with defenses unique to it.” DZ Reserve v. Meta Platforms, Inc ., 96 F.4th 1223, 1238 (9th Cir. 2024) (quoting Hanon v. Dataproducts Corp. , 976 F.2d 497, 508 (9th Cir. 1992)); see James v. Uber Technologies Inc. , 338 F.R.D. 123, 133 (N.D. Cal. 2021) (noting that “the typicality and adequacy inquiries tend to significantly overlap”); see also Beck v. Maximus , 457 F.3d 291, 296 (3d. Cir. 2006) (explaining that “unique defenses bear on both the typicality and adequacy of a class representative”). Or, to put it more directly, a named plaintiff is not typical or adequate if the jury could realistically rule against them on a basis that wouldn’t apply to the rest of the class. 1 Newberg and Rubenstein on Class Actions § 3:45. “A class is disserved if its representative’s claim is not typical of the claims of the class members, for then if his claim fails, though claims of other class members may be valid, the suit will at the least be delayed by the scramble to find a new class representative.” CE Design Limited v. King Architectural Metals, Inc. , 637 F.3d 721, 724 (7th Cir. 2011); see First Monaco v. Hogan , No. 98CV3386, 2016 WL 1322431, at *8 (E.D.N.Y. Mar. 31, 2016), aff’d sub nom. Monaco v. Sullivan , 737 F. App’x 6 (2d Cir. 2018) (decertifying class when later evidence showed that the named class representatives were subject to unique defenses).
As with the other Rule 23(a) prerequisites, the plaintiffs must establish typicality and adequacy for both the Rule 23(b)(3) damages class and the Rule 23(b)(2) injunctive relief class, and the Court must “rigorously analyze” whether the plaintiffs have proven typicality and adequacy by “a preponderance of actual evidence.” Black Lives Matter Los Angeles v. City of Los Angeles , 113 F.4th 1249, 1258 (9th Cir. 2024).
A
The plaintiffs propose a Rule 23(b)(3) damages class of “all natural persons who, while in California, visited Peet’s or Dia’s websites for whom AddShoppers collected their detailed browsing activity.” Neither Cordero nor Lineberry is typical or adequate for this proposed class.
i. Miguel Cordero
To begin, a named plaintiff obviously needs to be a “a member of the class” he seeks to represent. Sali v. Corona Regional Medical Center , 909 F.3d 996, 1007 (9th Cir. 2018). Cordero fails that baseline requirement. As described above, Cordero has not met his burden to show that AddShoppers collected anything more than the fact that he visited the Peet’s website on a particular day. In other words, Cordero hasn’t shown that AddShoppers collected his “detailed browsing activity” on the Peet’s website. Cordero has never asserted that he visited the Dia website.
While that alone disqualifies Cordero as a class representative, his problems would not go away even if he could be deemed a member of the class. Even if one thought there was enough evidence to go to trial on whether Cordero’s browsing activity on the Peet’s website was tracked on his November 2021 visit, there’s a serious risk—given the sparseness of the evidence in Cordero’s favor on this issue, not to mention his profound lack of credibility—that the jury would conclude that his browsing activity was not tracked, even if it would be inclined to conclude that the browsing of absent class members was indeed tracked. See DZ Reserve , 96 F.4th at 1239. This disqualifies Cordero from representing those absent class members. See Harris v. Vector Marketing Corp. , 753 F. Supp. 2d 996, 1015 (N.D. Cal. 2010) (“The honesty and credibility of a class representative is a relevant consideration when performing the adequacy inquiry because an untrustworthy plaintiff could reduce the likelihood of prevailing on the class claims.” (cleaned up) (quoting Searcy v. eFunds Corp. , No. 08 C 985, 2010 WL 1337684, at *4 (N.D. Ill. 2010))).
ii. Abby Lineberry
Although it’s a closer call than Cordero, Lineberry also has not demonstrated by a preponderance of the evidence that she is a member of the class of people whose detailed browsing activity was collected through the Dia.com website.
As a reminder, neither the original complaint filed in April 2023 nor the amended complaint filed in November 2024 included any mention of Lineberry’s visit to the Dia website. The complaints instead focused on Lineberry’s visit to the MedTerra website on her work computer, and the subsequent promotional email she received on her personal email about MedTerra products. At some point during the litigation, Lineberry returned her work computer to her employer and its data was wiped. See Lineberry Deposition, 171:17–172:4, Ex. 41, Dkt. No. 178-8. During discovery, AddShoppers produced its database records associated with Lineberry’s email addresses, which seemed to show that Lineberry had visited the Dia website and that AddShoppers collected the product information about a navy blouse she had placed in her cart. Partially as a result of this discovery (and perhaps partially because Lineberry’s work computer was wiped), the plaintiffs decided to change their approach in their motion for class certification and focus on Dia instead of MedTerra. To do so, Lineberry submitted a declaration accompanying the motion for class certification in which she stated, “[M]y data from AddShoppers shows when I visited Dia & Co.’s website and added a Navy Olivia Cross-Back Blouse to my cart on April 10, 2022. I added this product to my cart while I was in California.” Decl. of Abby Lineberry ¶ 6, Dkt. No. 147-28.
With its opposition brief, AddShoppers submitted its database records, which did reflect a visit to Dia.com on April 10, 2022, that is linked to a “Visitor ID” associated with Lineberry’s email. See Decl. of Shawn King ¶ 13, Dkt. No. 163-1. However, AddShoppers pointed out that the records show that the Visitor ID listed for the Dia visit is associated not only with Lineberry’s email address but also with three other email addresses belonging to different people. See Ex. B, Dkt. No. 163-3. AddShoppers submitted further records showing that SafeOpt sent two promotional emails to one of those other addresses (to someone named Brenda Hill) on behalf of Dia in the two days after the Dia visit. Decl. King ¶ 14, Dkt. No. 163-1. And AddShoppers’ Chief Technology Officer Shawn King stated in a declaration that Lineberry’s email address was merged with the Visitor ID on the Dia record on December 17, 2023, well after the Dia visit had occurred. See id. ¶ 15. AddShoppers posited that Lineberry and her counsel misinterpreted the records and that she wasn’t really the person who visited the Dia website on April 10, 2022—maybe it was Brenda Hill—and its database just incorrectly merged Lineberry’s email with that Visitor ID. Lineberry, in her reply brief, maintained that she was the one who visited the Dia website and argued that the database incorrectly associated her visit with Brenda Hill’s email, which is why Hill received the two SafeOpt emails.
At the evidentiary hearing, it became clear Brenda Hill did not visit the Dia website. Hill testified that she doesn’t recall ever visiting the Dia website, nor did she find any emails or search history reflecting that she had ever been on the website, nor does she generally shop online for women’s clothing. March 25 Hearing Transcript 10:13–24, Dkt. No. 208-3.
Lineberry also testified. She said she visited the Dia website on her phone and that she recalls doing so because her mom recommended the site to her. Tr. 74:3–6. But her testimony revealed that she didn’t actually remember visiting the website on April 10, 2022, but rather she assumed that she had based off her review of the AddShoppers’ data with her lawyer. Lineberry explained that her lawyer showed her the AddShoppers’ Dia record before her deposition, and that her interpretation of that record was that it showed the date she visited and what she put in her cart. Id. at 76:13–21; see also id. at 81:7–9. When the Court asked how she knew that the visit was in April of 2022, Lineberry responded that “[t]he data that was collected by AddShoppers and produced in discovery” shows that she “visited Dia.com in April 2022.” Id. at 74:17–24; id. at 83:23–84:4 (stating she did not remember putting the navy blouse in her cart but that it “sounds like something that’s [her] style” and “that’s what the data showed” was added to the cart); id. at 86:20–22 (“It says on the data that I visited the site -- it was first created on April 10th. So I think I probably went there on April 10th.”); id. at 100:9–13 (agreeing that the “basis” for her belief that her mom recommended Dia.com on April 10th was the AddShoppers’ data).
This evidence does not prove by a preponderance that Lineberry was actually the person who visited Dia.com on April 10, 2022, and was tracked by AddShoppers. And even if Lineberry got over the line and showed that she is a member of this class, there would still be a significant “danger that absent class members will suffer” if the class is certified because Lineberry will be preoccupied by a unique defense that could very well cause the jury to find against her even if they would find in favor of absent class members. See DZ Reserve , 96 F.4th at 1238 (quoting Hanon , 976 F.3d at 508).
But that’s not all. Lineberry also testified that she deleted all of the browsing history data on her phone in late November or early December 2024, after AddShoppers had requested that data in discovery. Tr. 71:11–18. That data, of course, is highly relevant to ascertaining whether she visited the Dia website, and if so, when she did so and whether she viewed multiple pages or put products in her cart. While there is no evidence to suggest (nor does AddShoppers argue) that Lineberry deleted this data intentionally to destroy evidence, it nonetheless weakens her evidentiary record compared to the typical class member, potentially raises credibility issues, could generate a spoliation-related instruction to the jury, and overall reinforces that she is an atypical and inadequate representative for the class. See In re Arris Cable Modem Consumer Litigation , 327 F.R.D. 334, 358 (N.D. Cal. 2018).
The plaintiffs respond that Cordero and Lineberry are typical because one of AddShoppers’ primary defenses is that their database is inaccurate, so the question whether AddShoppers really did track Cordero and Lineberry will not be unique to them but rather common for all class members’ claims. Even if that is true, there are a few reasons why this argument cannot save the plaintiffs. First, membership in the class is the very base requirement of typicality, so if the plaintiffs are saying that ascertaining membership will be this difficult for all class members, that would seem to create another reason to deny class certification, rather than helping the plaintiffs’ typicality argument. Second, the problem of Cordero’s and Lineberry’s membership in the class is at least partially a problem of the plaintiffs’ own creation. They chose to define the class to include only people who visited the Peet’s and Dia websites, instead of all Californians who had their browsing tracked by AddShoppers on any brand partner website, as originally proposed in their complaint. Of course, there were strategic reasons to narrow the class in this way, such as to bolster the case for predominance, but this choice ultimately exacerbated the typicality issues. Motion for Class Certification at 25 (noting the class was narrowed for strategic reasons). Third and finally, it would have been possible for a plaintiff to prove they were tracked by AddShoppers even without the evidence from AddShoppers’ database. For instance, a plaintiff could put into evidence a promotional email they received from SafeOpt about a given website’s product alongside their browsing history showing they visited the website for that product. That evidence could prove by a preponderance of the evidence that their browsing activity was tracked by AddShoppers. It just so happens here that neither Cordero nor Lineberry could do that because neither received any email about any product, and Lineberry deleted all of her browsing history. [3]
B
Lineberry and Cordero also seek to represent an injunctive relief class defined as “All natural persons who, while in California, visited a website for whom AddShoppers collected their detailed browsing activity.”
Rule 23(b)(2) permits injunctive relief classes if the “party opposing the class has acted or refused to act on grounds that apply generally to the class, so that final injunctive relief or corresponding declaratory relief is appropriate respecting the class as a whole.” Fed. R. Civ. P. 23(b)(2). “The key to the (b)(2) class is the indivisible nature of the injunctive or declaratory remedy warranted—the notion that the conduct is such that it can be enjoined or declared unlawful only as to all of the class members or as to none of them.” Wal-Mart Inc. v Dukes , 564 U.S. 338, 360 (2011) (internal quotation marks and citation omitted). Here, the plaintiffs seek injunctive relief to: “(1) prohibit AddShoppers from collecting class members’ detailed browsing data through the tracking pixel; (2) require AddShoppers to delete all class members’ data; and (3) appoint an independent third party to verify that the injunctive relief has been implemented.” Motion for Class Certification at 26, Dkt. No. 147. This description “sufficiently identifies the specific course of conduct that plaintiffs seek to enjoin, and it establishes that this course of conduct applies to the entire proposed class.” Brown v. Google, LLC , No. 20-CV-3664, 2022 WL 17961497, at *20 (N.D. Cal. Dec. 12, 2022).
But just like the damages class, the plaintiffs must satisfy the Rule 23(a) prerequisites, including typicality and adequacy, and they again fail to do so. The analysis for this class differs somewhat from the damages class because the class definition here is much broader: it encompasses anyone in California who visited a website on which AddShoppers operates, instead of just the Peet’s and Dia websites. That means the defenses that AddShoppers didn’t capture Cordero’s visit to Peet’s and that Lineberry was not the person who visited Dia have less salience here.
Nonetheless, Cordero’s credibility issues and Lineberry’s browsing history deletion affect the typicality and adequacy analysis. The plaintiffs’ injunctive relief claims depend upon them proving that AddShoppers violated CIPA and is likely to continue doing so in the future, absent an injunction. To prove CIPA liability, the plaintiffs plan to rely on evidence that AddShoppers tracked Cordero and Lineberry in the past and that they didn’t consent to such tracking. Whether they consented, though, will at least partially depend on the reliability of their testimony about whether they usually decline cookies while online shopping and whether they declined cookies on the specific sites where they were tracked. Lineberry’s deletion of her phone data also affects the consent question, because that data could contain evidence about whether she declines cookies and what cookies, if any, remained on her phone after visiting certain sites.
Lineberry argues that her deletion of her phone’s browsing history does not affect her ability to represent the injunctive class because she has “produced objective evidence that AddShoppers tracked her on Medterra’s website.” Plaintiffs’ Supplemental Brief at 1 n.1, Dkt. No. 209-2. There certainly is some evidence that AddShoppers tracked Lineberry’s visit to the Medterra website on her work computer, such as the SafeOpt email Lineberry received about MedTerra shortly after visiting the site. Ex. 51, Dkt. No. 208-4. But the plaintiffs leave out that Lineberry also failed to preserve any browsing history on her work computer, which has since been returned to her employer and wiped of its data. Lineberry Deposition, 171:9– 172:4, Dkt. No. 178-8. That browsing history is relevant to corroborating (or not) Lineberry’s browsing of the MedTerra website, and her deletion of that data raises a unique defense against her. See In re Arris , 327 F.R.D. at 358. [4]
IV
The final question is whether plaintiffs’ counsel should get a chance to file a renewed motion for class certification. The answer is no, because it appears that the only way to fix the typicality and adequacy issues would be to substitute in new named plaintiffs, and counsel has already been given a chance to do that. It would be unfair to the defendants, after two-and-a-half years of litigation, to allow plaintiffs’ counsel to take another crack at class certification. See Cepelak v. HP Inc. , No. 20-CV-02450, 2022 WL 16824309, at *2 (N.D. Cal. Oct. 20, 2022).
Indeed, this case highlights a common problem with proposed class actions: named plaintiffs are not being vetted carefully enough. Consider just a couple of the many, many examples this Court has seen over the years. In a proposed class action against Twitter alleging that the company was legally required to pay a bonus to employees who stayed on through the acquisition of the company by Elon Musk, the named plaintiff was a Twitter executive who argued internally that the bonus was discretionary, not mandatory. See Schobinger v. Twitter, Inc. , No. 23-CV-3007, 2024 WL 4504528, at *1 (N.D. Cal. Oct. 16, 2024). In a proposed class action against Lyft alleging that Lyft drivers should be classified as employees rather than independent contractors, the initial named plaintiff only gave “occasional rides” for Lyft “as a hobby” when “he was not busy with his full-time job at Facebook.” Cotter v. Lyft, Inc. , 176 F. Supp. 3d 930, 936 (N.D. Cal. 2016). And in a proposed class action against HP alleging a defect in HP computers, one of the named plaintiffs wiped and reset her computer to its original factory settings because she thought it was unfair for HP to be able to inspect her computer with her personal information on it. Dkt. Nos. 176, 190, Pietosi v. HP , Case No. 22-4273. These types of issues are serious—they jeopardize the prospects of class certification, and they harm the chances of a class recovery if a class were somehow certified.
Moreover, when these sorts of problems become apparent, plaintiffs’ lawyers seem to stick their heads in the sand rather than addressing them proactively (for example, by seeking to bring in new named plaintiffs before class certification). Going forward with named plaintiffs plagued by these kinds of problems is inconsistent with the duty of counsel to faithfully represent the interests of the absent class members. If the only named plaintiff you can find is someone whose presence threatens to weaken the claims of the absent class members, don’t bring the lawsuit. And if you’ve already brought the lawsuit, don’t just plow ahead hoping that it won’t become a big deal.
IT IS SO ORDERED.
Dated: May 29, 2025
______________________________________ VINCE CHHABRIA United States District Judge
[1] Cordero also provides no explanation for why the AddShoppers’ database would have deleted the tracked product information when their database contains such information for many other visits during the class period, let alone why their database would have deleted only the product information while preserving the other data about his visit (like the date and time).
[2] Cordero’s lack of standing to sue Peet’s also affects his ability to be a class representative for the class against AddShoppers, as will be discussed below. However, that is because of the way the plaintiffs defined the class, not because Cordero lacks standing to sue AddShoppers.
[3] The defendants also raise several arguments about predominance and superiority, and both parties move to exclude portions of expert reports related to the predominance inquiry. Dkt. No. 147; Dkt. No. 163. Because the motion for class certification is denied on typicality and adequacy grounds, the Court declines to address these arguments and the related Daubert motions.
[4] It is possible that Lineberry’s visit to another site (other than Dia and MedTerra) lacks these evidence preservation issues such that she could be a typical and adequate plaintiff, but the plaintiffs do not raise that possibility or point the Court to the evidence concerning those other website visits. It also would seem possible to seek injunctive relief purely on evidence that future CIPA violations are very likely to occur to Lineberry (regardless of whether past CIPA violations have occurred). But the plaintiffs also do not put forth any of that evidence on this motion for class certification.