In a case of first impression, a federal court in California rejected an attempt by plaintiff, a UK citizen, to bring GDPR-based claims against an American company on behalf of a UK putative class.  Elliott v. PubMatic, Inc., 2021 U.S. Dist. LEXIS 154053 (N.D. Cal. Aug. 16, 2021).  Because this is the first instance in which a plaintiff sought to bring a GDPR-based suit in American courts, it is a notable decision anticipated to shape the data privacy litigation landscape going forward.

Some legal background.  As summarized by the court in Elliot, the United Kingdom’s General Data Protection Regulation (“UK GDPR”) provides rules relating to the protection of natural persons with regard to the processing of personal data, and rules relating to the free movement of personal data in the United Kingdom.  This includes protections that limit the use of uniquely identifying cookie IDs where consent is not expressly granted.  The UK GDPR includes a private right of action.  While it is “materially identical” to the EU GDPR, it contains a significant substantive difference: unlike the EU’s GDPR, the UK GDPR does not require complaints to be filed in a European court.  In this case, Plaintiff asserted, he was authorized to filed suit under the UK GDPR in the United States—notwithstanding that he resided in England.

Now, let’s take a look at the (alleged) facts of the case.  Unlike Plaintiff, Defendant PubMatic, Inc. (“PubMatic”) is based in the US.  PubMatic is a digital advertising technology company.  Plaintiff alleged that “[a]s part of its business practices, PubMatic placed unique and therefore individuating identifiers in the form of cookies on Elliott’s device and used those uniquely identifying cookies to monitor and track [Plaintiff’s] U.K.-based online activities.”  Plaintiff additionally alleged that he was injured by PubMatic’s alleged internet cookie placement practices in violation of his U.K. data privacy rights.  He sought to represent a class of “[a]ll persons residing or who resided in England and Wales who used Chrome, Edge, or Internet Explorer browsers and have had a PubMatic cookie placed on their device”.

Defendant moved to dismiss under Rule 12(b)(1) and 12(b)(6), asserting arguments based on standing, forum non conveniens, and international comity.  The court ultimately granted the motion and dismissed the case after adopting the Defendant’s forum non conveniens and international comity grounds—leaving the question of standing unresolved.

First, insofar as forum non conveniens is concerned—the doctrine is based on the notion that “[a] district court has discretion to decline to exercise jurisdiction in a case where litigation in a foreign forum would be more convenient for the parties.”  A district court may dismiss a litigation once it determines that “the appropriate forum is located in a foreign country.”  This  involves the consideration of various public and private interest factors, which include such as: (i) the residence of the parties and witnesses, (ii) the forum’s convenience to the litigants; (iii) the local interest in the lawsuit, and (iv) the court’s familiarity with the governing law, among others.  The court held that in this case there was “no argument—there exists an adequate alternative forum,” particularly as Plaintiff himself was a UK resident and Defendant was willing to accept services of process in the UK if the USu litigation was dismissed.

Second, the court also held that internal comity supported dismissal of the litigation.  It is well-established that “international comity is a doctrine of prudential abstention, one that ‘counsels voluntary forbearance when a sovereign which has a legitimate claim to jurisdiction concludes that a second sovereign also has a legitimate claim to jurisdiction under principles of international law.'”  (citations omitted).  In the context of this litigation, the court found that “[t]he U.K. has a strong interest in addressing injuries to English and Welsh subjects . . . [w]hile plaintiff focuses on the California-based conduct of PubMatic, he glosses over any potential conduct by the company in the U.K. and the injuries suffered to a class of plaintiffs in England and Wales.”

So there you have it.  Because class actions are not well developed as a procedural device or commonplace in Europe, creative plaintiffs lawyers were hoping this case could start a new trend of litigating UK GDPR-based claims in US courts.  The court’s dismissal of the litigation have put a stop to that for now—although stay tuned.  Elliot is only the first decision to address this novel legal question, and the Defendant here specifically consented to accepting service of process in the UK—meaning that there may still be other test cases seeking to bring similar legal theories.