Plaintiffs Face Challenges in Cellular Phone Application Privacy Litigation
On February 13, 2017, a District Court in the Northern District of California granted in part and denied in part a motion to dismiss a claim brought against three entities (including the Golden State Warriors) in a first-of-its-kind case testing the applicability of the Electronic Communications Privacy Act, 18 U.S.C. § 2510, et seq. (the “Wiretap Act”) to smartphone apps.
In Satchell v. Sonic Notify, Inc., 16-4961 (N.D. Cal.) the plaintiff, a Golden State Warriors fan, alleged that the team’s mobile application (the “App”), developed by Yinzcam, recorded her conversations without her knowledge or consent, in violation of the Wiretap Act. According to the plaintiff, the Warriors partnered with Signal360 “to integrate Signal360’s beacon technology” into the App, which provides users with scores, statistics, schedules, and news about the team. The “novel beacon technology” allows companies to provide consumers with targeted advertisements, promotions, and contents “by determin[ing] a consumer’s precise location by listening for nearby Signal360 audio beacons” using the microphone on the consumer’s smartphone. According to Plaintiff, “Defendants programmed the App to instantly turn on the consumer’s Microphone,” and the App “listens to and records all audio within range—including consumer conversations” until the consumer closes the App or turns off the smartphone. The plaintiff further alleged that although “the App asks for certain permissions,” including a request to use the device’s microphone, Defendants do not inform consumers that the “App uses audio beacon technology that surreptitiously turns on consumers’ smartphone microphones and listens in.” The plaintiff’s complaint alleged that “because Plaintiff carried her smartphone to locations where she would have private conversations and the App was continuously running on her phone, Defendants [sic] App listened-in to private oral communications” without her consent or knowledge, violating the Wiretap Act.
On November 1, 2016, each of the defendants moved to dismiss the complaint. According to the defendants, the plaintiff lacked Article III standing because her alleged injury—the wear and tear, battery consumption, and diminished use and enjoyment of her smartphone—is not a concrete injury-in-fact. Moreover, and in any event, the defendants argued that the plaintiff failed to state a claim for violation of the Wiretap Act, which provides a private right of action to “any person whose wire, oral, or electronic communication is intercepted, disclosed, or intentionally used in violation of this chapter.” 18 U.S.C. § 2520. The defendants argued that the plaintiff failed to allege facts demonstrating an “interception” of an “oral communication,” within the meaning of the Act. Specifically, the defendants argued that because the complaint merely alleged that the App temporarily recorded audio that remained on the plaintiff’s phone, the plaintiff failed to establish an “interception,” which requires as a matter of law an “acquisition” or “coming into possession” of the contents of an oral communication. Further, the defendants argued that the plaintiff’s claim of an alleged unlawful “use” also failed because the defendants did not “use” the contents of the plaintiff’s communications, and instead, Signal360’s beacon signals are the only audio data “used” by the App.
Judge Jeffrey White denied the defendants’ motions to dismiss for lack of standing. According to the court, the intangible harm associated with invasion of the plaintiff’s right to privacy was enough to show injury-in-fact, and to confer Article III standing. However, the court did grant the defendants’ motions for failure to state a claim. The court found that the plaintiff failed to allege facts showing that either Yinzcam or the Warriors had “intercepted” an oral communication within the meaning of the Act. As to Signal360, the court found that the plaintiff’s allegations that Signal360 designed its beacon technology to turn on a smartphone’s microphone and record were sufficient to allege that Signal360 “intercepted” the plaintiff’s communications. The court nevertheless found that the plaintiff failed to allege facts sufficient to show that any of the defendants intercepted an “oral communication,” because she offered only conclusory allegations that she carried her smartphone with her to places where she would have private conversations. Finally, the court concluded that the plaintiff failed to state a claim based on “use” since she failed to allege any facts to show that the contents of her communications (as opposed to the beacon signals) were used to send her targeted advertising. The court granted the plaintiff leave to amend her complaint by March 13, 2017.
The Indianapolis Colts are contending with substantially similar allegations in a putative class action pending in the District of Massachusetts. In this action, Rackemann v. LISNR, Inc. et al., No. 16-12326 (D. Mass.), the plaintiff, a user of the Indianapolis Colts’ official application, claims that the Colts, along with the application developer (Adept Mobile, LLC) and another developer of the “beacon technology” used in the application (LISNR, Inc.), also violated the Wiretap Act by surreptitiously recording application users’ personal communications. The defendants have moved to transfer venue to the Southern District of Illinois and moved to dismiss on the same grounds as the Satchell defendants. Briefing on the defendants’ motions is scheduled to conclude later this month. Another similar case pending in the Northern District of Illinois has been stayed while the parties discuss settlement. See N.P. v. Standard Innovation (US), Corp., No. 16-08655 (N.D. Ill. 2016).
Meanwhile, Google has been fighting challenges under the Wiretap Act and similar state statutes for over six years. In a series of cases consolidated in the Northern District of California as In re Google Gmail Litigation, 13-md-2430 (N.D. Cal.), the plaintiff Gmail users claimed that Google’s practice of scanning emails to create ad content violated the Wiretap Act and several state eavesdropping statutes. Judge Lucy Koh deemed the allegations sufficient to survive a motion to dismiss, but refused to certify a class because individualized issues of consent predominated over common facts. After the Gmail plaintiffs settled on an individual basis, a new putative class action was filed against Google under the Wiretap Act and the California Invasion of Privacy Act (CIPA), this time on behalf of non-Gmail users. In Matera v. Google Inc., 15-4062 (N.D. Cal.), Judge Lucy Koh again denied motions to dismiss – both on the merits and on Article III standing. The parties are currently seeking preliminary approval of a class settlement that would change the way that Gmail processes emails but would not provide any monetary relief to the class.
Yahoo faced similar challenges to its email processing under the Wiretap Act and CIPA in Holland v. Yahoo! Inc., 13-4980 (N.D. Cal). After Judge Koh certified a class of non-Yahoo users, the parties agreed to a settlement under which Yahoo! would change its email processing practices and pay $4 million in attorneys’ fees. Judge Koh approved a settlement last August.
In Satchell v. Sonic Notify, we expect the plaintiff to amend her complaint to add more specific factual allegations to bolster her claim that her “oral communications” were intercepted and that each defendant participated in the alleged violations of the Wiretap Act. It may prove difficult, however, for her to allege facts sufficient to support her claim that her private communications were disseminated in violation of Section 2511(d).
While the result in Satchell is good news for potential defendants, the true test of the viability of claims will be whether the plaintiff is able to amend her complaint to cure the deficiencies noted by the court. Regardless of the ultimate outcome, the recent filings under the Wiretap Act show that the plaintiffs’ bar continues to push the envelope of the class action device and statutory damages of obscure statutes to attack companies that interact with or collect and process consumer information in innovative ways.