X Corp. v. Bright Data Ltd.
Filing
156
ORDER RE 118 SECOND AMENDED COMPLAINT. Signed by Judge Alsup. (whalc2, COURT STAFF) (Filed on 11/26/2024)
<![CDATA[
1
2
3
4
5
UNITED STATES DISTRICT COURT
6
7
NORTHERN DISTRICT OF CALIFORNIA
8
9
10
X CORP.,
Plaintiff,
United States District Court
Northern District of California
11
v.
12
13
No. C 23-03698 WHA
ORDER RE SECOND AMENDED
COMPLAINT
BRIGHT DATA LTD.,
Defendant.
14
15
INTRODUCTION
16
17
A prior order dismissed the social media company’s first amended complaint for failing
18
to state a claim. The complaint failed to allege that the data-scraping company accessed the
19
social media platform without authorization and caused damage. And, the complaint failed to
20
allege that the data-scraping company scraped and copied data in which the social media
21
company held a right not preempted by the Copyright Act. Now, the social media company
22
moves for leave to file a second amended complaint. It purports to cure problems with the old
23
claims and it proposes new claims. For the reasons below, the motion is GRANTED IN PART
24
AND DENIED IN PART.
STATEMENT
25
26
1.
27
Plaintiff X Corp. owns and operates the social media platform X (see Dkt. No. 36
28
(“Prior”) ¶ 17; Dkt. No. 117-4 & 118-1 (“Proposed”) ¶ 21). Users who register and log into X
THE PRIOR COMPLAINT.
1
can post comments, images, and videos (Prior ¶ 19; Proposed ¶ 24). They can also like,
2
comment on, and re-post other users’ contributions (see ibid.). Users who do not log in can
3
still view content others have shared, even if opportunities to view this public content is rate-
4
limited by IP address or other means (Prior ¶¶ 21, 37; Proposed ¶¶ 64, 68). The proposed
5
amendments qualify but do not contradict the last statement, as discussed below.
By using the platform, users agree to X Corp.’s Terms of Service, Privacy Policy, and the
United States District Court
Northern District of California
6
7
Rules and Policies (together, the “Terms”) (Prior ¶ 22; Proposed ¶¶ 6, 139). The prior order
8
summarized the Terms (Dkt. No. 83 (“Order”) 2–6 & n.2, 25–26).1 The Terms grant X Corp. a
9
non-exclusive license to content users share or send through the platform (Order 2–3 (citing
10
Terms 3–5); see also Proposed ¶¶ 39, 42). The Terms purport to preclude users from scraping,
11
reproducing, and selling content they see on the service (Order 3 (citing Terms 6, 8); see Prior
12
¶¶ 23–29; Proposed ¶¶ 29–35). And, in various ways, they proscribe encouraging others to
13
violate the Terms (see Prior ¶¶ 27, 30; Proposed ¶ 34).
Finally, defendant Bright Data, Ltd. allegedly makes money by doing what the Terms say
14
15
not to do: Bright Data evades X Corp.’s anti-scraping technology (including IP-tracking and
16
rate-limiting), scrapes data, and sells that data to third parties, while also selling software and
17
proxy network services that let others scrape, too (Order 5; see Prior ¶ 46; Proposed ¶ 105).
18
2.
19
The previous order explained that the allegations raised two basic grievances: First, that
THE DISMISSAL ORDER.
20
Bright Data improperly accessed X Corp.’s systems and helped others do so (Order 17).
21
Second, that Bright Data improperly scraped and sold data and helped others do so (ibid.). X
22
Corp.’s legal theories — trespass to chattels, contract interference, contract breach,
23
misappropriation, unjust enrichment, and Section 17200 — corresponded with one, the other,
24
or both basic grievances. No claim survived dismissal as alleged:
25
26
27
28
1
This order cites to the same version of these terms as before (Order 3 n.2) for consistency across
the orders and because the outcome here does not turn on any change across versions: X Corp.’s
Terms of Service, Sept. 29, 2023 (“Terms”), https://twitter.com/en/tos (captured May 9, 2024)
[https://perma.cc/NPM5-FHYP].
2
1
The access-based claims failed (id. at 8–18). X Corp. alleged only that Bright Data
2
accessed publicly accessible data (id. at 4–5). So, Bright Data faced no need to fabricate
3
accounts or misrepresent itself. That undercut X Corp.’s fraud-based Section 17200 claims (id.
4
at 11–13). And, although X Corp. alleged that Bright Data’s access impaired X Corp.’s
5
infrastructure, those allegations were conclusory. That undercut X Corp.’s trespass to chattels
6
claim (id. at 8–11), as well as its access-based allegations of contract interference (id. at 13–
7
15) and breach (id. at 15–18).
United States District Court
Northern District of California
8
The scraping- and selling-based claims failed because they were preempted by the
9
Copyright Act (id. at 18–25). On the one hand, X Corp. alleged that it did not take an
10
exclusive license to users’ content (id. at 19–20). On the other hand, X Corp. alleged that it
11
could exclude third parties from copying users’ content (ibid.). Such alchemy — achieved at
12
scale through adhesive contracts — would allow X Corp. to escape the burdens of content
13
ownership under the Communications Decency Act and the Digital Millenium Copyright Act,
14
while allowing it to enjoy the benefits of content ownership under the Copyright Act (ibid.).
15
But disclaiming copyright only to claim it again through contract was preempted by the
16
Copyright Act (ibid.). The state-law claims based on scraping and selling of data undermined
17
the Act’s purpose and effects: First, X Corp.’s arrangement interfered with owners’ rights to
18
exclude or not to exclude others from the content (id. at 23). Second, the arrangement
19
interfered with other parties’ rights to fair uses of the content (id. at 24). Third, it interfered
20
with the Act’s dedication to the public of non-secret facts and figures (ibid.).
21
The prior order did not deem amendment futile. Instead, as to the access-based claims, it
22
imagined that some complaint might plausibly assert that a data scraper fraudulently accessed
23
non-public data and caused damage to infrastructure while doing so (see id. 17–18). And, as to
24
the scraping-based claims, the prior order suggested that at least state-law claims vindicating
25
state-law privacy interests, for instance, might not be preempted by the Copyright Act (id. at
26
24–25). Finally, the order did not engage X Corp.’s contract breach theories based on changes
27
X Corp. made to X’s Terms after filing suit; X Corp. did not cite caselaw or mount argument
28
for why the claims emanating from the revised contract should be in this suit (id. at 25–26).
3
1
2
An earlier motion for leave to amend the complaint failed because it was filed by
conflicted counsel (see Dkt. No. 105 at 15 (denying Dkt. No. 90)).
3
3.
4
With new counsel, X Corp. now files a proposed, second amended complaint (Dkt. No.
5
6
THE PROPOSED COMPLAINT.
118). The amended allegations address:
?
Impairment of X’s servers by way of scraper-specific use patterns,
including that data-scraping requests disproportionately target
select areas of the X platform compared to human or authorized
machine requests (Proposed ¶¶ 83–84, 87), that ensuring X stays
functional despite these concentrated requests requires millions of
dollars of excess server capacity, that even with supplementary
servers X has suffered “intermittent” server failure and a “glitchy,
lagged user experience” (id. ¶¶ 89–91), and that Bright Data is a
“substantial source” of data-scraping requests (id. ¶¶ 2, 4);
?
Access to non-public data by way of fake logins, including that not
all content on X is publicly available (id. ¶¶ 64–65), that the
publicly available content can be viewed only within narrow limits
(id. ¶¶ 66–67, 71), that scrapers access both kinds (e.g., id. ¶ 87),
and that “the only way to data scrape X at the scale Bright Data
promises is by” ultimately “open[ing] legions of fake accounts”
(id. ¶ 79; cf. ¶¶ 3, 69, 120);
?
Types of data on X, including that X hosts “user-generated content
(like user posts and profiles) and non-user-generated content (like
follower lists and other information about the relationships
between users),” and “create[s]” “aggregat[ions]” or
“amalgamat[ions]” of the other two (id. ¶¶ 39, 186);
?
Purported ownership interests in those data types, including that X
Corp. disclaims any copyright to user-generated content (id. ¶ 42),
disclaims any copyright to non-user-generated content that lacks
creativity (id. ¶ 39), and yet claims some interest in the
“organizat[ion]” or “aggregate[ion]” of the data that it assembles at
great cost and that can itself be wrongfully copied or taken (id.
¶¶ 39, 186);
?
And, non-pecuniary, user, and state-law interests in the data,
including that X Corp. users are unlikely to be aware that content
they post to the platform is scraped by Bright Data (id. ¶ 119), that
the content once scraped by Bright Data would by Bright Data’s
own terms of use no longer be treated with the same privacy and
security protections as X provides (id. ¶ 136), and that because “X
cannot ensure that its users’ data is deleted once it has been
anonymously scraped” it cannot “fulfill[] its obligations” under the
California Consumer Privacy Act (id. ¶¶ 36–38, 135).
7
8
9
10
United States District Court
Northern District of California
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
4
1
The proposed complaint also adds three new claims: That Bright Data violated the Digital
2
Millenium Copyright Act (id. ¶¶ 189–99), the Computer Fraud and Abuse Act (id. ¶¶ 200–11),
3
and the California Comprehensive Computer Data Access and Fraud Act (id. ¶¶ 212–17).
This order follows full briefing and oral argument.
4
ANALYSIS
5
6
The Court forewarned X Corp. to “plead its best case” (Order 26).
7
1.
United States District Court
Northern District of California
8
CLAIMS BASED ON ACCESS TO SYSTEMS.
A.
TRESPASS TO CHATTELS.
9
“[T]respass to chattels lies where an intentional interference with the possession of
10
personal property has proximately caused injury.” Intel Corp. v. Hamidi, 71 P.3d 296, 302
11
(Cal. 2003).2 “Short of dispossession, personal injury, or physical damage (not present here),
12
intermeddling is actionable only if the chattel is impaired as to its condition, quality, or value,
13
or the possessor is deprived of the use of the chattel for a substantial time.” Id. at 306. Such
14
an interference must also be unauthorized. See id. at 301 n.1, 305–06. The prior complaint
15
alleged no impairment (Order 9). The closest it came was to allege in conclusory fashion that
16
Bright Data’s “acts have diminished the server capacity that X Corp. can devote to its
17
legitimate users” (ibid. (quoting Prior ¶ 98)). It thus failed to state a claim.
18
(i)
Damage?
19
Now, in its proposed complaint, X Corp. newly alleges that scrapers traverse the X
20
service in patterns markedly different from humans or authorized machines, that scrapers thus
21
use underlying server capacity in abnormal proportions, and that this results in intermittent,
22
isolated server failures and a “glitchy, lagged user experience” for X’s human users (see
23
Proposed ¶ 89; see also id. ¶¶ 83–84, 87, 90–91; Br. 4–5, 7). Moreover, but for X Corp.’s
24
purchase of millions of dollars of server capacity, this conduct would result in catastrophic
25
system failures (ibid.). Finally, “Bright Data bears the blame for this profusion of scraping” as
26
an industry leader, even if the exact amount it contributes is now knowable only to it (Br. 5;
27
28
2
For readability, internal quotation marks and citations within citations are omitted throughout
unless noted.
5
1
see Proposed ¶¶ 111–13, 131). Bright Data does not contest that if X Corp. states trespass to
2
chattels as to data scrapers, it plausibly does so as to Bright Data, too. This order will assume
3
as much. The proposed complaint now states a claim:
United States District Court
Northern District of California
4
First, its allegations of injury are now factual, not conclusory. As becomes clear below,
5
the allegations do more than parrot that X Corp. suffers “damage in the form of impaired
6
condition, quality, and value of its servers, technology infrastructure, services, and reputation”
7
(Order 9 (quoting Prior ¶ 102)).
8
Second, the proposed complaint’s allegations now plausibly allege how “a scraper is
9
inherently burdensome, or inherently more burdensome than an X user sending requests to X
10
Corp.’s servers with a browser” (see Order 9). Simply put, on a volume per entity basis, the
11
instant complaint alleges that each scraper is “at least” a million times more burdensome than
12
an ordinary user (see Proposed ¶ 83). “Based on X’s internal investigation, data scrapers
13
generally make millions of more requests to X than a normal user would make. And each
14
individual request from a scraper is at least as taxing as an ordinary user request” (ibid.
15
(emphasis added)). But the alleged burden is not based on total volume of activity alone, as
16
scrapers still compose just three to five percent of the total traffic on X (see Opp. 5; Proposed
17
¶ 87). Rather, the burden is based also on the distribution of that activity across time and
18
space, as scrapers compose about 10–20% of traffic in some moments and 99% of requests at
19
some site locations (see Br. 4, 7; Reply 4; Proposed ¶¶ 87, 90). Similarly, that burden is based
20
not on total server capacity alone, but on the specific server capacity handling those requests
21
(Proposed ¶ 89). X has an architecture whereby particular service paths are handled by
22
particular servers, even if those servers are busy while others are idle (ibid.). Because scrapers
23
make requests along certain pathways more than do other users, scrapers task certain servers
24
more, too (ibid.). Likewise, because scrapers request a lot of content that ordinary users rarely
25
request, X must reach past its cache to more expensive-to-reach data storage (see id. ¶¶ 83–84).
26
That all causes “intermittent but individualized internal server failures,” system “lag[],” and the
27
need to buy server capacity to relieve or avoid repeat impairment, to the tune of over $100
28
million each year (id. ¶¶ 89–90).
6
1
Finally, as a result, the proposed complaint thereby plausibly alleges that scrapers cause
2
an “actionable deprivation of use” of X Corp.’s servers that is “so substantial that it is possible
3
to estimate the loss caused thereby.” Intel, 71 P.3d at 306. And, this loss is “established by the
4
completed tort’s consequences, not by the cost of the steps taken to avoid the injury and
5
prevent the tort.” Id. at 308. Critically, the proposed complaint now alleges that X Corp.
6
spends money to replace or supplement its property that is or soon would be functionally
7
impaired: It pays for 10–20% more server capacity than that which, but for the tortious
8
conduct, would be needed (e.g., Proposed ¶ 90). Cf. Intel, 71 P.3d at 306.
9
United States District Court
Northern District of California
10
Bright Data contends this is still not enough to state a claim for trespass to chattels. Its
arguments do not persuade:
11
First, Bright Data argues that X Corp.’s expenses for anti-scraping teams and software
12
are not property damages (see Opp. 4; see Proposed ¶¶ 92–94). That’s neither here nor there.
13
Yes, Intel held that staff time spent to stop a person from sending unwanted messages was not
14
a basis for a trespass to chattels claim. But the complaint now alleges more than staff and
15
software expenses in preventing trespass. As just described, it alleges circumstantial evidence
16
of property impairment given the failure to prevent trespass.
17
Second, anticipating that point, Bright Data argues: “Just as spending money to prevent a
18
trespass is not trespass harm, spending money on infrastructure to acquire property that then
19
functions as intended is not trespass harm. The law of trespass focuses only on the deprivation
20
of plaintiff’s property, not the reasons the plaintiff acquired the property” (Opp. 6–7). But this
21
argument fails on the law and facts in this posture.
22
Legally, the argument misses Intel’s point. Set aside X Corp.’s newly installed server
23
capacity. X Corp. complains that the originally installed server capacity did not or would not
24
function. That is a property harm that is logically prior: X Corp. complains of “deleterious
25
impact[s]” to “the functioning of [that] system.” See Intel, 71 P.3d at 305–06. The spending
26
on new property is, as plausibly alleged, a one-to-one measure of the old property’s
27
substantially impaired use. Well-founded inferences can decide final questions, United
28
States v. Ramirez-Rodriquez, 552 F.2d 883, 884 (9th Cir. 1977) (per curiam), and certainly can
7
United States District Court
Northern District of California
1
sustain claims at this stage, Gordon v. City of Oakland, 627 F.3d 1092, 1094–95 (9th Cir.
2
2010).
3
Factually, the argument likewise fails to accept the allegations, as we must here and
4
which distinguish this case from Intel and its progeny: Even with the investment, there are
5
alleged “server failures,” if “intermittent” and “isolated” ones (cf. Opp. 10). And, but for the
6
investment, there would be full-blown failures (Property ¶ 89). Those allegations are distinct
7
from those in Intel, and from those in another case Bright Data relies upon: WhatsApp Inc. v.
8
NSO Grp. Techs., Ltd., 472 F. Supp. 3d 649 (N.D. Cal. 2020) (Judge Phyllis J. Hamilton).
9
Proposing a parallel with that case (Opp. 11), Bright Data asserts that server failure is
10
implausible because scrapers “rel[y] on [X]’s servers to function exactly as intended,”
11
WhatsApp, 472 F. Supp. at 684–85. Scrapers, just like the messengers in WhatsApp, seek to
12
“emulate legitimate [X] network traffic in order to [scrape] [data], undetected,” without
13
“impair[ing] the physical functioning of [X]’s servers.” Cf. ibid. But that is where the parallel
14
runs into a right angle: Unlike the messengers in WhatsApp, after the scrapers slip onto X,
15
their unconventional behavior becomes detectable at least at scale and impairs X’s servers until
16
the servers must be supplemented (supra).
17
The same argument appears elsewhere in other garb and is no more convincing. For
18
instance, Bright Data argues: “[I]t does not matter that individuals account for 99% of requests
19
for Elon Musk’s tweets, and scrapers account for 99% of the requests for his public profile
20
info. As X [Corp.] explained, it developed its ‘architecture to ensure that the system overall’
21
works as intended for both types of requests” (Opp. 6 n.5 (quoting Proposed ¶ 89)). But absent
22
scrapers, X Corp. plausibly would have used a substantial portion of its property differently.
23
And, even with this system in place, X Corp. still suffers failures.
24
Finally, Bright Data pokes at the complaint, pointing to weak words but ignoring
25
stronger ones that do the work. For instance, Bright Data argues that the amended allegations
26
are conclusory when they state that scrapers cause X’s traffic to “jump extreme amounts”
27
(Opp. 4). Bright Data ignores, however, that X Corp.’s alleged purchase of 10–20% more
28
server capacity readily supports the inference that traffic “jump[s]” — perhaps 10–20% at peak
8
1
(Reply 4). That will do for today. See hiQ Labs, Inc. v. LinkedIn Corp., No. 17-cv-03301-
2
EMC, 2021 WL 1531172, at *10 (N.D. Cal. Apr. 19, 2021) (Judge Edward M. Chen).
3
United States District Court
Northern District of California
4
X Corp.’s proposed amendment alleges an “actionable deprivation of use” of its servers.
(ii)
Unauthorized?
5
The proposed complaint also makes plausible that the access exceeds any consent. The
6
“exchange of information across [one]’s internet-connected system is to be expected” because
7
the “internet was designed to enable this exchange” (Order 8). As a result, stating a claim that
8
a defendant accessed a plaintiff’s public internet site without authorization is no formality. Cf.
9
Intel, 71 P.3d at 309–11; Van Buren v. United States, 593 U.S. 374, 378 (2021). This proposed
10
complaint, however, now plausibly alleges that Bright Data undertook sophisticated efforts to
11
access X with knowledge that such access was beyond the scope of any authorization — as
12
further described below with respect to the Section 17200 claims.
13
In opposition, Bright Data argues that the proposed complaint still leaves open that
14
Bright Data accessed only publicly available content and only as any other user would — thus
15
suggesting implied consent (Opp. 8–11). But to the extent Bright Data argues it is alleged to
16
do only what human users do, the new allegations say otherwise (supra). And, to the extent
17
Bright Data argues it is alleged to do only what crawlers like Google do, the new allegations do
18
not favorably complete that comparison, either: X “allows Google to ‘crawl’ certain posts”
19
(see Proposed ¶¶ 64, 75), whereas the proposed complaint newly alleges facts making plausible
20
that X Corp. revoked any allowance afforded Bright Data, that Bright Data knew it, and yet
21
that Bright Data persisted in accessing even posts that could not be openly accessed (infra).
22
Thus Bright Data is wrong to say no new allegations support the claim (Opp. 6). Bright Data
23
allegedly exceeded the limits X imposes on all users alike through Terms and technical
24
measures — despite receiving notice in both manners that any authorization it had enjoyed was
25
now rejected (infra). For the same reason, the proposed complaint alleges that Bright Data’s
26
intermeddling was intentional, too (Opp. 7, 11; Reply 11). See Itano v. Colonial Yacht
27
Anchorage, 267 Cal. App. 2d 84, 89–90 (1968); Level 3 Commc’ns, Inc. v. Lidco Imperial
28
9
United States District Court
Northern District of California
1
Valley, Inc., No. 11cv01258 BTM (MDD), 2012 WL 4848929, at *4 (S.D. Cal. Oct. 11, 2012)
2
(Judge Barry Moskowitz).
3
None of the cases Bright Data cites compels a different conclusion as a matter of law
4
with respect to this tort in this context, and for good reason (Opp. 8–11). On the one hand,
5
courts finding no damage from scrapers’ access have not needed to reach consent. On the
6
other hand, courts finding plausible damage from scrapers’ access have done so in a
7
preliminary posture — and, without a robust factual record or proper presentation of the issues,
8
have not reached robust statements of law. See, e.g., hiQ Labs, Inc. v. LinkedIn Corp., 31 F.4th
9
1180, 1201 n.21 (9th Cir. 2022) (dicta); eBay, Inc. v. Bidder’s Edge, Inc., 100 F. Supp. 2d
10
1058, 1063, 1070–71 (N.D. Cal. 2000) (Judge Ronald M. White) (preliminary injunction).
11
This is an evolving area of state law and as pleaded here is factually sensitive. The
12
proposed complaint states a plausible claim that survives this stage. X Corp.’s motion for
13
leave to amend its trespass to chattels claims is GRANTED.
14
B.
VIOLATION OF SECTION 17200.
15
Section 17200 of the California Business and Professions Code prohibits unlawful,
16
unfair, and fraudulent business acts. The prior complaint failed to state a predicate claim for an
17
unlawful business act (Order 11). It failed to allege a theory of fraud with particularity (ibid.).
18
And, it failed to allege any facts at all about unfairness (ibid.). The proposed complaint
19
resolves all but one of these deficiencies.
20
(i)
Unlawful Business Acts.
21
The proposed complaint now alleges that Bright Data violated the Digital Millenium
22
Copyright Act (Proposed ¶¶ 189–99), the Computer Fraud and Abuse Act (id. ¶¶ 200–11), and
23
the California Comprehensive Computer Data Access and Fraud Act (id. ¶¶ 212–17). For this
24
motion, at least, Bright Data concedes the allegations state claims, and so unlawful business
25
acts (Opp. 12 n.8). See Cel-Tech Commc’ns v. L.A. Cellular, 973 P. 2d 527, 539 (Cal. 1999).
26
X Corp.’s motion to supplement its complaint with these “unlawful” business act claims
27
under Section 17200 is — without prejudice to later motions (see Part 3) — GRANTED.
28
10
United States District Court
Northern District of California
1
(ii)
Fraudulent Business Acts.
2
The proposed complaint now also alleges fraudulent business acts. A Section 17200
3
claim for fraudulent business acts “is unlike common law fraud or deception.” Schnall v. Hertz
4
Corp., 78 Cal. App. 4th 1144, 1167 (2000). One distinction is that conduct short of actual
5
deception suffices for the fraud element. Ibid. Another is that the pattern of conduct must
6
target others beyond plaintiff and be likely to deceive a significant portion of them. Cf. ibid.
7
The prior complaint failed to allege any deception at all (Order 11). Even accepting its
8
allegations, Bright Data could have accessed X without logging in (see Prior ¶¶ 20, 22) and
9
without using IP addresses or proxy services in a fraudulent way (see Order 13).
10
The proposed complaint solves those deficiencies.
11
Deceptive conduct is plausibly necessary to scrape at the scale discussed above. “[M]ost
12
of [X]’s content” is available only to users who register, agree to terms, and log in (Proposed
13
¶ 61 (since July 2023)). The remainder is available even to users who stay logged out (id.
14
¶¶ 63–66). All users are identified by technical attributes including IP address (id. ¶ 68). And,
15
whether identified by login or only by the latter, X limits access for each user (id. ¶¶ 67–68,
16
71). “These reasonable limits for human use make mass data scraping impossible” without
17
deceptive conduct (id. ¶ 72). Scrapers don’t stop. Scrapers take active steps that serve no
18
purpose but to trick X into giving them not a second, not a third, but a millionth turn to see the
19
sights (see id. ¶¶ 83, 132–34). For logged-in content, which Bright Data is alleged to scrape
20
(see id. ¶ 87), scrapers plausibly must create “bot accounts” or “impersonate registered X
21
users” (id. ¶¶ 71–72, 130). And, for logged-in and logged-out content alike, Bright Data
22
plausibly must employ millions of continuously rotating IP addresses (id. ¶¶ 132–33). The
23
system is unlike proxy services that others might use to mask themselves or to access the
24
service from unsupported locations (id. ¶ 134). It is allegedly purpose-built to exceed rate
25
limits at monumental scale (ibid.). Even so, the complaint alleges on information and belief
26
that X has caught and expressly blocked Bright Data-affiliated user accounts, only for Bright
27
Data to come right back (id. ¶ 132). And, targets plausibly deceived by this pattern of
28
conduct — as newly alleged and as Bright Data does not here contest — include “platforms
11
1
like X” (id. ¶ 2) and “any website in the world” Bright Data is hired to scrape despite similar
2
defenses (id. ¶ 133; see ¶ 10, 78, 110, 125). Bright Data allegedly touts a “99.99% success
3
rate” (id. ¶ 132).
4
Bright Data’s counters do not convince.
5
First, Bright Data argues the allegations plausibly establish it accessed a lot of content,
6
but not logged-in content (Opp. 12–13). Not so. The proposed complaint alleges specific
7
content available only to logged-in users and accessed disproportionately by scrapers (e.g.,
8
Proposed ¶ 87), and so Bright Data (id. ¶¶ 110–11). Further, if on information and belief, the
9
complaint alleges that Bright Data accounts have been blocked for accessing logged-in content
10
(id. ¶¶ 61, 87, 132).
United States District Court
Northern District of California
11
Second, Bright Data argues that the proposed complaint undermines the above inferences
12
and theory of deception by proposing a non-deceptive alternative for access: rotating IP
13
addresses (Opp. 14; see Proposed ¶ 120). The argument ignores that the above allegations are
14
about content only available to logged-in users (supra). And, it ignores that the IP-address
15
allegations also raise deception: Bright Data purpose-built its tools to trick X into giving
16
Bright Data endless access when it knew X would otherwise give Bright Data limited access
17
(Proposed ¶¶ 132–34). Then, when a Bright Data-affiliated IP address hit its limit and was
18
blocked, Bright Data came right back disguised to evade X’s anomaly detection under another
19
of its rotating millions of IP addresses (see id. ¶¶ 129, 132). Neither theory of deceptive
20
conduct may bear out in the end, but each is plausibly pleaded.
21
Finally, Bright Data contends that the above does not suffice for pleading fraud-like
22
conduct under Rule 9(b) (Opp. 13–14 (citing Kearns v. Ford Motor Co., 567 F.3d 1120, 1125
23
(9th Cir. 2009))). But particularly where a factually alleged complaint has surrounded the
24
defendant with allegations, “we relax pleading requirements” as to the remaining “facts [that]
25
are known only to the defendant.” Soo Park v. Thompson, 851 F.3d 910, 928 (9th Cir. 2017),
26
cert. denied, 583 U.S. 1052 (2018). “[T]he entire factual context is considered” to determine
27
whether the conduct “[]cross[es] the line from conceivable to plausible.” Ibid. (partly quoting
28
Ashcroft v. Iqbal, 556 U.S. 662, 680 (2009)). It does here.
12
1
2
X Corp.’s motion for leave to amend its “fraudulent” business act claim under Section
17200 is GRANTED.
United States District Court
Northern District of California
3
(iii)
Unfair Business Acts.
4
X Corp. next argues that the proposed complaint newly states an unfair business act by
5
alleging violations of privacy laws (Br. 8, 15–17; Reply 6–7; see Proposed ¶¶ 4, 36–37, 48–53,
6
58, 178).
7
“When a plaintiff who claims to have suffered injury from a direct competitor’s ‘unfair’
8
act or practice invokes [S]ection 17200, the word ‘unfair’ in that section means conduct that
9
threatens an incipient violation of an antitrust law.” Cel-Tech, 973 P. 2d at 565. X Corp. must
10
allege a “significant[]” threat to the competitive process, not merely to itself as a competitor or
11
even to consumers. Ibid. (citing Cargill, Inc. v. Monfort of Colo., Inc., 479 U.S. 104, 115
12
(1986)). The privacy-related allegations do not make plausible that Bright Data’s conduct
13
creates barriers to entry or disrupts basic market mechanisms like price or quality signaling.
14
Cf. Rambus Inc. v. FTC, 522 F. 3d 456, 464–66 (D.C. Cir. 2008). Possibly the opposite. Our
15
court of appeals has expressed concern that giving platforms like X “free rein to decide, on any
16
basis, who can collect and use data — data that the companies do not own, that they otherwise
17
make publicly available to viewers, and that the companies themselves collect and use — risks
18
the possible creation of information monopolies that would disserve the public interest.” hiQ
19
Labs, 31 F.4th at 1202.
20
In its briefing supposing this order should come out otherwise, X Corp. applies the wrong
21
standard. X Corp. suggests that playing loose with personal data is “substantially injurious to
22
consumers,” quoting a decision from our district (Br. 8 (quoting Pirozzi v. Apple, Inc., 966 F.
23
Supp. 2d 909, 921 (N.D. Cal. 2013) (Judge Jon S. Tigar))). That standard no longer applies to
24
cases brought by competitors, if at all. See, e.g., Buller v. Sutter Health, 160 Cal. App. 4th
25
981, 990–91 (2008). As Judge Tigar said on the next page of the decision X Corp. cites:
26
“[T]he most accurate guidance for courts and businesses” is the test for competitors announced
27
by the California Supreme Court in Cel-Tech. Pirozzi, 966 F. Supp. 2d at 922. Judge Tigar
28
applied the older test because, following our court of appeals, Lozano v. AT&T Wireless Servs.,
13
United States District Court
Northern District of California
1
Inc., 504 F.3d 718, 721, 735–37 (9th Cir. 2007) (putative class action), courts may continue to
2
do so in consumer suits like the one Judge Tigar considered, 966 F. Supp. 2d at 914 (putative
3
class action). The other decisions X Corp. cites (Br. 9) were also from consumer actions: In re
4
Anthem, Inc. Data Breach Litig., 162 F. Supp. 3d 953, 965 (N.D. Cal. 2016) (Judge Lucy H.
5
Koh) (putative class); In re Adobe Sys., Inc. Priv. Litig., 66 F. Supp. 3d 1197, 1205 (N.D. Cal.
6
2014) (Judge Lucy H. Koh) (putative class).
7
Notably, X Corp. does not squarely argue how alleged violations of consumers’ privacy
8
rights create standing for X Corp. to assert these Section 17200 claims. Such a theory cannot
9
succeed here. In Kwikset Corp. v. Superior Court, the California Supreme Court newly limited
10
third-party standing under Section 17200. 246 P.3d 877 (Cal. 2011). And, in Cel-Tech, the
11
California Supreme Court further held that a plaintiff cannot “plead around” other laws’
12
requirements by recasting invalid claims as valid Section 17200 “unlawful” business acts
13
claims. 973 P. 2d at 541, 566. Putting this all together: For X Corp. to assert claims rooted in
14
consumer injuries without even attempting to establish standing would strain Kwikset. And,
15
for X Corp. to do so to “plead around” the definition of “unfair” used for competitor actions
16
would strain Cel-Tech. The definitions matter. “[I]n the absence of a definition of what
17
competition is ‘unfair,’ these laws are at particular risk of being used to prevent not unfairness
18
but competition itself.” Mark A. Lemley & Mark P. McKenna, Unfair Disruption, 100 B.U. L.
19
REV. 71, 101, 116 (2020).
20
21
22
X Corp.’s motion for leave to amend its “unfair” business act claim under Section 17200
is DENIED.
C.
TORTIOUS INTERFERENCE WITH CONTRACT.
23
X Corp. next argues that the proposed complaint states a claim for tortious interference
24
with access agreements by plugging the gap that the previous order identified: damage (Br. 8
25
(citing Order 14–15)). Tortious interference results when (1) the plaintiff and a third party
26
have a valid contract, (2) the defendant knows about it, (3) and the defendant intentionally
27
induces (4) a disruption or breach of the contractual relationship, (5) causing damage. Pac.
28
Gas & Elec. Co. v. Bear Stearns & Co., 791 P.2d 587, 589–90 (Cal. 1990). In short, Bright
14
1
Data allegedly sells tools to help its customers access X in unauthorized ways, prompting them
2
to violate X’s Terms, too. The prior complaint met all elements except damage (Order 15).
3
As explained above, X Corp.’s proposed complaint now sufficiently alleges server
4
impairment from scrapers accessing its service (supra). That plausibly includes Bright Data
5
customers who agreed to X’s Terms. As a second damages theory, the proposed complaint
6
now alleges that “but for Bright Data’s tools, Bright Data’s customers would have needed to”
7
pay X to use its application programming interface “to obtain the data they want[ed]” in an
8
automated way (Br. 8 (summarizing); see Proposed ¶¶ 39–51, 58–59).
United States District Court
Northern District of California
9
In opposition, Bright Data objects to the server-impairment damages. But its arguments
10
were rejected above. And, as to the lost fees, Bright Data argues these fees are charged for
11
scraping, not for access (Opp. 14). Bright Data implies that any scraping-type damages zero
12
out if X Corp.’s Terms barring scraping are preempted by the Copyright Act (cf. ibid.). But if
13
Bright Data and its customers could not have accessed X, they could not have scraped X,
14
either. They could only have gotten the data by paying the fees (see Reply 8; Proposed ¶¶ 43–
15
51, 58–59, 107). This theory may not hold up as the facts develop, but it is plausibly pleaded.
16
X Corp.’s motion for leave to amend its tortious interference claim is GRANTED.
17
18
D.
BREACH OF CONTRACT.
Because the proposed complaint now sufficiently alleges damages (compare supra, with
19
Order 15–16), it now also states a claim for (access-related) contract breach. Such a claim
20
arises when (1) there is a contract and (2) the plaintiff performs but (3) the defendant doesn’t,
21
(4) causing damage. Oasis W. Realty, LLC v. Goldman, 250 P.3d 1115, 1121 (Cal. 2011). The
22
prior complaint failed to allege only the last element (Order 17–18). As to this proposed
23
complaint, parties make arguments like those above (see Br. 8; Opp. 14–15; Reply 8).
24
Bright Data also objects in passing, it seems, that contract terms barring inducement were
25
not in the Terms prior to suit, and that by filing suit Bright Data rejected any post-suit offers
26
(see Opp. 14 & n.11; cf. Order at 14, 16–17, 25–26). But the proposed complaint no longer
27
quotes from the provision that caused this kerfuffle (compare Order 25–26, with Redline 13).
28
15
United States District Court
Northern District of California
1
The proposed complaint instead cites other predating provisions that less clearly but still
2
plausibly proscribe the same conduct: inducing others to violate the Terms.
3
The motion for leave to amend the access-based breach of contract claims is GRANTED.
4
In sum, X Corp. may go forward with its proposed amendments as to its access-based
5
claims for trespass to chattels, unlawful and fraudulent business acts under Section 17200,
6
tortious interference with contract, and contract breach.
7
2.
8
The prior order found the scraping and selling-type claims preempted by the Copyright
9
Act of 1976. Those claims are for misappropriation, unjust enrichment, tortious interference
10
with contract (in part), and breach of contract (in part) (Order 18–25). On the one hand, X
11
Corp. alleged that it did not take an exclusive license to users’ content (id. at 19–20). On the
12
other hand, X Corp. alleged that it could exclude third parties from copying users’ content
13
(ibid.). Such magic — made possible by contract and other state-law assertions — undermined
14
the Copyright Act’s purpose and effects for three reasons: First, X Corp.’s arrangement
15
interfered with copyright owners’ rights to exclude or not to exclude others from the content
16
(id. at 23). Second, it interfered with other parties’ rights to fair uses of the content (id. at 24).
17
Third, it interfered with the Copyright Act’s dedication to the public of non-secret facts and
18
figures (ibid.).
CLAIMS BASED ON SCRAPING AND SELLING OF DATA.
19
The proposed complaint cures none of these problems.
20
As to interfering with the copyright owner’s right to exclude, X Corp. directs the Court to
21
its amended factual allegations (see Br. 12), beginning with this paragraph from the complaint:
22
[T]his complaint disclaims any exclusive copyright in X’s users’
posts, and X does not seek to enforce any copyright its users retain
in their own creative works. Indeed, X acknowledges that its users
retain the right to sell or license their posts to others, including
Bright Data, just as they retain the right to exclude others from
exploiting those posts. But Bright Data may not scrape those posts
from X’s platform — without consent from X or its users — and
sell them as part of the massive data packages it markets.
23
24
25
26
27
(Proposed ¶ 42 (emphases added)). Claim or disclaim. But a conclusory amendment is a futile
28
one. See Gordon, 627 F.3d at 1094–95; cf. Bell Atlantic Corp. v. Twombly, 550 U.S. 544, 555
16
United States District Court
Northern District of California
1
(2007). And, these legal conclusions are especially irrelevant here: The entire point of
2
preemption analysis, express or implied, is to peer past the state-law claims that parties wish to
3
bring to consider the federal claims they fail to bring or to recognize, including the claims of
4
others. Of course a plaintiff’s state-law contract claims can be preempted by federal copyright
5
law even or especially if the plaintiff disclaims owning, licensing, or asserting federal
6
copyrights. Sybersound Recs., Inc. v. UAV Corp., 517 F.3d 1137, 1150 (9th Cir. 2008)
7
(affirming dismissal for preemption of state-law claims to the extent inflected by third-party
8
copyrights, which plaintiff also lacked standing to assert directly); Daniher v. Pixar Animation
9
Studios, No. 22-cv-00372-BLF, 2022 WL 1470480, at *5 (N.D. Cal. May 10, 2022) (state-law
10
claims inflected by plaintiff’s cancelled copyright) (Judge Beth Labson Freeman). So, X Corp.
11
fails to fill the hole the prior order pointed out. And, if anything, X Corp. digs its hole deeper.
12
Here, the proposed amendment emphasizes that copyright holders “retain the right to exclude
13
others from exploiting th[eir]” works, those works being “500 million posts on X per day”
14
(Proposed ¶ 39). Copyright holders enjoy the right to bar (or not) Bright Data from copying
15
their works. Sybersound, 517 F.3d at 1150. X Corp. now concedes it does not possess that
16
right (Br. 13; Proposed ¶ 42).
17
As to interfering with the Copyright Act’s public dedications, X Corp.’s proposed
18
complaint now makes express that the remainder of the data copied is not copyrightable:
19
The data [on X] includes both user-generated content (like user
posts and profiles) and non-user-generated content (like follower
lists and other information about the relationships between uses).
The latter type of data typically reflects insufficient originality to
warrant copyright protection.
20
21
22
(Proposed ¶ 39). Disclaiming copyright does not work in this sense, either. Citing this
23
passage, X Corp. argues it should: “At a minimum, the [‘non-copyrightable data, like follower
24
lists,’] cannot create conflict preemption. The Copyright Act, after all, disclaims preemption
25
for works that do ‘not come within the subject matter of copyright.’” (Br. 13 (quoting 17
26
U.S.C. § 301(b)(1)). Not quite. As our court of appeals and others have repeatedly held,
27
“[T]he shadow actually cast by the [Copyright] Act’s preemption is notably broader than the
28
wing of [the Copyright Act’s] protection.” Montz v. Pilgrim Films & Television, Inc., 649 F.3d
17
1
975, 979 (9th Cir. 2011) (en banc) (quoting, ultimately, U.S. ex rel. Berge v. Bd. of Trs. of
2
Univ. of Ala., 104 F.3d 1453, 1463 (4th Cir. 1997))), cert. denied, 565 U.S. 1021 (2011). For
3
instance, our court of appeals “agree[s] with Nimmer that state-law protection for fixed ideas
4
falls within the subject matter of copyright . . . despite the exclusion of fixed ideas from the
5
scope of actual federal copyright protection.” Ibid. To be preempted even under the express
6
test, state law claims need only at the first step concern matter that “fit[s] into one of the
7
copyrightable categories in a broad sense.” Best Carpet Values, Inc. v. Google, LLC, 90 F.4th
8
962, 971 (9th Cir. 2024) (quoting Briarpatch Ltd., L.P. v. Phoenix Pictures, Inc., 373 F.3d 296,
9
305 (2d Cir. 2004)). Once again, then, the proposed amendments serve only to confirm the
10
conflict, as further shown below.
United States District Court
Northern District of California
11
Finally, as to interfering with fair use-type concerns under the Copyright Act, X Corp.’s
12
proposed complaint eventually deepens this conflict, too, revealing that despite plausibly
13
having thin rights or no right to prevent others from mere copying, X Corp.’s private efforts to
14
stop it foreclose an enormous range of uses (even for content types considered here).
15
The proposed complaint starts by alluding to X Corp.’s purportedly distinct interests:
16
Users have “have no copyright interest in much of the most valuable data available on X —
17
including the non-user generated content, the organization of that content, and the aggregate
18
data across X’s platform” (Proposed ¶ 39). The data isn’t valuable; arrangement and insights
19
are (id. ¶ 41). But X Corp. never squarely alleges that Bright Data copies or sells any of those
20
things as such. In other words, X Corp. may hold copyrights in its content organization (see id.
21
¶¶ 39, 42). Or not. Feist Publ’ns, Inc. v. Rural Tel. Serv. Co., 499 U.S. 340, 358 (1991). But
22
the proposed complaint fails to allege that Bright Data copies “the organization of that
23
content,” even as an intermediate step (see Reply 10 (conceding)). Likewise, X Corp. claims
24
to hold a property interest in emergent insights derived from the data (Br. 14). But the
25
proposed complaint fails to allege that X ever derives those insights for itself (Proposed
26
¶ 41) — let alone that Bright Data scrapes such derivations or even some essential combination
27
of data needed for some specific insight. Rather, the proposed complaint blankly asserts that
28
“scrapers like Bright Data typically target everything,” then admits that scrapers or their clients
18
United States District Court
Northern District of California
1
must work “to discern broader trends in the data” for themselves (see id. ¶ 41 (emphases
2
added)). The proposed complaint then chronicles the range of uses potentially foreclosed
3
(even for this kind of content): “Businesses, researchers, and others seek the data available on
4
X for a variety of purposes, including measuring user sentiment toward various products or
5
events, gauging market reactions to current events, more effectively tailoring advertisements,
6
and more” (id. ¶ 40). There are many purposes to which the data might be put. X offers
7
“data.” But, as the proposed complaint already told us, that data is either the copyrighted posts
8
of others or the noncopyrighted facts and figures (see id. ¶ 39).
9
Consider the historian who assembles third-party quotes, raw facts, and his own words
10
into a manuscript, only to have a second historian extract from that manuscript only the third-
11
party quotes and raw facts. The first historian may have an action against the second simply
12
for gaining unlawful access to his work in the first place, if that could be established. But as to
13
the mere copying and reselling of unprotectable elements? No relief. The first historian may
14
feel cheated. And, according to professional norms, he may be. But the Copyright Act
15
imposes a different policy, and precludes protection for “sweat of the brow” alone. Feist, 499
16
U.S. at 353–54. Nothing changes just because that historian happens to collect facts and
17
quotes from a website:
18
19
20
21
22
The major difficulty with many of plaintiff’s theories and concepts
is that it is attempting to find a way to protect its expensively
developed basic information from what it considers a competitor
and it cannot do so.
Ticketmaster Corp. v. Tickets.com, Inc., No. 99CV7654, 2000 WL 1887522, at *3–4 (C.D. Cal.
Aug. 10, 2000) (Judge Harry Lindley Hupp) (denying preliminary injunction).
26
Anyone is free to print (or show on the internet) [unprotectable]
information. Thus, if [Bright Data] had sat down a secretary at the
computer screen with instructions manually to go through [X
Corp.’s] web sites and pick out and write down purely factual
information [from what it saw there], and then feed it into the
[Bright Data system] (using [Bright Data’s] distinctive
[arrangement] only), no one could complain. The objection is that
the same thing was done with an electronic program.
27
2003 WL 21406289, at *4 (C.D. Cal. Mar. 7, 2003) (granting summary judgment in favor of
28
defendant). That X Corp. collects far more quotes and facts than the historian (cf. Br. 14) only
23
24
25
19
United States District Court
Northern District of California
1
makes limits on protections against mere copying — whether that protection is publicly
2
blessed or privately ginned up — even more essential.
3
In short, not only do X Corp.’s state-law claims deprive copiers of a fair use defense
4
(where even needed), but for no good reason they foreclose such uses from arising in the first
5
place. Cf. hiQ Labs, 31 F.4th at 1202. Not having tractable copyright claims is not a reason to
6
assert the same claims as if they were something else. Sybersound, 517 F.3d at 1150.
7
Finally, the proposed complaint names a variety of countervailing state interests it claims
8
to serve by asserting its copyright-conflicting claims (see Br. 15–19 (collecting cites)). These
9
are elaborations of what was already asserted in the prior complaint (see Order 24–25): For
10
one, X Corp. argues it has good privacy and right-to-deletion policies, Bright Data has bad
11
ones, and California provides requirements and actions for relief (Br. 15–17). For another, X
12
Corp. takes precautions not to sell its data to bad people, but Bright Data “appears willing to
13
sell scraped data to anyone” (id. at 17–19). Finally, the data could be used to exploit
14
consumers, including through misleading advertisements and spam (id. at 19). Accepting the
15
pleaded allegations as true, they are reasons to bring claims based on them. X Corp. is not
16
bringing an action rooted in and targeting relief for any of the interests described — not
17
remotely. A reading of the proposed complaint continues to make plain: “X Corp. is happy to
18
allow the extraction and copying of X users’ content so long as it gets paid” (Order 26).
19
X Corp.’s motion for leave to amend its scraping-related claims — specifically its
20
misappropriation, unjust enrichment, and related tortious interference and breach of contract
21
claims — is DENIED.
22
3.
23
As noted above, X Corp.’s proposed complaint asserts three new claims: That Bright
24
Data violated Section 1201(a) of the Digital Millenium Copyright Act (Proposed ¶¶ 189–217),
25
Section 1030(a) of the Computer Fraud and Abuse Act (Proposed ¶¶ 200–211), and the
26
California Comprehensive Computer Data Access and Fraud Act (Proposed ¶¶ 212–17).
27
While Bright Data does not oppose these claims for purposes of this motion, it wishes to bring
28
a separate motion to do so (Opp. 12 n.8). Bright Data filed a precis of its proposed motion to
SUPPLEMENTAL CLAIMS.
20
1
dismiss (Dkt. No. 142), while X Corp. filed a precis of its proposed opposition (Dkt. No. 149).
2
If Bright Data believed these claims were dead on arrival, it should have said so at the first
3
chance. Without prejudice to ruling in Bright Data’s favor on a later motion opposing these
4
amended claims, the Court will not consider such a motion at this time. Bright Data should
5
allow discovery to proceed and the case to develop. Then, if Bright Data still believes a
6
motion appropriate as to any of these claims, Bright Data may move for summary judgment.
7
With those conditions, the motion to supplement the complaint with these claims is GRANTED.
8
CONCLUSION
United States District Court
Northern District of California
9
X Corp.’s motion for leave to amend is GRANTED IN PART AND DENIED IN PART. As to
10
its access-based claims for trespass to chattels, unlawful and fraudulent business acts under
11
Section 17200, tortious interference with contract, and contract breach, the motion is
12
GRANTED. As to its access-based unfair business acts under Section 17200, the motion is
13
DENIED WITHOUT LEAVE. As to its scraping-based claims for misappropriation, unjust
14
enrichment, tortious interference with contract, and contract breach, the motion is DENIED
15
WITHOUT LEAVE. Finally, X Corp.’s supplemental claims are, as set out above (Part 3),
16
GRANTED. Bright Data’s answer is due in TWENTY-ONE DAYS.
17
IT IS SO ORDERED.
18
19
Dated: November 26, 2024.
20
_
WILLIAM ALSUP
UNITED STATES DISTRICT JUDGE
21
22
23
24
25
26
27
28
21
__
]]>
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?
