Thomas v. Papa Johns International, Inc.
Filing
41
ORDER Granting Defendant's Motion To Dismiss 33 . Signed by Chief District Judge Dana M. Sabraw on 5/8/2024. (ddf)
<![CDATA[
1
2
3
4
5
6
7
8
UNITED STATES DISTRICT COURT
9
10
11
SOUTHERN DISTRICT OF CALIFORNIA
ORDER GRANTING DEFENDANT’S
MOTION TO DISMISS
Plaintiff,
12
13
v.
14
PAPA JOHNS INTERNATIONAL, INC.,
D/B/A PAPA JOHNS,
15
Case No.: 22cv2012 DMS (MSB)
DACIA THOMAS, individually and on
behalf of all others similarly situated,
Defendant.
16
17
18
On August 14, 2023, this Court granted in part and denied in part Defendant’s
19
motion to dismiss this case. (See ECF No. 26.) Specifically, the Court denied Defendant’s
20
motion to dismiss for lack of personal jurisdiction, and granted Defendant’s motion to
21
dismiss for failure to state a claim. Plaintiff’s claim under California’s Invasion of Privacy
22
Act was dismissed without leave to amend, but the Court granted Plaintiff leave to amend
23
to add specific facts to support her claim for invasion of privacy/intrusion upon seclusion.
24
Following that Order, Plaintiff filed a Second Amended Complaint realleging her intrusion
25
upon seclusion claim. Defendant now moves to dismiss that claim with prejudice, or at a
26
minimum, to dismiss Plaintiff’s requests for injunctive and equitable relief.
27
As stated in the Court’s previous order, a claim for intrusion upon seclusion has two
28
elements. “First, the defendant must intentionally intrude into a place, conversation, or
1
22cv2012 DMS (MSB)
1
matter as to which the plaintiff has a reasonable expectation of privacy. Second, the
2
intrusion must occur in a manner highly offensive to a reasonable person.” Hernandez v.
3
Hillsides, Inc., 47 Cal. 4th 272, 286 (2009). Defendant argues primarily that Plaintiff has
4
failed to allege sufficient facts to support the elements of a “reasonable expectation of
5
privacy” and an intrusion “highly offensive to a reasonable person.”1
6
“A ‘reasonable’ expectation of privacy is an objective entitlement founded on
7
broadly based and widely accepted community norms.” Hill v. NCAA, 7 Cal. 4th 1, 37
8
(1994). Whether an expectation of privacy is “reasonable” depends on the circumstances
9
of each case. Id. at 36. Those circumstances include the “customs, practices, and physical
10
setting” surrounding the activity, whether there was advance notice of any impending
11
action, whether there was an opportunity to give voluntary consent, id. at 36-37, the identity
12
of the intruder, and the nature of the intrusion. Hernandez, 47 Cal. 4th at 289. Other
13
relevant factors include “the amount of data collected, the sensitivity of data collected, the
14
manner of data collection, and the defendant’s representations to its customers.”
15
Hammerling v. Google LLC, 615 F.Supp.3d 1069, 1088 (N.D. Cal. 2022). Although
16
whether a plaintiff has a reasonable expectation of privacy is generally a mixed question
17
of law and fact, In re Facebook, Inc. Internet Tracking Litig., 956 F.3d 589, 601 (9th Cir.
18
2020), “[i]f the undisputed material facts show no reasonable expectation of privacy …,
19
the question of invasion may be adjudicated as a matter of law.” Hill, 7 Cal. 4th at 40.
20
Here, Plaintiff alleges she was browsing and using Defendant’s public website.
21
(SAC ¶ 8.) Generally, the internet is not a place where users have a reasonable expectation
22
of privacy. As stated in In re Nickelodeon Consumer Privacy Litig., 827 F.3d 262, 266 (3d
23
Cir. 2016):
24
25
26
27
28
1
Defendant also argues Plaintiff has failed to plead a legally protected privacy interest, and
Plaintiff is not entitled to seek relief in equity. In light of the discussion below on the
“reasonable expectation of privacy” and “highly offensive” elements, the Court declines to
address Defendant’s other arguments.
2
22cv2012 DMS (MSB)
1
5
Most of us understand that what we do on the Internet is not completely
private. How could it be? We ask large companies to manage our email, we
download directions from smartphones that can pinpoint our GPS coordinates,
and we look for information online by typing our queries into search engines.
We recognize, if only intuitively, that our data has to be going somewhere.
And indeed it does, feeding an entire system of trackers, cookies, and
algorithms designed to capture and monetize the information we generate.
6
Given the inherent nature of the internet, a number of courts have found that consumers do
7
not have a reasonable expectation of privacy over their activity in that space. See D’Angelo
8
v. Penny OpCo, LLC, No. 23-cv-0981-BAS-DDL, 2023 WL 7006793, at *10-11 (S.D. Cal.
9
Oct. 24, 2023) (stating “accepted community norms around conversations in this type of
10
space (a commercial website for selling merchandise) point away from a reasonable
11
expectation of privacy.”); Saleh v. Nike, Inc., 562 F.Supp.3d 503, 524-25 (C.D. Cal. 2021)
12
(agreeing with defendants that plaintiff did not have “a reasonable expectation of privacy
13
over his activity on Nike’s Website”); Saeedy v. Microsoft Corp., No. 23-cv-1104, 2023
14
WL 8828852, at *4 (W.D. Wash. Dec. 21, 2023) (stating “mouse movements, clicks,
15
keystrokes, keywords, URLs of web pages visited, product preferences, interactions on a
16
website, search words typed into a search bar, user/device identifiers, anonymized data,
17
product selections to a shopping cart, and website browsing activities” are not the types of
18
information in which plaintiffs could have “a reasonable expectation of privacy”); Farst v.
19
AutoZone, Inc., ___ F.Supp.3d ___, 2023 WL 7179807, at *4 (M.D. Penn. Nov. 1, 2023)
20
(“Shopping on a public website, like shopping in a public store, is not an activity one can
21
reasonably expect to keep private from the retailer.”); Massie v. General Motors LLC, No.
22
21-787-RGA, 2022 WL 534468, at *5 (D. Del. Feb. 17, 2022) (stating plaintiffs did not
23
have a reasonable expectation of privacy over anonymized data captured by Session Replay
24
software); see also Campbell v. Facebook Inc., 77 F.Supp.3d 836, 849 (N.D. Cal. 2014)
25
(“California appeals courts have generally found that Internet-based communications are
26
not ‘confidential’ within the meaning of section 632, because such communications can
27
easily be shared by, for instance, the recipient(s) of the communications.”); In re Google
28
Inc., No. 13-MD-02430-LHK, 2013 WL 5423918, at *22-23 (N.D. Cal. Sept. 26, 2013)
2
3
4
3
22cv2012 DMS (MSB)
1
(granting motion to dismiss claims under California Penal Code § 632 because instant
2
messages were not “confidential”); Cook v. GameStop, Inc., ___ F.Supp.3d ___, 2023 WL
3
5529772, at *6-10 (W.D. Penn. Aug. 28, 2023), appeal filed, No. 23-2574 (3d Cir. Aug.
4
29, 2023) (explaining why mouse movements and clicks, URLs, and keystrokes are not
5
protected under Pennsylvania’s Wiretap Act).
6
This is not to say there can never be a reasonable expectation of privacy over internet
7
activity. For instance, courts have found users have a reasonable expectation of privacy if
8
a company states it will not collect your information in certain spaces or while searching
9
in a protected mode. See In re Facebook, 956 F.3d at 601-03 (finding users had reasonable
10
expectation of privacy in activity outside of application where privacy policy stated
11
defendant would not collect user data after user had logged out); Brown v. Google LLC,
12
___ F.Supp.3d ___, 2023 WL 5029899, at *19-20 (N.D. Cal. Aug. 7, 2023) (finding
13
plaintiffs had reasonable expectation of privacy when browsing in private or incognito
14
mode); Calhoun v. Google LLC, 526 F.Supp.3d 605, 630 (N.D. Cal. 2021) (finding
15
plaintiffs “had a reasonable expectation of privacy in the data allegedly collected” based
16
on defendant’s representations that it would not receive user data while they were not
17
synced).
18
In each of these cases, In re Facebook, Brown, and Calhoun, the plaintiffs pleaded
19
specific facts concerning the factors sets out above, i.e., the customs, practices and
20
circumstances surrounding the defendant’s particular activities, the amount and sensitivity
21
of the data collected, and the manner of data collection. In In re Facebook, for instance,
22
the plaintiffs attached to their complaint copies of certain “Help Center” pages regarding
23
the defendant’s data tracking practices. 956 F.3d at 602. See also In re Nickelodeon, 827
24
F.3d at 269 (including allegations that defendant’s registration form disclaimed that any
25
data was collected from plaintiff’s kids); Calhoun, 526 F.Supp.3d at 614 (detailing
26
allegations about defendant’s data collection practices); Brown, 2023 WL 5029899, at *2
27
(same). They also included specifics about the amount and sensitivity of the data the
28
defendants were allegedly collecting. See In re Facebook, 956 F.3d at 603 (describing
4
22cv2012 DMS (MSB)
1
“enormous amount of individualized data” collected by defendant); Calhoun, 526
2
F.Supp.3d at 613-14 (detailing amount and nature of personal information defendant
3
collected).
4
Here, Plaintiff describes the general circumstances surrounding Defendant’s
5
activities, namely, its procurement of Session Replay Providers to embed Session Replay
6
Code on its website, and how Session Replay Code generally works. (SAC ¶¶ 24-44.)
7
Plaintiff also identifies one of Defendant’s specific Session Replay Providers, FullStory,
8
and sets out further details about how its Session Replay Code, FullStory Script, works.
9
(Id. ¶¶ 47-49.)
Plaintiff further alleges that her “Website Communications”2 with
10
Defendant were secretly “captured by Session Replay Code and sent to various Session
11
Replay Providers.” (Id. ¶ 60.)
12
Notably absent from the SAC are any specific allegations about the customs and
13
practices related to Defendant’s activities. However, the numerous cases filed in federal
14
courts around the country challenging the use of Session Replay Code suggest Defendant
15
is not alone in this practice. See Mikulsky v. Noom, Inc., No. 3:23-cv-00285-H-MSB, 2024
16
WL 251171, at *1 (S.D. Cal. Jan. 22, 2024) (noting the “dozens of proposed class actions
17
being litigated in federal courts challenging the use of ‘Session Replay Code.’”); In re
18
TikTok, Inc., Consumer Privacy Litig., ___ F.Supp.3d ___, 2024 WL 278987, at *7 n.8
19
(N.D. Ill. Jan. 25, 2024) (stating session replay code “is widely used by website operators
20
and app developers to track and record how users interact with digital platforms.”); see
21
also Popa v. PSP Group, LLC, No. C23-0294JLR, 2023 WL 7001456, at *1 (W.D. Wash.
22
Oct. 24, 2023) (listing “dozens of proposed class actions being litigated in federal court
23
24
25
26
27
28
The SAC defines “Website Communications” as “electronic communications with the
Papa Johns website, [her] mouse movements, clicks, keystrokes (such as text being entered
into an information field or text box), URLs of web pages visited, and/or other electronic
communications in real-time[.]”
(Id. ¶ 1.)
Plaintiff also alleges “Website
Communications” include “her name, home address, credit card number(s), and billing
information.” (Id. ¶ 56.)
2
5
22cv2012 DMS (MSB)
1
across the country challenging the use of ‘Session Replay Code’ to record, save, analyze,
2
and replay internet users’ interactions with consumer websites.”); Jones v. Papa John’s
3
Int’l, Inc., No. 4:23-cv-00023-SRC, 2023 WL 7155562, at *1 (E.D. Missouri Oct. 31,
4
2023) (“This is one of many lawsuits challenging the use of ‘session replay code’ that
5
companies such as Papa John’s say helps improve the user experience on their websites by
6
monitoring user activity.”); Cook, ___ F.Supp.3d ___, 2023 WL 5529772, at *1 (same).
7
Standing alone, this does not mean Plaintiff did not have a reasonable expectation of
8
privacy over her “Website Communications” on Defendant’s website, but it is a factor to
9
consider in making that determination. See In re Facebook, 956 F.3d at 601-02 (quoting
10
Hernandez, 47 Cal. 4th at 286) (stating reasonable expectation of privacy inquiry considers
11
“whether a defendant gained ‘unwanted access to data by electronic or other covert means,
12
in violation of the law or social norms.’”); Hill, 7 Cal. 4th at 24-25 (stating common law
13
invasion of privacy is concerned “with aspects of life consigned to the realm of the
14
‘personal and confidential’ by strong and widely shared social norms.”)
15
Another factor is the amount and sensitivity of any data collected. Here, Plaintiff
16
alleges Defendant collected users’ “Website Communications,” which, by definition, are
17
limited to Defendant’s website. This limited amount of data stands in stark contrast to the
18
“significant” amounts of data collected in other cases. See In re Facebook, 956 F.3d at 603
19
(stating defendant “acquires an ‘enormous amount of individualized data’ through its use
20
of cookies on the countless websites that incorporate Facebook plug-ins.”); Calhoun, 526
21
F.Supp.3d at 630 (noting that defendant’s code was used on 86 percent of popular
22
websites); Brown, 2023 WL 5029899, at *20 (stating amount of data collected was
23
“indisputably vast”).
24
The type of data allegedly collected in this case also pales in comparison to the type
25
of data collected in other cases. In those cases, the data collected included “the user’s
26
browsing history, including the identity of the individual internet user and the web servers,
27
as well as the name of the web page and the search terms that the user used to find it[,]” In
28
re Facebook, 956 F.3d at 596, which enabled the defendant to compile “cradle-to-grave”
6
22cv2012 DMS (MSB)
1
profiles without the users’ consent. Id. at 599. Those profiles “would allegedly reveal an
2
individual’s likes, dislikes, interests, and habits over a significant amount of time, without
3
affording users a meaningful opportunity to control or prevent the unauthorized exploration
4
of their private lives.” Id. See also Katz-Lacabe v. Oracle America, Inc., 668 F.Supp.3d
5
928, 942 (N.D. Cal. 2023) (allegation that defendant collected “sensitive health and
6
personal safety information” was sufficient to withstand motion to dismiss claim for
7
intrusion upon seclusion).
8
Here, the data allegedly collected includes Plaintiff’s “electronic communications
9
with the Papa Johns website, [her] mouse movements, clicks, keystrokes (such as text being
10
entered into an information field or text box), URLs of web pages visited, and/or other
11
electronic communications in real-time[.]” (SAC ¶ 1.) As for Plaintiff’s web chats or
12
emails on Defendant’s website, case law is relatively clear that it is not objectively
13
reasonable to expect those communications to be private. See D’Angelo, 2023 WL
14
7006793, at *10-11 (S.D. Cal. Oct. 24, 2023) (stating it would not be reasonable for a
15
consumer to expect privacy over chats on a public website); In re Yahoo Mail Litig., 7
16
F.Supp.3d 1016, 1041 (N.D. Cal. 2014) (“to the extent Plaintiffs claim they have a legally
17
protected privacy interest and reasonable expectation of privacy in email generally,
18
regardless of the specific content in the emails at issue, Plaintiffs’ claim fails as a matter of
19
law.”); In re Google Inc., 2013 WL 5423918, at *22-23 (granting motion to dismiss claims
20
under California Penal Code § 632 because instant messages were not “confidential”). This
21
is because these communications “are by their very nature recorded on the computer of at
22
least the recipient, who may then easily transmit the communication to anyone else who
23
has access to the internet or print the communications.” Id. at *23; see also Campbell, 77
24
F.Supp.3d at 849 (“California appeals courts have generally found that Internet-based
25
communications are not ‘confidential’ within the meaning of section 632, because such
26
communications can easily be shared by, for instance, the recipient(s) of the
27
communications.”)
28
///
7
22cv2012 DMS (MSB)
1
Next are Plaintiff’s “mouse movements, clicks, keystrokes (such as text being
2
entered into an information field or text box), [and] URLs of web pages visited[.]” (SAC
3
¶ 1.) As with the communications discussed above, a number of courts have found this
4
type of information is not something over which a consumer has an objectively reasonable
5
expectation of privacy. See Saleh, 562 F.Supp.3d at 524-25 (agreeing with defendants that
6
plaintiff did not have “a reasonable expectation of privacy over his activity on Nike’s
7
Website”); Saeedy, 2023 WL 8828852, at *4 (stating “mouse movements, clicks,
8
keystrokes, keywords, URLs of web pages visited, product preferences, interactions on a
9
website, search words typed into a search bar, user/device identifiers, anonymized data,
10
product selections to a shopping cart, and website browsing activities” are not the types of
11
information in which plaintiffs could have “a reasonable expectation of privacy”); Cook,
12
___ F.Supp.3d ___, 2023 WL 5529772, at *6-10 (explaining why mouse movements and
13
clicks, URLs, and keystrokes are not protected under Pennsylvania’s Wiretap Act). See
14
also Massie, 2022 WL 534468, at *5 (stating plaintiffs did not have a reasonable
15
expectation of privacy over anonymized data captured by Session Replay software); Farst,
16
___ F.Supp.3d ___, 2023 WL 7179807, at *4 (“Shopping on a public website, like
17
shopping in a public store, is not an activity one can reasonably expect to keep private from
18
the retailer.”)
19
The only other specific information identified as “Website Communications” is
20
Plaintiff’s “name, address, credit card number(s), and billing information.” (SAC ¶ 56.)
21
Reading that information in context, it appears Plaintiff entered this information on
22
Defendant’s website in connection with ordering “take-out and/or delivery of food from
23
Papa Johns’ brick and mortar stores located in California.” (Id. ¶ 8.) This information is
24
similar to Plaintiff’s web chats and emails, and is not information over which society is
25
prepared to recognize a reasonable expectation of privacy “because ‘a person has no
26
legitimate expectation of privacy in information he voluntarily turns over to third parties.’”
27
United States v. Forrester, 512 F.3d 500, 509 (9th Cir. 2008) (quoting Smith v. Maryland,
28
442 U.S. 735, 743-44 (1979)).
8
22cv2012 DMS (MSB)
1
The type of data allegedly collected here is also a far cry from the type of data that
2
supports a finding of a reasonable expectation of privacy. See Opperman v. Path, Inc., 87
3
F.Supp.3d 1018, 1060 (N.D. Cal. 2014) (address books); Thompson v. Spitzer, 90 Cal. App.
4
5th 436, 460 (2023) (DNA and genetic information); Murchison v. County of Tehama, 69
5
Cal. App. 5th 867, 883 (2021) (private homes); County of Los Angeles v. Superior Court,
6
65 Cal. App. 5th 621, 643 (2021) (medical records); Chantiles v. Lake Forest II Master
7
Homeowners Assn., 37 Cal. App. 4th 914, 924 (1995) (voting information); Doyle v. State
8
Bar, 32 Cal. 3d 12, 19 (1982) (financial information).
9
The only factor that possibly supports a finding of a reasonable expectation of
10
privacy in this case is the notice factor. On that factor, Plaintiff alleges Defendant secretly
11
embedded Session Replay Codes on its website, (SAC at 12), which removed any
12
opportunity for Plaintiff to consent to the interception and recording of her “Website
13
Communications.”3 However, given the other circumstances and factors discussed above,
14
Defendant’s alleged failure to give notice, in and of itself, does not give rise to a reasonable
15
expectation of privacy in users’ “Website Communications.” See D’Angelo, 2023 WL
16
17
It is unclear when Plaintiff allegedly visited Defendant’s website, but if her visits occurred
between December 19, 2020, and December 19, 2022, Defendant’s Privacy Policy then in
effect would contradict Plaintiff’s allegation that Defendant secretly embedded Session
Replay Code on its website. (See Decl. of Joshua Hall in Supp. of Mot. ¶¶ 5-6.) That
Policy was linked on every page of Defendant’s website, (id. ¶ 6), and would have alerted
Plaintiff to the possibility that third parties were monitoring her interactions with
Defendant’s website. See https://tinyurl.com/ymr8af7p (“We use tracking tools like
browser cookies and web beacons. To learn more about these tools and how you can control
them, click here. We collect information about users over time when you use this website.
We may have third parties collect personal information this way. We also collect
information from our mobile apps.”) (emphasis added). That Policy is subject to judicial
notice, see Knievel v. ESPN, 393 F.3d 1068, 1076 (9th Cir. 2005) (stating incorporation by
reference doctrine “applies with equal force to internet pages as it does to printed
material.”), and would rebut any presumption of truth applicable to Plaintiff’s allegations.
See Sprewell v. Golden State Warriors, 266 F.3d 979, 988 (9th Cir. 2001) (stating court
need not accept as true “allegations that contradict matters properly subject to judicial
notice”).
3
18
19
20
21
22
23
24
25
26
27
28
9
22cv2012 DMS (MSB)
1
7006793, at *11 (stating factors “point away from a reasonable expectation of privacy”
2
even though plaintiffs did not have advance notice or provide consent to defendant’s
3
activities).
4
Plaintiff’s allegations about the reasonable expectations of privacy of website users,
5
(SAC ¶ 19) (alleging “website visitors reasonably expect that their interactions with a
6
website should not be released to third parties unless explicitly stated.”), the reasonable
7
expectations of privacy of visitors to Defendant’s website, (id. ¶ 53) (alleging “Papa Johns’
8
customers, such as Plaintiff, reasonably expect their conversations with Papa Johns via its
9
website to be private and not shared with third parties. Moreover, they reasonably expect
10
their potential conversations that they type into a chatbox on Papa Johns’ website that they
11
never share (such as by deleting before clicking ‘send’) to be private. Finally, they
12
reasonably expect mouse movements and other resizing and scrolling to be private.”), and
13
her own subjective expectations of privacy while she was on Defendant’s website, (id. ¶
14
47) (alleging Plaintiff “had a reasonable expectation of privacy in [her] Website
15
Communications specifically including but not limited to the expectation that Defendant
16
would not disclose and/or provide this information to third parties, including the Session
17
Replay Providers.”) are also insufficient to satisfy the “reasonable expectation of privacy”
18
element. All of these allegations are either general and conclusory, and therefore not
19
entitled to a presumption of truth, Ashcroft v. Iqbal, 556 U.S. 662, 681 (2009), or irrelevant
20
to whether visitors to Defendant’s website had an objectively reasonable expectation of
21
privacy in their “Website Communications.” See Shulman v. Grp. W Prods., Inc., 18 Cal.
22
4th 200, 232 (1998) (stating tort of intrusion upon seclusion “is proven only if the plaintiff
23
had an objectively reasonable expectation of seclusion or solitude in the place, conversation
24
or data source.”) (emphasis added).
25
Considering the factors and allegations discussed above, both alone and in
26
combination, Plaintiff has failed to allege sufficient, specific facts to support the
27
“reasonable expectation of privacy” element of her claim.
28
///
10
22cv2012 DMS (MSB)
1
The only other element of Plaintiff’s claim is an intrusion that is “highly offensive
2
to a reasonable person.” Before addressing the parties’ substantive arguments on this
3
element, the Court first addresses Plaintiff’s argument that this issue cannot be resolved on
4
the present motion. In support of this argument, Plaintiff relies on In re Facebook, where
5
the court stated the question of whether the defendant’s data collection practices “could
6
highly offend a reasonable individual is an issue that cannot be resolved at the pleading
7
stage.” In re Facebook, 956 F.3d at 606. Subsequent cases, however, have not read that
8
statement so broadly. Indeed, some courts have interpreted that statement as limited to the
9
facts of that case. See James v. Allstate Ins. Co., No. 3:23-cv-01931-JSC, 2023 WL
10
8879246, at *6 (N.D. Cal. Dec. 22, 2023); Williams v. DDR Media, LLC, No. 22-cv-03789-
11
SI, 2023 WL 5352896, at *5-6 (N.D. Cal. Aug. 18, 2023). And those courts are not alone
12
in resolving the issue on the basis of the pleadings. See Cousin v. Sharp Healthcare, 681
13
F.Supp.3d 1117, 1126-27 (S.D. Cal. 2023); Hammerling, 615 F.Supp.3d at 1090-91;
14
Mastel v. Miniclip SA, 549 F.Supp.3d 1129, 1139-42 (E.D. Cal. 2021); In re Google, Inc.
15
Privacy Policy Litig., 58 F.Supp.3d 968, 987-99 (N.D. Cal. 2014); Low v. LinkedIn Corp.,
16
900 F.Supp.2d 1010, 1024-26 (N.D. Cal. 2012).
17
The Mastel court’s reasoning on this issue is particularly persuasive. There, the
18
court looked to California Supreme Court decisions involving invasion of privacy claims
19
under the California Constitution, namely Hill and Loder v. City of Glendale, 14 Cal. 4th
20
846 (1997), both of which “provided some clear and objective guidance as to the trial
21
courts’ role in applying [the term ‘highly offensive’] at the pleading stage.” Mastel, 549
22
F.Supp.3d at 1140. That guidance instructs “that courts have a role to play in ‘weed[ing]
23
out claims that involve so insignificant or de minimus an intrusion on a constitutionally
24
protected privacy interest as not even to require an explanation or justification by the
25
defendant.’” Id. (quoting Loder, 14 Cal. 4th at 893). As stated in Hill, “’No community
26
could function if every intrusion into the realm of private action, no matter how slight or
27
trivial, gave rise to a cause of action for invasion of privacy.’” Id. (quoting Hill, 7 Cal. 4th
28
///
11
22cv2012 DMS (MSB)
1
at 41). Based on this reasoning, and in light of the dispute over the language in In re
2
Facebook, this Court will address the “highly offensive” element here.
3
The “highly offensive” element “essentially involves a ‘policy’ determination as to
4
whether the alleged intrusion is ‘highly offensive’ under the particular circumstances.”
5
Hernandez, 47 Cal. 4th at 287 (citing Taus v. Loftus, 40 Cal. 4th 683, 737 (2007)).
6
“Relevant factors include the degree and setting of the intrusion, and the intruder’s motives
7
and objectives[,]” id. (citations omitted), the likelihood of serious harm to the victim, and
8
whether countervailing interests or social norms render the intrusion inoffensive.
9
Hammerling, 615 F.Supp.3d at 1090 (quoting In re Facebook, 956 F.3d at 606).
10
Here, Plaintiff addresses some of these factors in her SAC. (See SAC ¶¶ 83, 89)
11
(alleging Defendant utilized information gathered for “business gain” and “economic
12
value”); (id. ¶¶ 86-87) (alleging Defendant’s conduct caused “mental anguish and
13
suffering,” and “emotional distress, worry, fear, and other harms.”) But again, Plaintiff’s
14
allegations are general and conclusory. Plaintiff provides more specific allegations on the
15
degree of the intrusion factor, (see id. ¶ 36) (alleging Session Replay Provider can create
16
“fingerprints” from information “collected across all sites that the Session Replay Provider
17
monitors[,]”) but she fails to allege the Session Replay Provider or Providers procured by
18
Defendant actually collected that kind of “fingerprint” information from Plaintiff or any
19
other visitor to Defendant’s website. Plaintiff’s other allegations directed to the “highly
20
offensive” element are conclusory, (see id. ¶ 41 (“Papa Johns’ procurement of Session
21
Replay Providers to surreptitiously and instantaneously record every Website
22
Communication is highly offensive[.]”); see also id. ¶ 54 (same)), and do not defeat
23
Defendant’s motion. See Oregon Clinic, PC v. Fireman’s Fund Ins. Co., 75 F.4th 1064,
24
///
25
///
26
///
27
///
28
///
12
22cv2012 DMS (MSB)
1
1073 (9th Cir. 2023) (“conclusory allegations, without more, are insufficient to defeat a
2
motion to dismiss.”)4
3
III.
4
CONCLUSION
5
In light of the above discussion, the Court finds Plaintiff has failed to allege
6
sufficient, specific facts to support either the “reasonable expectation of privacy” or “highly
7
offensive” prongs of her intrusion upon seclusion claim. Accordingly, the Court grants
8
Defendant’s motion to dismiss and dismisses this case with prejudice. The Clerk of Court
9
shall enter judgment accordingly and close this case.
10
11
IT IS SO ORDERED.
Dated: May 8, 2024
12
13
14
15
16
17
18
19
20
21
Even if the Court assumed all of Plaintiff’s allegations were true, those allegations would
be sufficient to support the “highly offensive” element. See Doe v. Kaiser Foundation
Health Plan, Inc., No. 23-cv-02865-EMC, 2024 WL 1589982, at *18-19 (N.D. Cal. Apr.
11, 2024) (stating it was not clear that defendant’s employment of third party to collect
information about website users for defendant’s benefit was “highly offensive to a
reasonable person”); Popa v. Harriet Carter Gifts, Inc., 426 F.Supp.3d 108, 122-23 (W.D.
Penn. 2019) (“The act of collecting Popa’s keystrokes, mouse clicks, and [Personally
Identifiable Information] is simply not the type of highly offensive act to which liability
can attach.”); see also Cousin, 681 F.Supp.3d at 1126-27 (“disclosing a user’s browsing
history does not plausibly reach the level of ‘highly offensive’ conduct under either the
common law or the California Constitution.”).
4
22
23
24
25
26
27
28
13
22cv2012 DMS (MSB)
]]>
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?
