Opinion
Index No. 652170/2022
07-05-2023
Plaintiff's Counsel: Joel Laurence Kurtzberg, Esq., Cahill Gordon & Reindel LLP 32 Old Slip, New York, NY 10005 Defendant's Counsel: Kevin B. Collins, Esq., New York City Law Department, 100 Church Street, New York, NY 10007
Plaintiff's Counsel: Joel Laurence Kurtzberg, Esq., Cahill Gordon & Reindel LLP 32 Old Slip, New York, NY 10005
Defendant's Counsel: Kevin B. Collins, Esq., New York City Law Department, 100 Church Street, New York, NY 10007
Judy H. Kim, J. Defendant's motion to dismiss this action is granted for the reasons set forth below.
FACTUAL BACKGROUND
On January 24, 2022, New York City Administrative Code sections 20-563.7 (the "Customer Data Law") and 20-563.11 went into effect. Administrative Code § 20-563.7 provides that:
a. A food service establishment may request customer data from a third-party food delivery service. Upon such a request, a third-party food delivery service shall provide to the food service establishment all applicable customer data, until such food service establishment requests to cease receiving such customer data.
b. Notwithstanding the requirements of subdivision a of this section, a third-party food delivery service shall not share customer data applicable to an online order pursuant to subdivision a of this section if such customer requests that such data not be shared in relation to such online order. The customer shall be presumed to have consented to the sharing of such customer data applicable to all online orders unless such customer has made such a request in relation to a specific online order. The third-party food delivery service shall provide in a conspicuous manner on its website, in a style and form required by the commissioner, a means for a customer to make such request. To assist its customers with deciding whether their data should be shared, a third-party food delivery service shall clearly and conspicuously disclose to the customer the customer data that may be shared with the food service establishment and shall identify the food service establishment fulfilling such customer's online order as a recipient of such data.
c. Third-party food delivery services that share customer data pursuant to this section shall provide such data in a machine-readable format, disaggregated by customer, on an at least monthly basis. Third-party food delivery services shall not limit the ability of food service establishments to download and retain
such data, nor limit their use of such data for marketing or other purposes outside of the third-party food delivery service website, mobile application or other internet service.
d. Food service establishments that receive customer data pursuant to this section shall not sell, rent, or disclose such customer data to any other party in exchange for financial benefit, except with the express consent of the customer from whom the customer data was collected
e. Nothing in this section shall prevent a third-party food delivery service or a food service establishment from complying with any other law or rule.
(Administrative Code § 20-563.7 [emphasis added]). Administrative Code § 20-563.11 permits the New York City Law Department to commence a civil action to recover civil penalties, injunctive relief, and restitution for violations of the Customer Data Law. On December 10, 2021, before the Customer Data Law went into effect, Grubhub Inc. ("Grubhub"), a third-party food delivery service, filed an action in the United Stated District Court of the Southern District of New York (the "Federal Action") seeking a declaration that the Customer Data Law is invalid as violating various provisions of the United States and New York Constitutions and, as pertinent here, preempted by New York State's Civil Rights Law §§ 50 - 51. Pursuant to a stipulation entered into in the Federal Action, the City has agreed not to enforce the Customer Data Law as against Grubhub until the conclusion of the Federal Action.
On May 9, 2022, plaintiff Noel Curtis, a Vice President of Technology of Grubhub, commenced this action seeking a declaratory judgment that the Customer Data Law is null and void because it is preempted by Civil Rights Law §§ 50 - 51 under the doctrine of conflict preemption (NYSCEF Doc. No. 2 [Compl.]). His complaint asserts that, if the Customer Data Law goes into effect, he will be harmed by either: (1) being forced to affirmatively opt-out of the data sharing between Grubhub and third-party restaurants mandated by the Customer Data Law; or, if he fails to do so, (2) having his personal data shared with third-party restaurants that may not properly secure it and may also use his information in "marketing" in a manner that violates Civil Rights Law §§ 50 and 51. In his complaint, plaintiff argues that this impermissible marketing includes a restaurant using his name and address to send him promotional materials.
The Court notes that plaintiff and Grubhub are represented by the same law firm—and indeed, many of the same attorneys of the law firm—in this action and the Federal Action.
The City now moves to dismiss the complaint, arguing that: (1) plaintiff does not have standing to challenge the Customer Data Law as the alleged harm asserted is speculative and contingent on plaintiff acting against his interest, and (2) the complaint fails to state a claim, as there is no conflict between the Customer Data Law and Civil Rights Law §§ 50 - 51. Plaintiff opposes the motion.
DISCUSSION
The Court first addresses the question of plaintiff's standing to bring the instant action (See Sec. Pac. Nat. Bank v. Evans , 31 A.D.3d 278, 279, 820 N.Y.S.2d 2 [1st Dept. 2006] ). "[T]he burden is on the [City] to establish, prima facie, the plaintiff's lack of standing as a matter of law" ( New York Community Bank v. McClendon , 138 A.D.3d 805, 806, 29 N.Y.S.3d 507 [2d Dept. 2016] [citations omitted]; see CPLR § 3211[a][3] ). The "motion will be defeated if the plaintiff's submissions raise a question of fact as to its standing" ( U.S. Bank N.A. v. Clement , 163 A.D.3d 742, 743, 81 N.Y.S.3d 116 [2d Dept. 2018] [internal quotation marks and citation omitted], lv denied 32 N.Y.3d 1197, 95 N.Y.S.3d 151, 119 N.E.3d 791 [2019] ).
The City has met its burden here. To have standing to sue, plaintiff must allege an "injury in fact," i.e., that he has "suffered a cognizable harm that is not tenuous, ephemeral, or conjectural but is sufficiently concrete and particularized to warrant judicial intervention" ( Stevens v. New York State Div. of Criminal Justice Services , 206 A.D.3d 88, 98, 169 N.Y.S.3d 1 [1st Dept. 2022] [internal citations and quotations omitted]). A plaintiff "making a general attack on legislative or administrative action or inaction must [also] demonstrate special damages distinct from that suffered by the public at large" i.e., a "special right[ ] or interest[ ] in the matter in controversy, other than [that] common to all taxpayers and citizens" ( Abrams v. New York City Tr. Auth. , 48 A.D.2d 69, 70, 368 N.Y.S.2d 165 [1st Dept. 1975] [internal citations omitted], affd , 39 N.Y.2d 990, 387 N.Y.S.2d 235, 355 N.E.2d 289 [1976] ). The foregoing requirements apply to an action, such as this one, for declaratory and injunctive relief challenging a local law as preempted by a state law (See Patrolmen's Benev. Ass'n of City of New York, Inc. v. City of New York , 142 A.D.3d 53, 35 N.Y.S.3d 314 [1st Dept. 2016] appeal dismissed 28 N.Y.3d 978, 39 N.Y.S.3d 852, 62 N.E.3d 564 [2016] ).
Plaintiff's complaint does not satisfy any of these requirements. The injury alleged therein—that his personal information will be transmitted to restaurants who will use it in a manner that violates Civil Rights Law §§ 50 - 51 —is an injury shared by all other New Yorkers who do not opt-out of the data sharing contemplated by the Customer Data Law. Moreover, the harm contemplated by the complaint is also entirely speculative. Plaintiff alleges that, if the Customer Data Law is enforced (which enforcement would, the Court notes, necessarily be preceded by the District Court in the Federal Action rejecting Grubhub's argument that the Customer Data Law is preempted by Civil Rights Law §§ 50 - 51 ) then plaintiff, a Vice President of Technology for Grubhub, will intentionally not opt-out of the data sharing directed by this law, after which these restaurants will use his information in marketing in a manner impermissible under Civil Rights Law §§ 50 - 51 . This harm is entirely contingent on a series of events that may or may not happen and is therefore not sufficient to confer standing (See Roberts v. Health and Hosps. Corp. , 87 A.D.3d 311, 318-19, 928 N.Y.S.2d 236 [1st Dept. 2011] [petitioners’ claim that the scheduled layoffs would leave HHC so short-staffed that HHC facilities would inevitably violate Public Health Law article 28, thus exposing them to "imminent" risk from "smoke, fire, bacterial, toxic and structural hazards," is speculative]; see also Schulz v. Cuomo , 133 A.D.3d 945, 947, 22 N.Y.S.3d 602 [3d Dept. 2015] ).
Plaintiff also raises the possibility that a restaurant holding his personal data might suffer a data breach, resulting in the exposure of his personal data, but this harm is entirely speculative and insufficient to sustain standing.
In addition, the Court notes that the first link in this chain of events requires that plaintiff intentionally decline to opt-out of this data sharing, despite knowing that in failing to do so will result in his data will be shared by Grubhub, an outcome he does not want. The fact that the harm alleged requires plaintiff to act against his own interest further undercuts any claim to standing (See Chino v. New York Dept. of Fin. Services , 171 A.D.3d 610, 610-11, 100 N.Y.S.3d 1 [1st Dept. 2019] ["any injury suffered by petitioners was self-created, by abandonment of the licensing process after submission of an incomplete application"]; Lancaster Dev., Inc. v. McDonald , 112 A.D.3d 1260, 1261-62, 978 N.Y.S.2d 398 [3d Dept. 2013] ["inasmuch as the harm purportedly suffered by Lancaster was occasioned not by its failure to secure the winning bid for the project but, rather, by its entirely voluntary decision to forgo submitting a bid at all, we are not persuaded that Lancaster has suffered an injury in fact distinct from that of the public at large"]; Barrett Paving Materials, Inc. v. New York State Thruway Auth. , 184 A.D.3d 1173, 1174, 126 N.Y.S.3d 596 [4th Dept. 2020] [same]). Finally, to the extent that plaintiff argues that he is harmed by the requirement that he affirmatively opt-out of having his data shared by Grubhub, this is an inconvenience rather than a harm.
Even assuming, for the sake of argument, that plaintiff had standing, the Court would dismiss this action on its merits, because plaintiff's argument that a conflict between the Customer Data Law and Civil Rights Law §§ 50 - 51 exists such that the latter preempts the former is simply incorrect.
Civil Rights Law § 50 provides that
A person, firm or corporation that uses for
advertising purposes, or for the purposes of trade, the name, portrait or picture of any living person without having first obtained the written consent of such person, or if a minor of his or her parent or guardian, is guilty of a misdemeanor
Civil Rights Law § 51 provides, in turn, that
Any person whose name, portrait, picture or voice is used within this state for advertising purposes or for the purposes of trade without the written consent first obtained as above provided may maintain an equitable action in the supreme court of this state against the person, firm or corporation so using his name, portrait, picture or voice, to prevent and restrain the use thereof; and may also sue and recover damages for any injuries sustained by reason of such use and if the defendant shall have knowingly used such person's name, portrait, picture or voice in such manner as is forbidden or declared to be unlawful by section fifty of this article, the jury, in its discretion, may award exemplary damages. But nothing contained in this article shall be so construed as to prevent any person, firm or corporation from selling or otherwise transferring any material containing such name, portrait, picture or voice in whatever medium to any user of such name, portrait, picture or voice, or to any third party for sale or transfer directly or indirectly to such a user, for use in a manner lawful under this article
Plaintiff argues that Administrative Code § 20-563.7(c)—which prohibits third-party food delivery services from limiting the ability of food service establishments to use customer data provided by Grubhub for "marketing or other purposes outside of the third-party food delivery service website"—falls within these statutes’ prohibition on the use of an individual's name for advertising or trade purposes without that individual's written consent. The Court disagrees.
A reading of Administrative Code § 20-563.7, as a whole, indicates that the "marketing" contemplated by subsection (c) is constrained by subsection (d), which requires written consent from the customer before any food service establishments can sell, rent, or disclose such customer data to any other party in exchange for financial benefit. In light of this limitation, the only reasonable reading of subsection (c) is that it contemplates a restaurant's use of its customers’ names and addresses to market the restaurant to them through generic mailings and promotions rather than, as feared by plaintiff, advertising specific customer's patronage of a restaurant within promotional materials.
To the extent that plaintiff argues that such a generic mailing violates Civil Rights Law §§ 50 - 51, this argument is entirely undercut by the repeated admonition of the Court of Appeals that the prohibitions of Civil Rights Law §§ 50 and 51 "are to be strictly limited to nonconsensual commercial appropriations of the name, portrait or picture of a living person" ( Finger v. Omni Publications Intern., Ltd. , 77 N.Y.2d 138, 141, 564 N.Y.S.2d 1014, 566 N.E.2d 141 [1990] ) i.e., a business's dissemination of an individual's name and/or likeness to the public to promote a particular good or service or its commercial enterprise more generally (See e.g. , Hernandez v. Wyeth Ayerst Labs. , 291 A.D.2d 66, 738 N.Y.S.2d 336 [1st Dept. 2002] ). The "marketing" contemplated by Administrative Code § 20-563.7(c) simply does not fall within this category. As there is no conflict between Administrative Code § 20-563.7 and Civil Rights Law §§ 50 - 51, the doctrine of conflict preemption does not apply to invalidate the Customer Data Law.
Accordingly, it is
ORDERED that the City of New York's motion to dismiss is granted and this action is dismissed.
This constitutes the decision and order of the Court.