Opinion
CV-24-00730-PHX-DGC
12-16-2024
Ivonne Carbajal, Plaintiff, v. Home Depot U.S.A., Inc.; and Validity, Inc., Defendants.
ORDER
David G. Campbell Senior United States District Judge
Plaintiff Ivonne Carbajal brings this class action against retailer Home Depot.Plaintiff alleges violations of Arizona's Telephone, Utility and Communication Service Records Act (the “TUCSRA”). Docs. 1, 4. Defendant has filed a motion to dismiss under Federal Rule of Civil Procedure 12(b)(6), which is fully briefed. Doc. 20. Defendant requests oral argument, but the Court concludes that oral argument will not aid its decision. For reasons stated below, the Court will grant the motion.
Plaintiff voluntarily dismissed Defendant Validity, Inc., a software development company that provides email marketing platforms to businesses. Doc. 18.
I. Background.
The following factual allegations of the amended complaint are taken as true for purposes of this motion. Defendant uses Everest, an email tracking platform, for promotional emails Defendant sends to individuals on its subscriber list. Doc. 4 ¶¶ 1-2, 28-31, 44. Everest utilizes email tracking pixels that Plaintiff calls “spy pixels.” Id. ¶¶ 1-2, 20. A tracking pixel is a transparent image, typically one pixel high and one pixel wide, embedded in an email. Id. ¶¶ 21-24. When the recipient opens the email, the pixel reports to the sender certain information about the recipient's interaction with the email. Id. ¶¶ 23-27. Retailers use tracking pixels to determine how recipients engage with the content to better target recipients with future emails. Id. ¶¶ 2, 6, 19, 21, 32.
Citations are to numbered paragraphs in the documents or numbers attached to the top of pages by the Court's electronic filing system.
Plaintiff subscribed to Defendant's marketing email list and opened promotional emails she received from Defendant. Id. ¶¶ 1, 10-11. Each email contained a pixel that reported information to Defendant when the email was opened, including when, where, and for how long it was opened; the recipient's email address, client type, and path data; the device used to open the email; whether the email was forwarded or printed; and whether any links in the email were clicked. Id. ¶¶ 1-2, 6, 12, 26-27, 39-44, 70. Plaintiff had no knowledge that the emails contained tracking pixels, and Defendant never received Plaintiff's authorization to use such pixels or to collect the information the pixels obtained. Id. ¶¶ 7, 13, 45-46.
The complaint asserts a single count for violation of the TUCSRA, A.R.S. § 441376 et seq. Id. ¶¶ 66-74. The TUCSRA makes it unlawful for a person to “[k]nowingly procure . . . a public utility record, a telephone record or communication service record of any resident of [Arizona] without the authorization of the customer to whom the record pertains or by fraudulent, deceptive or false means.” A.R.S. § 44-1376.01(A)(1). Plaintiff focuses on the phrase “communication service record” and claims that each time she opened a marketing email from Defendant the tracking pixel violated the TUCSRA by impermissibly procuring a “communication service record” related to Plaintiff. Doc. 4 ¶¶ 70-72.
The complaint also alleges generally that Defendant invaded Plaintiff's privacy and intruded on her seclusion (id. ¶ 73), but does not set forth separate causes of action for these torts or address their elements. See In re Est. of Reynolds, 327 P.3d 213, 215 (Ariz.Ct.App. 2014) (discussing the torts of invasion of privacy and intrusion upon seclusion) (citing cases and Restatement (Second) of Torts § 652A-D); Briggs v. Cnty. of Maricopa, No. CV-18-02684-PHX-EJM, 2020 WL 3440288, at *3 (D. Ariz. June 23, 2020) (same).
Plaintiff has also sued Lowe's and The Gap for violating the TUCSRA with tracking pixels. See Carbajal v. Lowe's Home Centers LLC, No. CV-24-01030-PHX-DLR (D. Ariz. May 5, 2024); Carbajal v. Gap Inc., No. CV-24-01056-PHX-ROS (D. Ariz. May 7, 2024). Plaintiff voluntarily dismissed the complaint against Lowe's on September 26, 2024. Plaintiff and The Gap filed a notice of settlement on November 29, 2024.
In arguing that the complaint fails to state a claim, Defendant asserts that none of the information collected by the tracking pixels constitutes a “communication service record” under the TUCSRA. Doc. 20 at 6-15.
II. Rule 12(b)(6) Standard.
Dismissal under Rule 12(b)(6) is appropriate when the complaint lacks a cognizable legal theory or fails to allege facts sufficient to support its theory. Balistreri v. Pacifica Police Dep 't, 901 F.2d 696, 699 (9th Cir. 1990). A complaint that sets forth a cognizable legal theory will survive a motion to dismiss if it contains “sufficient factual matter, accepted as true, to ‘state a claim to relief that is plausible on its face.'” Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009) (quoting BellAtl. Corp. v. Twombly, 550 U.S. 544, 570 (2007)). A claim has facial plausibility when the plaintiff pleads “factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged.” Id.
III. Arizona's Statutory Scheme For Protecting Communication Service Records.
Seven years before enactment of the TUCSRA, Arizona amended the Eavesdropping and Communications Act, A.R.S § 13-3001 et seq., to allow prosecutors to subpoena “communication service records” from “communication service providers” that do business in Arizona or furnish communication services within the state. A.R.S. § 13-3018(A)-(B); see 2000 Ariz. Legis. Serv. Ch. 189 (H.B. 2428) (Apr. 7, 2000). The Act defined “communication service provider” as “any person who is engaged in providing a service that allows its users to send or receive oral, wire or electronic communications or computer services.” A.R.S. § 13-3001(3). The Act defined “communication service record” with the same language the legislature later used in the TUCSRA, which is discussed below. See A.R.S. § 13-3018(G).
In 2006, Arizona enacted the Telephone Records Act. See 2006 Ariz. Legis. Serv. Ch. 260, § 1 (H.B. 2785); A.R.S. T. 44, Ch. 9, Art. 20 (“Article 20, Telephone Records, consisting of §§ 44-1376, 44-1376.01 to 44-1376.05, was added by Laws 2006, Ch. 260, § 1 effective September 21, 2006”). This statute prohibited the practice known as “pretexting,” where data brokers fraudulently gain access to telephone records by posing as the customer. They then sell the customer's records without consent. See Ariz. Sen. Fact Sheet for H.B. 2785, 2006 Reg. Sess. H.B. 2785 (Apr. 25, 2006). The Telephone Records Act made it unlawful for a person to “[k]nowingly procure . . . a telephone record of any resident of [Arizona] without the authorization of the customer to whom the record pertains or by fraudulent, deceptive or false means.” 2006 Ariz. Legis. Serv. Ch. 260 § 1 (H.B. 2785) (codified at A.R.S. § 44-1376.01(A)(1)). The Act defined “telephone record” to mean information “[r]etained by a telephone company” about a customer, such as “the time the call started and ended, the duration of the call, the time of day the call was made, any charges applied and any information that indicates the location from which or to which the call was made.” Id. (codified at § 44-1376(4)).
A “telephone record” is defined in the TUCSRA with the same words. A.R.S. § 44-1376(7).
In 2007, Arizona enacted the TUCSRA to expand the Telephone Records Act to include public utility records and communication service records, protecting these additional records from the practice of pretexting. See 2007 Ariz. Sess. Ch. 210, § 2 (H.B. 2726) (May 14, 2007); see also A.R.S. T. 44, Ch. 9, Art. 20 (“The heading of Article 20 was changed from ‘Telephone Records” to “Telephone, Utility and Communication Service Records”, by Laws 2007, Ch. 210, § 1, eff. September 19, 2007.”); Ariz. Sen. Fact Sheet for H.B. 2726, 2007 Reg. Sess. H.B. 2726 (Apr. 20, 2007) (defining “pretexting” as “the practice of getting personal information under false pretenses” and stating that the TUCSRA's purpose is to “[p]rohibit[] the procurement and sale of public utility records and communication service records through unauthorized, fraudulent or deceptive means”). The TUCSRA provides that “[a] person shall not . . . [k]nowingly procure . . . a public utility record, a telephone record or communication service record of any resident of [Arizona] without the authorization of the customer to whom the record pertains or by fraudulent, deceptive or false means.” A.R.S. § 44-1376.01(A)(1) (emphasis added).
Using the words of the Eavesdropping and Communications Act, the TUCSRA defines “communication service record” in terms of “subscriber information” of particular types:
“Communication service record” includes subscriber information, including name, billing or installation address, length of service, payment method, telephone number, electronic account identification and associated screen names, toll bills or access logs, records of the path of an electronic communication between the point of origin and the point of delivery and the nature of the communication service provided, such as caller identification, automatic number identification, voice mail, electronic mail, paging or other service features.A.R.S. § 44-1376(1). Similarly, the TUCSRA defines “public utility record” to include “customer information” such as “name, billing or installation address, length of service, payment method or any other personal identifying information.” A.R.S. § 44-1376(4). And its definition of “telephone record” covers records arising from “the relationship between the telephone company and the customer.” A.R.S. § 44-1376(7). Thus, the clear purpose of the TUCSRA is to protect the records that three kinds of entities - telephone companies, public utilities, and communication service providers - collect about their subscribers and customers. The TUCSRA requires these entities to “establish reasonable procedures to protect against unauthorized or fraudulent disclosure of such records that could result in substantial harm or inconvenience to any customer.” A.R.S. § 44-1376(B). The TUCSRA also provides a civil cause of action to customers whose records are unlawfully procured, see § 44-1376.04, and makes a violation of the statute a class 1 misdemeanor, see § 44-1376.05.
IV. Discussion.
Plaintiff claims that Defendant's tracking pixels collect “communication service records” in violation of the TUCSRA. Docs. 4 ¶ 69, 23 at 10. Focusing on discrete categories of information contained in the statutory definition of “communication service record,” Plaintiff contends that Defendant procured her “name”; her “electronic account identification” or “associated screen name”; “access logs” of the time and place the email was opened; and “records of the path of an electronic communication between the point of origin and the point of delivery” by tracking whether the email was forwarded. Doc. 23 at 10-12 (citing Doc. 4 ¶¶ 37-44, 65, 69, 70). Plaintiff provides dictionary definitions for some terms in the definition, such as “access” and “log,” but she makes no attempt to define the key phrase “communication service,” which modifies “record,” or to explain what role that phrase plays in the TUCSRA. Docs. 23 at 11, 24 at 5-6.
If the Arizona legislature had intended the TUCSRA to apply to any record about any communication as Plaintiff contends, it could have done so by using the word “record.” Instead, it used the phrase “communication service record,” which it lifted verbatim from the Eavesdropping and Communications Act, a statute that applies directly to “communication service providers.” As already noted, the Act defines “communication service provider” to mean “any person who is engaged in providing a service that allows its users to send or receive oral, wire or electronic communications or computer services.” A.R.S. § 13-3001(3). This definition covers businesses such as internet service providers that deliver actual communication services to subscribers, rather than retailers engaged in selling goods and services who communicate with customers by email. And contrary to Plaintiff's assertion (Doc. 23 at 12-14), the interpretation of the TUCSRA should comport with the Eavesdropping and Communications Act. The statutes address related subjects and the TUCSRA uses specific language from the Act. See Welch-Doden v. Roberts, 42 P.3d 1166, 1171 (Ariz.Ct.App. 2002) (“In construing statutes, we have a duty to interpret them in a way that promotes consistency, harmony, and function.”); Stambaugh v. Killian, 398 P.3d 574, 575 (Ariz. 2017) (“Words in statutes should be read in context in determining their meaning. . . . In construing a specific provision, we look to the statute as a whole and we may also consider statutes that are in pari materia - of the same subject or general purpose - for guidance and to give effect to all of the provisions involved.”); SolarCity Corp. v. Arizona Dep t of Revenue, 413 P.3d 678, 681 (Ariz. 2018) (“The best indicator of [legislative] intent is the statute's plain language, which we read in context with other statutes relating to the same subject or having the same general purpose.”); Nicaise v. Sundaram, 432 P.3d 925, 927 (Ariz. 2019) (“We interpret statutory language in view of the entire text, considering the context and related statutes on the same subject.”).
Plaintiff fails to address the fact that the definition of “communication service record” in the TUCSRA applies only to “subscriber information.” A.R.S. § 44-1376(1) (“‘Communication service record' includes subscriber information, including . . .”) (emphasis added). When she quotes this definition, Plaintiff highlights the word “includes” that appears before “subscriber information,” as though the word means that the definition encompasses more than the specifically enumerated kinds of subscriber information that follow. Doc. 23 at 7. But Plaintiff never makes this argument directly, and she points to no other general category of information included in the definition.
The definition also includes specific types of subscriber information such as the “billing or installation address, length of service, [and] payment method[.]” Id. And as further evidence that it applies to the records of communication service providers, it specifically includes “the nature of the communication service provided, such as caller identification, automatic number identification, voice mail, electronic mail, paging or other service features.” A.R.S. § 44-1376(1) (emphasis added).
The definition's focus on “subscriber” information comports with other portions of the TUCSRA which refer to the “customer” of a public utility in the definition of “public utility record,” see § 44-1376(4), and to “the relationship between the telephone company and the customer” in its definition of “telephone record,” see § 44-1376(7). In other words, the statute consistently protects subscribers and customers from the unauthorized procurement of their records maintained by telephone companies, public utilities, and communication service providers. See A.R.S. §§ 44-1376(A)-(B).
To summarize, the overall statutory scheme and the statute's specific language make clear that “communication service record” does not simply refer to the discrete categories of information listed in the definition (categories that could be said to have been captured by the tracking pixels), but instead refers to records communication service providers maintain about their subscribers. See Doc. 20 at 11-12.
The Arizona legislature could expand the TUCSRA to cover information gathered by marketing emails and pixel technology, but it has not done so. And prior to the recent class actions brought in federal courts, the TUCSRA had never been invoked in a civil case of this nature. See Hartley v. Urb. Outfitters, Inc., No. CV 23-4891, 2024 WL 3445004, at *4 & n.54 (E.D. Pa. July 17, 2024) (same and collecting recently filed cases). Plaintiff cites no case from Arizona or elsewhere supporting her novel and broad interpretation of the TUCSRA. Until recently, the only cases addressing the statute arose in the criminal context and involved the law enforcement exemption under A.R.S. § 44-1376.02. See State v. Zuck, No. 2 CA-CR 2019-0130, 2021 WL 2103598, at *3-4 (Ariz.Ct.App. May 25, 2021) (affirming denial of motion to suppress subscriber information under § 44-1376.02); State v. Duran, No. 2 CA-CR 2016-0318, 2017 WL 6333916, at *3 (Ariz.Ct.App. Dec. 11, 2017) (affirming denial of motion to suppress telephone records and rejecting the defendant's citation to § 44-1376.01).
The Court's interpretation of the TUCSRA is consistent with a recent state court case, D'Hedouville v. H&M Fashion USA, Inc., No. C20243386, at *3 (Ariz. Super. Ct. Oct. 11, 2024). The plaintiff in that case, like Plaintiff here, claimed that the defendant violated the TUCSRA by using tracking pixels in marketing emails to obtain an “access log.” Doc. 25-1 at 2. In dismissing the claim, the Arizona superior court noted that the legislative history of the TUCSRA supported a narrower reading of the statute:
[The] TUSCRA was first enacted in 2006 to respond to concerns that additional security was needed to prevent unauthorized disclosure of information that was held by telecommunications carriers, not direct email marketing. See H.B. 2785 Fact Sheet 47th Leg. 2d Reg. Sess. (Ariz. Apr. 24, 2006) (“Local, long distance and wireless telephone companies collect
customer information, including the numbers called, the time of the calls and particular services used . . . The FCC is currently investigating numerous companies for allegedly illegally procuring phone records.') This initial focus on telephone records was expanded to include ‘communication service records' and ‘public utility records.' It again showed a concern that confidential information regarding a subscriber to a communication service might be procured by fraudulent or deceptive means. The Arizona legislature has not amended the statute since 2007, and no Arizona court has interpreted ‘communication service record' to include the information gleaned from a tracking pixel.Id. at 4. The state court rejected the plaintiff's “expansive interpretation of the statute[,]” concluding that the information at issue - “when and how an email was opened, how long it was opened, what device was used, the associated IP address of the recipient, and whether it was forwarded - is not a ‘communication service record' or a type of ‘access log' protected by [the] TUSCRA.” Id. at 5; see also Morgan v. Twitter Inc., No. 2:22-CV-00122-MKD, 2023 WL 8115775, at *15 (E.D. Wash. Nov. 22, 2023) (dismissing claim for procurement of a “telephone record” where the plaintiff's telephone number was obtained from the plaintiff himself and not a “telecommunications company”).
Plaintiff's complaint does not state a claim under the TUCSRA. It does not allege that Defendant procured records from Plaintiff's communication service provider. See Doc. 20 at 15-16. The conduct at issue - sending marketing emails and collecting information through tracking pixels - simply is not covered by the TUCSRA.
The Court also finds unpersuasive Plaintiff's assertion that Defendant procured records from an email service provider such as Gmail or Yahoo. Doc. 23 at 13-14. The complaint contains no such allegations, and the tracking pixels obtained information from Plaintiff, not Gmail or Yahoo. See Hastings v. BAC Home Loans Servicing, No. CV 12-0051-TUC-JGZ, 2012 WL 13019522, at *3 (D. Ariz. June 15, 2012) (“[A] court may not consider contentions alleged for the first time in a response to a motion to dismiss.'”) (citation omitted). The Court need not address Defendant's other arguments that Plaintiff has not pled facts showing Defendant knowingly collected her information without authorization or that she is Defendant's customer. Docs. 20 at 20-22, 24 at 13-15.
IT IS ORDERED:
1. Defendant's motion to dismiss (Doc. 20) is granted.
2. The Clerk is directed to enter a separate judgment of dismissal and terminate this action.