Opinion
21-cv-05143-HSG
10-03-2023
SYDNEY JI, et al., Plaintiffs, v. NAVER CORPORATION, et al., Defendants.
ORDER GRANTING IN PART AND DENYING IN PART MOTIONS TO DISMISS
Re: Dkt. Nos. 108, 112, 124
HAYWOOD S. GILLIAM, JR. UNITED STATES DISTRICT JUDGE
Pending before the Court are Defendants' second-round motions to dismiss. Dkt. Nos. 108 (“NAVER MTD”), 112 (“LINE MTD”). The motions have been fully briefed. See Dkt. Nos. 114 (“Opp. to LINE MTD”), 115 (“Opp. to NAVER MTD”), 118 (“NAVER Reply”), 119 (“LINE Reply”). The Court finds this matter appropriate for disposition without oral argument and the matter is deemed submitted. See Civil L.R. 7-1(b). For the reasons discussed below, the Court GRANTS IN PART and DENIES IN PART Defendants' motions to dismiss.
Plaintiffs filed a motion for leave to file a statement of recent decision. Dkt. No. 124. The Court GRANTS the motion. Plaintiffs' statement of recent decision and the referenced order (Exhibits 1 and 2 to the motion) are deemed filed; Plaintiffs do not need to re-file these documents as standalone entries on the docket.
I. FACTUAL BACKGROUND
The Court granted Defendants' first motions to dismiss with leave to amend. See generally Ji v. Naver Corp., No. 21-CV-05143-HSG, 2022 WL 4624898 (N.D. Cal. Sept. 30, 2022). Plaintiffs filed a First Amended Complaint, which alleges 11 causes of action: 1) Intrusion Upon Seclusion - By California Plaintiffs Against All Defendants; 2) Violation of the Right to Privacy -California Constitution - By California Plaintiffs Against All Defendants, 3) Violation of the California Unfair Competition Law, Bus. & Prof. Code §§ 17200, et seq. - By California Plaintiffs Against All Defendants; 4) Violation of the California False Advertising Law, Bus. & Prof. Code §§ 17500, et seq. - By California Plaintiffs Against All Defendants; 5) Violation of California Invasion of Privacy Act, California Penal Code §§ 630, et seq. - California Plaintiffs Against All Defendants; 6) Violation of the Electronic Communications Privacy Act, 18 U.S.C. § 2510, et seq. - All Plaintiffs Against All Defendants; 7) Violation of the Computer Fraud and Abuse Act, 18 U.S.C. § 1030 - All Plaintiffs Against All Defendants; 8) Violation of the Illinois Biometric Information Privacy Act, 740 ILCS 14/1, et seq. - Plaintiff Shubert Against All Defendants; 9) Larceny / Receipt of Stolen Property, Cal. Penal Code § 496(a) and (c) - California Plaintiffs Against All Defendants; 10) Conversion - California Plaintiffs Against All Defendants; and 11) Restitution / Unjust Enrichment - California Plaintiffs Against All Defendants. See Dkt. No. 100 (“FAC”) ¶¶ 69-394. The NAVER/SNOW Defendants and the LINE Defendants each move to dismiss the FAC in its entirety.
The NAVER Defendants are NAVER Corporation, NAVER Cloud Corporation, and NAVER Cloud America Inc. The SNOW Defendants are SNOW Corporation and SNOW Inc. When referring to both the NAVER and SNOW Defendants, the Court will use the term “NAVER/SNOW Defendants.”
The LINE Defendants are Z Holdings Corporation, LINE Corporation, LINE Plus Corporation, and LINE Euro-Americas Corporation. When relevant, the Court will refer to the “foreign LINE Defendants,” which are Z Holdings Corporation, LINE Corporation, and LINE Plus Corporation.
II. LEGAL STANDARD
Federal Rule of Civil Procedure 8(a) requires that a complaint contain “a short and plain statement of the claim showing that the pleader is entitled to relief.” Fed.R.Civ.P. 8(a)(2). A defendant may move to dismiss a complaint for failing to state a claim upon which relief can be granted under Rule 12(b)(6). “Dismissal under Rule 12(b)(6) is appropriate only where the complaint lacks a cognizable legal theory or sufficient facts to support a cognizable legal theory.” Mendiondo v. Centinela Hosp. Med. Ctr., 521 F.3d 1097, 1104 (9th Cir. 2008). To survive a Rule 12(b)(6) motion, a plaintiff need only plead “enough facts to state a claim to relief that is plausible on its face.” Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007). A claim is facially plausible when a plaintiff pleads “factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged.” Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009).
Rule 9(b) imposes a heightened pleading standard where fraud is an essential element of a claim. See Fed.R.Civ.P. 9(b) (“In alleging fraud or mistake, a party must state with particularity the circumstances constituting fraud or mistake.”); see also Vess v. Ciba-Geigy Corp. USA, 317 F.3d 1097, 1107 (9th Cir. 2003). A plaintiff must identify the “who, what, when, where, and how” of the alleged conduct, so as to provide defendants with sufficient information to defend against the charge. Cooper v. Pickett, 137 F.3d 616, 627 (9th Cir. 1997) (quotations omitted). However, “[m]alice, intent, knowledge, and other conditions of a person's mind may be alleged generally.” Fed.R.Civ.P. Rule 9(b).
In reviewing the plausibility of a complaint, courts “accept factual allegations in the complaint as true and construe the pleadings in the light most favorable to the nonmoving party.” Manzarek v. St. Paul Fire & Marine Ins. Co., 519 F.3d 1025, 1031 (9th Cir. 2008). Nevertheless, courts do not “accept as true allegations that are merely conclusory, unwarranted deductions of fact, or unreasonable inferences.” In re Gilead Scis. Secs. Litig., 536 F.3d 1049, 1055 (9th Cir. 2008) (quoting Sprewell v. Golden State Warriors, 266 F.3d 979, 988 (9th Cir. 2001), amended on other grounds, 275 F.3d 1187 (9th Cir.2001)).
Even if the court concludes that a 12(b)(6) motion should be granted, the “court should grant leave to amend even if no request to amend the pleading was made, unless it determines that the pleading could not possibly be cured by the allegation of other facts.” Lopez v. Smith, 203 F.3d 1122, 1127 (9th Cir. 2000) (en banc) (quotation omitted).
III. DISCUSSION
A. Personal Jurisdiction
In its order on the first motions to dismiss, the Court found that the Complaint did not establish personal jurisdiction over the NAVER or Foreign LINE Defendants and dismissed all claims against these defendants with leave to amend. See Ji, 2022 WL 4624898, at *3-5. In the FAC, Plaintiffs added new jurisdictional allegations as to both sets of foreign defendants. Defendants, in turn, argue that these allegations contradict sworn testimony that they have submitted. For example, the NAVER Defendants include a purported summary of these new allegations against them and argue, in part, that the allegations are “devoid of any factual support and contrary to sworn declarations.” NAVER MTD at 12. Plaintiffs also added additional new jurisdictional allegations regarding the LINE Defendants. As one example, Plaintiffs submitted an expert declaration that purports to estimate the number of LINE Messenger users in California, see Dkt. No. 112-1 (“LINE Berman Decl.”). Defendants responded by including a whole page of evidentiary objections in their reply and arguing that at least parts of the declaration are “contradicted by the testimony submitted under penalty of perjury by the LINE Defendants.” LINE Reply at 2.
The Court DENIES WITHOUT PREJUDICE Defendants' motion to dismiss based on lack of personal jurisdiction because Plaintiffs have shown that jurisdictional discovery is warranted. Plaintiff's FAC now asserts more than attenuated, bare allegations, such that Plaintiffs are entitled to jurisdictional discovery. See Butcher's Union Local No. 498 v. SDC Investment, Inc., 788 F.2d 535, 540 (9th Cir. 1986) (stating that jurisdictional discovery “should ordinarily be granted where pertinent facts bearing on the question of jurisdiction are controverted or where a more satisfactory showing of the facts is necessary” (quotation omitted)). The Court therefore GRANTS Plaintiffs' request to conduct jurisdictional discovery. The parties are directed to meet and confer on the appropriate scope and length of the jurisdictional discovery period, taking into account any discovery completed to date. The Court is of the view that a jurisdictional discovery period of approximately 45 days should be sufficient. The parties shall submit a stipulation and proposed order detailing the plan for and duration of the jurisdictional discovery period no later than 7 days from the date of this order. If the parties cannot reach a stipulated agreement, then the parties shall file a joint letter brief, which likely will then be referred to a magistrate judge. The deadline to file a joint letter brief raising any dispute regarding the scope and length of jurisdictional discovery shall be no later than 14 days from the date of this order.
Plaintiffs filed an objection to the Kadota Declaration, which Defendants submitted on reply. Dkt. No. 121. Because the Court is not substantively addressing jurisdictional questions in this order, the Court TERMINATES AS MOOT Plaintiffs' objections.
The Court notes that some of Defendants' affidavits attack substantive allegations that go to the merits of the action, not simply foundational facts. For example, the NAVER Defendants claim that “neither [NAVER nor NCC] has ever developed, operated, maintained, or marketed B612 or LINE Messenger, nor directed or controlled collection or sharing of app user data-much less in California.” NAVER MTD at 14 (citing Lee Decl. ¶¶ 14-17; Seo Decl. ¶¶ 8, 10-14). If Plaintiffs are able to make a prima facie showing of personal jurisdiction, these attacks on the substantive allegations of the case may not be sufficient to defeat jurisdiction. See Loop AI Labs Inc. v. Gatti, 2016 U.S. Dist. LEXIS 195611, at *9-10 (N.D. Cal. June 8, 2016) (“[W]here the evidence proffered by a defendant merely rebuts a substantive allegation going to the merits of the action, and not a foundational fact, then defendant's evidence cannot nullify the existence of jurisdiction where a plaintiff makes the requisite prima facie showing. After all, at this stage of the proceeding (assuming there is no evidentiary hearing), a plaintiff need not prove the substantive merits of its case in order to demonstrate personal jurisdiction.”).
B. Group Pleading
In its original order, the Court identified group pleading as “one of the recurring problems with Plaintiffs' complaint” because “their claims repeatedly raise[d] allegations against undifferentiated groups of defendants, without specifying what entity or entities supposedly took what particular actions.” Ji, 2022 WL 4624898, at *6. The Court directed Plaintiffs to remedy this deficiency and cautioned Plaintiffs that they could not “evade this requirement by making allegations against groups of ‘defendants' generically.” Id.
The NAVER Defendants argue that Plaintiffs still “do not explain what each Defendant did or why each Defendant's actions constitutes a legal violation for each of their claims.” NAVER MTD at 17. The NAVER Defendants further argue that Plaintiffs' “common enterprise” allegations fail because “Plaintiffs still do not allege facts suggesting the existence of a common enterprise, much less that any NAVER or SNOW Defendant was part of it.” Id. These arguments are echoed by the LINE Defendants. See LINE MTD at 24-25 (stating that “Plaintiffs' new allegations only compound their problems, as they continue to improperly make allegations against ‘groups of defendants generically'” and the “allegations are conclusory, have no factual support in the FAC, and are contradicted by sworn declarations” (quotations omitted)). Plaintiffs respond that the FAC includes “specific allegations about the actions of the individual defendants, and the causes of action specify which Defendants are liable, and under which theories.” Opp. to LINE MTD at 23.
The Court agrees with Plaintiffs. The FAC separately breaks out the allegations supporting each cause of action by groups of Defendants. Unlike the first Complaint, the FAC makes clear which Defendants are allegedly responsible for each alleged legal violation. The fact that multiple Defendants often are alleged to be liable for a given violation is not necessarily an issue, as long as each Defendant is on notice of the claims against it. Even for the claims subject to heightened Rule 9(b) pleading requirements, the Court finds that “given the circumstances of this case . . . Plaintiff's allegations are sufficiently detailed to put each Defendant on notice of the claims against it, and to allow each Defendant to prepare its defense.” Munning v. Gap, Inc., No. 16-CV-03804-TEH, 2016 WL 6393550, at *3 (N.D. Cal. Oct. 28, 2016).
C. Article III Standing
“As the party invoking federal jurisdiction, the plaintiffs bear the burden of demonstrating that they have standing.” TransUnion LLC v. Ramirez, 141 S.Ct. 2190, 2207 (2021). “Where standing is raised in connection with a motion to dismiss, the court is to ‘accept as true all material allegations of the complaint, and . . . construe the complaint in favor of the complaining party.'” In re Facebook, Inc. Internet Tracking Litig. (“Facebook Internet Tracking”), 956 F.3d 589, 597 (9th Cir. 2020) (quoting Levine v. Vilsack, 587 F.3d 986, 991 (9th Cir. 2009)).
To establish standing, a “[p]laintiff must have (1) suffered an injury in fact, (2) that is fairly traceable to the challenged conduct of the defendant, and (3) that is likely to be redressed by a favorable judicial decision.” Spokeo, 578 U.S. at 338. Further, “in a suit for damages, the mere risk of future harm, standing alone, cannot qualify as a concrete harm.” See TransUnion, 141 S.Ct. at 2210-11.
“[U]nder Article III, an injury in law is not an injury in fact. Only those plaintiffs who have been concretely harmed by a defendant's statutory violation may sue that private defendant over that violation in federal court.” TransUnion, 141 S.Ct. at 2205 (emphasis in original). TransUnion also requires that “the asserted harm [have] a close relationship to a harm traditionally recognized as providing a basis for a lawsuit in American courts-such as physical harm, monetary harm, or various intangible harms ....” Id. at 2200 (internal quotations omitted). This test, however, “does not require an exact duplicate in American history and tradition.” Id. at 2204.
Plaintiffs' FAC alleges three categories of harm: 1) privacy harm, 2) property harm, and 3) future risk of identity theft harm.
i. Privacy Harm
a. User/Device Identifiers
In its previous order, the Court found that Plaintiffs' original complaint had “not alleged enough facts to show that the ‘user and device identifiers' are the type of information that could give rise to a privacy injury.” Ji, 2022 WL 4624898, at *7. To the extent that Plaintiffs continue to allege a privacy harm based on “user and device identifiers,” these claims are DISMISSED WITHOUT LEAVE TO AMEND. Based on Plaintiffs' characterization of the type of user and device information Defendants collect (see FAC ¶¶ 155-163, 272(a), 273(a)), the Court is not persuaded that Defendants' collection of this data intruded upon Plaintiffs' reasonable expectations of privacy or would prove highly offensive to a reasonable person - the threshold elements required to confer standing under a privacy harm theory. See Facebook Internet Tracking, 956 F.3d at 603 (finding that Plaintiffs adequately pled that Facebook's collection of “vast” amount of sensitive and personal web browsing data while users were logged off of Facebook violated their reasonable expectations of privacy in a highly offensive manner). Plaintiffs provide no new allegations or arguments which would change the Court's original decision on this issue. See Zucco Partners, LLC v. Digimarc Corp., 552 F.3d 981, 1007 (9th Cir. 2009) (“[W]here the Plaintiff has previously been granted leave to amend and has subsequently failed to add the requisite particularity to its claims, [t]he district court's discretion to deny leave to amend is particularly broad.” (quotations omitted)). For instance, Plaintiffs have not pled why they had a reasonable expectation of privacy regarding technical information (such as IP addresses, device IDs, or Android version identifiers) or app usage information (such as what features a user uses, and when) that Defendant allegedly collected, or why collection of that information (as opposed to biometric data, for instance) constituted an “egregious breach of [] social norms.” Facebook Internet Tracking, 956 F.3d at 606 (citations omitted).
b. Videos, URLs, and Keywords
The Court's original order did not address whether the alleged disclosure of “videos, URLs, and keywords” was sufficient to confer standing under a privacy harm theory. The Court analyzed these claims and found that the allegations were “not sufficient to state a claim for intrusion upon seclusion or invasion of privacy.” Ji, 2022 WL 4624898, at *11 (emphasis added).
Although the LINE Defendants' Reply takes issue with Plaintiffs' argument that “videos, URLs, and Keywords” are sufficient to allege a privacy violation, LINE Reply at 14, Defendants' opening motions did not make any standing argument based on this category. Further, the LINE Reply's three-sentence paragraph on the issue refers back to the Court's ruling on the failure to state a claim argument. Id. For these reasons, the Court will once again address this issue as a 12(b)(6) pleading question, not a standing question.
c. Biometric Data
In its original order, the Court found that “Plaintiffs have alleged enough facts to support Article III standing as to their invasion of privacy claims based on collection and storage of biometric information.” Ji, 2022 WL 4624898, at *8. The NAVER Defendants spend a considerable part of their motion apparently relitigating this issue, see NAVER MTD at 5-8, while the LINE Defendants refrain from doing so in light of the Court's previous holding, see LINE MTD at 20 n.13. The Court does not find anything new in the FAC or the briefing to warrant changing its ruling on this issue, so Defendants' motions to dismiss premised on this theory are DENIED.
ii. Property Harm
a. Harm to Mobile Devices
In its first order, the Court found that Plaintiffs' original complaint did not “allege facts sufficient to show that their cell phone batteries were drained ‘frequently or systematically'” and “likewise [made] no allegations that support that Defendants' alleged actions had anything other than a de minimis effect on their data and electricity costs.” Ji, 2022 WL 4624898, at *9.
Plaintiffs added new allegations regarding their harm to mobile devices claims but Defendants argue that “Plaintiffs allege no facts suggesting that their phones' memory, CPU, or bandwidth were harmed.” NAVER MTD at 5. They further argue that even Plaintiffs' new allegations regarding battery life do not support “the conclusion that Plaintiffs' cell phone batteries were drained frequently or systematically” or “that any marginal additional battery use was because of the collection of their data rather than the operation of photo-editing features.” Id. at 5 (quotations omitted and emphasis in original); see also LINE MTD at 21 (making similar arguments). But Plaintiff's position is that they would not have downloaded the application(s) at all had they known the truth about Defendants' use of their data, so alleging harm from excessive battery drain - whether from using the application or from Defendants' collection of their data - is sufficient. Taking Plaintiffs' allegations as true, then, the Court finds that they have plausibly alleged they have standing due to harm to their devices. The Court thus DENIES Defendants' motion to dismiss claims premised upon a “harm to devices” theory of injury.
b. Diminution of Value
In its original order, the Court explained that “to proceed on an economic injury theory, data privacy plaintiffs must allege the existence of a market for their data and the impairment of the ability to participate in that market.” Ji, 2022 WL 4624898, at *9.
Defendants argue that while “Plaintiffs cite various sources that purport to show that there is a market for user data,” they “still do not allege an impairment of their ability to participate in that market.” NAVER MTD at 5 (quotations omitted, emphasis removed, and cleaned up); see also LINE MTD at 22 (making similar arguments). Plaintiffs argue that the FAC now details “various markets and value estimates for consumer data.” Opp. to LINE MTD at 21 (citing FAC ¶¶ 164-74, 184-87; see also Opp. to NAVER MTD at 12).
The Ninth Circuit addressed standing requirements for an unjust enrichment claim based on the taking of private information in Facebook Internet Tracking. 956 F.3d 589. In that case, Plaintiffs alleged that Facebook “uses plug-ins to track users' browsing histories when they visit third-party websites, and then compiles these browsing histories into personal profiles which are sold to advertisers to generate revenue.” Id. at 600 (footnote omitted). The panel held that “California law requires disgorgement of unjustly earned profits regardless of whether a defendant's actions caused a plaintiff to directly expend his or her own financial resources or whether a defendant's actions directly caused the plaintiff's property to become less valuable.” Id. at 600 (citing CTC Real Estate Servs. v. Lepe, 140 Cal.App.4th 856, 860-61 (2006)). The panel further explained that “[t]he gist of the question of standing is whether the plaintiff has a sufficiently personal stake in the outcome of the controversy” and that “[u]nder California law, this stake in unjustly earned profits exists regardless of whether an individual planned to sell his or her data or whether the individual's data is made less valuable.” Id. The panel ultimately concluded the Plaintiffs' allegations that their data had financial value, that Facebook profited from the “valuable data,” and that Facebook's use of this data was unauthorized, meant that “Plaintiffs have adequately pleaded an entitlement to Facebook's profits from users' personal data sufficient to confer Article III standing.” Id.
The Court finds that Plaintiffs have done enough to state a plausible claim for economic injury under Facebook Internet Tracking. Plaintiffs cite to sources that describe personal data as an important “currency” of the modern economy that has significant and calculable economic value, and allege that the personal data at issue in this case does, too - to both Plaintiffs and Defendants. See FAC ¶¶ 164-74. Plaintiffs also plausibly allege that the purportedly impermissible collection of their data resulted in unfair economic gain by Defendants, and loss to themselves. See FAC ¶¶ 175-188. This is what is required. Contrary to Defendants' arguments, Plaintiffs need not plead that they “planned to sell [their] data” to show injury - but even still, they have alleged that should they choose to do so, they may find it such data “is no longer needed or marketable for that purpose.” Facebook Internet Tracking, 956 F.3d at 600; FAC ¶ 186. The Court therefore DENIES Defendants' motion to dismiss claims challenging Plaintiffs' “diminution of value” theory of economic injury. See Zucco Partners, 552 F.3d at 1007.
iii. Risk of Identity Theft
In its previous order, the Court found that “Plaintiffs' allegations amount to no more than a conjectural and hypothetical risk of access or misuse, which is not sufficient under TransUnion.” Ji, 2022 WL 4624898, at *9.
Defendants argue that Plaintiffs “again fail to allege that their information actually has been taken by the Chinese government or other entities for any purpose (and no Plaintiff alleges that they suffered any concrete harm on these grounds).” NAVER MTD 4-5 (emphasis and quotations omitted); see also LINE MTD at 21-22 (making similar arguments). Plaintiffs respond that “Defendants' possession of Plaintiffs' data carries material risk of imminent harm from further dissemination,” and that this is supported “by the Japanese government's ban prohibiting government employees from using LINE Messenger due to a data breach suspected of originating in China.” Opp. to LINE MTD at 21-22. As to the allegations concerning the NAVER Defendants, Plaintiffs argue that “[b]ecause Naver has a history of privacy violations, including collecting and storing children's information and sending it to Hong Kong, and then destroying evidence about it . . . there is a concrete risk Plaintiffs may be imminently harmed: their information remains in the hands of an entity that shows reckless disregard for its safekeeping.” Opp. to NAVER MTD at 12-13 (internal citations omitted). In a footnote, Plaintiffs also point out that B612 transmits other data “to servers in China, where it is already accessible to the Chinese government.” Opp. to NAVER MTD at 13 n.7 (citing FAC ¶¶ 155-61). The Court agrees with Defendants that Plaintiffs still do not allege “that the information actually has been taken by the Chinese government or other entities” and therefore have not cleared the TransUnion bar. Ji, 2022 WL 4624898, at *9. The Court DISMISSES WITHOUT LEAVE TO AMEND any claims based upon a “risk of identity theft” theory of injury. See Zucco Partners, 552 F.3d at 1007.
iv. BIPA
The NAVER Defendants challenge the standing of Plaintiff Shubert and the Illinois Subclass to bring BIPA section 15(a) and (c) claims. At a high level, §15(a) directs covered entities to develop and comply with certain public-facing policies concerning their retention and destruction of biometric information and identifiers, and §15(c) prohibits those entities from profiting from any data collected. Citing Seventh Circuit cases, Defendants argue that courts routinely dismiss claims relating to these sections where “there is no particularized harm to the plaintiff.” NAVER MTD at 9-10.
Sections 15(a) and 15(c) of BIPA provide:
(a) A private entity in possession of biometric identifiers or biometric information must develop a written policy, made available to the public, establishing a retention schedule and guidelines for permanently destroying biometric identifiers and biometric information when the initial purpose for collecting or obtaining such identifiers or information has been satisfied or within 3 years of the individual's last interaction with the private entity, whichever occurs first. Absent a valid warrant or subpoena issued by a court of competent jurisdiction, a private entity in possession of biometric identifiers or biometric information must comply with its established retention schedule and destruction guidelines. ....
(c) No private entity in possession of a biometric identifier or biometric information may sell, lease, trade, or otherwise profit from a person's or a customer's biometric identifier or biometric information.740 Ill. Comp. Stat. 14/15 (a), (c).
Regarding Plaintiff's § 15(a) claims, “the plaintiff's allegations of injury effectively decide the question of standing.” Zellmer v. Facebook, Inc., No. 3:18-CV-01880-JD, 2022 WL 16924098 (N.D. Cal. Nov. 14, 2022), at *3 (analyzing the Seventh Circuit § 15(a) standing framework). Simply alleging a violation of § 15(a)'s public disclosure obligations without alleging a “particularized harm that resulted from [a defendant's] violation of section 15(a)” is not sufficient to confer standing because “the duty to disclose under section 15(a) is owed to the public generally, not to particular persons whose biometric information the entity collects.” Bryant v. Compass Grp. USA, Inc., 958 F.3d 617, 626 (7th Cir. 2020), as amended on denial of reh'g and reh'g en banc (June 30, 2020). On the other hand, where a defendant's failure to uphold its § 15(a) obligations to “develop, publicly disclose, and comply with a data-retention schedule” results in “an unlawful retention of a person's biometric data[,]” a plaintiff can properly plead standing under § 15(a). Fox v. Dakkota Integrated Sys., LLC, 980 F.3d 1146, 1155 (7th Cir. 2020); see also id. (finding standing where plaintiff alleged that defendant's violation of § 15(a) “resulted in the unlawful retention of her handprint after she left the company and the unlawful sharing of her biometric data with the third-party database administrator”). Here, in addition to alleging a violation of the public disclosure provision of § 15(a), Plaintiff Shubert alleges that Defendants wrongfully collected, stored, and used his biometric identifiers. See FAC ¶¶ 372-73, 365-67. Construing the pleadings in the light most favorable to Plaintiff, the Court is satisfied that he sufficiently alleged the “full panoply” of violations under § 15(a) as Fox requires (though it recognizes that Plaintiff's pleading could have been more precise in explaining his theory of how Defendants failed to comply). The Court is persuaded that Plaintiff's allegations regarding unlawful biometric data retention are sufficiently analogous to those advanced by the Fox plaintiff to constitute a “particularized injury” arising out of Defendants' handling of biometric data. The Court therefore DENIES Defendants' motion to dismiss claims challenging Plaintiffs' standing under 15(a).
The same result is warranted as to Plaintiff's § 15(c) claim. As to this claim, Defendants argue that § 15(c) is “a general regulatory rule that is insufficient to create Article III standing absent an assertion that the plaintiff suffered a particularized injury.” NAVER Reply at 7 (quoting Kashkeesh v. Microsoft Corp., No. 21 C 3229, 2022 WL 2340876 (N.D. Ill. June 29, 2022) (discussing the holding of Thornley v. Clearview AI, Inc., 984 F.3D 1241, 1247-48 (7th Cir. 2021)). In its reply, Plaintiff maintains that Thornley does not apply, but cites to several paragraphs in the operative complaint, see Opp. to NAVER MTD at 11, to show injury, three of which deal with Defendants' commercial use of the data (see FAC ¶¶ 135-36, 370) and the rest of which mostly center, in relevant part, on Plaintiffs' diminution of value theory of injury (see FAC ¶¶ 164-88). The Court disagrees with Plaintiff's claim that Thornley does not apply, but nevertheless finds that Plaintiff has done enough to plead injury stemming from Defendants' purported violation of § 15(c). As already discussed above, Plaintiffs (including, necessarily, Plaintiff Shubert and other members of the Illinois subclass) have adequately alleged that they are economically injured by Defendants unlawfully profiting from, among other data, their biometric information and identifiers. See FAC ¶¶ 363-364, 227. The Court therefore DENIES Defendants' motion to dismiss claims challenging Plaintiffs' standing under § 15(c).
v. Traceability
In addition to pleading an injury-in-fact, Plaintiffs must show that the injury “is fairly traceable to the challenged conduct of the defendant.” Spokeo, 578 U.S. at 338. The NAVER Defendants argue that “Plaintiffs have not plausibly pled that their allegations of harm arising from LINE Messenger are traceable to the challenged action of the NAVER or SNOW Defendants, and accordingly lack standing to pursue any claims based on that app.” NAVER MTD at 10 (quotations omitted and cleaned up). The LINE Defendants similarly argue that “Plaintiffs still fail to connect the dots between each LINE Defendant and each Plaintiff's alleged harm.” LINE MTD at 23.
As to the NAVER Defendants, Plaintiffs respond that they have met the traceability requirement as to NAVER because NAVER admitted that it had “control over, and provided operational activities for, the LINE Messenger App until March 1, 2021,” during the time period that Plaintiffs were harmed; as to SNOW, Plaintiffs argue that, “as a member of the common enterprise, [it] is responsible for Plaintiffs' harm that flowed through the enterprise.” Opp. to NAVER MTD at 13 (internal citations omitted and cleaned up). As to the LINE Defendants, Plaintiffs argue that the “causal connection is simple: Plaintiffs installed Apps that they would not have but for Defendants' conduct. The Apps invaded their privacy, damaged their batteries, injured their tangible and intangible property interests, and created an imminent risk of future harm.” Opp. to LINE MTD at 23.
“At the pleading stage, [plaintiffs do] not need to prove proximate causation.” Daniel v. Nat'l Park Serv., 891 F.3d 762, 766 (9th Cir. 2018). They simply need to show that the alleged injuries are “fairly traceable” to Defendants' conduct. Spokeo, 578 U.S. at 338. Further, a “causation chain does not fail simply because it has several links, provided those links are not hypothetical or tenuous and remain plausible.” Maya v. Centex Corp., 658 F.3d 1060, 1070 (quotations omitted and cleaned up) (9th Cir. 2011). Plaintiffs have met their pleading burden as to the NAVER and LINE Defendants: they break out each cause of action and explain the role they allege each Defendant played. However, the Court finds that Plaintiffs again fail to adequately allege the SNOW Defendants' role in the purported misconduct. In defense of their pleadings, Plaintiffs assert that their harm is traceable to the SNOW Defendants “as a member of the common enterprise.” Opp. to NAVER MTD at 13 (citing FAC ¶¶ 54, 61). But the Court finds this assertion too thin to plausibly explain how, exactly, the misconduct alleged is attributable to the SNOW Defendants. The Court DISMISSES Plaintiffs' claims as to the SNOW Defendants WITH LEAVE TO AMEND and DENIES Defendants' motion to dismiss as to the remainder.
The Court notes that with the exception of the risk of future harm claims which have been dismissed, this case does not involve “numerous third parties whose independent decisions collectively have a significant effect on plaintiffs' injuries.” NAVER Reply at 7 (quoting Washington Env't Council v. Bellon, 732 F.3d 1131, 1142 (9th Cir. 2013)). Plaintiffs here directly link their alleged injuries to the challenged conduct of defendants. See Maya v. Centex Corp., 658 F.3d 1060, 1070 (9th Cir. 2011) (finding that “[c]onstruing the facts in the light most favorable to plaintiffs and drawing all inferences in their favor, plaintiffs have sufficiently alleged that defendants, not third parties, inflated the ‘bubble' in their particular neighborhoods, causing plaintiffs to overpay”).
D. Failure to State a Claim
i. Intrusion Upon Seclusion / California Constitutional Privacy Claims (Claims 1 and 2)
In its previous order, the Court found that Plaintiffs 1) “plausibly alleged a cognizable privacy interest in their facial biometric information,” and 2) did not plausibly allege facts “sufficient to state a claim for intrusion upon seclusion or invasion of privacy” due to Defendants' alleged collection of “user information, videos, URLs, and keywords.” Ji, 2022 WL 4624898, at *11.
The Court finds no reason to alter its original finding regarding Plaintiffs' biometric information privacy claims: they have plausibly alleged a cognizable privacy interest in this information. Defendants argue that even if Plaintiffs have a cognizable privacy interest in this information, they did not have a reasonable expectation of privacy because “from the time they opened the app and saw the option to utilize filters to alter their image, or did so, a reasonable person would know their face was going to be scanned.” NAVER Reply at 14 (internal quotations and citations omitted). Defendants further argue that Plaintiffs “cannot credibly argue that taking their facial scans was surreptitious or against social norms” for similar reasons. Id. (quotations omitted). At this stage, Plaintiffs only need to allege “sufficient facts to support a cognizable legal theory.” Mendiondo, 521 F.3d at 1104. They have done so.
The Court also finds no reason to alter its original finding regarding user information, videos, URLs, and keywords. Plaintiffs point to no new allegations which would alter the Court's reasoning and ultimate conclusion on this point. On the other hand, the Court notes that despite the broad grouping of “user information, videos, URLs, and keywords,” its reasoning was narrower. The Court reasoned that allegations “that LINE Messenger ‘tracks videos watched, created, liked, and/or commented on by users' . . . ‘when a LINE Messenger user is operating within the LINE messenger timeline feature'” were “not sufficient to state a claim for intrusion upon seclusion or invasion of privacy.” Ji, 2022 WL 4624898, at *11. The Court notes that allegations that Defendants intercepted actual videos (content), are different from claims that Defendants tracked, for example, which videos were watched (data about content). Defendants' motion to dismiss Plaintiffs' intrusion upon seclusion and California Constitutional Privacy claims is DENIED to the extent that it is premised on Defendants' alleged collection of content. On the other hand, Plaintiffs' intrusion upon seclusion and California Constitutional Privacy claims premised on the collection of data about content are DISMISSED WITHOUT LEAVE TO AMEND. See Zucco Partners, 552 F.3d 981 at 1007.
ii. UCL and FAL (Claims 3 and 4)
In response to Defendants' arguments, Plaintiffs argue that they have statutory standing to bring their UCL and FAL claims because they “alleged the existence of a market for their data; that they suffered benefit of the bargain damages from the loss of their personal information; battery damage; that the value of their data-which is property under California law-was diminished as result of Defendants' conduct; and the impairment of the ability to participate in that market.” Opp. to NAVER MTD at 17. For the reasons discussed above, the Court agrees.
The California Supreme Court has held that “there are innumerable ways in which economic injury from unfair competition may be shown.” Kwikset Corp. v. Superior Court, 51 Cal.4th 310, 322 (2011). For instance, a plaintiff may “surrender in a transaction more, or acquire in a transaction less, than he or she otherwise would have” or “have a present or future property interest diminished.” Id. at 323. Here, Plaintiffs have plausibly alleged (among other things) that Defendants' collection and use of their data deprived them of the benefit of their bargain and diminished the value of their personal data. Because California law recognizes this economic injury as sufficient to pursue UCL and FAL claims, Defendants' motions to dismiss these claims are DENIED.
iii. CIPA / ECPA (Claims 5 and 6)
A section 632.7(a) CIPA claim requires Plaintiffs to allege that Defendants “without the consent of all parties to a communication, intercept[ed] or receive[d] and intentionally record[ed], or assist[ed] in the interception or reception and intentional recordation of, a communication transmitted between two” devices. Cal. Penal Code § 632.7(a). The Court dismissed Plaintiff's original CIPA claim because they failed to allege that “Defendants recorded (or assisted in recording) the communications.” Ji, 2022 WL 4624898, at *11. Plaintiffs correct this deficiency in their FAC. See FAC ¶ 322 (alleging that “Defendants intercepted and recorded videos, URLs, and keystrokes contained in communications and messages transmitted via the LINE Messenger” without Plaintiffs' consent).
Defendants argue that Plaintiffs fail to allege that the recording was of communications exchanged between a covered class or classes of devices. See NAVER MTD at 20; LINE MTD at 31; see also Cal. Penal Code § 632.7 (prohibiting interception and recording of “a communication transmitted between two cellular radio telephones, a cellular radio telephone and a landline telephone, two cordless telephones, a cordless telephone and a landline telephone, or a cordless telephone and a cellular radio telephone”). The Court disagrees. Plaintiffs plead that LINE Messenger is a mobile application. See, e.g., FAC ¶¶ 97-98, 137-38. Thus, it is fair to infer at the motion to dismiss stage that Plaintiffs are alleging that the communications were transmitted between two cell phones. Defendants' motions to dismiss Plaintiffs' CIPA claim is DENIED.
As to the ECPA claims, the NAVER Defendants argue that “Plaintiffs have not alleged any facts indicating that the alleged interception occurred ‘during transmission,' as required.” NAVER MTD at 20. The LINE Defendants make a similar argument. See LINE MTD at 29-30. However, the sections of Plaintiffs' FAC that the NAVER Defendants cite in support of this argument includes the allegation that Defendants “used one or more devices linked to the domain obs-us.line-apps.com to intercept and obtain videos contained within otherwise encrypted messages while such messages are and, at all relevant times, were in transit via the domain ga2u.line.naver.jp (and IP addresses 203.104.160.11 and 203.104.160.12) from one LINE Messenger user to another.” FAC ¶ 139.
The LINE Defendants also argue that “Plaintiffs fail to plausibly allege that any LINE Defendant intercepted the ‘contents' of their communications under ECPA.” LINE MTD at 31. However, Plaintiffs allege that the intercepted data included “videos” (as well as URLs and keywords, which pose a closer question). See FAC ¶ 332. In support of their argument, Defendants cite the Court's previous order in which the Court determined that Plaintiffs' allegations “that LINE Messenger ‘tracks videos watched, created, liked, and/or commented on by users' . . . ‘when a LINE Messenger user is operating within the LINE messenger timeline feature'” were “not sufficient to state a claim for intrusion upon seclusion or invasion of privacy.” Ji, 2022 WL 4624898, at *11. That finding is inapposite here: as explained above, Plaintiffs are alleging that Defendants intercepted actual videos (content), which is different from Defendants tracking, for example, which videos were watched (data about content). Plaintiffs have sufficiently pled their ECPA claim, and the Court thus DENIES Defendants' motion to dismiss it.
In their opposition to the LINE MTD, Plaintiffs stats that “Defendants imply that their interception falls under the ‘ordinary course of business' exception to the Wiretap Act. Opp. to LINE MTD at 31-32. The Court does not actually see this implication in Defendants' briefing but regardless, it has already found that “a determination of whether the Defendants' actions are covered under the ‘ordinary course of business exception' to the Wire Tapping Act requires factual determinations that are not appropriate at this stage.” Ji, 2022 WL 4624898, at *11.
iv. CFAA (Claim 7)
Plaintiffs bring their CFAA claim under 18 U.S.C. § 1030(a)(2)(c), which imposes liability on people or entities who “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains . . . information from any protected computer.” 18 U.S.C. § 1030(a)(2)(c). Section 1030(g) further provides that “any person who suffers damage or loss by reason of a violation of this section may maintain a civil action against the violator to obtain compensatory damages and injunctive relief or other equitable relief.” 18 U.S.C. § 1030(g).
Defendants argue that Plaintiffs' CFAA claim should be dismissed because Plaintiffs do not allege that Defendants hacked their phones and because they “do not allege any damage or loss, as required” by the statute. NAVER MTD at 21. The LINE Defendants make similar arguments. See LINE MTD at 31-32. Plaintiffs allege that Defendants' conduct caused a loss because Defendant's alleged “unauthorized access and collection of data (i) frequently and systematically drained the Plaintiffs' and Class members' devices' batteries, and (ii) caused a diminution in value of Plaintiffs' and Class members' personal information, both of which occurred to millions of Class members, easily aggregating at least $5,000 in value.” FAC ¶ 345(e). In its original order, the Court cautioned Plaintiffs that any amended complaint must allege damage or loss. Ji, 2022 WL 4624898, at *9.
While the Court is skeptical that Plaintiffs' claims under the CFAA plausibly allege unlawful access, the claim again fails regardless because Plaintiffs have not met their burden of plausibly pleading damages. Because Plaintiffs must allege “harm to computers or networks, not economic harm due to the commercial value of the data itself” to have proceed on a CFAA claim, the alleged diminution in value of Plaintiffs' data is irrelevant at this stage. Universal Prot. Serv., LP v. Coastal Fire & Integration Sys., Inc., No. 22-CV-1352-JES-KSC, 2023 WL 4042582 (S.D. Cal. June 15, 2023). Rather, Plaintiffs must plausibly plead that the alleged harm from excessive battery drain results in at least $5,000 in damages annually. They have not done so. Even assuming there are millions of people in the class, Plaintiffs fail to plead any facts regarding how to monetarily value battery drain so as to satisfy the $5,000 annual requirement. Brodsky v. Apple Inc., No. 19-CV-00712-LHK, 2019 WL 4141936, at *8 (N.D. Cal. Aug. 30, 2019) (explaining that “Plaintiffs do not allege the dollar value of any alleged damages in the FAC, let alone dollar values that could amount to $5,000. In sum, Plaintiffs' bald assertion of $5,000 in damages based on 2-5 minute login delays without any facts to support the allegation is insufficient to sustain a CFAA claim” (quotation omitted)). While the Court is skeptical that Plaintiffs can meet their pleading burden here, it will give them one last chance to try. The Court accordingly DISMISSES WITH LEAVE TO AMEND Plaintiffs' CFAA claim.
v. BIPA (Claim 8)
a. Section 15(b) Claims
Both the LINE and NAVER Defendants challenge Plaintiffs' § 15(b) BIPA claims. The LINE Defendants argue that Plaintiff “Shubert's claim falls short because he fails to establish that (1) the LINE Defendants took active steps to collect his biometric information and (2) the LINE Defendants were in possession of his property.” LINE MTD at 32. Plaintiffs respond that “the FAC alleges that both [Defendants'] Apps, using the SenseTime SDK, collected face geometry scans,” which is sufficient to state a claim under § 15(b). Opp. to LINE MTD at 33. The LINE Defendants reply that “Shubert fails to plausibly allege how FAC ¶ 361 demonstrates how each LINE Defendant took any active steps to collect his biometric information.” LINE Reply at 23 (bolding removed).
This section states:
No private entity may collect, capture, purchase, receive through trade, or otherwise obtain a person's or a customer's biometric identifier or biometric information, unless it first:
(1) informs the subject or the subject's legally authorized representative in writing that a biometric identifier or biometric information is being collected or stored;
(2) informs the subject or the subject's legally authorized representative in writing of the specific purpose and length of term for which a biometric identifier or biometric information is being collected, stored, and used; and
(3) receives a written release executed by the subject of the biometric identifier or biometric information or the subject's legally authorized representative.740 Ill. Comp. Stat. Ann. 14/15.
Plaintiff Shubert clearly alleges that LINE Corp. and LINE Plus “owned and operated the B612 app” which collected the scans through SenseAR SDK. FAC ¶ 361(a). As to Z Holdings and LINE E-A, Plaintiff Shubert alleges that they are “liable for this conduct because it occurred pursuant to the common enterprise of which they are part.” FAC ¶ 361(c). This case is distinguishable from the cases cited by Defendant in which a § 15(b) claim was dismissed against the third-party maker of the technology used to capture the information because Plaintiffs did not allege that the third-party maker was actively involved in collecting the information. See e.g., Namuwonge v. Kronos, Inc., 418 F.Supp.3d 279, 286 (N.D. Ill. 2019) (explaining that the complaint alleged that “Brookdale collected the fingerprints using a system that Kronos supplied to Brookdale” and that “these allegations do not plausibly allege that Kronos collected, captured, or otherwise obtained [Plaintiff's] biometric information. Without more, [Plaintiff] does not plausibly allege a violation of section 15(b)”). Here, Defendants are alleged to have collected the information using a third-party technology. This is sufficient to state a claim under § 15(b).
The NAVER Defendants argue that Plaintiff Shubert's § 15(b) claims fail because he does not allege that his “name or physical or email address was collected by NAVER and SNOW Defendants, such that he could individually be connected with his facial geometry scans.”NAVER MTD at 22 (quotations omitted and cleaned up). Plaintiffs respond that this requirement just applies to biometric identifiers, not biometric information, and argue that “[i]n any event, the FAC alleges that Defendants can determine user identities through TMID.” Opp. to NAVER MTD at 21. Defendants argue that the standard does apply here and that “Plaintiff has not met it through allegations about the TMID (which he admits is a user ID ‘created by' Defendants, not tied to his actual identity, FAC ¶ 202) or Sensetime's ability to ‘detect a person's face out of a crowd' (which says nothing about pairing the face with an identity).” NAVER Reply at 16.
The NAVER Defendants also argue that Plaintiff Shubert “has not pled sufficient facts regarding each Defendant's actual involvement in the alleged collection of biometric data.” NAVER MTD at 22 (quotations omitted and cleaned up). The arguments and caselaw cited regarding Defendant's involvement are very similar to those of the LINE Defendants, and the Court finds that the allegations against the NAVER Defendants adequately allege their collection of biometric data under 15(b). See FAC ¶ 361(a)-(b).
The Court finds that Defendants have the better of this argument. Plaintiffs have alleged that Defendants collect users' biometric identifiers and information and other identifying data, and that users shared across the two platforms can be identified through a TMID. Plaintiffs have also alleged that both the LINE and NAVER defendants use and have filed patent applications employing facial recognition software to detect and identify faces. However, they stop short of pleading that Defendants are capable of identifying Plaintiff Shubert and members of the Illinois subclass by using the biometric data Defendants collect, whether standing alone or when combined with other methods or sources available to Defendants (e.g. users' TMIDs). In the Court's view, the paragraphs Plaintiffs cite in support of their claim that “Defendants can determine user identities through the TMID” do not support that premise. Opp. to NAVER MTD at 21. There is a difference between a company pinpointing a person's identity with the aid of biometric data and simply identifying all information it has amassed on a given user. While the Court appreciates that a company collecting biometric information regarding users (as opposed to nonusers) “could ostensibly access their name, address, or contact information[,]” the Court declines to fill in allegations Plaintiffs have not made. Wise v. Ring LLC, No. C20-1298-JCC, 2022 WL 3083068, at *2 (W.D. Wash. Aug. 3, 2022). Accordingly, Plaintiffs' § 15(b) claim is DISMISSED WITH LEAVE TO AMEND.
Because Plaintiffs make allegations as to “biometric identifiers” and “biometric information” throughout the FAC, and because they argue that they have met the “capable of determining” standard from Daichendt v. CVS Pharmacy, Inc, the Court evaluates Plaintiffs' claims against that standard. Daichendt v. CVS Pharmacy, Inc., No. 22 CV 3318, 2022 WL 17404488, at *5 (N.D. Ill.Dec. 2, 2022), modified on reconsideration, No. 22 CV 3318, 2023 WL 3579082 (N.D. Ill. Feb. 3, 2023). However, the Court does not hold here that a plaintiff making an allegation under § 15(b) just about biometric identifiers (such as facial geometry scans) necessarily must meet the “capable of determining” standard.
b. Sections 15(a) and 15(b) Disclosures Claims
The NAVER Defendants argue that “Plaintiff fails to allege why B612's disclosures fall short under § 15(a) (retention/destruction), § 15(b)(1) (collection/storage), or § 15(b)(2) (purpose/duration).” NAVER MTD at 21. Defendants argue that “Plaintiff may not ‘merely parrot the statutory language of the claims that they are pleading': they must provide ‘specific facts to ground those legal claims.'” Id. at 21-22 (quoting Kloss v. Acuant, Inc., 462 F.Supp.3d. 873-876-77 (N.D. Ill. 2020). But Plaintiffs clearly allege what they believe Defendants did not do, see FAC ¶¶ 365-368, 373, and although the allegations track the statutory language, the Court is not sure what more Plaintiffs could allege at this stage. The Court finds that Plaintiffs have sufficiently pled their § 15(a) and § 15(b) claims based on inadequate disclosure such that Defendants are on notice of the claims against them. Defendants' motion to dismiss this claim is DENIED.
c. Section 15(e) Claims
The NAVER Defendants also argue that “Plaintiff's 15(e) claim fails because the FAC does not allege that Defendants' handling of biometric information fell short of industry or internal company standards.” NAVER MTD at 22. The Court finds that Plaintiffs have adequately pled that Defendants' actions did not reach minimum industry standards and that these allegations apply to the NAVER Defendants. See FAC ¶¶ 123 (alleging that both LINE Messenger and B612 use technology produced by SenseTime); 121 (alleging that the United States “designated SenseTime as a Non-SDN Chinese Military-Industrial Complex Company”). The Court therefore DENIES Defendants' motion to dismiss claims on this issue.
i. Unjust Enrichment (Claim 11)
“An unjust enrichment claim requires the ‘receipt of a benefit and [the] unjust retention of the benefit at the expense of another.'” Williams v. Facebook, Inc., 384 F.Supp.3d 1043, 1057 (N.D. Cal. 2018) (quoting Lectrodryer v. SeoulBank, 77 Cal.App.4th 723, 726 (2000)). Defendants make several arguments against Plaintiffs' unjust enrichment claim. See LINE MTD at 36; NAVER MTD at 24-25. In responding to these arguments, Plaintiffs explain their theory of “benefit at expense of another” as follows: “Defendants profited from that stolen information, while the value of Plaintiffs' information to Plaintiffs was thereby diminished.” Opp. to LINE MTD at 36.
The Facebook Internet Tracking holding is instructive here. Even though that case analyzed the requirements of a California unjust enrichment claim in the standing context, it clearly held that “California law recognizes a right to disgorgement of profits resulting from unjust enrichment, even where an individual has not suffered a corresponding loss.” Id. at 599 (collecting cases). The Court finds Plaintiffs' unjust enrichment claim adequately pled at this stage, consistent with Facebook Internet Tracking, and thus DENIES Defendants' motion to dismiss this claim.
ii. Larceny (Claim 9)
“California Penal Code Section 484 forbids theft, which includes obtaining property “by . . . false . . . representation or pretense.” Calhoun v. Google LLC, 526 F.Supp.3d 605, 635 (quoting Cal. Penal Code § 484). “California Penal Code Section 496(a) prohibits the obtaining of property ‘in any manner constituting theft.'” Id. (quoting Cal. Penal Code § 496(a)). California Penal Code § 496(c) provides that “[a]ny person who has been injured by a violation of subdivision (a) or (b) may bring an action for three times the amount of actual damages, if any, sustained by the plaintiff, costs of suit, and reasonable attorney's fees.” Cal. Penal Code § 496.
The NAVER Defendants argue that Plaintiffs do not identify any false statement “much less any such statements that materially influenced Plaintiffs to upload images to B612.” NAVER MTD at 23. The NAVER Defendants further contend that “[t]he FAC also does not allege that the NAVER or SNOW Defendants harbored the felonious intent to permanently deprive them of their facial data, as they must to plead specific intent.” Id. (cleaned up and quotations omitted). The LINE Defendants argue that Plaintiffs do not plausibly plead facts suggesting that the LINE Defendants employed “false pretenses,” possessed the required knowledge, or collected Plaintiffs' data without their consent. LINE MTD at 34-35. Defendants also contend that Plaintiffs do not “allege ‘actual damages,' as required under section 496(c).” NAVER MTD at 23; see also LINE MTD at 35 (arguing that “the California Plaintiffs fail to adequately allege an injury”).
Plaintiffs point to their allegation that “California Plaintiffs and the California Subclass have been damaged as a result of Defendants' unlawful conversion of their property.” FAC ¶ 387. This is a citation to Plaintiffs' conversion cause of action, and Plaintiffs often cite to their conversion cause of action when making arguments regarding their larceny claim. See, e.g., Opp. to NAVER MTD at 23 (citing FAC at ¶ 385 to show that Plaintiffs pleaded that Defendants copied their data and at ¶ 386 to show that they pleaded that Defendant held their property). Plaintiffs' larceny claim is not supported by sufficient factual allegations. Plaintiffs cite to allegations all over the complaint and even from their conversion cause of action in an attempt to support their larceny claim, and that approach is inadequate. Should they choose to bring this claim in their amended complaint, Plaintiffs must include the allegations relevant to their larceny cause of action in that section so Defendants are on notice of the challenged conduct and how it relates to the cause of action.
The Court thus DISMISSES WITH LEAVE TO AMEND Plaintiffs' larceny claim.
iii. Conversion (Claim 10)
“The elements of a conversion claim are: (1) the plaintiff's ownership or right to possession of the property; (2) the defendant's conversion by a wrongful act or disposition of property rights; and (3) damages ....” Lee v. Hanley, 61 Cal.4th 1225, 1240 (2015) (quotations omitted). “It is necessary to show that the alleged converter has assumed control over the property ‘or that the alleged converter has applied the property to his own use.'” Mindys Cosms., Inc. v. Dakar, 611 F.3d 590, 601 (9th Cir. 2010) (quoting Oakdale Vill. Group v. Fong, 43 Cal.App.4th 539, 543 (1996)).
Defendants argue that Plaintiffs fail to allege that Defendants disposed of the property “by asserting ownership over it or preventing Plaintiffs from exercising all rights of ownership over it.” NAVER MTD at 23 (quoting Graham-Sult v. Clainos, 719 Fed.Appx. 562, 566 (9th Cir. 2017)); see also LINE MTD at 35 (making similar arguments). Defendants also argue that Plaintiffs fail to adequately allege 1) that they had a property interest in the data, and 2) damages. See LINE MTD at 35; NAVER MTD at 24. The Court recognizes that Plaintiffs have “a property interest in their personal information,” Calhoun, 526 F.Supp.3d at 635, and could see at lease a potential argument for extending Facebook Internet Tracking's holding regarding damages for larceny claims premised on the taking of personal information to conversion claims. But Plaintiffs have failed to allege, in the context of their conversion claim, “defendant's conversion by a wrongful act or disposition of property rights.” Lee v. Hanley, 61 Cal.4th at 1240. The Court thus DISMISSES WITH LEAVE TO AMEND Plaintiffs' conversion claim.
As an unpublished Ninth Circuit decision, Graham-Sult v. Clainos is not precedent, but may be considered for its persuasive value. See Fed. R. App. P. 32.1; CTA9 Rule 36-3.
IV. CONCLUSION
The Court GRANTS IN PART and DENIES IN PART Defendants' motions to dismiss (Dkt. Nos. 108, 112) as detailed above.
Defendants may amend existing claims as to which leave has been granted, but may not add new parties or causes of action without leave of Court. Any amended complaint is due within 28 days of the date of this order. The Court is strongly of the view that serial pleading litigation is an inefficient and time-consuming use of Court and party resources, and Plaintiffs need to plead their very best case, with adequate supporting factual allegations, as to any claims as to which leave has been granted. The Court is very unlikely to allow further leave to amend as to any claim not adequately pled in the next amended complaint, given that Plaintiffs will have had multiple opportunities to state a claim by that point.
The parties shall submit a stipulation and proposed order detailing the scope and length of the jurisdictional discovery period no later than 7 days from the date of this order. If the parties cannot reach a stipulated agreement, then the parties shall file a joint letter brief. The deadline to file a joint letter brief on the scope and length of jurisdictional discovery shall be no later than 14 days from the date of this order.
Plaintiffs filed a motion for leave to file a statement of recent decision. Dkt. No. 124. The Court GRANTS that motion.
The Court further SETS a telephonic case management conference on November 14, 2023, at 2:00 p.m. All counsel shall use the following dial-in information to access the call:
Dial-In: 888-808-6929
Passcode: 6064255
All attorneys and pro se litigants appearing for a telephonic case management conference are required to dial in at least 15 minutes before the hearing to check in with the courtroom deputy. For call clarity, parties shall NOT use speaker phone or earpieces for these calls, and where at all possible, parties shall use landlines. The Court DIRECTS the parties to meet and confer and submit a joint case management statement by November 7, 2023. The parties should be prepared to discuss how to move this case forward efficiently, and should anticipate that discovery will proceed whether or not Defendants plan to file renewed motions to dismiss, given that the Court has now found several claims adequately pled.
IT IS SO ORDERED.