Opinion
C 23-03698 WHA
11-26-2024
X CORP., Plaintiff, v. BRIGHT DATA LTD., Defendant.
ORDER RE SECOND AMENDED COMPLAINT
WILLIAM ALSUP UNITED STATES DISTRICT JUDGE
INTRODUCTION
A prior order dismissed the social media company's first amended complaint for failing to state a claim. The complaint failed to allege that the data-scraping company accessed the social media platform without authorization and caused damage. And, the complaint failed to allege that the data-scraping company scraped and copied data in which the social media company held a right not preempted by the Copyright Act. Now, the social media company moves for leave to file a second amended complaint. It purports to cure problems with the old claims and it proposes new claims. For the reasons below, the motion is GRANTED IN PART and Denied in Part.
STATEMENT
1. The Prior Complaint.
Plaintiff X Corp. owns and operates the social media platform X (see Dkt. No. 36 (“Prior”) ¶ 17; Dkt. No. 117-4 & 118-1 (“Proposed”) ¶ 21). Users who register and log into X can post comments, images, and videos (Prior ¶ 19; Proposed ¶ 24). They can also like, comment on, and re-post other users' contributions (see ibid.). Users who do not log in can still view content others have shared, even if opportunities to view this public content is ratelimited by IP address or other means (Prior ¶¶ 21, 37; Proposed ¶¶ 64, 68). The proposed amendments qualify but do not contradict the last statement, as discussed below.
By using the platform, users agree to X Corp.'s Terms of Service, Privacy Policy, and the Rules and Policies (together, the “Terms”) (Prior ¶ 22; Proposed ¶¶ 6, 139). The prior order summarized the Terms (Dkt. No. 83 (“Order”) 2-6 & n.2, 25-26). The Terms grant X Corp. a non-exclusive license to content users share or send through the platform (Order 2-3 (citing Terms 3-5); see also Proposed ¶¶ 39, 42). The Terms purport to preclude users from scraping, reproducing, and selling content they see on the service (Order 3 (citing Terms 6, 8); see Prior ¶¶ 23-29; Proposed ¶¶ 29-35). And, in various ways, they proscribe encouraging others to violate the Terms (see Prior ¶¶ 27, 30; Proposed ¶ 34).
This order cites to the same version of these terms as before (Order 3 n.2) for consistency across the orders and because the outcome here does not turn on any change across versions: X Corp.'s Terms of Service, Sept. 29, 2023 (“Terms”), https://twitter.com/en/tos (captured May 9, 2024) [https://perma.cc/NPM5-FHYP].
Finally, defendant Bright Data, Ltd. allegedly makes money by doing what the Terms say not to do: Bright Data evades X Corp.'s anti-scraping technology (including IP-tracking and rate-limiting), scrapes data, and sells that data to third parties, while also selling software and proxy network services that let others scrape, too (Order 5; see Prior ¶ 46; Proposed ¶ 105).
2. The Dismissal Order.
The previous order explained that the allegations raised two basic grievances: First, that Bright Data improperly accessed X Corp.'s systems and helped others do so (Order 17). Second, that Bright Data improperly scraped and sold data and helped others do so (ibid.). X Corp.'s legal theories - trespass to chattels, contract interference, contract breach, misappropriation, unjust enrichment, and Section 17200 - corresponded with one, the other, or both basic grievances. No claim survived dismissal as alleged:
The access-based claims failed (id. at 8-18). X Corp. alleged only that Bright Data accessed publicly accessible data (id. at 4-5). So, Bright Data faced no need to fabricate accounts or misrepresent itself. That undercut X Corp.'s fraud-based Section 17200 claims (id. at 11-13). And, although X Corp. alleged that Bright Data's access impaired X Corp.'s infrastructure, those allegations were conclusory. That undercut X Corp.'s trespass to chattels claim (id. at 8-11), as well as its access-based allegations of contract interference (id. at 1315) and breach (id. at 15-18).
The scraping- and selling-based claims failed because they were preempted by the Copyright Act (id. at 18-25). On the one hand, X Corp. alleged that it did not take an exclusive license to users' content (id. at 19-20). On the other hand, X Corp. alleged that it could exclude third parties from copying users' content (ibid.). Such alchemy - achieved at scale through adhesive contracts - would allow X Corp. to escape the burdens of content ownership under the Communications Decency Act and the Digital Millenium Copyright Act, while allowing it to enjoy the benefits of content ownership under the Copyright Act (ibid.). But disclaiming copyright only to claim it again through contract was preempted by the Copyright Act (ibid.). The state-law claims based on scraping and selling of data undermined the Act's purpose and effects: First, X Corp.'s arrangement interfered with owners' rights to exclude or not to exclude others from the content (id. at 23). Second, the arrangement interfered with other parties' rights to fair uses of the content (id. at 24). Third, it interfered with the Act's dedication to the public of non-secret facts and figures (ibid.).
The prior order did not deem amendment futile. Instead, as to the access-based claims, it imagined that some complaint might plausibly assert that a data scraper fraudulently accessed non-public data and caused damage to infrastructure while doing so (see id. 17-18). And, as to the scraping-based claims, the prior order suggested that at least state-law claims vindicating state-law privacy interests, for instance, might not be preempted by the Copyright Act (id. at 24-25). Finally, the order did not engage X Corp.'s contract breach theories based on changes X Corp. made to X's Terms after filing suit; X Corp. did not cite caselaw or mount argument for why the claims emanating from the revised contract should be in this suit (id. at 25-26).
An earlier motion for leave to amend the complaint failed because it was filed by conflicted counsel (see Dkt. No. 105 at 15 (denying Dkt. No. 90)).
3. The Proposed Complaint.
With new counsel, X Corp. now files a proposed, second amended complaint (Dkt. No. 118). The amended allegations address:
• Impairment of X's servers by way of scraper-specific use patterns, including that data-scraping requests disproportionately target select areas of the X platform compared to human or authorized machine requests (Proposed ¶¶ 83-84, 87), that ensuring X stays functional despite these concentrated requests requires millions of dollars of excess server capacity, that even with supplementary servers X has suffered “intermittent” server failure and a “glitchy, lagged user experience” (id. ¶¶ 89-91), and that Bright Data is a “substantial source” of data-scraping requests (id. ¶¶ 2, 4);
• Access to non-public data by way of fake logins, including that not all content on X is publicly available (id. ¶¶ 64-65), that the publicly available content can be viewed only within narrow limits (id. ¶¶ 66-67, 71), that scrapers access both kinds (e.g., id. ¶ 87), and that “the only way to data scrape X at the scale Bright Data promises is by” ultimately “open[ing] legions of fake accounts” (id. ¶ 79; cf. ¶¶ 3, 69, 120);
• Types of data on X, including that X hosts “user-generated content (like user posts and profiles) and non-user-generated content (like follower lists and other information about the relationships between users),” and “create[s]” “aggregat[ions]” or “amalgamat[ions]” of the other two (id. ¶¶ 39, 186);
• Purported ownership interests in those data types, including that X Corp. disclaims any copyright to user-generated content (id. ¶ 42), disclaims any copyright to non-user-generated content that lacks creativity (id. ¶ 39), and yet claims some interest in the “organizat[ion]” or “aggregate[ion]” of the data that it assembles at great cost and that can itself be wrongfully copied or taken (id. ¶¶ 39, 186);
• And, non-pecuniary, user, and state-law interests in the data, including that X Corp. users are unlikely to be aware that content they post to the platform is scraped by Bright Data (id. ¶ 119), that the content once scraped by Bright Data would by Bright Data's own terms of use no longer be treated with the same privacy and security protections as X provides (id. ¶ 136), and that because “X cannot ensure that its users' data is deleted once it has been anonymously scraped” it cannot “fulfill[] its obligations” under the California Consumer Privacy Act (id. ¶¶ 36-38, 135).The proposed complaint also adds three new claims: That Bright Data violated the Digital Millenium Copyright Act (id. ¶¶ 189-99), the Computer Fraud and Abuse Act (id. ¶¶ 200-11), and the California Comprehensive Computer Data Access and Fraud Act (id. ¶¶ 212-17).
This order follows full briefing and oral argument.
ANALYSIS
The Court forewarned X Corp. to “plead its best case” (Order 26).
1. Claims Based on Access to Systems.
A. Trespass to Chattels.
“[T]respass to chattels lies where an intentional interference with the possession of personal property has proximately caused injury.” Intel Corp. v. Hamidi, 71 P.3d 296, 302 (Cal. 2003). “Short of dispossession, personal injury, or physical damage (not present here), intermeddling is actionable only if the chattel is impaired as to its condition, quality, or value, or the possessor is deprived of the use of the chattel for a substantial time.” Id. at 306. Such an interference must also be unauthorized. See id. at 301 n.1, 305-06. The prior complaint alleged no impairment (Order 9). The closest it came was to allege in conclusory fashion that Bright Data's “acts have diminished the server capacity that X Corp. can devote to its legitimate users” (ibid. (quoting Prior ¶ 98)). It thus failed to state a claim.
For readability, internal quotation marks and citations within citations are omitted throughout unless noted.
(i) Damage?
Now, in its proposed complaint, X Corp. newly alleges that scrapers traverse the X service in patterns markedly different from humans or authorized machines, that scrapers thus use underlying server capacity in abnormal proportions, and that this results in intermittent, isolated server failures and a “glitchy, lagged user experience” for X's human users (see Proposed ¶ 89; see also id. ¶¶ 83-84, 87, 90-91; Br. 4-5, 7). Moreover, but for X Corp.'s purchase of millions of dollars of server capacity, this conduct would result in catastrophic system failures (ibid.). Finally, “Bright Data bears the blame for this profusion of scraping” as an industry leader, even if the exact amount it contributes is now knowable only to it (Br. 5; see Proposed ¶¶ 111-13, 131). Bright Data does not contest that if X Corp. states trespass to chattels as to data scrapers, it plausibly does so as to Bright Data, too. This order will assume as much. The proposed complaint now states a claim:
First, its allegations of injury are now factual, not conclusory. As becomes clear below, the allegations do more than parrot that X Corp. suffers “damage in the form of impaired condition, quality, and value of its servers, technology infrastructure, services, and reputation” (Order 9 (quoting Prior ¶ 102)).
Second, the proposed complaint's allegations now plausibly allege how “a scraper is inherently burdensome, or inherently more burdensome than an X user sending requests to X Corp.'s servers with a browser” (see Order 9). Simply put, on a volume per entity basis, the instant complaint alleges that each scraper is “at least” a million times more burdensome than an ordinary user (see Proposed ¶ 83). “Based on X's internal investigation, data scrapers generally make millions of more requests to X than a normal user would make. And each individual request from a scraper is at least as taxing as an ordinary user request” (ibid. (emphasis added)). But the alleged burden is not based on total volume of activity alone, as scrapers still compose just three to five percent of the total traffic on X (see Opp. 5; Proposed ¶ 87). Rather, the burden is based also on the distribution of that activity across time and space, as scrapers compose about 10-20% of traffic in some moments and 99% of requests at some site locations (see Br. 4, 7; Reply 4; Proposed ¶¶ 87, 90). Similarly, that burden is based not on total server capacity alone, but on the specific server capacity handling those requests (Proposed ¶ 89). X has an architecture whereby particular service paths are handled by particular servers, even if those servers are busy while others are idle (ibid.). Because scrapers make requests along certain pathways more than do other users, scrapers task certain servers more, too (ibid.). Likewise, because scrapers request a lot of content that ordinary users rarely request, X must reach past its cache to more expensive-to-reach data storage (see id. ¶¶ 83-84). That all causes “intermittent but individualized internal server failures,” system “lag[],” and the need to buy server capacity to relieve or avoid repeat impairment, to the tune of over $100 million each year (id. ¶¶ 89-90).
Finally, as a result, the proposed complaint thereby plausibly alleges that scrapers cause an “actionable deprivation of use” of X Corp.'s servers that is “so substantial that it is possible to estimate the loss caused thereby.” Intel, 71 P.3d at 306. And, this loss is “established by the completed tort's consequences, not by the cost of the steps taken to avoid the injury and prevent the tort.” Id. at 308. Critically, the proposed complaint now alleges that X Corp. spends money to replace or supplement its property that is or soon would be functionally impaired: It pays for 10-20% more server capacity than that which, but for the tortious conduct, would be needed (e.g., Proposed ¶ 90). Cf. Intel, 71 P.3d at 306.
Bright Data contends this is still not enough to state a claim for trespass to chattels. Its arguments do not persuade:
First, Bright Data argues that X Corp.'s expenses for anti-scraping teams and software are not property damages (see Opp. 4; see Proposed ¶¶ 92-94). That's neither here nor there. Yes, Intel held that staff time spent to stop a person from sending unwanted messages was not a basis for a trespass to chattels claim. But the complaint now alleges more than staff and software expenses in preventing trespass. As just described, it alleges circumstantial evidence of property impairment given the failure to prevent trespass.
Second, anticipating that point, Bright Data argues: “Just as spending money to prevent a trespass is not trespass harm, spending money on infrastructure to acquire property that then functions as intended is not trespass harm. The law of trespass focuses only on the deprivation of plaintiff's property, not the reasons the plaintiff acquired the property” (Opp. 6-7). But this argument fails on the law and facts in this posture.
Legally, the argument misses Intel's point. Set aside X Corp.'s newly installed server capacity. X Corp. complains that the originally installed server capacity did not or would not function. That is a property harm that is logically prior: X Corp. complains of “deleterious impact[s]” to “the functioning of [that] system.” See Intel, 71 P.3d at 305-06. The spending on new property is, as plausibly alleged, a one-to-one measure of the old property's substantially impaired use. Well-founded inferences can decide final questions, United States v. Ramirez-Rodriquez, 552 F.2d 883, 884 (9th Cir. 1977) (per curiam), and certainly can sustain claims at this stage, Gordon v. City of Oakland, 627 F.3d 1092, 1094-95 (9th Cir. 2010).
Factually, the argument likewise fails to accept the allegations, as we must here and which distinguish this case from Intel and its progeny: Even with the investment, there are alleged “server failures,” if “intermittent” and “isolated” ones (cf. Opp. 10). And, but for the investment, there would be full-blown failures (Property ¶ 89). Those allegations are distinct from those in Intel, and from those in another case Bright Data relies upon: WhatsApp Inc. v. NSO Grp. Techs., Ltd., 472 F.Supp.3d 649 (N.D. Cal. 2020) (Judge Phyllis J. Hamilton). Proposing a parallel with that case (Opp. 11), Bright Data asserts that server failure is implausible because scrapers “rel[y] on [X]'s servers to function exactly as intended,” WhatsApp, 472 F.Supp. at 684-85. Scrapers, just like the messengers in WhatsApp, seek to “emulate legitimate [X] network traffic in order to [scrape] [data], undetected,” without “impair[ing] the physical functioning of [X]'s servers.” Cf. ibid. But that is where the parallel runs into a right angle: Unlike the messengers in WhatsApp, after the scrapers slip onto X, their unconventional behavior becomes detectable at least at scale and impairs X's servers until the servers must be supplemented (supra).
The same argument appears elsewhere in other garb and is no more convincing. For instance, Bright Data argues: “[I]t does not matter that individuals account for 99% of requests for Elon Musk's tweets, and scrapers account for 99% of the requests for his public profile info. As X [Corp.] explained, it developed its ‘architecture to ensure that the system overall' works as intended for both types of requests” (Opp. 6 n.5 (quoting Proposed ¶ 89)). But absent scrapers, X Corp. plausibly would have used a substantial portion of its property differently. And, even with this system in place, X Corp. still suffers failures.
Finally, Bright Data pokes at the complaint, pointing to weak words but ignoring stronger ones that do the work. For instance, Bright Data argues that the amended allegations are conclusory when they state that scrapers cause X's traffic to “jump extreme amounts” (Opp. 4). Bright Data ignores, however, that X Corp.'s alleged purchase of 10-20% more server capacity readily supports the inference that traffic “jump[s]” - perhaps 10-20% at peak (Reply 4). That will do for today. See hiQ Labs, Inc. v. LinkedIn Corp., No. 17-cv-03301-EMC, 2021 WL 1531172, at *10 (N.D. Cal. Apr. 19, 2021) (Judge Edward M. Chen).
X Corp.'s proposed amendment alleges an “actionable deprivation of use” of its servers.
(ii) Unauthorized?
The proposed complaint also makes plausible that the access exceeds any consent. The “exchange of information across [one]'s internet-connected system is to be expected” because the “internet was designed to enable this exchange” (Order 8). As a result, stating a claim that a defendant accessed a plaintiff's public internet site without authorization is no formality. Cf. Intel, 71 P.3d at 309-11; Van Buren v. United States, 593 U.S. 374, 378 (2021). This proposed complaint, however, now plausibly alleges that Bright Data undertook sophisticated efforts to access X with knowledge that such access was beyond the scope of any authorization - as further described below with respect to the Section 17200 claims.
In opposition, Bright Data argues that the proposed complaint still leaves open that Bright Data accessed only publicly available content and only as any other user would - thus suggesting implied consent (Opp. 8-11). But to the extent Bright Data argues it is alleged to do only what human users do, the new allegations say otherwise (supra). And, to the extent Bright Data argues it is alleged to do only what crawlers like Google do, the new allegations do not favorably complete that comparison, either: X “allows Google to ‘crawl' certain posts” (see Proposed ¶¶ 64, 75), whereas the proposed complaint newly alleges facts making plausible that X Corp. revoked any allowance afforded Bright Data, that Bright Data knew it, and yet that Bright Data persisted in accessing even posts that could not be openly accessed (infra). Thus Bright Data is wrong to say no new allegations support the claim (Opp. 6). Bright Data allegedly exceeded the limits X imposes on all users alike through Terms and technical measures - despite receiving notice in both manners that any authorization it had enjoyed was now rejected (infra). For the same reason, the proposed complaint alleges that Bright Data's intermeddling was intentional, too (Opp. 7, 11; Reply 11). See Itano v. Colonial Yacht Anchorage, 267 Cal.App. 2d 84, 89-90 (1968); Level 3 Commc'ns, Inc. v. Lidco Imperial Valley, Inc., No. 11cv01258 BTM (MDD), 2012 WL 4848929, at *4 (S.D. Cal. Oct. 11, 2012) (Judge Barry Moskowitz).
None of the cases Bright Data cites compels a different conclusion as a matter of law with respect to this tort in this context, and for good reason (Opp. 8-11). On the one hand, courts finding no damage from scrapers' access have not needed to reach consent. On the other hand, courts finding plausible damage from scrapers' access have done so in a preliminary posture - and, without a robust factual record or proper presentation of the issues, have not reached robust statements of law. See, e.g., hiQ Labs, Inc. v. LinkedIn Corp., 31 F.4th 1180, 1201 n.21 (9th Cir. 2022) (dicta); eBay, Inc. v. Bidder's Edge, Inc., 100 F.Supp.2d 1058, 1063, 1070-71 (N.D. Cal. 2000) (Judge Ronald M. White) (preliminary injunction).
This is an evolving area of state law and as pleaded here is factually sensitive. The proposed complaint states a plausible claim that survives this stage. X Corp.'s motion for leave to amend its trespass to chattels claims is GRANTED.
B. Violation of Section 17200.
Section 17200 of the California Business and Professions Code prohibits unlawful, unfair, and fraudulent business acts. The prior complaint failed to state a predicate claim for an unlawful business act (Order 11). It failed to allege a theory of fraud with particularity (ibid.). And, it failed to allege any facts at all about unfairness (ibid.). The proposed complaint resolves all but one of these deficiencies.
(i) Unlawful Business Acts.
The proposed complaint now alleges that Bright Data violated the Digital Millenium Copyright Act (Proposed ¶¶ 189-99), the Computer Fraud and Abuse Act (id. ¶¶ 200-11), and the California Comprehensive Computer Data Access and Fraud Act (id. ¶¶ 212-17). For this motion, at least, Bright Data concedes the allegations state claims, and so unlawful business acts (Opp. 12 n.8). See Cel-Tech Commc'ns v. L.A. Cellular, 973 P.2d 527, 539 (Cal. 1999).
X Corp.'s motion to supplement its complaint with these “unlawful” business act claims under Section 17200 is - without prejudice to later motions (see Part 3) - GRANTED.
(ii) Fraudulent Business Acts.
The proposed complaint now also alleges fraudulent business acts. A Section 17200 claim for fraudulent business acts “is unlike common law fraud or deception.” Schnall v. Hertz Corp., 78 Cal.App.4th 1144, 1167 (2000). One distinction is that conduct short of actual deception suffices for the fraud element. Ibid. Another is that the pattern of conduct must target others beyond plaintiff and be likely to deceive a significant portion of them. Cf. ibid. The prior complaint failed to allege any deception at all (Order 11). Even accepting its allegations, Bright Data could have accessed X without logging in (see Prior ¶¶ 20, 22) and without using IP addresses or proxy services in a fraudulent way (see Order 13).
The proposed complaint solves those deficiencies.
Deceptive conduct is plausibly necessary to scrape at the scale discussed above. “[M]ost of [X]'s content” is available only to users who register, agree to terms, and log in (Proposed ¶ 61 (since July 2023)). The remainder is available even to users who stay logged out (id. ¶¶ 63-66). All users are identified by technical attributes including IP address (id. ¶ 68). And, whether identified by login or only by the latter, X limits access for each user (id. ¶¶ 67-68, 71). “These reasonable limits for human use make mass data scraping impossible” without deceptive conduct (id. ¶ 72). Scrapers don't stop. Scrapers take active steps that serve no purpose but to trick X into giving them not a second, not a third, but a millionth turn to see the sights (see id. ¶¶ 83, 132-34). For logged-in content, which Bright Data is alleged to scrape (see id. ¶ 87), scrapers plausibly must create “bot accounts” or “impersonate registered X users” (id. ¶¶ 71-72, 130). And, for logged-in and logged-out content alike, Bright Data plausibly must employ millions of continuously rotating IP addresses (id. ¶¶ 132-33). The system is unlike proxy services that others might use to mask themselves or to access the service from unsupported locations (id. ¶ 134). It is allegedly purpose-built to exceed rate limits at monumental scale (ibid.). Even so, the complaint alleges on information and belief that X has caught and expressly blocked Bright Data-affiliated user accounts, only for Bright Data to come right back (id. ¶ 132). And, targets plausibly deceived by this pattern of conduct - as newly alleged and as Bright Data does not here contest - include “platforms like X” (id. ¶ 2) and “any website in the world” Bright Data is hired to scrape despite similar defenses (id. ¶ 133; see ¶ 10, 78, 110, 125). Bright Data allegedly touts a “99.99% success rate” (id. ¶ 132).
Bright Data's counters do not convince.
First, Bright Data argues the allegations plausibly establish it accessed a lot of content, but not logged-in content (Opp. 12-13). Not so. The proposed complaint alleges specific content available only to logged-in users and accessed disproportionately by scrapers (e.g., Proposed ¶ 87), and so Bright Data (id. ¶¶ 110-11). Further, if on information and belief, the complaint alleges that Bright Data accounts have been blocked for accessing logged-in content (id. ¶¶ 61, 87, 132).
Second, Bright Data argues that the proposed complaint undermines the above inferences and theory of deception by proposing a non-deceptive alternative for access: rotating IP addresses (Opp. 14; see Proposed ¶ 120). The argument ignores that the above allegations are about content only available to logged-in users (supra). And, it ignores that the IP-address allegations also raise deception: Bright Data purpose-built its tools to trick X into giving Bright Data endless access when it knew X would otherwise give Bright Data limited access (Proposed ¶¶ 132-34). Then, when a Bright Data-affiliated IP address hit its limit and was blocked, Bright Data came right back disguised to evade X's anomaly detection under another of its rotating millions of IP addresses (see id. ¶¶ 129, 132). Neither theory of deceptive conduct may bear out in the end, but each is plausibly pleaded.
Finally, Bright Data contends that the above does not suffice for pleading fraud-like conduct under Rule 9(b) (Opp. 13-14 (citing Kearns v. Ford Motor Co., 567 F.3d 1120, 1125 (9th Cir. 2009))). But particularly where a factually alleged complaint has surrounded the defendant with allegations, “we relax pleading requirements” as to the remaining “facts [that] are known only to the defendant.” Soo Park v. Thompson, 851 F.3d 910, 928 (9th Cir. 2017), cert. denied, 583 U.S. 1052 (2018). “[T]he entire factual context is considered” to determine whether the conduct “[]cross[es] the line from conceivable to plausible.” Ibid. (partly quoting Ashcroft v. Iqbal, 556 U.S. 662, 680 (2009)). It does here.
X Corp.'s motion for leave to amend its “fraudulent” business act claim under Section 17200 is GRANTED.
(iii) Unfair Business Acts.
X Corp. next argues that the proposed complaint newly states an unfair business act by alleging violations of privacy laws (Br. 8, 15-17; Reply 6-7; see Proposed ¶¶ 4, 36-37, 48-53, 58, 178).
“When a plaintiff who claims to have suffered injury from a direct competitor's ‘unfair' act or practice invokes [S]ection 17200, the word ‘unfair' in that section means conduct that threatens an incipient violation of an antitrust law.” Cel-Tech, 973 P.2d at 565. X Corp. must allege a “significant[]” threat to the competitive process, not merely to itself as a competitor or even to consumers. Ibid. (citing Cargill, Inc. v. Monfort of Colo., Inc., 479 U.S. 104, 115 (1986)). The privacy-related allegations do not make plausible that Bright Data's conduct creates barriers to entry or disrupts basic market mechanisms like price or quality signaling. Cf. Rambus Inc. v. FTC, 522 F.3d 456, 464-66 (D.C. Cir. 2008). Possibly the opposite. Our court of appeals has expressed concern that giving platforms like X “free rein to decide, on any basis, who can collect and use data - data that the companies do not own, that they otherwise make publicly available to viewers, and that the companies themselves collect and use - risks the possible creation of information monopolies that would disserve the public interest.” hiQ Labs, 31 F.4th at 1202.
In its briefing supposing this order should come out otherwise, X Corp. applies the wrong standard. X Corp. suggests that playing loose with personal data is “substantially injurious to consumers,” quoting a decision from our district (Br. 8 (quoting Pirozzi v. Apple, Inc., 966 F.Supp.2d 909, 921 (N.D. Cal. 2013) (Judge Jon S. Tigar))). That standard no longer applies to cases brought by competitors, if at all. See, e.g., Buller v. Sutter Health, 160 Cal.App.4th 981, 990-91 (2008). As Judge Tigar said on the next page of the decision X Corp. cites: “[T]he most accurate guidance for courts and businesses” is the test for competitors announced by the California Supreme Court in Cel-Tech. Pirozzi, 966 F.Supp.2d at 922. Judge Tigar applied the older test because, following our court of appeals, Lozano v. AT&T Wireless Servs., Inc., 504 F.3d 718, 721, 735-37 (9th Cir. 2007) (putative class action), courts may continue to do so in consumer suits like the one Judge Tigar considered, 966 F.Supp.2d at 914 (putative class action). The other decisions X Corp. cites (Br. 9) were also from consumer actions: In re Anthem, Inc. Data Breach Litig., 162 F.Supp.3d 953, 965 (N.D. Cal. 2016) (Judge Lucy H. Koh) (putative class); In re Adobe Sys., Inc. Priv. Litig., 66 F.Supp.3d 1197, 1205 (N.D. Cal. 2014) (Judge Lucy H. Koh) (putative class).
Notably, X Corp. does not squarely argue how alleged violations of consumers' privacy rights create standing for X Corp. to assert these Section 17200 claims. Such a theory cannot succeed here. In Kwikset Corp. v. Superior Court, the California Supreme Court newly limited third-party standing under Section 17200. 246 P.3d 877 (Cal. 2011). And, in Cel-Tech, the California Supreme Court further held that a plaintiff cannot “plead around” other laws' requirements by recasting invalid claims as valid Section 17200 “unlawful” business acts claims. 973 P.2d at 541, 566. Putting this all together: For X Corp. to assert claims rooted in consumer injuries without even attempting to establish standing would strain Kwikset. And, for X Corp. to do so to “plead around” the definition of “unfair” used for competitor actions would strain Cel-Tech. The definitions matter. “[I]n the absence of a definition of what competition is ‘unfair,' these laws are at particular risk of being used to prevent not unfairness but competition itself.” Mark A. Lemley & Mark P. McKenna, Unfair Disruption, 100 B.U. L. REV. 71, 101, 116 (2020).
X Corp.'s motion for leave to amend its “unfair” business act claim under Section 17200 is DENIED.
C. Tortious Interference with Contract.
X Corp. next argues that the proposed complaint states a claim for tortious interference with access agreements by plugging the gap that the previous order identified: damage (Br. 8 (citing Order 14-15)). Tortious interference results when (1) the plaintiff and a third party have a valid contract, (2) the defendant knows about it, (3) and the defendant intentionally induces (4) a disruption or breach of the contractual relationship, (5) causing damage. Pac. Gas & Elec. Co. v. Bear Stearns & Co., 791 P.2d 587, 589-90 (Cal. 1990). In short, Bright Data allegedly sells tools to help its customers access X in unauthorized ways, prompting them to violate X's Terms, too. The prior complaint met all elements except damage (Order 15).
As explained above, X Corp.'s proposed complaint now sufficiently alleges server impairment from scrapers accessing its service (supra). That plausibly includes Bright Data customers who agreed to X's Terms. As a second damages theory, the proposed complaint now alleges that “but for Bright Data's tools, Bright Data's customers would have needed to” pay X to use its application programming interface “to obtain the data they want[ed]” in an automated way (Br. 8 (summarizing); see Proposed ¶¶ 39-51, 58-59).
In opposition, Bright Data objects to the server-impairment damages. But its arguments were rejected above. And, as to the lost fees, Bright Data argues these fees are charged for scraping, not for access (Opp. 14). Bright Data implies that any scraping-type damages zero out if X Corp.'s Terms barring scraping are preempted by the Copyright Act (cf. ibid.). But if Bright Data and its customers could not have accessed X, they could not have scraped X, either. They could only have gotten the data by paying the fees (see Reply 8; Proposed ¶¶ 4351, 58-59, 107). This theory may not hold up as the facts develop, but it is plausibly pleaded.
X Corp.'s motion for leave to amend its tortious interference claim is GRANTED.
D. Breach of Contract.
Because the proposed complaint now sufficiently alleges damages (compare supra, with Order 15-16), it now also states a claim for (access-related) contract breach. Such a claim arises when (1) there is a contract and (2) the plaintiff performs but (3) the defendant doesn't, (4) causing damage. Oasis W. Realty, LLC v. Goldman, 250 P.3d 1115, 1121 (Cal. 2011). The prior complaint failed to allege only the last element (Order 17-18). As to this proposed complaint, parties make arguments like those above (see Br. 8; Opp. 14-15; Reply 8).
Bright Data also objects in passing, it seems, that contract terms barring inducement were not in the Terms prior to suit, and that by filing suit Bright Data rejected any post-suit offers (see Opp. 14 & n.11; cf. Order at 14, 16-17, 25-26). But the proposed complaint no longer quotes from the provision that caused this kerfuffle (compare Order 25-26, with Redline 13). The proposed complaint instead cites other predating provisions that less clearly but still plausibly proscribe the same conduct: inducing others to violate the Terms.
The motion for leave to amend the access-based breach of contract claims is GRANTED.
In sum, X Corp. may go forward with its proposed amendments as to its access-based claims for trespass to chattels, unlawful and fraudulent business acts under Section 17200, tortious interference with contract, and contract breach.
2. Claims Based on Scraping and Selling of Data.
The prior order found the scraping and selling-type claims preempted by the Copyright Act of 1976. Those claims are for misappropriation, unjust enrichment, tortious interference with contract (in part), and breach of contract (in part) (Order 18-25). On the one hand, X Corp. alleged that it did not take an exclusive license to users' content (id. at 19-20). On the other hand, X Corp. alleged that it could exclude third parties from copying users' content (ibid.). Such magic - made possible by contract and other state-law assertions - undermined the Copyright Act's purpose and effects for three reasons: First, X Corp.'s arrangement interfered with copyright owners' rights to exclude or not to exclude others from the content (id. at 23). Second, it interfered with other parties' rights to fair uses of the content (id. at 24). Third, it interfered with the Copyright Act's dedication to the public of non-secret facts and figures (ibid.).
The proposed complaint cures none of these problems.
As to interfering with the copyright owner's right to exclude, X Corp. directs the Court to its amended factual allegations (see Br. 12), beginning with this paragraph from the complaint:
[T]his complaint disclaims any exclusive copyright in X's users' posts, and X does not seek to enforce any copyright its users retain in their own creative works. Indeed, X acknowledges that its users retain the right to sell or license their posts to others, including Bright Data, just as they retain the right to exclude others from exploiting those posts. But Bright Data may not scrape those posts from X's platform - without consent from X or its users - and sell them as part of the massive data packages it markets.(Proposed ¶ 42 (emphases added)). Claim or disclaim. But a conclusory amendment is a futile one. See Gordon, 627 F.3d at 1094-95; cf. Bell Atlantic Corp. v. Twombly, 550 U.S. 544, 555 (2007). And, these legal conclusions are especially irrelevant here: The entire point of preemption analysis, express or implied, is to peer past the state-law claims that parties wish to bring to consider the federal claims they fail to bring or to recognize, including the claims of others. Of course a plaintiff's state-law contract claims can be preempted by federal copyright law even or especially if the plaintiff disclaims owning, licensing, or asserting federal copyrights. Sybersound Recs., Inc. v. UAV Corp., 517 F.3d 1137, 1150 (9th Cir. 2008) (affirming dismissal for preemption of state-law claims to the extent inflected by third-party copyrights, which plaintiff also lacked standing to assert directly); Daniher v. Pixar Animation Studios, No. 22-cv-00372-BLF, 2022 WL 1470480, at *5 (N.D. Cal. May 10, 2022) (state-law claims inflected by plaintiff's cancelled copyright) (Judge Beth Labson Freeman). So, X Corp. fails to fill the hole the prior order pointed out. And, if anything, X Corp. digs its hole deeper. Here, the proposed amendment emphasizes that copyright holders “retain the right to exclude others from exploiting th[eir]” works, those works being “500 million posts on X per day” (Proposed ¶ 39). Copyright holders enjoy the right to bar (or not) Bright Data from copying their works. Sybersound, 517 F.3d at 1150. X Corp. now concedes it does not possess that right (Br. 13; Proposed ¶ 42).
As to interfering with the Copyright Act's public dedications, X Corp.'s proposed complaint now makes express that the remainder of the data copied is not copyrightable:
The data [on X] includes both user-generated content (like user posts and profiles) and non-user-generated content (like follower lists and other information about the relationships between uses). The latter type of data typically reflects insufficient originality to warrant copyright protection.(Proposed ¶ 39). Disclaiming copyright does not work in this sense, either. Citing this passage, X Corp. argues it should: “At a minimum, the [‘non-copyrightable data, like follower lists,'] cannot create conflict preemption. The Copyright Act, after all, disclaims preemption for works that do ‘not come within the subject matter of copyright.'” (Br. 13 (quoting 17 U.S.C. § 301(b)(1)). Not quite. As our court of appeals and others have repeatedly held, “[T]he shadow actually cast by the [Copyright] Act's preemption is notably broader than the wing of [the Copyright Act's] protection.” Montz v. Pilgrim Films & Television, Inc., 649 F.3d 975, 979 (9th Cir. 2011) (en banc) (quoting, ultimately, U.S. ex rel. Berge v. Bd. of Trs. of Univ. of Ala., 104 F.3d 1453, 1463 (4th Cir. 1997))), cert. denied, 565 U.S. 1021 (2011). For instance, our court of appeals “agree[s] with Nimmer that state-law protection for fixed ideas falls within the subject matter of copyright . . . despite the exclusion of fixed ideas from the scope of actual federal copyright protection.” Ibid. To be preempted even under the express test, state law claims need only at the first step concern matter that “fit[s] into one of the copyrightable categories in a broad sense.” Best Carpet Values, Inc. v. Google, LLC, 90 F.4th 962, 971 (9th Cir. 2024) (quoting Briarpatch Ltd., L.P. v. Phoenix Pictures, Inc., 373 F.3d 296, 305 (2d Cir. 2004)). Once again, then, the proposed amendments serve only to confirm the conflict, as further shown below.
Finally, as to interfering with fair use-type concerns under the Copyright Act, X Corp.'s proposed complaint eventually deepens this conflict, too, revealing that despite plausibly having thin rights or no right to prevent others from mere copying, X Corp.'s private efforts to stop it foreclose an enormous range of uses (even for content types considered here).
The proposed complaint starts by alluding to X Corp.'s purportedly distinct interests: Users have “have no copyright interest in much of the most valuable data available on X - including the non-user generated content, the organization of that content, and the aggregate data across X's platform” (Proposed ¶ 39). The data isn't valuable; arrangement and insights are (id. ¶ 41). But X Corp. never squarely alleges that Bright Data copies or sells any of those things as such. In other words, X Corp. may hold copyrights in its content organization (see Id. ¶¶ 39, 42). Or not. Feist Publ'ns, Inc. v. Rural Tel. Serv. Co., 499 U.S. 340, 358 (1991). But the proposed complaint fails to allege that Bright Data copies “the organization of that content,” even as an intermediate step (see Reply 10 (conceding)). Likewise, X Corp. claims to hold a property interest in emergent insights derived from the data (Br. 14). But the proposed complaint fails to allege that X ever derives those insights for itself (Proposed ¶ 41) - let alone that Bright Data scrapes such derivations or even some essential combination of data needed for some specific insight. Rather, the proposed complaint blankly asserts that “scrapers like Bright Data typically target everything,” then admits that scrapers or their clients must work “to discern broader trends in the data” for themselves (see id. ¶ 41 (emphases added)). The proposed complaint then chronicles the range of uses potentially foreclosed (even for this kind of content): “Businesses, researchers, and others seek the data available on X for a variety of purposes, including measuring user sentiment toward various products or events, gauging market reactions to current events, more effectively tailoring advertisements, and more” (id. ¶ 40). There are many purposes to which the data might be put. X offers “data.” But, as the proposed complaint already told us, that data is either the copyrighted posts of others or the noncopyrighted facts and figures (see id. ¶ 39).
Consider the historian who assembles third-party quotes, raw facts, and his own words into a manuscript, only to have a second historian extract from that manuscript only the third-party quotes and raw facts. The first historian may have an action against the second simply for gaining unlawful access to his work in the first place, if that could be established. But as to the mere copying and reselling of unprotectable elements? No relief. The first historian may feel cheated. And, according to professional norms, he may be. But the Copyright Act imposes a different policy, and precludes protection for “sweat of the brow” alone. Feist, 499 U.S. at 353-54. Nothing changes just because that historian happens to collect facts and quotes from a website:
The major difficulty with many of plaintiff's theories and concepts is that it is attempting to find a way to protect its expensively developed basic information from what it considers a competitor and it cannot do so.Ticketmaster Corp. v. Tickets.com, Inc., No. 99CV7654, 2000 WL 1887522, at *3-4 (C.D. Cal. Aug. 10, 2000) (Judge Harry Lindley Hupp) (denying preliminary injunction).
Anyone is free to print (or show on the internet) [unprotectable] information. Thus, if [Bright Data] had sat down a secretary at the computer screen with instructions manually to go through [X Corp.'s] web sites and pick out and write down purely factual information [from what it saw there], and then feed it into the [Bright Data system] (using [Bright Data's] distinctive [arrangement] only), no one could complain. The objection is that the same thing was done with an electronic program.2003 WL 21406289, at *4 (C.D. Cal. Mar. 7, 2003) (granting summary judgment in favor of defendant). That X Corp. collects far more quotes and facts than the historian (cf. Br. 14) only makes limits on protections against mere copying - whether that protection is publicly blessed or privately ginned up - even more essential.
In short, not only do X Corp.'s state-law claims deprive copiers of a fair use defense (where even needed), but for no good reason they foreclose such uses from arising in the first place. Cf. hiQ Labs, 31 F.4th at 1202. Not having tractable copyright claims is not a reason to assert the same claims as if they were something else. Sybersound, 517 F.3d at 1150.
Finally, the proposed complaint names a variety of countervailing state interests it claims to serve by asserting its copyright-conflicting claims (see Br. 15-19 (collecting cites)). These are elaborations of what was already asserted in the prior complaint (see Order 24-25): For one, X Corp. argues it has good privacy and right-to-deletion policies, Bright Data has bad ones, and California provides requirements and actions for relief (Br. 15-17). For another, X Corp. takes precautions not to sell its data to bad people, but Bright Data “appears willing to sell scraped data to anyone” (id. at 17-19). Finally, the data could be used to exploit consumers, including through misleading advertisements and spam (id. at 19). Accepting the pleaded allegations as true, they are reasons to bring claims based on them. X Corp. is not bringing an action rooted in and targeting relief for any of the interests described - not remotely. A reading of the proposed complaint continues to make plain: “X Corp. is happy to allow the extraction and copying of X users' content so long as it gets paid” (Order 26).
X Corp.'s motion for leave to amend its scraping-related claims - specifically its misappropriation, unjust enrichment, and related tortious interference and breach of contract claims - is DENIED.
3. Supplemental Claims.
As noted above, X Corp.'s proposed complaint asserts three new claims: That Bright Data violated Section 1201(a) of the Digital Millenium Copyright Act (Proposed ¶¶ 189-217), Section 1030(a) of the Computer Fraud and Abuse Act (Proposed ¶¶ 200-211), and the California Comprehensive Computer Data Access and Fraud Act (Proposed ¶¶ 212-17). While Bright Data does not oppose these claims for purposes of this motion, it wishes to bring a separate motion to do so (Opp. 12 n.8). Bright Data filed a precis of its proposed motion to dismiss (Dkt. No. 142), while X Corp. filed a precis of its proposed opposition (Dkt. No. 149). If Bright Data believed these claims were dead on arrival, it should have said so at the first chance. Without prejudice to ruling in Bright Data's favor on a later motion opposing these amended claims, the Court will not consider such a motion at this time. Bright Data should allow discovery to proceed and the case to develop. Then, if Bright Data still believes a motion appropriate as to any of these claims, Bright Data may move for summary judgment. With those conditions, the motion to supplement the complaint with these claims is GRANTED.
CONCLUSION
X Corp.'s motion for leave to amend is GRANTED IN PART AND DENIED IN PART. As to its access-based claims for trespass to chattels, unlawful and fraudulent business acts under Section 17200, tortious interference with contract, and contract breach, the motion is Granted. As to its access-based unfair business acts under Section 17200, the motion is Denied Without Leave. As to its scraping-based claims for misappropriation, unjust enrichment, tortious interference with contract, and contract breach, the motion is DENIED Without Leave. Finally, X Corp.'s supplemental claims are, as set out above (Part 3), Granted. Bright Data's answer is due in Twenty-One Days.
IT IS SO ORDERED.