Federal Court dismisses California privacy claims against welfare firm


California differs from other states in that a right to privacy is specifically included in the state’s constitution. As a result, data privacy disputes are frequently filed in California courts which not only allege various violations of California statutory law, but also a violation of residents’ constitutional right to privacy. However, not all of these requests are ultimately granted – many of them are rejected at the oral argument stage. Indeed, last month a California district court dismissed a data privacy class action lawsuit involving claims under California law against a wellness company. Graham v Noom, Inc., 2021 Dist. LEXIS 68710 (ND Cal., April 8, 2021). Read on to find out more.

Noom is a web application that helps its users lose weight and lead healthier lives. Noom uses FullStory software (called ‘session replay’) to record what visitors do on the Noom website, such as their keystrokes, mouse clicks, and page scrolling, which allows businesses to see how visitors use their website.

The plaintiffs, a putative class from California, alleged that FullStory was illegally eavesdropping on their communications with Noom, and Noom aided and abetted the eavesdropping; and therefore, the plaintiffs’ right to privacy under the California Invasion of Privacy Act (CIPA) and the California Constitution. Specifically, the plaintiffs alleged (1) eavesdropping in violation of CIPA, (2) sale of eavesdropping software in violation of CIPA, and (3) invasion of privacy in violation of the California Constitution.

The complainants say they scoured Noom’s website to review Noom’s diet offerings. While browsing Noom’s website, FullStory’s Session Replay software allegedly captured their keystrokes and mouse clicks on the website, dates and times of their visits, duration of visits, their IP addresses, their locations. at the time of the visits, their browser types and the operating system on their devices. The plaintiffs also claimed in the complaint that users of Noom’s website fill out a form and enter personally identifiable information and protected health information (including height, weight, sex, age, diet , some medical information and e-mail address). However, the applicants claimed that this data was collected still whether a user has actually completed the form.

The defendants argued that the plaintiffs did not make a statutory or constitutional claim of invasion of privacy; and moved to dismiss the plaintiffs’ claim on three grounds: 1) there was no eavesdropping, 2) the claim is based in part on the collection of information that is not copyrighted content, and 3) Noom’s privacy policy discloses the collection of data.

Under Section 631 (a) of CIPA, a person is liable if he or she secretly listens to another person’s conversation. The complainants argued that FullStory was not a party to the communications and therefore is subject to the responsibility of CIPA for their registration. The Court, however, disagreed. In assessing the plaintiffs’ claim, the Court concluded that there was no alleged wrongdoing and, therefore, Noom was not subject to the responsibility of CIPA. The court ruled that there was no allegation that FullStory intercepted and used the data itself; instead, the Court considered that FullStory is an extension of Noom because it provides a tool allowing Noom to record and analyze its own data. To put it another way, the court ruled that FullStory is not an independent party that extracted information from Noom and therefore cannot be held liable under Section 631 (a) of CIPA.

Section 631 (a) of CIPA prohibits unauthorized access to the content of any communication. In light of the statutory wording, the Court dismissed the plaintiffs’ claim because it did not meet the definition of “content”. Specifically, the applicants have not disputed that the information collected (IP addresses, locations, types of browsers and operating systems) is not content. The court left open the possibility of distinguishing content from other recordings without content if claimants choose to modify their complaint.

The defendants argued that Noom’s privacy policy reveals that Noom “may use various methods and technologies” to store or collect usage information, with specific reference to tracking technologies. The privacy policy is available via a link at the bottom of the Noom home page. Even so, the applicants argued that they could not significantly consent to the wiretapping through the privacy policy because the wiretapping took place before they could read the policy at the bottom. of the web page. However, in light of an incomplete statement on this issue, the Court refused to dismiss the complaint on this basis.

Ultimately, the court allowed the defendants’ motion to dismiss, allowing the plaintiffs to amend their complaint within 21 days. On April 29, 2021, the plaintiffs filed a second amended class action complaint (ECF 59). Stay tuned with CPW to learn more about how this litigation unfolds in light of this development.

Source link

Leave A Reply

Your email address will not be published.