United States District Court, N.D. California
ORDER GRANTING IN PART AND DENYING IN PART MOTION FOR
CLASS CERTIFICATION RE: PATH APP RE: ECF NO. 651
JON S.
TIGAR UNITED STATES DISTRICT JUDGE
This is
a putative class action against Apple and other application
developers for alleged invasions of privacy through
applications on Apple devices. Before the Court is
Plaintiffs’ Motion for Class Certification Regarding
the Path App. ECF No. 651. The Court will grant the motion as
to the Intrusion Upload Subclass but deny it as to the
Intrusion Class.
I.
BACKGROUND
A.
Factual History
This is
a putative class action challenging conduct by Apple and
various developers of applications for Apple devices
(“App Defendants”). See Second
Consolidated Amended Complaint (“SCAC”), ECF No.
478. Plaintiffs allege that, between July 10, 2008 and
February 2012, they owned one or more of three Apple
products-the iPhone, iPad, and/or iPod touch (collectively
“iDevices”). Id. ¶ 2. They further
allege that Apple engaged in a mass marketing campaign in
which it “consciously and continuously misrepresented
its iDevices as secure, and that the personal information
contained on iDevices-including, specifically, address books,
could not be taken without their owners’
consent.” Id. ¶ 3.
1.Contacts
Data
Each
iDevice comes pre-loaded with a “Contacts” mobile
software application (or “App”), which iDevice
owners may use as an address book to input and store the
following information about the owner’s Contacts:
(1) first and last name and phonetic spelling of each, (2)
nickname, (3) company, job title and department, (4)
address(es), (5) phone number(s), (6) e-mail address(es), (7)
instant messenger contact, (8) photo, (9) birthday, (10)
related people, (11) homepage, (12) notes, (13) ringtone, and
(14) text tone.
Id. ¶ 54, 55. Plaintiffs allege “[t]he
address book data reflects the connections, associations, and
relationships that are unique to the owner of the
iDevice.” Id. ¶ 56. Further, the
information stored in an address book “is highly
personal and private, ” and “is not shared, is
not publicly available, is not publicly accessible, and is
not ordinarily obtainable by a third party unless the owner
physically relinquishes custody of his or her iDevice to
another individual.” Id.
Contacts
also works with social and communication software developed
for iDevices (“Apps”). See ECF No. 651,
Kennedy Decl., Ex. W. These Apps are developed by other
companies but available for download through Apple’s
online App store. See ECF No. 651, Cooley Decl.
¶ 4; Green Decl. ¶ 4; Carter Decl. ¶ 4.
2.
Path’s Upload and Use of Contact Information
Defendant
Path launched an updated version of its social networking App
(Path 2.0) on November 29, 2011. ECF No. 651, Kennedy Decl.,
Ex. M at Tr. 49:6-22. It is not disputed that Defendant Path
uploaded users’ iDevice Contacts data without notice or
consent and sent it to Path’s servers. See id.
at Tr. 44:2-5; 50:11-15; Ex. T. The Path App automatically
uploaded users’ Contacts data upon logon, i.e.,
whenever the user activated the app. Kennedy Decl., Ex. M at
Tr. 49:6-14; Ex. G. This upload of Contacts data occurred
“automatically” and “in the
background.” Id., Ex. M at Tr. 49:6-14.
Contacts content included names, birthdays, phone numbers,
email addresses, and street addresses. Id., Ex. D-2.
In less than three months, Path collected and stored over 600
million records derived from the Contacts uploads.
Id., Ex. J-2. Apple’s internal review of the
Path App confirmed this practice. Id., Ex. F.
Path
uploaded the Contacts information to enhance Path features,
including its “FriendRank recommendation
service.” Id., Ex. C-2. Path used this
information to inform Path users which of their Contacts were
also Path users and to let them know when their Contacts
joined Path. ECF No. 678 at 3; Lu Decl., Ex. 1 Tr.
166:14-166:20. Plaintiffs further allege Path used the
collected to data mine and employ social graph mining
techniques. See ECF No. 651, Ex. D-1 at 1-3.
Based
on the number of users who registered for Path between
November 29, 2011 and February 7, 2012, Plaintiffs calculate
that over 480, 000 users “unwittingly sent their
address book data to Path.” ECF No. 651 at 9-10; Ex.
C-1 at 18-20. On February 8, 2012, Apple released Path 2.0.6
in its App Store, which included a user opt-in feature that
would ask users whether they wanted to upload their Contacts
to Path.[1] ECF No. 678, Lu Decl., Ex. 1 Tr.
103:10-105:13. Thereafter, Path deleted all previously
uploaded user Contacts from its database. Id. Since
Path released version 2.0.6 of its app, 92.1% of Path users
have affirmatively given Path permission to access
users’ Contacts. Id., Lu Decl., Ex. 4 (Bates
No. PATH-HERN000998).
Plaintiffs
Stephanie Cooley, Jason Green, and Lauren Carter (“the
Path Plaintiffs”) logged onto the Path App on their
iDevices at some point between November 29, 2011 and February
8, 2012. See, e.g., Cooley Decl. ¶ 4,
Green Decl. ¶ 4, Carter Decl. ¶ 4.
B.
Procedural History
This
action began as separate class actions filed in California
and Texas. The four actions were consolidated here, where
Plaintiffs filed their Consolidated Amended Complaint
(“CAC”), ECF No. 362, on September 3, 2013.
Defendants
filed several motions to dismiss the CAC, and on May 14, 2014
the Court granted the motions in part. ECF No. 471. The Court
dismissed Plaintiffs’ false and misleading advertising,
consumer legal remedies/misrepresentation, deceit, Unfair
Competition Law (“UCL”), and conversion claims,
which Plaintiffs asserted again in their SCAC. Id.
The Court denied the motions to dismiss Plaintiffs’
invasion of privacy (intrusion upon seclusion) claim.
Id.
Plaintiffs
then filed their Second Consolidated Amended Complaint
(“SCAC”). ECF No. 478. In the SCAC, Plaintiffs
alleged conversion and invasion of privacy (intrusion upon
seclusion) claims against all Defendants, and the following
claims against only Apple: (1) violation of
California’s False and Misleading Advertising Law
(“FAL”), Business and Professions Code §
17500, et seq.; (2) violation of California’s
Consumer Legal Remedies Act (“CLRA”), Civil Code
§ 1750, et seq.; (3) deceit, California Civil
Code § 1709, et seq.; and (4) violation of
California’s UCL, Business and Professions Code §
17200, et seq. ECF No. 478 ¶¶ 243-323.
Plaintiffs requested certification of a class; an injunction
prohibiting Defendants from continuing the challenged
conduct; actual, compensatory, statutory, presumed, punitive,
and/or exemplary damages; declaratory relief; restitution;
the imposition on Defendants of constructive trusts; and
fees, costs, and interest. Id. at 78-79.
Defendants
filed several motions to dismiss in August 2014, but Path did
not seek to dismiss Plaintiffs’ intrusion upon
seclusion claim. See ECF No. 503. The Court
dismissed Plaintiffs’ conversion claim and requests for
injunctive relief, but denied the motions to dismiss in all
other respects. ECF No. 543. Relevant to the present motion,
Plaintiffs’ claims for intrusion upon seclusion against
Path and aiding and abetting against Apple remain.
Id.
On
February 18, 2016, Plaintiffs filed this motion for class
certification. ECF No. 651. Plaintiffs seek to certify the
following class and subclass against Path and Apple for
Plaintiffs’ claim for intrusion upon seclusion against
Path and for aiding and abetting against Apple:
Intrusion Class: All persons in the
[United States] who received from Apple’s App Store a
copy of version 2.0 through 2.0.5 of the iOS mobile
application entitled Path (the “Invasive
Versions”).
Intrusion Upload Subclass: All
members of the Intrusion Class that were Path registrants and
activated via their Apple iDevices (iPhone, iPad, iPod touch)
any of the Invasive Versions of the iOS app between November
29, 2011 and February 7, 2012 (the “Subclass
Period”).
Id. at 8-9.
Defendants
Path and Apple oppose the motion. ECF No. 678 (Path’s
opposition); ECF No. 667-3 (Apple’s opposition).
Plaintiffs filed a reply. ECF No. 709. Apple filed an
objection and a sur-reply. ECF Nos. 711, 721. The Court heard
oral argument on June 14, 2016.
II.
JURISDICTION
This
Court has jurisdiction over this case under the Class Action
Fairness Act of 2005 because the amount in controversy
exceeds $5 million, exclusive of interest and costs, there
are 100 or more class members, and the parties are minimally
diverse. 28 U.S.C. § 1332(d).
III.
LEGAL STANDARD
Class
certification under Rule 23 is a two-step process. First, a
plaintiff must demonstrate that the numerosity, commonality,
typicality, and adequacy requirements of 23(a) are met.
One or more members of a class may sue or be sued as
representative parties on behalf of all members only if (1)
the class is so numerous that joinder of all members is
impracticable; (2) there are questions of law or fact common
to the class; (3) the claims or defenses of the
representative parties are typical of the claims or defenses
of the class; and (4) the representative parties will fairly
and adequately protect the interests of the class.
Fed. R. Civ. P. 23(a). “Class certification is proper
only if the trial court has concluded, after a
‘rigorous analysis, ’ that Rule 23(a) has been
satisfied.” Wang v. Chinese Daily News, Inc.,
709 F.3d 829, 833 (9th Cir. 2013) (quoting Wal-Mart
Stores, Inc. v. Dukes, 546 U.S. 338, 351 (2011)).
Second,
a plaintiff must also establish that one of the bases for
certification in Rule 23(b) is met. Here, Plaintiffs invoke
Rule 23(b)(3), which requires the court to find “that
the questions of law or fact common to class members
predominate over any questions affecting only individual
members, and that a class action is superior to other
available methods for fairly and efficiently adjudicating the
controversy.” Fed.R.Civ.P. 23(b)(3). Additionally,
“[w]hile it is not an enumerated requirement of Rule
23, courts have recognized that “in order to maintain a
class action, the class sought to be represented must be
adequately defined and clearly ascertainable.”
Vietnam Veterans of Am. v. C.I.A., 288 F.R.D. 192,
211 (N.D. Cal. 2012) (quoting DeBremaecker v. Short,
433 F.2d 733, 734 (5th Cir. 1970)).
The
party seeking class certification bears the burden of
demonstrating by a preponderance of the evidence that all
four requirements of Rule 23(a) and at least one of the three
requirements under Rule 23(b) are met. See Dukes,
564 U.S. at 350-51. “Rule 23 grants courts no license
to engage in free-ranging merits inquiries at the
certification stage.” Amgen Inc. v. Connecticut
Retirement Plans and Trust Funds, 133 S.Ct. 1184,
1194-95 (2013). “Merits questions may be considered to
the extent-but only to the extent-that they are relevant to
determining whether the Rule 23 prerequisites for class
certification are satisfied.” Id. at 1195.
IV.
DISCUSSION
Path
and Apple oppose the motion for class certification, arguing
that Plaintiffs have not established predominance or
typicality. See ECF Nos. 667-3, 678. The Court
addresses each of the requirements of Rule 23 and the
parties’ respective arguments.
A.
Numerosity
Rule
23(a)(1) requires that the class be “so numerous that
joinder of all members is impracticable.” Fed.R.Civ.P.
23(a)(1). “[C]ourts generally find that the numerosity
factor is satisfied if the class comprises 40 or more
members.” In re Facebook, Inc., PPC Advertising
Litig., 282 F.R.D. 446, 452 (N.D. Cal. 2012).
Path’s
records demonstrate that 480, 125 users registered for the
Path App during the Subclass Period. ECF No. 651 at 13;
Kennedy Decl., Ex. G. Registration represents a subset of
users who logged on during the Subclass Period. Neither Path
nor Apple dispute Plaintiffs’ contentions regarding
numerosity.
The
Court concludes that the proposed classes satisfy Rule
23(a)’s numerosity requirement.
B.
Commonality
A Rule
23 class is certifiable only if “there are questions of
law or fact common to the class.” Fed.R.Civ.P.
23(a)(2). “[F]or purposes of Rule 23(a)(2) [e]ven a
single [common] question will do.” Dukes, 564
U.S. at 359 (internal quotation marks omitted). However, the
common contention “must be of such a nature that it is
capable of classwide resolution-which means that
determination of its truth or falsity will resolve an issue
that is central to the validity of each one of the claims in
one stroke.” Id. at 350. “What matters
to class certification . . . is not the raising of common
‘questions’-even in droves-but rather the
capacity of a classwide proceeding to generate common answers
apt to drive the resolution of the litigation.”
Id. (quoting Richard A. Nagareda, Class
Certification in the Age of Aggregate Proof, 84 N.Y.U.
L. Rev. 97, 131-32 (2009)). The party seeking certification
“need only show that there is a common contention
capable of classwide resolution-not that there is a common
contention that will be answered, on the merits, in favor of
the class.” Alcantar v. Hobart Serv., 800 F.3d
1047, 1053 (9th Cir. 2015) (internal quotation omitted).
“The
commonality preconditions of Rule 23(a)(2) are less rigorous
than the companion [predominance] requirements of Rule
23(b)(3).” Hanlon v. Chrysler Corp., 150 F.3d
1011, 1019 (9th Cir. 1998). Rule 23(a)(2) can be construed
permissively. Id.
Plaintiffs
argue that commonality is established based on “the
uniform intrusion into a private place” and because
“the intrusion was highly offensive to the reasonable
person.” ECF No. 651 at 13. Further, common issues of
law and fact predominate as “the legal inquiry across
the proposed class is the same” and require the same
factual proof. ECF No. 651 at 19.
The
need to resolve Plaintiffs’ allegation that Path
committed the tort of intrusion upon seclusion when it
uploaded all users’ data during the proposed class
period without notice or consent is sufficient to establish
commonality. See Dukes, 564 U.S. at
359.[2]
C.
Typicality
In
certifying a class, courts must find that “the claims
or defenses of the representative parties are typical of the
claims or defenses of the class.” Fed R. Civ. P.
23(a)(3). “The purpose of the typicality requirement is
to assure that the interest of the named representative
aligns with the interests of the class.” Hanon v.
Dataproducts Corp., 976 F.2d 497, 508 (9th Cir. 1992).
“Under the rule’s permissive standards,
representative claims are ‘typical’ if they are
reasonably coextensive with those of absent class members;
they need not be substantially identical.” Parsons
v. Ryan, 754 F.3d 657, 685 (9th Cir. 2014) (quoting
Hanlon, 150 F.3d at 1020). “The test of
typicality ‘is whether other members have the same or
similar injury, whether the action is based on conduct which
is not unique to the Named Plaintiffs, and whether other
class members have been injured by the same course of
conduct.’” Id. (quoting Hanon,
976 F.2d at 508).
Apple
makes several arguments that Cooley, Green, and Carter are
not typical of the class. First, Apple argues that the named
Plaintiffs repeatedly granted other Apps access to their
Contacts data, such that Path’s taking such access
cannot have caused offense or emotional injury. ECF No. 667-3
at 34. Plaintiffs respond that, unlike the other Apps to
which Apple refers, Path obtained Plaintiffs’ contact
data without their permission, and that it was the taking
without permission that caused an injury. Apple next argues
that named plaintiff Green was solicited to act as lead
plaintiff and was offered compensation for his time, citing
Rodriguez v. W. Publ’g Corp., 563 F.3d 948,
959 (9th Cir. 2009). Plaintiffs explain that the only
“compensation” to Green was that a new iPhone was
purchased for him so that his old one could be forensically
imaged pursuant to a court order. See ECF No. 635 at
2. A replacement phone and reimbursement for
litigation-related travel expenses are totally unlike the
incentive payments criticized in Rodriguez.
Finally,
Apple points to Plaintiffs’ conduct in upgrading or
using their phones to claim that Plaintiffs
“spoliated” evidence such that Plaintiffs’
ability to represent the case has been compromised. Given the
ubiquitousness of phone upgrades, Plaintiffs’ conduct
is hardly unique to them. Rather than making named Plaintiffs
unique, their conduct in upgrading to a new device such that
the old one is no longer available is likely to be common to
the class. “On average, Americans keep their
smartphones for about two years before jumping to a new
one.” Farhad Manjoo, “A Wild Idea: Making Our
Smartphones Last Longer, ” N.Y. Times (on-line ed. Mar.
12, 2014),
http://www.nytimes.com/2014/03/13/technology/personaltech/the-radical-concept-of-longevity-in-a-smartphone.html.
A class member who still has her old phone will be the
exception, not the rule. And the same can be said of data
deletion that occurs with ordinary use - there are likely to
be very few “typical” class members if that means
those who have not used their phones since registering with
Path. These claims do not render the named Plaintiffs
atypical.
Where a
named plaintiff is subject to unique defenses, she may not be
typical of the class. Hanon v. Dataproducts Corp.,
976 F.2d 497, 508 (9th Cir.1992). Defenses unique to a class
representative counsel against class certification, however,
only where they “threaten to become the focus of the
litigation.” Id. (internal quotation marks and
citation omitted). Even assuming the merits of
Defendants’ proposed defenses, none of them meets this
standard. Plaintiffs ...