Opperman v. Path, Inc.

          ORDER GRANTING IN PART AND DENYING IN PART MOTION FOR CLASS CERTIFICATION RE: PATH APP RE: ECF NO. 651

          JON S. TIGAR UNITED STATES DISTRICT JUDGE

         This is a putative class action against Apple and other application developers for alleged invasions of privacy through applications on Apple devices. Before the Court is Plaintiffs’ Motion for Class Certification Regarding the Path App. ECF No. 651. The Court will grant the motion as to the Intrusion Upload Subclass but deny it as to the Intrusion Class.

         I. BACKGROUND

         A. Factual History

         This is a putative class action challenging conduct by Apple and various developers of applications for Apple devices (“App Defendants”). See Second Consolidated Amended Complaint (“SCAC”), ECF No. 478. Plaintiffs allege that, between July 10, 2008 and February 2012, they owned one or more of three Apple products-the iPhone, iPad, and/or iPod touch (collectively “iDevices”). Id. ¶ 2. They further allege that Apple engaged in a mass marketing campaign in which it “consciously and continuously misrepresented its iDevices as secure, and that the personal information contained on iDevices-including, specifically, address books, could not be taken without their owners’ consent.” Id. ¶ 3.

         1.Contacts Data

         Each iDevice comes pre-loaded with a “Contacts” mobile software application (or “App”), which iDevice owners may use as an address book to input and store the following information about the owner’s Contacts:

(1) first and last name and phonetic spelling of each, (2) nickname, (3) company, job title and department, (4) address(es), (5) phone number(s), (6) e-mail address(es), (7) instant messenger contact, (8) photo, (9) birthday, (10) related people, (11) homepage, (12) notes, (13) ringtone, and (14) text tone.

Id. ¶ 54, 55. Plaintiffs allege “[t]he address book data reflects the connections, associations, and relationships that are unique to the owner of the iDevice.” Id. ¶ 56. Further, the information stored in an address book “is highly personal and private, ” and “is not shared, is not publicly available, is not publicly accessible, and is not ordinarily obtainable by a third party unless the owner physically relinquishes custody of his or her iDevice to another individual.” Id.

         Contacts also works with social and communication software developed for iDevices (“Apps”). See ECF No. 651, Kennedy Decl., Ex. W. These Apps are developed by other companies but available for download through Apple’s online App store. See ECF No. 651, Cooley Decl. ¶ 4; Green Decl. ¶ 4; Carter Decl. ¶ 4.

         2. Path’s Upload and Use of Contact Information

         Defendant Path launched an updated version of its social networking App (Path 2.0) on November 29, 2011. ECF No. 651, Kennedy Decl., Ex. M at Tr. 49:6-22. It is not disputed that Defendant Path uploaded users’ iDevice Contacts data without notice or consent and sent it to Path’s servers. See id. at Tr. 44:2-5; 50:11-15; Ex. T. The Path App automatically uploaded users’ Contacts data upon logon, i.e., whenever the user activated the app. Kennedy Decl., Ex. M at Tr. 49:6-14; Ex. G. This upload of Contacts data occurred “automatically” and “in the background.” Id., Ex. M at Tr. 49:6-14. Contacts content included names, birthdays, phone numbers, email addresses, and street addresses. Id., Ex. D-2. In less than three months, Path collected and stored over 600 million records derived from the Contacts uploads. Id., Ex. J-2. Apple’s internal review of the Path App confirmed this practice. Id., Ex. F.

         Path uploaded the Contacts information to enhance Path features, including its “FriendRank recommendation service.” Id., Ex. C-2. Path used this information to inform Path users which of their Contacts were also Path users and to let them know when their Contacts joined Path. ECF No. 678 at 3; Lu Decl., Ex. 1 Tr. 166:14-166:20. Plaintiffs further allege Path used the collected to data mine and employ social graph mining techniques. See ECF No. 651, Ex. D-1 at 1-3.

         Based on the number of users who registered for Path between November 29, 2011 and February 7, 2012, Plaintiffs calculate that over 480, 000 users “unwittingly sent their address book data to Path.” ECF No. 651 at 9-10; Ex. C-1 at 18-20. On February 8, 2012, Apple released Path 2.0.6 in its App Store, which included a user opt-in feature that would ask users whether they wanted to upload their Contacts to Path.^[1] ECF No. 678, Lu Decl., Ex. 1 Tr. 103:10-105:13. Thereafter, Path deleted all previously uploaded user Contacts from its database. Id. Since Path released version 2.0.6 of its app, 92.1% of Path users have affirmatively given Path permission to access users’ Contacts. Id., Lu Decl., Ex. 4 (Bates No. PATH-HERN000998).

         Plaintiffs Stephanie Cooley, Jason Green, and Lauren Carter (“the Path Plaintiffs”) logged onto the Path App on their iDevices at some point between November 29, 2011 and February 8, 2012. See, e.g., Cooley Decl. ¶ 4, Green Decl. ¶ 4, Carter Decl. ¶ 4.

         B. Procedural History

         This action began as separate class actions filed in California and Texas. The four actions were consolidated here, where Plaintiffs filed their Consolidated Amended Complaint (“CAC”), ECF No. 362, on September 3, 2013.

         Defendants filed several motions to dismiss the CAC, and on May 14, 2014 the Court granted the motions in part. ECF No. 471. The Court dismissed Plaintiffs’ false and misleading advertising, consumer legal remedies/misrepresentation, deceit, Unfair Competition Law (“UCL”), and conversion claims, which Plaintiffs asserted again in their SCAC. Id. The Court denied the motions to dismiss Plaintiffs’ invasion of privacy (intrusion upon seclusion) claim. Id.

         Plaintiffs then filed their Second Consolidated Amended Complaint (“SCAC”). ECF No. 478. In the SCAC, Plaintiffs alleged conversion and invasion of privacy (intrusion upon seclusion) claims against all Defendants, and the following claims against only Apple: (1) violation of California’s False and Misleading Advertising Law (“FAL”), Business and Professions Code § 17500, et seq.; (2) violation of California’s Consumer Legal Remedies Act (“CLRA”), Civil Code § 1750, et seq.; (3) deceit, California Civil Code § 1709, et seq.; and (4) violation of California’s UCL, Business and Professions Code § 17200, et seq. ECF No. 478 ¶¶ 243-323. Plaintiffs requested certification of a class; an injunction prohibiting Defendants from continuing the challenged conduct; actual, compensatory, statutory, presumed, punitive, and/or exemplary damages; declaratory relief; restitution; the imposition on Defendants of constructive trusts; and fees, costs, and interest. Id. at 78-79.

         Defendants filed several motions to dismiss in August 2014, but Path did not seek to dismiss Plaintiffs’ intrusion upon seclusion claim. See ECF No. 503. The Court dismissed Plaintiffs’ conversion claim and requests for injunctive relief, but denied the motions to dismiss in all other respects. ECF No. 543. Relevant to the present motion, Plaintiffs’ claims for intrusion upon seclusion against Path and aiding and abetting against Apple remain. Id.

         On February 18, 2016, Plaintiffs filed this motion for class certification. ECF No. 651. Plaintiffs seek to certify the following class and subclass against Path and Apple for Plaintiffs’ claim for intrusion upon seclusion against Path and for aiding and abetting against Apple:

Intrusion Class: All persons in the [United States] who received from Apple’s App Store a copy of version 2.0 through 2.0.5 of the iOS mobile application entitled Path (the “Invasive Versions”).

Intrusion Upload Subclass: All members of the Intrusion Class that were Path registrants and activated via their Apple iDevices (iPhone, iPad, iPod touch) any of the Invasive Versions of the iOS app between November 29, 2011 and February 7, 2012 (the “Subclass Period”).

Id. at 8-9.

         Defendants Path and Apple oppose the motion. ECF No. 678 (Path’s opposition); ECF No. 667-3 (Apple’s opposition). Plaintiffs filed a reply. ECF No. 709. Apple filed an objection and a sur-reply. ECF Nos. 711, 721. The Court heard oral argument on June 14, 2016.

         II. JURISDICTION

         This Court has jurisdiction over this case under the Class Action Fairness Act of 2005 because the amount in controversy exceeds $5 million, exclusive of interest and costs, there are 100 or more class members, and the parties are minimally diverse. 28 U.S.C. § 1332(d).

         III. LEGAL STANDARD

         Class certification under Rule 23 is a two-step process. First, a plaintiff must demonstrate that the numerosity, commonality, typicality, and adequacy requirements of 23(a) are met.

One or more members of a class may sue or be sued as representative parties on behalf of all members only if (1) the class is so numerous that joinder of all members is impracticable; (2) there are questions of law or fact common to the class; (3) the claims or defenses of the representative parties are typical of the claims or defenses of the class; and (4) the representative parties will fairly and adequately protect the interests of the class.

Fed. R. Civ. P. 23(a). “Class certification is proper only if the trial court has concluded, after a ‘rigorous analysis, ’ that Rule 23(a) has been satisfied.” Wang v. Chinese Daily News, Inc., 709 F.3d 829, 833 (9th Cir. 2013) (quoting Wal-Mart Stores, Inc. v. Dukes, 546 U.S. 338, 351 (2011)).

         Second, a plaintiff must also establish that one of the bases for certification in Rule 23(b) is met. Here, Plaintiffs invoke Rule 23(b)(3), which requires the court to find “that the questions of law or fact common to class members predominate over any questions affecting only individual members, and that a class action is superior to other available methods for fairly and efficiently adjudicating the controversy.” Fed.R.Civ.P. 23(b)(3). Additionally, “[w]hile it is not an enumerated requirement of Rule 23, courts have recognized that “in order to maintain a class action, the class sought to be represented must be adequately defined and clearly ascertainable.” Vietnam Veterans of Am. v. C.I.A., 288 F.R.D. 192, 211 (N.D. Cal. 2012) (quoting DeBremaecker v. Short, 433 F.2d 733, 734 (5th Cir. 1970)).

         The party seeking class certification bears the burden of demonstrating by a preponderance of the evidence that all four requirements of Rule 23(a) and at least one of the three requirements under Rule 23(b) are met. See Dukes, 564 U.S. at 350-51. “Rule 23 grants courts no license to engage in free-ranging merits inquiries at the certification stage.” Amgen Inc. v. Connecticut Retirement Plans and Trust Funds, 133 S.Ct. 1184, 1194-95 (2013). “Merits questions may be considered to the extent-but only to the extent-that they are relevant to determining whether the Rule 23 prerequisites for class certification are satisfied.” Id. at 1195.

         IV. DISCUSSION

         Path and Apple oppose the motion for class certification, arguing that Plaintiffs have not established predominance or typicality. See ECF Nos. 667-3, 678. The Court addresses each of the requirements of Rule 23 and the parties’ respective arguments.

         A. Numerosity

         Rule 23(a)(1) requires that the class be “so numerous that joinder of all members is impracticable.” Fed.R.Civ.P. 23(a)(1). “[C]ourts generally find that the numerosity factor is satisfied if the class comprises 40 or more members.” In re Facebook, Inc., PPC Advertising Litig., 282 F.R.D. 446, 452 (N.D. Cal. 2012).

         Path’s records demonstrate that 480, 125 users registered for the Path App during the Subclass Period. ECF No. 651 at 13; Kennedy Decl., Ex. G. Registration represents a subset of users who logged on during the Subclass Period. Neither Path nor Apple dispute Plaintiffs’ contentions regarding numerosity.

         The Court concludes that the proposed classes satisfy Rule 23(a)’s numerosity requirement.

         B. Commonality

         A Rule 23 class is certifiable only if “there are questions of law or fact common to the class.” Fed.R.Civ.P. 23(a)(2). “[F]or purposes of Rule 23(a)(2) [e]ven a single [common] question will do.” Dukes, 564 U.S. at 359 (internal quotation marks omitted). However, the common contention “must be of such a nature that it is capable of classwide resolution-which means that determination of its truth or falsity will resolve an issue that is central to the validity of each one of the claims in one stroke.” Id. at 350. “What matters to class certification . . . is not the raising of common ‘questions’-even in droves-but rather the capacity of a classwide proceeding to generate common answers apt to drive the resolution of the litigation.” Id. (quoting Richard A. Nagareda, Class Certification in the Age of Aggregate Proof, 84 N.Y.U. L. Rev. 97, 131-32 (2009)). The party seeking certification “need only show that there is a common contention capable of classwide resolution-not that there is a common contention that will be answered, on the merits, in favor of the class.” Alcantar v. Hobart Serv., 800 F.3d 1047, 1053 (9th Cir. 2015) (internal quotation omitted).

         “The commonality preconditions of Rule 23(a)(2) are less rigorous than the companion [predominance] requirements of Rule 23(b)(3).” Hanlon v. Chrysler Corp., 150 F.3d 1011, 1019 (9th Cir. 1998). Rule 23(a)(2) can be construed permissively. Id.

         Plaintiffs argue that commonality is established based on “the uniform intrusion into a private place” and because “the intrusion was highly offensive to the reasonable person.” ECF No. 651 at 13. Further, common issues of law and fact predominate as “the legal inquiry across the proposed class is the same” and require the same factual proof. ECF No. 651 at 19.

         The need to resolve Plaintiffs’ allegation that Path committed the tort of intrusion upon seclusion when it uploaded all users’ data during the proposed class period without notice or consent is sufficient to establish commonality. See Dukes, 564 U.S. at 359.^[2]

         C. Typicality

         In certifying a class, courts must find that “the claims or defenses of the representative parties are typical of the claims or defenses of the class.” Fed R. Civ. P. 23(a)(3). “The purpose of the typicality requirement is to assure that the interest of the named representative aligns with the interests of the class.” Hanon v. Dataproducts Corp., 976 F.2d 497, 508 (9th Cir. 1992). “Under the rule’s permissive standards, representative claims are ‘typical’ if they are reasonably coextensive with those of absent class members; they need not be substantially identical.” Parsons v. Ryan, 754 F.3d 657, 685 (9th Cir. 2014) (quoting Hanlon, 150 F.3d at 1020). “The test of typicality ‘is whether other members have the same or similar injury, whether the action is based on conduct which is not unique to the Named Plaintiffs, and whether other class members have been injured by the same course of conduct.’” Id. (quoting Hanon, 976 F.2d at 508).

         Apple makes several arguments that Cooley, Green, and Carter are not typical of the class. First, Apple argues that the named Plaintiffs repeatedly granted other Apps access to their Contacts data, such that Path’s taking such access cannot have caused offense or emotional injury. ECF No. 667-3 at 34. Plaintiffs respond that, unlike the other Apps to which Apple refers, Path obtained Plaintiffs’ contact data without their permission, and that it was the taking without permission that caused an injury. Apple next argues that named plaintiff Green was solicited to act as lead plaintiff and was offered compensation for his time, citing Rodriguez v. W. Publ’g Corp., 563 F.3d 948, 959 (9th Cir. 2009). Plaintiffs explain that the only “compensation” to Green was that a new iPhone was purchased for him so that his old one could be forensically imaged pursuant to a court order. See ECF No. 635 at 2. A replacement phone and reimbursement for litigation-related travel expenses are totally unlike the incentive payments criticized in Rodriguez.

         Finally, Apple points to Plaintiffs’ conduct in upgrading or using their phones to claim that Plaintiffs “spoliated” evidence such that Plaintiffs’ ability to represent the case has been compromised. Given the ubiquitousness of phone upgrades, Plaintiffs’ conduct is hardly unique to them. Rather than making named Plaintiffs unique, their conduct in upgrading to a new device such that the old one is no longer available is likely to be common to the class. “On average, Americans keep their smartphones for about two years before jumping to a new one.” Farhad Manjoo, “A Wild Idea: Making Our Smartphones Last Longer, ” N.Y. Times (on-line ed. Mar. 12, 2014), http://www.nytimes.com/2014/03/13/technology/personaltech/the-radical-concept-of-longevity-in-a-smartphone.html. A class member who still has her old phone will be the exception, not the rule. And the same can be said of data deletion that occurs with ordinary use - there are likely to be very few “typical” class members if that means those who have not used their phones since registering with Path. These claims do not render the named Plaintiffs atypical.

         Where a named plaintiff is subject to unique defenses, she may not be typical of the class. Hanon v. Dataproducts Corp., 976 F.2d 497, 508 (9th Cir.1992). Defenses unique to a class representative counsel against class certification, however, only where they “threaten to become the focus of the litigation.” Id. (internal quotation marks and citation omitted). Even assuming the merits of Defendants’ proposed defenses, none of them meets this standard. Plaintiffs ...