Court Dismisses Class Action Against Apple Over Its App Developers’ Information Collection Practices – Pirozzi v. Apple
[Post by Venkat Balasubramani with comments from Eric]
Pirozzi v. Apple, 2012 WL 6652453 (N.D. Cal.; Dec. 20, 2012)
This is one of several putative class actions over the information collection practices of apps. I previously covered how the lawsuit against Path survived: “Class Action Against Path Over Cellphone Address Book Access Keeps Going”. Judge Koh also whittled down the lawsuit against Apple over its iPhone app privacy practices: “Judge Koh Whittles Down iPhone App Privacy Lawsuit.” This lawsuit seems to overlap with both and is dismissed, albeit with leave to amend.
Plaintiff brought claims under California’s unfair competition law, for false advertising, for violations of the Consumer Legal Remedies Act, for negligence and unjust enrichment. Although it’s unclear what apps she is complaining about, the following apps are mentioned in the complaint: Path, Angry Birds, Cut-the-Rope, Twitter, Facebook, LinkedIn, Gowalla,Foodspotting, Instagram, Foursquare, Beluga, Yelp!, Hipster and Kik Messenger.
Standing: The court dismisses on the basis of standing, but there were two interesting aspects to the standing discussion.
First, plaintiff cited to a bunch of somewhat persuasive marketing copy about how Apple had adequate restrictions in place regarding the collection of information by app developers. However, it was unclear as to how exactly plaintiff was induced to make a purchase in reliance of these alleged promises. The court finds that the pleadings are unduly vague about what plaintiff was induced to purchase (or download) and what statements induced the purchases or downloads.
Second, the court also notes that the pleading suffers from deficiencies regarding harm. If information was improperly collected by app developers, so what? Citing to Hernandez v. Path and Krottner v. Starbucks, the court says that future risk of identity theft is insufficient to allege harm. This leaves economic harm, and here plaintiff’s allegations were again unduly vague. In a short sentence, the court notes that the “personal information as inherently valuable” argument will be unlikely to carry the day. Still, the court grants leave to amend.
Sidenote: WSJ recently published a story about merchants offering varying prices to individuals based on targeting. I wonder if this will surface in a future standing argument. I’m guessing it will.
Section 230: I am sure Prof. Goldman will have more to say about the Section 230 issue, but here’s my take. To the extent plaintiff tries to hold Apple liable for any harm effected via apps, this will run squarely into Section 230. Apple’s only role in making the apps available is a publisher or distributor. (See for example, Green v. AOL, where claims based on transmission of a virus via chatroom was held to be immunized by Section 230.) There is, of course, the promissory estoppel (contractual) carveout to Section 230 as recognized in Barnes v. Yahoo!. The claims allowed by the 9th Circuit in Barnes were fairly narrow, and it’s unclear as to whether any alleged contractual representations by Apple should open the door to things like CLRA claims. At least some of plaintiff’s claims should have been dismissed under Section 230 (the negligence and negligent misrepresentation claims). As to the statutory claims centered around misrepresentation, I suspect they are a bit trickier. Although the misrepresentation claims may have problems on the merits on their own, the applicability of Section 230 to those claims is a bit tougher in my estimation.
Issues on the Merits: The court also points out a few other issues with the pleadings:
1. Any claims alleging misrepresentation (unfair competition; false advertising; consumer legal remedies act) sound in fraud and therefore have to be pled with particularity. Plaintiff fails to do so.
2. Her CLRA claims are unclear as to whether they are directed at the services (the apps or the app store) or the goods (the devices). The court dismisses but with leave to amend. Applicability of the CLRA to the app store is less than clear, and the plaintiff has obvious problems alleging CLRA claims with respect to the devices (which on their own, functioned as promised).
3. The negligence claims fails. As articulated in Judge Koh’s ruling: there is no duty to protect someone’s information vis a vis third parties, absent a special relationship. (Again, this would have been a good candidate to nuke on Section 230 grounds.)
4. The court also says that the unjust enrichment claim fails because plaintiff does not identify how exactly Apple has been enriched by the information collection practices of the app developers.
__
In theory, plaintiff should have a hard time holding Apple liable for the information collection practices of its developers. The fact that the apps in question are free should make it particularly difficult. Because the apps are free, it’s difficult to demonstrate economic harm based on download of the apps, and plaintiff is left to argue informational harm, which hasn’t gained much traction in courts (absent misuse of the data that results in economic harm). With respect to misrepresentations that induced plaintiff to purchase any devices, plaintiff’s qualm isn’t really with the devices–it’s with the app store. I don’t know that the law permits you to argue you are entitled to a refund of the price of your device just because a rogue app or two happened to be out there.
On the other hand, there’s some troubling marketing copy that ended up out there. It may have been wise for Apple to issue disclaimers regarding its inability to control the conduct of app developers who use its platform. As to whether it could stretch the case out, it’s tough to tell, but the absence of that language would certainly have made the lawsuit an easier battle for Apple.
Related posts:
Class Action Against Path Over Cellphone Address Book Access Keeps Going
Judge Koh Whittles Down iPhone App Privacy Lawsuit
Sony Network Data Breach Class Action Suffers Setback — In re Sony Gaming Network
Starbucks Data Breach Plaintiffs Rebuffed by Ninth Circuit — Krottner v. Starbucks
9th Circuit Affirms Rejection of Data Breach Claims Against Gap — Ruiz v. Gap
LinkedIn Beats Referrer URL Privacy Class Action on Article III Standing Grounds–Low v. LinkedIn
Third Circuit Says Data Breach Plaintiffs Lack Standing Absent Misuse of Data — Reilly v. Ceridian
First Circuit Rejects Data Insecurity Claims on the Basis of Article III Standing–Katz v Pershing
New Essay: The Irony of Privacy Class Action Lawsuits
Another Data Loss Case Tossed on Article III Grounds–Whitaker v. Health Net
Reidentification Theory Doesn’t Save Privacy Lawsuit–Steinberg v. CVS Caremark
The Cookie Crumbles for Amazon Privacy Plaintiffs – Del Vecchio v. Amazon
A Look at the Commercial Privacy Bill of Rights Act of 2011
Flash Cookies Lawsuit Tossed for Lack of Harm–La Court v. Specific Media
Another Lawsuit over Flash Cookies Fails — Bose v. Interclick
Facebook and Zynga Privacy Litigation Dismissed With Prejudice [Catch up Post]
____
Eric’s Comments
The plaintiffs allege that Apple offers a certification program for apps in its app store, so I understand in concept how Apple might be responsible for failed certifications. Still, I get nervous every time I see plaintiffs use a defendant’s marketing representations or site disclosures as a way of getting around what should fundamentally be a 47 USC 230 immunity. The doctrinal interplays between first-party marketing representations and liability for third-party conduct under 47 USC 230 remains a legally chaotic one, and I hope the judge understands the problems with Section 230 workarounds and is appropriately sensitive to that issue.
The opinion only references 47 USC 230(c)(1), even though this seems more like a 230(c)(2) case. The plaintiffs are suing Apple for doing a poor job of filtering apps out of its app store, and that’s exactly what 230(c)(2) covers.