Ninth Circuit Turns Out The Lights on California ‘Shine the Light’ Case

California’s “Shine the Light” statute is designed to facilitate transparency about the information collection and marketing practices of companies. The statute requires companies to disclose to customers the types of consumer information a company discloses to third parties for direct marketing purposes, and the identity of third party recipients of the information.

The statute requires a business to provide contact information to receive requests regarding information in one of three ways: (1) post a notice at its physical place of business; (2) notify customer service employees; and (3) post information on its website. Alternatively, a business can also adopt a privacy policy informing users of their right to opt-out of disclosure of information to third parties for direct marketing purposes and providing a cost-free means to do so. Finally, the business can simply implement a policy of not disclosing customer personal information for direct marketing purposes.

In two different cases, Hearst and Conde Nast were sued for allegedly failing to comply with the statute. The district court dismissed both cases, and the Ninth Circuit affirms. Following the California appeals court’s decision in Boorstein v. Men’s Journal, the court says that in order to have standing, a plaintiff is required to have submitted or attempted to submit a request. (“Men’s Journal Beats Lawsuit Alleging Violation of California’s “Shine the Light” Privacy Statute — Boorstein v. Men’s Journal”.) Neither plaintiff alleged that they submitted a request, “or that [they] would have, had accurate contact information been provided . . .” Thus plaintiffs lacked standing under the statute. In a footnote, the court says that plaintiff’s allegations do not state a claim for “informational injury” because defendants’ alleged failure to provide contact information doesn’t go to the statute’s core purpose.

Plaintiffs also sought a stay pending resolution of Boorstein, but the court says no, citing to the fact that the California Supreme Court has not decided whether to accept review – only a request for review is pending.


Given that the court merely followed the rationale of the California Appeal Court in Boorstein, this ruling isn’t exactly earth-shattering, but it certainly is a poke in the eye of privacy plaintiffs. The core of the lawsuit is about the media companies’ failure to provide information ostensibly mandated by the statute, and the court says the lawsuit fails because plaintiffs don’t allege that they would have sent a request–i.e., failed to allege that they would have used information that was never provided at all.

On the other hand, the lawsuit is all about exploiting a technicality. Sending in a letter, fax, or email to Conde Nast or Hearst asking them to stop sharing information for direct marketing purposes would probably do the trick and solve plaintiffs’ problem (assuming, of course, that defendants readily complied). Not surprisingly, plaintiffs did not take this simple step. For what it’s worth, Conde Nast’s and Hearst magazine sites—which are now STL compliant—currently provide easily accessible contact information for a communication such as this. It’s unclear whether—pre-STL compliance—it would have been easy to determine where one would have sent such a letter.

Case citation:

Miller v. Hearst Communications, 12-57231 (9th Cir. Feb. 18, 2014)

King v. Conde Nast, 12-57209 (9th Cir. Feb. 18, 2014)

Related posts:

Men’s Journal Beats Lawsuit Alleging Violation of California’s “Shine the Light” Privacy Statute — Boorstein v. Men’s Journal