The court says Instacart creates an enforceable sign-in-wrap (ugh):
The court then holds that Instacart’s disclosures were sufficient to obtain consumer consent to Stripe’s activities:
It doesn’t matter that Instacart, rather than Stripe, made the applicable disclosures. Cites to Perkins v. LinkedIn and Javier v. Assurance. It also doesn’t matter that Instacart’s disclosures used the discretionary permissive term “may.”
BONUS: the court rejects the 17200 claim predicated on the CCPA: “as Stripe correctly notes, the CCPA has no private right of action and on its face states that consumers may not use the CCPA as a basis for a private right of action under any statute.” It’s pretty embarrassing for plaintiffs to try this 17200-bootstrapping-CCPA argument given the CCPA so clearly rejects this (one of the only places where the CCPA is actually clear).
Case citation: Silver v. Stripe Inc., 2021 WL 3191752 (N.D. Cal. July 28, 2021)