Pixel Case Against Google “Jumps the Shark”–Doe I v. Google (Catch Up Post)

October 1, 2024 · by · in Privacy/Security, Trespass to Chattels

It feels like we are getting a pixel ruling every day. I’ve ignored most of them. I’ve decided this one from 2 months ago is worth blogging, even at this date, given Judge Chhabria’s treatment of these claims. The court summarizes the context:

In many pixel cases, the plaintiffs sue the owner of the web property they interacted with, alleging that the owner installed source code that caused their personal information to be transmitted to a third party. But in this case, the plaintiffs have sued the third party that offers the source code: Google. They allege that their health care providers use Google source code to analyze traffic on their web properties, that their personal health information is transmitted to Google as part of this process, and that Google feeds this information into its own advertising machinery

The court summarizes why these concerns are a no-go, despite (or because of?) the 188 page complaint:

There are several related problems with the complaint. First, by the plaintiffs’ own allegations, Google has admonished health care providers not to use the source code in a way that causes users’ personal health information to be transmitted to Google. Second, the allegations in the complaint are too vague to support an inference that the providers have, contrary to this admonition, caused Google to receive the plaintiffs’ personal health information. And third, to the extent the complaint could be read to support an inference that health care providers may sometimes use Google products in a way that causes Google to receive personal health information, the complaint does not adequately allege that Google intends to receive this information, or that Google intends to feed the information into its own advertising machinery.

Other than that, the case looks great! 👌

The plaintiffs pointed to a “study” of over 5,000 health provider websites showing that 91% had Google-provided code linking back to Google. The court responds: “the plaintiffs appear to assume that because there is Google source code somewhere on the health care providers’ web properties, that automatically results in Google intercepting any interaction the plaintiffs have had with that website.”

The court also wants more specificity about Google’s intent: “most of the legal claims asserted by the plaintiffs require an allegation that Google actually intended to acquire or use people’s personal health information.” Yet, the complaint alleges “Google purposefully acted so as not to receive any personal health information…. If a plaintiff alleges that the clients of a source code provider use the code contrary to the provider’s instructions, the plaintiff should not be able to get around the intent requirement by simply intoning that the source code provider intended for the clients not to follow instructions.”

The plaintiffs also argued that Google’s cookies constitute a trespass to chattels to users’ devices. (For more on this, see the Meta Healthcare Pixel ruling). The court responds: “it is not obvious how the presence on one’s computer of the cookies from the providers’ websites would result in any cognizable reduction in storage, disk space, or performance.” In other words, cookies are inconsequential usages of chattel. In my Internet Law class, I teach my students to distinguish between virtual joyrides, which may be actionable as TTC, and virtual dog-petting, which aren’t. This ruling suggests that this judge views placing cookies like virtual dog-petting.

In its conclusion, the court says:

In this case, the plaintiffs appear to have chosen a strategy often used in securities fraud cases: If you make the complaint incredibly long and attach tons of exhibits, maybe a court will be more inclined to think the claims are pled with sufficient plausibility and specificity. That’s usually a bad strategy, and it was a bad strategy here. The length of the complaint, and the number of exhibits attached, made the plaintiffs’ presentation difficult to follow, not to mention self-contradictory. And despite the complaint’s length, the most important allegations were conclusory.

Sounds like a standard lament about how plaintiffs all-too-frequently approach Internet Law. Sigh.

Case Citation: Doe I v. Google LLC, 2024 WL 3490744 (N.D. Cal. July 22, 2024). Following this ruling, the plaintiffs filed an amended complaint, which Google has again moved to dismiss. The CourtListener page.

Nomenclature note: at one point, the judge used the phrase “jump the shark,” an iconic term for boomers and GenXers that may go over the head of younger generations. I did a search in Westlaw’s ALLCASES database and identified three previous cases referencing the idiom:

  • United States v. Iwai, 930 F.3d 1141 (9th Cir. 2019)
  • Norton v. United States, 2022 WL 17817960 (S.D. Ga. 2022)
  • Alvarado-Linares v. United States, 44 F.4th 1334 (11th Cir. 2022)