The Ninth Circuit Wrecked Internet Jurisdiction Law…And For What?–Briskin v. Shopify

January 27, 2026 · by · in Privacy/Security

I added the Ninth Circuit Briskin v. Shopify en banc ruling to my 2025 Internet Law casebook, and I taught it for the first time in Fall 2025. Wow, that did not go well at all. The opinion is absolutely unteachable. Here are some of the questions I highlighted in class that I couldn’t answer:

  • How did Shopify “know” that web browsers were in CA?
  • Did Shopify “know” CA law restricted its conduct? [flag this point in particular]
  • Is there a difference between aiming everywhere and aiming nowhere?
  • Is Briskin consistent with Zippo?
  • How can Shopify avoid jurisdiction in CA?

Maybe someday we’ll get a teachable Internet jurisdiction case, but not today.

Because the opinion is a mess, I will be further reducing my coverage of the Internet jurisdiction topic in my Fall 2026 Internet Law course until I get better teaching tools. In the interim, I will keep emphasizing my Calvinball meme slide.

* * *

Here is the big takeaway holding from the Ninth Circuit’s Briskin ruling: “Shopify expressly aimed its conduct at California through its extraction, maintenance, and commercial distribution of the California consumers’ personal data in violation of California laws.”

But…what if Shopify never violated California law at all? On remand, that’s exactly what the court said. In other words, the Ninth Circuit credulously accepted the plaintiff’s allegations, but now we find out the allegations were false. Does California still have jurisdiction in this case??? ¯\_(ツ)_/¯

* * *

Shopify provides backend merchant services to online retailers. In this case, the plaintiff claims he purchased fitness apparel from IABMFG, with Shopify as the backend e-commerce provider. “Plaintiff alleges that he, like other consumers, was uninformed of [Shopify’s] involvement in the transaction, and without consent, defendants collected his sensitive private information, including full name, address, email address, credit card number, IP address, the items purchased, and geolocation.”

Crappy Pleadings

The plaintiff transacted with IABMFG in 2019, but he says he learned about Shopify’s allegedly shady privacy practices only in 2021. He then assumed Shopify’s 2021 practices were in place in 2019, but the complaint didn’t present any evidence to support that assumption:

The issue is not that plaintiff obtained factual support about Shopify’s 2019 conduct and then waited too long to file a complaint, the issue is that plaintiff has still not provided adequate factual support that the conduct disclosed in 2021 actually took place in 2019 as well. Accordingly, all of plaintiffs’ claims must be dismissed for want of factual support

Reminder: the Ninth Circuit found the plaintiffs’ allegations credible enough to justify breaking Internet jurisdiction law. 😑

Shopify’s Lack of Intent

“Shopify’s policies required merchants to obtain consent for Shopify’s access.” Whether or not the merchant honored this requirement, the court says that the policies demonstrate that Shopify didn’t willfully listen into the conversation between the retailer and plaintiff. This lack of intent negates the state wiretapping, common law privacy, and computer crime claims.

So, to recap: the plaintiff’s claims all failed because the complaint assumed the key facts about Shopify’s conduct; and several claims ALSO failed for lack of Shopify’s intent. Great job, Ninth Circuit.

The court provides some additional guidance for the amended complaints, some points of which are a little more plaintiff-favorable:

  • The wiretap claim can’t be dismissed on the grounds that Shopify was just a service provider.
  • Credit card information isn’t “record information” and is capable of being intercepted. However, the court questions if Shopify intercepted that information while in transit.
  • The court says that Shopify isn’t eavesdropping equipment.
  • The court couldn’t decide yet if Shopify’s behavior was “highly offensive” for the common law privacy claims.
  • The state computer crimes trespass claim can be supported on the theory that the plaintiff suffered actual damages when he seeks disgorgement of his personal information.

We’ll see if the plaintiff can turn this case around with an amended complaint. For now, the collapse of the case on remand sharpens my skepticism about the Ninth Circuit’s acquiescence in its jurisdictional ruling.

Case Citation: Briskin v. Shopify Inc., 2026 WL 161441 (N.D. Cal. Jan. 21, 2026). CourtListener page.