1 2 3 4 UNITED STATES DISTRICT COURT 5 NORTHERN DISTRICT OF CALIFORNIA 6 7 EDWARD BATON, et al., Case No. 21-cv-02470-EMC
8 Plaintiffs, ORDER GRANTING DEFENDANTS’ 9 v. MOTIONS TO DISMISS
10 LEDGER SAS, et al., Docket Nos. 55, 56, 58 11 Defendants.
12 13 14 I. INTRODUCTION 15 Plaintiffs, customers who purchased a hardware wallet to protect cryptocurrency assets, 16 bring a putative class action seeking redress for harms they allegedly suffered stemming from a 17 data breach exposing over 270,000 pieces of personally identifiable information, including 18 customer names, email addresses, postal addresses and telephone numbers. Docket No. 33 (First 19 Amended Complaint or “FAC”). Now pending before the Court are Defendants Shopify USA, 20 Shopify, Inc. and Ledger’s respective motions to dismiss the complaint for, among other reasons, 21 lack of personal jurisdiction. Docket Nos. 55, 56, 58. 22 For the following reasons, the Court finds that it lacks personal jurisdiction over each 23 defendant and that jurisdictional discovery is unwarranted. Therefore, the Court GRANTS the 24 motions to dismiss and dismisses the case with prejudice. 25 II. BACKGROUND 26 A. Summary of Allegations in the FAC 27 Plaintiffs are customers of Defendant Ledger SAS (“Ledger”), a French company based in 1 (“FAC”) ¶ 2, 21. Ledger sells its hardware wallets—the Ledger Nano X and Ledger Nano S— 2 through its e-commerce website, which operates on Defendant Shopify, Inc.’s platform. FAC ¶¶ 3 2, 16-17. Plaintiffs allege they, and several putative classes, each bought a Ledger hardware 4 wallet on Ledger’s e-commerce website, through Shopify’s platform, between July 2017 and June 5 2020. Id. ¶¶ 16-20. When Plaintiffs made their purchases, they provided their name, email 6 addresses, telephone numbers and postal addresses. Id. 7 Plaintiffs’ claims arise of two security incidents involving data breaches exposing 8 Plaintiffs’ contact information. FAC ¶¶ 78, 79, 88. First, Plaintiffs allege that between April and 9 June 2020, rogue Shopify, Inc. employees exported a trove of data, including Ledger’s customer 10 transactional records. Id. ¶¶ 78-79. Shopify allegedly publicly announced the theft on September 11 22, 2020, which involved the data of approximately 272,000 people. Id. ¶¶ 79, 82. Plaintiffs 12 allege that Ledger did not inform them that their data was involved in the Shopify breach at that 13 time. Id. ¶ 83. Second, Plaintiffs allege that Ledger publicly announced that an unauthorized 14 third-party gained access to Ledger’s e-commerce database through an application programming 15 interface key on June 25, 2020 and acquired the email addresses of one million customers and 16 physical contact information of 9,500 customers. Id. ¶ 88. Plaintiffs allege that Ledger did not 17 disclose that the attack on Ledger’s website and the theft of Shopify’s data were connected, that 18 Ledger downplayed the scale of the actual attack, and, as a result, Plaintiffs and putative class 19 members were subject to phishing scams, cyber-attacks, and demands for ransom and threats. Id. 20 ¶¶ 95-118. Plaintiffs contend that Ledger knew that its customer list was highly valuable to 21 hackers, because it was a list of people who have converted substantial wealth into anonymized 22 crypto-assets that are transferrable without a trace. Id. ¶ 5. 23 Plaintiffs allege that despite knowing the high value of its customer list and the need for 24 confidentiality, Ledger did not implement security measures to protect its customers by regularly 25 deleting and/or archiving the customer data to protect that information from online accessibility. 26 FAC ¶ 136, and that Ledger failed to exercise reasonable care in obtaining, retaining, securing, 27 safeguarding, deleting, and protecting its customers personal information that Ledger had in its 1 unauthorized persons, id. ¶ 117. Similarly, Plaintiffs allege Shopify failed to exercise reasonable 2 care in obtaining, retaining, securing, safeguarding, deleting, and protecting their personal 3 information in their possession from being compromised, lost, or stolen, and from being accessed, 4 and misused by unauthorized persons. FAC ¶¶ 78-83. 5 Plaintiffs are five Ledger customers who reside, respectively, in California, Georgia, New 6 York, London, United Kingdom and Tel Aviv, Israel. Id. ¶¶ 26-20. They purport to represent 7 several classes and subclasses, ranging from customers internationally to customers in particular 8 states who suffered particular harms. Id. ¶ 145. Plaintiffs bring claims for, among others, 9 negligence, negligence per se, injunctive relief and remedies under California’s unfair competition 10 law, Georgia’s Fair Business Practices Act and New York’s General Business Law. Id. ¶¶ 168- 11 276. 12 B. Relevant Factual Background Contained in Jurisdictional Declarations 13 Defendants include additional factual background relevant to the Court’s jurisdictional 14 inquiries at the motion to dismiss stage. Shopify USA states that it is incorporated in Delaware, 15 has its principal place of business in Ontario, Canada, and never had a business relationship with 16 Ledger. Docket No. 55-1 (“Harris-John Decl.”) ¶¶ 3-6. Shopify Inc., explains it is a Canadian 17 corporation that it is not registered to do business in California and, does not have any employees 18 in California. Docket No. 56-1 (“McIntomny Decl.”) ¶¶ 2-5. It explains that the “rogue” 19 individuals who were responsible for the data breach of Shopify, Inc.’s platform were not 20 employees of Shopify or any of its affiliated companies, but independent contractors of a company 21 called TaskUs, who were located in the Philippines. Id. ¶¶ 11-12. Ledger explains that it is a 22 French company with no California or U.S. employees. Docket No. 59 (“Ricomard Decl.”) ¶¶ 5, 23 11, 17. 24 C. Procedural Background 25 Defendant Ledger Technologies was voluntarily dismissed from this case. Docket No. 36. 26 Remaining Defendants Shopify USA, Shopify, Inc. and Ledger move to dismiss Plaintiffs’ First 27 Amended Complaint on multiple grounds, including for lack of personal jurisdiction and failure to 1 III. LEGAL STANDARD 2 A. Federal Rule of Procedure 12(b)(2) 3 A defendant may move to dismiss based on lack of personal jurisdiction pursuant to 4 Federal Rule of Civil Procedure 12(b)(2).
5 In opposing a defendant's motion to dismiss for lack of personal jurisdiction, the plaintiff bears the burden of establishing that 6 jurisdiction is proper. Where, as here, the defendant's motion is based on written materials rather than an evidentiary hearing, the 7 plaintiff need only make a prima facie showing of jurisdictional facts to withstand the motion to dismiss. The plaintiff cannot 8 “simply rest on the bare allegations of its complaint,” but uncontroverted allegations in the complaint must be taken as true. 9 10 Mavrix Photo, Inc. v. Brand Techs., Inc., 647 F.3d 1218, 1223 (9th Cir. 2011); see also Data Disc, 11 Inc. v. Sys. Tech. Assocs., Inc., 557 F.2d 1280, 1285 (9th Cir. 1977) (noting that “[t]he limits 12 which the district judge imposes on the pre-trial proceedings will affect the burden which the 13 plaintiff is required to meet”). In addition, all disputed facts are resolved in favor of the plaintiff. 14 See Pebble Beach Co. v. Caddy, 453 F.3d 1151, 1154 (9th Cir. 2006); see also Freestream 15 Aircraft (Berm.) Ltd. v. Aero Law Grp., 905 F.3d 597, 602 (9th Cir. 2018) (stating that 16 “[u]ncontroverted allegations in the complaint must be taken as true, and factual disputes are 17 construed in the plaintiff's favor”). 18 IV. DISCUSSION 19 A. Personal Jurisdiction 20 The test for personal jurisdiction is generally stated as follows:
21 Where, as here, no federal statute authorizes personal jurisdiction, the district court applies the law of the state in which the court sits. 22 California's long-arm statute, Cal. Civ. Proc. Code § 410.10, is coextensive with federal due process requirements, so the 23 jurisdictional analyses under state law and federal due process are the same. For a court to exercise personal jurisdiction over a 24 nonresident defendant consistent with due process, that defendant must have “certain minimum contacts” with the relevant forum 25 “such that the maintenance of the suit does not offend ‘traditional notions of fair play and substantial justice.’” 26 27 Mavrix, 647 F.3d at 1223. 1 jurisdiction. Freestream, 905 F.3d at 602. Plaintiffs contend that the Court has general 2 jurisdiction (and, in the alternative, specific jurisdiction) over Shopify USA and specific 3 jurisdiction over Shopify, Inc. and Ledger. 4 As explained below, the Court lacks general jurisdiction (and specific jurisdiction) over 5 Shopify USA, and lacks specific jurisdiction over Shopify, Inc. and Ledger. 6 1. The Court Lacks General Jurisdiction Over Shopify USA 7 Where there is general jurisdiction over a defendant, the plaintiff can bring any claim 8 against the defendant in the forum state. Thus, in order for general jurisdiction to obtain, the 9 defendant's contacts with the forum state must be so continuous and systematic as to render the 10 defendant essentially at home in the forum State. See Daimler AG v. Bauman, 571 U.S. 117, 122, 11 128 (2014); see also Schwarzenegger v. Fred Martin Motor Co., 374 F.3d 797, 807 (9th Cir. 12 2004) (asking whether the defendant has continuous and systematic contacts that approximate 13 physical presence in the forum state). “With respect to a corporation, the place of incorporation 14 and principal place of business are ‘paradig[m] ... bases for general jurisdiction.’” Daimler, 571 15 U.S. at 137. General jurisdiction outside of those forums is available “[o]nly in an exceptional 16 case,” Martinez v. Aero Caribbean, 764 F.3d 1062, 1070 (9th Cir. 2014), where the defendant’s 17 contacts are so “continuous and systematic” as to “‘approximate physical presence’ in the forum 18 state,” Pestmaster Franchise Network, Inc. v. Mata, 2017 WL 1956927, at *2 (N.D. Cal. 2017) 19 (quoting Mavrix, 647 F.3d at 1223-24). 20 Here, Plaintiffs argue that the Court has general jurisdiction over Shopify USA, but 21 concede that Shopify USA is neither incorporated in California (it is a Delaware corporation), nor 22 is California Shopify USA’s principal place of business (Shopify USA’s principal place of 23 business is Ottawa, Canada). FAC ¶ 24. Instead, to support their contention that the Court has 24 general jurisdiction over Shopify USA, Plaintiffs observe that Shopify USA previously listed San 25 Francisco, CA as its principal place of business since 2014, including, allegedly, during the time 26 period that the data breach took place in 2019. Opposition at 11-13. Plaintiffs point to Shopify 27 USA’s business registration filings in various states that continued to list San Francisco as its 1 6, and cites litigation from 2017 and 2018 in which Shopify USA represented to courts that its 2 principal place of business was in San Francisco, Opposition at 11-12. 3 However, Plaintiffs’ observation that Shopify USA’s place of business at the time of the 4 data breach was in California does not establish the Court’s general jurisdiction over Shopify 5 USA. Courts have uniformly held that general jurisdiction is to be determined no earlier than the 6 time of filing of the complaint. Sabre Int’l Sec. v. Torres Advanced Enter. Sols., LLC, 60 F. Supp. 7 3d 21, 30 (D.D.C. 2014) (collecting cases); see also Young v. Daimler AG, 228 Cal. App. 4th 855, 8 864 (2014) (“Unlike specific jurisdiction, general jurisdiction is determined no earlier than at the 9 time a suit is filed.”). Plaintiffs do not dispute that at the time this case was filed, in April 2021, 10 Spotify USA’s principal place of business was in Ottawa, Canada–not San Francisco, California. 11 FAC ¶ 24. 12 Plaintiffs’ citation to Delphix Corp. v. Embarcadero Technologies, Inc., an unpublished, 13 non-precedential Ninth Circuit memorandum disposition, for the proposition that “[c]ourts must 14 examine the defendant’s contacts with the forum at the time of the events underlying the dispute,” 15 749 Fed. Appx. 502, 506 (9th Cir. 2018), is unavailing. First, the language Plaintiffs cite from 16 Delphix quotes a precedential Ninth Circuit decision, Steel v. United States, which makes explicit 17 that its holding is about specific jurisdiction. 813 F.2d 1545, 1549 (9th Cir. 1987) (“When a court 18 is exercising specific jurisdiction over a defendant, arising out of or related to the defendant’s 19 contacts with the forum, the fair warning that due process requires arises not at the time of the suit, 20 but when the events that gave rise to the suit occurred.”) (Emphasis added). There is no 21 precedential decision holding that the same logic applies to the analysis of general jurisdiction—a 22 point that Judge Rawlinson emphasizes in her partial dissent in Delphix, 749 Fed. Appx. at 507- 23 08—which is consistent with the Ninth Circuit’s caution that “[b]ecause the assertion of judicial 24 authority over a defendant is much broader in the case of general jurisdiction than specific 25 jurisdiction, a plaintiff invoking general jurisdiction must meet an ‘exacting standard’ for the 26 minimum contacts required.” Ranza v. Nike, Inc., 793 F.3d 1059, 1069 (9th Cir. 2015) (citation 27 omitted). 1 complaint for filed for purposes of general jurisdiction, Plaintiffs’ only remaining theory for the 2 Court to assert general jurisdiction is that this is “an exceptional case” in which general 3 jurisdiction is available in California even though it is not one of the paradigm fora. Id. Plaintiffs 4 are unable to show that this is such an exceptional case where Shopify USA’s contacts are so 5 “continuous and systematic” as to “‘approximate physical presence’ in [California],” Mata, 2017 6 WL 1956927 at *2. Shopify USA entered evidence that it permanently closed its San Francisco 7 office in September 2020, that its corporate officers are located in Ontario, Canada and New York, 8 approximately three-quarters of its employees are located outside of California, and a vast 9 majority of its business activities are conducted outside of, and have no relationship to, California. 10 Docket No. 55-1 (“Harris-John Decl.”) ¶¶ 3, 5, 7, 8. Plaintiffs do not dispute these representations 11 and make no allegations sufficient to show that Shopify USA is “so heavily engaged in activity in 12 [California] as to render it essentially at home.” BNSF Ry. Co. v. Tyrell, 137 S. Ct. 1549, 1559 13 (2017); see also King v. Bumble Trading, Inc., 2020 WL 663741, at *2 (N.D. Cal. 2020) (finding 14 that defendant corporation’s principal place of business was in Texas, where its “CEO[] lives and 15 works,” notwithstanding “documents filed with the California Secretary of State” stating that its 16 “principal executive office is in San Francisco”). 17 Thus, the Court finds that it lacks general jurisdiction over Shopify USA. 18 B. Specific Jurisdiction 19 Specific jurisdiction exists in tort type cases where: (1) the defendant “purposefully 20 directed” its activities towards California; (2) the plaintiff’s claims “arise out of” those forum- 21 related activities; and (3) the exercise of jurisdiction is “reasonable.” See Morrill v. Scott Fin. 22 Corp., 873 F.3d 1136, 1142 (9th Cir. 2017). The purposeful direction test applies where, as here, 23 Plaintiffs assert primarily tort or statutory claims. See e.g., id.; Caces-Tiamson v. Equifax, No. 20- 24 CV-00387-EMC, 2020 WL 1322889, at *3 (N.D. Cal. Mar. 20, 2020) (courts should apply a 25 purposeful direction analysis to tort claims arising from data breaches); Matus v. Premium 26 Nutraceuticals, LLC, No. EDCV 15-01851 DDP (DTBx), 2016 WL 3078745, at *3 (C.D. Cal. 27 2016) (applying purposeful direction test where the plaintiff alleged violations of the UCL, FAL, 1 satisfying the first two prongs of the test.” Schwarzenegger, 374 F.3d at 802. 2 A defendant “purposefully direct[s]” [its] activities at the forum if [it]: (1) committed an 3 intentional act, (2) expressly aimed at the forum state, (3) causing harm that the defendant knows 4 is likely to be suffered in the forum state.” Picot v. Weston, 780 F.3d 1206, 1214 (9th Cir. 2015) 5 (internal quotations and citation omitted). “Failing to sufficiently plead any one of these three 6 elements … is fatal to Plaintiff[s’] attempt to show personal jurisdiction.” Alexandria Real Estate 7 Equities, Inc. v. Runlabs Ltd., No. 18-CV-07517-LHK, 2019 WL 4221590, at *7 (N.D. Cal. 2019) 8 (internal quotations omitted). 9 1. The Court Lacks Specific Jurisdiction Over Shopify, Inc. and Shopify USA 10 Plaintiffs advance several theories in order to carry their burden to show (1) that the 11 Shopify Defendants “purposefully directed” their activities towards California, and (2) that their 12 claims “arise out of” Shopify’s forum-related activities.1 These arguments are addressed in turn. 13 First, Plaintiffs allege the Court has “jurisdiction over Shopify [Inc.] … because [it] 14 solicit[s] customers and transact[s] business in California.” FAC ¶ 31. In their Opposition brief, 15 Plaintiffs further elaborate that “Shopify, Inc. undertook to power and administer the shopping 16 website used by Ledger to engage in the advertisements and sales in California giving rise to 7% 17 of Ledger’s worldwide business.” Opposition at 18. Plaintiffs argue these constitute “intentional 18 acts” that were “expressly aimed at [California].” Picot, 780 F.3d at 1214. 19 However, a finding purposeful direction cannot “be based on the mere fact that [a 20 company] provides services to customers nationwide, including but not limited to California.” 21 Caces-Tiamson, 2020 WL 1322889, at *3. “‘The placement of a product into the stream of 22 commerce, without more, is not an act the defendant purposefully directed toward the forum 23 state.’” Id. (quoting Asahi Metal Indus. Co., Ltd. v. Super. Ct. of Cal., 480 U.S. 102, 112 (1987)). 24 1 Plaintiffs argue that that “Shopify USA is subject to specific jurisdiction for the same reasons as 25 Shopify Inc.” because “Shopify USA and Shopify Inc. make no distinction between themselves in the public eye, using the same logos, trademarks, and websites, making it impossible at this 26 juncture to know the extent of involvement in this data breach by each entity.” Opposition at 14 n.8. The Court does not address whether Plaintiffs have adequately alleged that jurisdictional 27 contacts may be imputed between these affiliated companies, see Ranza, 793 F.3d at 1073, 1 Yet that is the essence of Plaintiffs’ allegations herein. See FAC ¶ 156 (Plaintiffs allege that 2 Shopify, Inc. is a “global entit[y], that conduct[s] business nationwide and globally, servicing 3 consumers in the United States and in many foreign counties. [It] also provide[s] services in 4 virtually every state and … target[s] world-wide customers.”). 5 Plaintiffs’ attempt to graft the alleged “purposeful direction” of Ledger’s activity to make 6 7% of its global sales in California on to Shopify, Inc. does not establish the Court’s specific 7 jurisdiction over Shopify, Inc. However, “the Supreme Court has explained that the contacts 8 supporting purposeful direction ‘must be the defendant’s own choice.’” Cisco Sys., Inc. v. Dexon 9 Computer, Inc., 2021 WL 2207343, at *3 (N.D. Cal. 2021) (quoting Ford Motor Co. v. Mont. 10 Eighth Jud. Dist. Ct., 141 S. Ct. 1017, 1025 (2021)); Helicopteros Nacionales de Colombia, S.A. 11 v. Hall, 466 U.S. 408, 417 (1984) (“[The] unilateral activity of another party or a third person is 12 not an appropriate consideration when determining whether a defendant has sufficient contacts 13 with a forum State to justify an assertion of jurisdiction”). Plaintiffs make no allegations that the 14 fact that Shopify, Inc. provided “a software product” to Ledger that “allow[ed] [Ledger] to easily 15 operate [an] online store[],” FAC ¶ 75, to sell to “consumers worldwide,” FAC ¶ 155, shows that 16 Shopify, Inc. made a choice to direct acts towards California. Similarly, Plaintiffs’ allegation that 17 Shopify’s “terms of service obligate it to ‘take all reasonable steps’ to protect the disclosure of 18 confidential information, including “names, addresses and other information regarding customers 19 and prospective customers,” FAC ¶ 77, is based on Plaintiff’s concession that the only reason 20 Shopify had any interaction with Plaintiffs is because “Ledger used Shopify’s services,” id. ¶ 76 21 (emphasis added). Cf. SKAPA Holdings LLC v. Seitz, 2021 WL 672091, at *5 (D. Ariz. 2021) 22 (When assessing specific jurisdiction, “the analysis must be [restricted to] the defendant’s ‘own 23 contacts’ with the forum.”) (quoting Walden v. Fiore, 571 U.S. 277, 289 (2014)). Ledger’s acts 24 cannot be imported to Shopify for jurisdictional purposes. 25 Second, Plaintiffs contend that personal jurisdiction lies over Shopify Inc. because 26 “substantial events leading up to the breach at issue have occurred in California.” FAC ¶ 26. 27 Plaintiffs refer to additional facts contained in declarations asserting jurisdictional facts to 1 California, and that conduct led directly to the breaches harming Plaintiff Seirafi and other class 2 members in California.” Opposition at 18 (citing Docket No. 56-1 (“McIntomny Decl.”) ¶ 11). 3 Plaintiffs further contend that “Shopify, Inc. permitted the customer data—the disclosure/loss of 4 which gives rise to the liability—to be accessible to and accessed by at least one culpable 5 individual who was indicted in federal court in California. Id. (citing Docket No. 67-1 6 (“Economides Decl.”), Exh. 10); FAC ¶ 81. 7 Plaintiffs, however, misrepresent the content of the declarations and complaint, and fail to 8 support their assertion that Shopify, Inc. engaged in activity in California leading up to and during 9 the breach. The McIntomny Declaration, prepared by a Senior Clerk at Shopify, Inc., explains that 10 Shopify, Inc. did not contract with TaskUs to process user data, but rather, Shopify International 11 Limited, a separate entity based in Dublin, Ireland, did so. McIntomny Decl. ¶ 11. Furthermore, 12 there is no evidence in the declaration or elsewhere that Shopify Inc. (or any other entity) 13 “reposited [Plaintiffs’] data in California,” Opposition at 19, or “provided access to” that data in 14 California, id. at 18. Cf. McIntomny Decl. ¶ 11. Rather, Jennifer Routledge, Senior Lead for 15 Vendor Partnerships for Shopify, Inc. declares, “TaskUs, Inc. contracted with Shopify 16 International Limited to provide all of its services, including services involving any Shopify Inc. 17 data, and to remotely access any data necessary for provision of those services, only from sites 18 outside of the United States.” Docket No. 70-1 (“Routledge Decl.”) ¶ 2 (emphasis added). 19 Shopify, Inc.’s supplemental declarations reject Plaintiffs’ assertion that it was “a California 20 company that then implemented the breach,” Opposition 19, and state that the breach was 21 accomplished by independent contractors of TaskUs located in the Philippines. See McIntomny 22 Decl. ¶¶ 11-12. And although TaskUs has a California address, Shopify Inc. included a copy of 23 the agreement through which Shopify International Limited (headquartered in Dublin, Ireland) 24 contracted for services to be performed by TaskUs, which states that "The Services will be 25 provided in the Territory of the Philippines and at the following Site: 17th Floor, 24-7 McKinley 26 Building, 24th St. 7th Ave, BGC, Taguig City, Philippines." Docket No. 54-6 at 29. Properly 27 characterized and contextualized by the undisputed facts contained in these declarations, none of 1 “purposefully directed” any acts towards California. 2 Moreover, Plaintiffs’ allegation at FAC ¶ 81 does not in fact allege that “Shopify Inc. 3 permitted the customer data … to be accessible to and accessed” by anyone in California, but 4 rather that a California man “paid an employee of a Shopify vendor to provide him with Shopify’s 5 merchant data.” FAC ¶ 81; see also Economides Decl., Exh 10 (Indictment in United States v. 6 Heinrich, 8:21-cr-22-JLS (C.D. Cal. 2021), Docket No. 16). Indeed, as Plaintiffs’ allegation 7 concedes and the criminal indictment confirms (consistent with Shopify’s declaration), the 8 California-based defendant was not an employee of Shopify’s or even TaskUs; his connection to 9 the data breach is that he corresponded over the internet and solicited “a Philippines-based 10 employee of a third-party contractor who provided customer support services for the Victim 11 Company” to steal data. United States v. Heinrich, 8:21-cr-22-JLS (C.D. Cal. 2021), Docket No. 12 16 at 2; see also id. at 3-13. The fact that a resident of California was indicted on allegations that 13 he paid other individuals to steal data from Shopify Inc. in the Philippines does not show that 14 Shopify Inc. purposefully directed acts at California. 15 Finally, Plaintiffs argue that Shopify, Inc. purposefully directed activity towards California 16 by omission: “Shopify, Inc. failed to warn Plaintiff Seirafi and Class Members in California about 17 the breach, and those acts of concealment caused additional harm as those individuals were left 18 vulnerable to hackers who had obtained the data that Ledger was supposed to protect.” Opposition 19 at 18. This theory, too, fails to provide a basis to conclude that Shopify, Inc. purposefully directed 20 its activity towards California. Any alleged decision to communicate—or not to communicate— 21 with individuals affected by the data breach would presumably have been made by Shopify, Inc. at 22 its principal place of business in Ottawa, Canada. There are no facts alleged that Shopify, Inc. 23 made its decision regarding notification in California or that it specifically targeted California in 24 its decision not to provide communications about the breach, nor do any facts presented by 25 Plaintiffs suggest that California-residents were uniquely harmed or entitled to a warning about the 26 breach more than anyone else affected by the breach residing in any other jurisdiction. See Caces- 27 Tiamson, 2020 WL 1322889, at *3 (“Ms. Caces-Tiamson cannot establish even a prima facie case 1 allegedly did not take with respect to its data security systems’ would presumably have occurred 2 in Georgia, where Equifax has its principal place of business. The fact that Ms. Caces-Tiamson 3 suffered injury in California (i.e., where she resides) as a result of Equifax's actions or omissions is 4 not enough to support specific jurisdiction.”) (internal citations omitted). 5 Thus, because Plaintiffs fail to show (1) that the Shopify, Inc. “purposefully directed” their 6 activities towards California, and (2) that their claims “arise out of” Shopify’s forum-related 7 activities demonstrate, the Court concludes that it lacks specific jurisdiction over Shopify Inc (and, 8 correspondingly, over Shopify USA, see supra n.2). Accordingly, the Shopify Defendants are 9 dismissed from this action. 10 2. The Court Lacks Specific Jurisdiction Over Ledger 11 a. Ledger Did Not Purposefully Direct Its Activities Towards California 12 As noted above, a defendant “purposefully direct[s]” [its] activities at the forum if [it]: (1) 13 committed an intentional act, (2) expressly aimed at the forum state, (3) causing harm that the 14 defendant knows is likely to be suffered in the forum state.” Picot, 780 F.3d at 1214 (internal 15 quotations and citation omitted). Ledger concedes it committed an “intentional act” by offering 16 hardware wallets for sale on its internationally accessible website, including to customers in 17 California. Docket No. 58 (“Ledger MTD”) at 8; see Loomis v. Slendertone Distribution, Inc., 18 420 F. Supp. 3d 1046, 1068 (S.D. Cal. 2019). However, Plaintiffs fail to demonstrate the second 19 two prongs of the purposeful direction test: they neither show that Ledger “expressly aimed” it 20 activities at California, nor that Ledger caused harm it knew was likely to be suffered in 21 California. 22 b. Ledger Did Not Expressly Aim Activity At California 23 First, Plaintiffs do not adequately allege that Ledger “expressly aimed” any acts at 24 California. Plaintiffs allege that “[t]his Court” has personal jurisdiction over Ledger “because it 25 solicits customers, including Plaintiffs and Class members, in the United States and California.” 26 FAC ¶ 32. This assertion is not enough to demonstrate Ledger’s express aiming. See Asahi 27 Metal, 480 U.S. at 112 (“The placement of a product into the stream of commerce, without more, 1 Hendricks, No. CV 09-1870 DSF AGRX, 2009 WL 10286181, at *4 (C.D. Cal. 2009) (“The 2 Defendants' sales to California residents were not specifically directed contacts, but instead 3 occurred only because the purchasers of Defendants' goods happened to reside in California. 4 There was no ‘individual[ized] targeting’ of California.”). 5 “Operating a universally accessible website alone is generally insufficient to satisfy the 6 express aiming requirement.” Elliot v. Cessna Aircraft Co., No. 8:20-cv-00378-SBA, 2021 WL 7 2153820, at *3 (C.D. Cal. 2021) (“the fact that Defendant maintains an interactive website that 8 reaches potential customers in California does not establish specific jurisdiction”); see also Adobe 9 Sys. Inc. v. Cardinal Camera & Video Ctr., Inc., No. 15-cv-02991-JST, 2015 WL 5834135, at *5 10 (N.D. Cal. 2015) (“not all material placed on the Internet is, solely by virtue of its universal 11 accessibility, expressly aimed at every state in which it is accessed”). “A defendant is required to 12 do ‘something more’—namely, the defendant must engage in conduct directly targeting the forum, 13 such as to display content or advertisements that appeal to, and profit from, an audience in a 14 particular state.” Elliot, 2021 WL 2153820, at *3 (citing Mavrix, 647 F.3d at 1231). 15 In Mavrix, the Ninth Circuit noted the difficult of determining “whether tortious conduct 16 on a nationally accessible website is expressly aimed at any, or all, of the forums in which the 17 website can be viewed,” 647 F.3d at 1229, but reasoned that specific jurisdiction obtained in 18 California because defendant “operated a very popular website with a specific focus on the 19 California-centered celebrity and entertainment industries” and concluded that defendant 20 “anticipated, desired, and achieved a substantial California viewer base” and “continuously and 21 deliberately exploited the California market for its website,” id. at 1230 (emphasis added). The 22 Mavrix Court concluded that holding the defendant there “answerable in a California court for the 23 contents of a website whose economic value turns, in significant measure, on its appeal to 24 Californians” did not violate due process. Id. 25 Applying Mavrix, the Ninth Circuit recently held in AMA Multimedia v. Wanat, that a 26 foreign defendant who operated an adult-content website did not expressly aim intentional acts at 27 the United States to satisfy the minimum contacts test for specific jurisdiction despite allegations 1 19% of the site’s total visitors were U.S.-based. 970 F.3d 1201, 1210-11 (9th Cir. 2020). The 2 Wanat Court explained that the defendant’s website and products lacked “a forum-specific focus” 3 because that the “market for adult content is global” and that 80% of the defendant’s viewers were 4 outside the United States. Id. at 1210. The Wanat Court further explained that the defendants use 5 of geotargeted advertisements cannot establish specific jurisdiction because such advertisements 6 are always directed at a specific forum: “a viewer in the United will see advertisements tailored to 7 the United States while a viewer in Germany will see advertisements tailored to Germany,” so 8 “absent other indicia of [defendant’s] personal direction,” the use of geotargeted advertising does 9 not establish express aiming. Id. The Ninth Circuit summarized that specific jurisdiction did not 10 lie in the United States because it “was not ‘the focal point’ of the website ‘and of the harm 11 suffered.’” Id. at 1212 (quoting Walden, 571 U.S. at 287) (emphasis added). 12 Here, Plaintiffs have not alleged enough under the Ninth Circuit’s frameworks in Mavrix 13 and Wanat to find that Ledger “expressly aimed” its conduct at California. Plaintiff’s bare 14 allegation that Ledger “solicits customers in the United States and California,” FAC ¶ 32, and 15 evidence (based on a declaration Ledger introduced as an exhibit to its motion to dismiss) that 16 7.03% of Ledger’s worldwide revenue comes from California, is not enough to establish Ledger 17 “anticipated, desired, and achieved a substantial” customer-base in California like the defendant in 18 Mavrix. 647 F.3d at 1230. Nor does it demonstrate Ledger’s forum-specific focus on California, 19 given that the “market for [its hardware products] is global.” Wanat, 930 F.3d at 1210. Indeed, 20 more than 60% of the company’s revenue comes from outside of the U.S. and 80% of its U.S. 21 revenue from outside of California. Opposition at 17. See also Caces-Tiamson, 2020 WL 22 1322889, at *3 (“Nor can specific jurisdiction be based on the mere fact that [Defendant] provides 23 services to customers nationwide, including but not limited to California.”). 24 The complaint also includes an allegation that Plaintiff Seirafi, who resides in Los 25 Angeles, California, “saw advertisements for Ledger’s services and hardware” around March 26 2019, FAC ¶ 16, but provides no further explanation of what those advertisements consisted of, 27 where they were placed, where Seirafi was located when he saw them, nor any other information 1 Seirafi’s declaration submitted as an exhibit to Plaintiff’s Opposition provides some additional 2 context – that Seirafi viewed the advertisement on Instagram – but then explains that, “Based on 3 review of Ledger’s online advertising account [a feature that may be viewed through Instagram] in 4 August 2021, it appears that the advertisements that [Seirafi] was seeing prior to purchasing a 5 Ledger wallet was specifically based on U.S. area codes.” Docket No. 67-3 (“Seirafi Decl.”) ¶¶ 6 13-14 (emphasis added). Nothing in Seirafi’s declaration demonstrates that Ledger aimed its 7 advertising to California. Ledge submits evidence that “Ledger SAS does not specifically direct 8 any of its business activities or advertising at California. Its business activities, including 9 advertising, have no particular focus on any specific state in the United States.” Docket No. 59 10 (“Ricomard Decl.”) ¶ 11. Plaintiffs’ insinuation that Ledger’s advertising activity was targeted at 11 California (the complaint does not even directly make this assertion) does not provide sufficient 12 detail of the “something more” necessary to show Ledger’s operation of a globally accessible 13 website was also “expressly aimed” at California. Cf. Mavrix, 647 F.3d at 1231; Wanat, 930 F.3d 14 at 1210; Erickson v. Nebraska Mach. Co., No. 15-CV-01147-JD, 2015 WL 4089849, at *4 (N.D. 15 Cal. 2015) (“[A]lthough the complaint alleges in conclusory fashion that NMC's website is ‘highly 16 interactive and allows visitors to purchase or rent products directly through the website’ . . . there 17 is no evidence that the website was in any way directed at California residents.”) (citation 18 omitted). 19 Plaintiffs rely principally on two cases to justify their argument that Ledger expressly 20 aimed its activity to California. They point to Lack v. Mizuho Bank to demonstrate the additional 21 factors that courts look to when a defendant operates and interactive website to determine whether 22 that cite has been aimed at California: “[Plaintiff] and other California users opened accounts, 23 communicated with the customer support desk, initiated bitcoin trades, made deposits, and 24 processed withdrawals through the website.” 2019 WL 4239128, at *5 (C.D. Cal. June 24, 2019). 25 But Plaintiffs do not allege that Ledger’s website has any of these features or that any Californians 26 used any such features that made the website in Lack multi-faceted and “highly interactive”—only 27 that Ledger’s site allows customers to browse and buy hardware wallets. FAC ¶ 32. 1 TLN, 2017 WL 1153110 (E.D. Cal. March 28, 2017), where the Court found that two sales into 2 California through an interactive website were enough for purposeful direction. The district court 3 in iSmile, however, did not discuss nor apply the Ninth Circuit’s controlling analysis from Mavrix 4 (even though Mavrix had been decided six years earlier). The iSmile Court relied on the Second 5 Circuit’s view that “an interactive website plus a single sale is sufficient to constitute ‘something 6 more’ and meet the purposeful direction standard.” Id. (quoting Chloe v. Queen Bee Beverly Hills, 7 LLC, 616 F.3d 158, 171 (2d Cir. 2010)). It is hard to see how the Second Circuit’s bright-line 8 articulation of an interactive site and a single sale in a forum can be reconciled with the Ninth 9 Circuit’s searching inquiry into the nature, intent and scope of a defendant’s expressly aimed, 10 forum-focused activity as required by Mavrix and Wanant. See also ThermoLife Int'l, LLC v. 11 NetNutri.com LLC, 813 F. App'x 316, 318 (9th Cir. 2020) (“ThermoLife cannot establish specific 12 personal jurisdiction through nonspecific, nationwide sales, as, in the context of this case, any 13 contact with Arizona would be “‘random, fortuitous, or attenuated.’” (citation omitted)). 14 Therefore, the cases on which Plaintiffs rely are either inapposite or unpersuasive. 15 c. Ledger Did Not Cause Harm In California That It Knew Was Likely To Be 16 Suffered There 17 Second, even if Plaintiffs had sufficiently alleged that Ledger expressly aimed its sales 18 activity to California (which they do not), Plaintiffs fail to allege that Ledger’s intentional act of 19 offering hardware wallets for sale on its website caused harm in California nor harm that Ledger 20 knew was likely to be suffered there. See Picot, 780 F.3d at 1214 (third prong of purposeful 21 direction test is that defendant’s alleged intentional act was responsible for “causing harm that the 22 defendant knows is likely to be suffered in the forum state.”); Elofson v. Bivens, No. 15-cv-05761- 23 BLF, 2017 WL 566323, at *5 (N.D. Cal. Feb. 13, 2017) (plaintiff failed to establish purposeful 24 direction where he did not allege any of the defendant’s actions caused him harm). Plaintiffs do 25 not connect Ledger’s alleged forum-specific intentional act of selling hardware wallets in 26 California to their alleged harms stemming from a data breach. The injury was caused by the data 27 breach, not the sales. To get around this deficiency in its pleadings, Plaintiffs’ opposition brief 1 breach to Ledger, by contending that “Ledger permitted Plaintiffs’ data—and other California 2 class members’ data—to be possessed by TaskUs, Inc. located [in] . . . South, Santa Monica, 3 California and the data breach then arose with TaskUs, Inc.” Opposition at 17 (citing McIntomny 4 Decl. ¶¶ 10-11). Not only does this allegation not appear in Plaintiffs’ complaint, see Tietsworth 5 v. Sears, Roebuck and Co., 720 F. Supp. 2d 1123, 1145 (N.D. Cal. 2010), but Plaintiffs’ theory 6 relies on the mistaken factual assertion discussed above – there is no evidence that any party took 7 any actions related to any Plaintiff or any other customer data in California. The data was 8 managed by TaskUs, Inc., in the Philippines. See supra Discussion § I(B)(1). 9 Furthermore, as discussed below, the alleged wrongful act of Ledger permitting the data to 10 be breached could not have occurred in California, where Leger had no office or employees. 11 Thus, because Plaintiffs cannot satisfy the second and third prongs of the purposeful 12 direction test–that Ledger expressly aimed an intentional act at California and that intentional act 13 caused harm that Ledger knew was likely to be suffered in the forum state—Plaintiffs fail to 14 demonstrate that Ledger purposefully directed its activities in California to give rise to the Court’s 15 specific jurisdiction over Ledger. 16 i. Plaintiffs’ Claims Do Not “Arise Out Of” Ledger’s California- 17 Related Activities 18 Even if Plaintiffs had demonstrated that Ledger purposefully directed its sale activities to 19 California, they fail to satisfy the second prong to the specific jurisdiction analysis: to show that 20 their claims “arise out of” Ledger’s forum-related activities. See Morrill, 873 F.3d at 1142. “Or 21 put just a bit differently, ‘there must be an affiliation between the forum and the underlying 22 controversy, principally, [an] activity or an occurrence that takes place in the forum State and is 23 therefore subject to the State's regulation.’” Ford Motor Co., 141 S. Ct. at 1025 (citation omitted). 24 Plaintiffs’ complaint on this prong is deficient for the same reasons it was unable to 25 adequately alleges that Ledger caused harm in California nor harm that Ledger knew was likely to 26 be suffered there under the purposeful direction analysis. Plaintiffs allege no facts to connect 27 Ledger’s activity with regards to the data breach to California. See Caces-Tiamson, 2020 WL 1 jurisdiction. Neither is where the Plaintiff experienced her injury. Rather, the Supreme Court has 2 instructed [in Walden] that [t]he proper question is not where the plaintiff experienced a particular 3 injury or effect but whether the defendant's conduct connects him to the forum in a meaningful 4 way.”) (quotation marks and citations omitted) (emphasis added). 5 Plaintiffs further contend that after the breach occurred Ledger “failed to warn or 6 adequately assist those individuals in California to protect against hacking attacks arising from the 7 breach.” Opposition at 18; FAC ¶¶ 82-137. But, again, this theory fails to connect any of 8 Ledger’s actions (or allegedly deliberate inaction) to California. Ledger submitted uncontroverted 9 evidence that it is incorporated and has its principal place of business in Paris, France, that it does 10 not have any offices in California or anywhere else in the United States, that it does not any 11 employees or officers located in the United States, and that it is not registered to do business in 12 California. Docket No. 59 (“Ricomard Decl.”) ¶¶ 6-9. In light of these facts, any decisions 13 Ledger made regarding its actions or inaction with regard to the data breaches and how to proceed 14 can reasonably be inferred to have been made at its principal place of business in Paris, France. 15 Or, at the very least, there is no basis for the Court to infer that any of those decision were made in 16 California, where Ledger does not have a single employee. Cf. Caces-Tiamson, 2020 WL 17 1322889, at *3 (“[Plaintiff] cannot establish even a prima facie case of specific jurisdiction 18 because, as Equifax argues, “any and all actions which Equifax did or allegedly did not take with 19 respect to its data security systems” would presumably have occurred in Georgia, where Equifax 20 has its principal place of business. The fact that Ms. Caces-Tiamson suffered injury in California 21 (i.e., where she resides) as a result of Equifax's actions or omissions is not enough to support 22 specific jurisdiction.”) (citations omitted). 23 Thus, because Plaintiffs fail to satisfy their burden to demonstrate that Ledger 24 “purposefully directed” its activity at California, and that Plaintiffs’ claims “arise out of” Ledger’s 25 California-related activities, Picot, 780 F.3d at 1214, the Court concludes that it lacks specific 26 jurisdiction over Ledger. Thus, Defendant Ledger is dismissed from this action. 27 C. Jurisdictional Discovery 1 Defendants in this case, the Court turns to Plaintiffs’ request for leave to conduct jurisdictional 2 discovery. Opposition at 24-25. The decision whether to grant jurisdictional discovery is 3 typically within the discretion of the district court. Wells Fargo & Co. v. Wells Fargo Exp. Co., 4 556 F.2d 406, 430 n.24 (9th Cir. 1977). “[W]here pertinent facts bearing on the question of 5 jurisdiction are in dispute, discovery should be allowed.” American West Airlines, Inc. v. GPA 6 Group, Ltd., 877 F.2d 793, 801 (9th Cir. 1989). However, “where a plaintiff's claim of personal 7 jurisdiction appears to be both attenuated and based on bare allegations in the face of specific 8 denials made by the defendants, the Court need not permit even limited discovery.” Pebble Beach 9 Co. v. Caddy, 453 F.3d 1151, 1160 (9th Cir. 2006) (quoting Terracom v. Valley Nat. Bank, 49 10 F.3d 555, 562 (9th Cir. 1995)). 11 Plaintiffs’ request for jurisdictional discovery articulates six issues pertaining to the 12 Shopify Defendants and three issues pertaining to Ledger that they would seek to investigate. 13 Economides Decl. ¶¶ 6-7. The court need not grant jurisdictional discovery, however, where 14 Plaintiffs’ requests are “purely speculative allegations of attenuated jurisdictional contacts.” Getz 15 v. Boeing Co., 654 F.3d 852, 860 (9th Cir. 2011). Moreover, where a defendant has already 16 provided evidence establishing that personal jurisdiction does not exist, jurisdictional discovery is 17 unwarranted. Frank Valli & The Four Seasons v. EMI, Music Publ’g Ltd., No. CV 17-7831-MWF 18 (JCx), 2018 WL 6136818, *8 (C.D. Cal. May 22, 2018) (denying jurisdictional discovery where 19 the “evidence already before the court demonstrates” that the personal jurisdiction does not exist). 20 Accordingly, the Court reviews each of Plaintiffs’ requests for jurisdictional discovery:
21 Information Plaintiffs Propose to Seek Analysis from Shopify Defendants 22 “The role and responsibilities of Vivek This request is based on “purely speculative 23 Narayandas, an attorney employed at Shopify allegations of attenuated jurisdictional (USA) who advises Shopify Inc. as its Data contacts.” Getz, 654 F.3d at 860. This 24 Protection Officer.” (Economides Decl. ¶ request would only be meaningful to establish 6(a)) the Court’s specific jurisdiction over Shopify 25 USA, however, Plaintiffs makes no 26 allegations regarding any of Shopify USA’s forum-specific activities. Instead, their theory 27 of specific jurisdiction over Shopify USA is derivative of their theory of specific Information Plaintiffs Propose to Seek Analysis 1 from Shopify Defendants 2 14 n.8. There is no basis for the Court to allow Plaintiffs to explore a theory regarding 3 Shopify USA’s forum-related conduct that it presents for the first time in its request for 4 discovery. “What employees were involved in working This request is based on “purely speculative 5 with or overseeing the work done by TaskUs allegations of attenuated jurisdictional 6 (the Shopify vendor that Shopify states was contacts.” Getz, 654 F.3d at 860. In light of responsible for the breach), where do they evidence showing that the data breach by 7 work, and which entity did they work for.” TaskUs did not occur in California, Plaintiffs (Economides Decl. ¶ 6(b)) advance, for the first time, an unsupported 8 theory that Shopify may have had employees in California who supervised TaskUs. There 9 is no basis for this speculative request because 10 evidence already in the record shows that “TaskUs, Inc. contracted with Shopify 11 International Limited to provide all of its services, including services involving any 12 Shopify Inc. data, and to remotely access any data necessary for provision of those services, 13 only from sites outside of the United States.” 14 (Routledge Decl. ¶ 2). Moreover, Shopify International Limited, an Irish company, is 15 neither a party to this case, nor is there any indication or any allegations they have any 16 employees in California. (McIntomny Decl. ¶ 17 11). “Which employees reported to Roy Sunstrum, This request is based on “purely speculative 18 the signatory to Shopify’s contract with allegations of attenuated jurisdictional TaskUs, where do they work, and which contacts.” Getz, 654 F.3d at 860. In light of 19 entity did they work for.” (Economides Decl. evidence showing that the data breach by ¶ 6(c)) TaskUs did not occur in California, Plaintiffs 20 seem to advance, for the first time, an 21 unsupported theory that Shopify may have had employees in California who supervised 22 TaskUs and that their supervisory misconduct caused Plaintiffs’ harm. There is no basis for 23 this speculative request. “Which employees were involved in Dispositive evidence already provided: 24 implementing and overseeing Shopify’s “Shopify, Inc. is not registered to do business 25 specific data security practices alleged to be in California . . . and does not have an office insufficient in the First Amended Complaint, in California. . . Shopify, Inc. has no 26 where do they work, and which entity did employees in California.” (McIntomny Decl. they work for.” (Economides Decl. ¶ 6(d)) ¶ 5). 27 “Which employees were involved Dispositive evidence already provided: Information Plaintiffs Propose to Seek Analysis 1 from Shopify Defendants 2 impact, size, and scope, and where do they in California . . . and does not have an office work, and which entity did they work for.” in California. . . Shopify, Inc. has no 3 (Economides Decl. ¶ 6(e)) employees in California.” (McIntomny Decl. ¶ 5). 4 “Which employees were involved in Dispositive evidence already provided: Shopify’s response and notification process, “Shopify, Inc. is not registered to do business 5 where do they work, and which entity did in California . . . and does not have an office 6 they work for.” (Economides Decl. ¶ 6(f)) in California. . . Shopify, Inc. has no employees in California.” (McIntomny Decl. 7 ¶ 5).
8 Information Plaintiffs Propose to Seek Analysis 9 from Ledger “Advertisements, sales, and/or business Dispositive evidence already provided: 10 strategies involving the California market “Ledger SAS does not specifically direct any and/or California consumers.” (Economides of its business or advertising at California. Its 11 Decl. ¶ 7(a)) business activities, including advertising, have no particular focus on any specific state 12 in the United States.” (Ricomard Decl. ¶ 11.) 13 “Practices for obtaining, storing, transmitting, Dispositive evidence already provided: When and/or protecting the personal information of consumers make purchases through 14 California consumers.” (Economides Decl. ¶ ledger.com, they provide certain contact 7(b)) information to Ledger SAS. Ledger SAS 15 maintains this information in its e-commerce and marketing database. Ledger does not have 16 any unique practices for California 17 consumers. (Ricomard Decl. ¶¶ 5, 11.) “California-based companies, employees, Dispositive evidence already provided: 18 independent contractors, or other agents “Ledger SAS does not have any offices in relating to Ledger SAS’s data storage and California or anywhere else in the United 19 protection.” (Economides Decl. ¶ 7(c)) States. It also does not have any employees or 20 officers located in the United States. All of Ledger SAS’s employees and officers are 21 located in France and Switzerland.” (Ricomard Decl. ¶ 7.) 22 23 Plaintiffs’ requested discovery is not based on any prima facie evidence that the 24 undisputed evidence presented by Defendants are false or inaccurate. Accordingly, the Court 25 concludes jurisdictional discovery is based on speculation and is therefore unwarranted. The 26 Court denies Plaintiffs’ request. In light of the Court’s finding that jurisdictional discovery is 27 unwarranted, the Court concludes that it would be futile for Plaintiffs to attempt to amend their 1 V. CONCLUSION 2 The Court lacks personal jurisdiction over Defendants Shopify USA, Shopify, Inc., and 3 Ledger. Accordingly, the Court GRANTS each Defendant’s respective motion to dismiss. 4 Docket Nos. 55, 56, and 58. The Court, further, concludes that jurisdictional discovery is 5 unwarranted and thus DENIES Plaintiffs’ request for jurisdictional discovery. For the reasons 6 explained above, the Court finds that it would be futile for Plaintiffs to amend their complaint to 7 attempt to assert personal jurisdiction over Defendants. Thus, the case is dismissed with 8 prejudice. 9 This order disposes of Docket Nos. 55, 56, and 58. The Clerk of the Court is directed to 10 enter judgment and close the case. 11 12 IT IS SO ORDERED. 13 14 Dated: November 8, 2021 15 16 ______________________________________ EDWARD M. CHEN 17 United States District Judge 18 19 20 21 22 23 24 25 26 27