Dana Pica v. Delta Air Lines, Inc.

• Court: Court of Appeals for the Ninth Circuit
• Decided: July 18, 2020
• Docket: 19-55300
• Status: Unpublished

Opinion

NOT FOR PUBLICATION FILED UNITED STATES COURT OF APPEALS JUL 16 2020 MOLLY C. DWYER, CLERK U.S. COURT OF APPEALS FOR THE NINTH CIRCUIT

DANA PICA, individually and on behalf of No. 19-55300 all others similarly situated; GABRIELLE GROFF, individually and on behalf of all D.C. No. others similarly situated, 2:18-cv-02876-MWF-E

Plaintiffs-Appellants, MEMORANDUM* and

ARTHI NAINI,

Plaintiff,

v.

DELTA AIR LINES, INC., a Delaware Corporation; et al.,

Defendants-Appellees.

Appeal from the United States District Court for the Central District of California Michael W. Fitzgerald, District Judge, Presiding

Submitted July 9, 2020** Pasadena, California

* This disposition is not appropriate for publication and is not precedent except as provided by Ninth Circuit Rule 36-3. ** The panel unanimously concludes this case is suitable for decision without oral argument. See Fed. R. App. P. 34(a)(2). Before: PAEZ and BADE, Circuit Judges, and ZOUHARY,*** District Judge.

Plaintiffs-Appellants Dana Pica and Gabrielle Groff (collectively, Plaintiffs)

appeal the district court’s Federal Rule of Civil Procedure 12(b)(6) dismissal of

their putative class claims for breach of contract and violation of the Stored

Communications Act (SCA) against Defendant-Appellee Delta Air Lines, Inc.

(Delta), and their SCA and state law claims against Defendant-Appellee [24]7.ai,

Inc. ([24]7). We have jurisdiction under 28 U.S.C. § 1291 and review de novo a

Rule 12(b)(6) dismissal. See Curtis v. Irwin Indus., Inc., 913 F.3d 1146, 1151 (9th

Cir. 2019). We affirm.

1. The district court properly dismissed Plaintiffs’ claim for breach of

contract against Delta. The contract authorized Delta to “transmit” Plaintiffs’

personal data to certain third-party “providers” of “services,” e.g., “providers” of

“ancillary services.” Plaintiffs alleged Delta disclosed their personal data to [24]7

but failed to plead non-conclusory factual allegations plausibly demonstrating that

[24]7 is not a listed provider of services. See Ashcroft v. Iqbal, 556 U.S. 662, 678

(2009); Bell Atl. Corp. v. Twombly, 550 U.S. 544, 555 (2007).

2. The district court also properly dismissed Plaintiffs’ SCA claims

against Delta and [24]7. As to Delta, Plaintiffs’ claim under 18 U.S.C. § 2701(a)

*** The Honorable Jack Zouhary, United States District Judge for the Northern District of Ohio, sitting by designation.

2 fails because Plaintiffs failed to allege that Delta did not have authorization to

access its own servers—the alleged “facility” “through which an electronic

communication service” was provided. See 18 U.S.C. § 2701(a), (c)(1). Further,

§ 2701(a) prohibits illicit “access” to a “facility,” it does not prohibit disclosure of

information. See id. § 2701(a).

With respect to Plaintiffs’ § 2702 claim against Delta, because Plaintiffs

failed to plead non-conclusory facts plausibly demonstrating Delta did not have

authority to disclose the information to [24]7, Delta is immune under § 2702(b)(3),

which protects Delta for disclosing the data “with the lawful consent of the

originator.” Likewise, because Plaintiffs intentionally sent the information to

Delta, Delta could lawfully consent to disclose it to [24]7 pursuant to § 2702(b)(3).

Plaintiffs also failed to allege facts plausibly demonstrating Delta provided an

electronic communication service (ECS) to the public. See id. § 2702(a)(1).

Plaintiffs’ § 2701(a) claim against [24]7 fails because Plaintiffs did not

allege [24]7 “access[ed]” Delta’s “facility” without Delta’s authorization. See id.

§ 2701(a). Plaintiffs allege Delta disclosed the data to [24]7, but by passively

receiving the data, [24]7 did not “get at” or “gain access to” the facility. See

United States v. Smith, 155 F.3d 1051, 1058 (9th Cir. 1998) (citation omitted).

Further, it is Delta—as the alleged ECS provider—that can authorize access to its

facility, not Plaintiffs. Thus, even assuming [24]7 accessed Delta’s facility by

3 receiving the data from Delta, [24]7 did not lack authorization.

As to Plaintiffs’ § 2702 claim against [24]7, Plaintiffs did not plead facts

plausibly demonstrating that [24]7 provides an ECS to the public or that [24]7

“knowingly divulge[d]” Plaintiffs’ personal data to the third-party hackers. See 18

U.S.C. § 2702(a)(1).

3. The Airline Deregulation Act (ADA) preempts Plaintiffs’ three state-

law claims against [24]7 for negligence, violation of California Civil Code

§ 1798.81.5(b) (i.e., failure to protect personal information), and violation of

California Civil Code § 1798.82 (i.e., failure to timely notify of a data breach)

because these claims, if enforced, “relate[] to” Delta’s services or prices. See 49

U.S.C. § 41713(b)(1); see also Morales v. Trans World Airlines, Inc., 504 U.S.

374, 383–84, 386 (1992) (describing clause as having a “broad pre-emptive

purpose” and “expansive sweep,” and rejecting argument that ADA only preempts

“state laws specifically addressed to the airline industry” and not “laws of general

applicability”). Thus, the district court properly dismissed these claims.

AFFIRMED.